WebKit Bugzilla
Attachment 341560 Details for
Bug 186085
: [JSC] Pass VM& parameter as much as possible
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-186085-20180530184746.patch (text/plain), 296.73 KB, created by
Yusuke Suzuki
on 2018-05-30 02:47:47 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Yusuke Suzuki
Created:
2018-05-30 02:47:47 PDT
Size:
296.73 KB
patch
obsolete
>Subversion Revision: 232272 >diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog >index da2c96092c6e6473d2739f7450ed612fb0625206..1859aaecc74e65300acb9923c58ea9779271acbb 100644 >--- a/Source/JavaScriptCore/ChangeLog >+++ b/Source/JavaScriptCore/ChangeLog >@@ -1,3 +1,443 @@ >+2018-05-30 Yusuke Suzuki <utatane.tea@gmail.com> >+ >+ [JSC] Pass VM& parameter as much as possible >+ https://bugs.webkit.org/show_bug.cgi?id=186085 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ JSCell::vm() is slow compared to ExecState::vm(). That's why we have bunch of functions in JSCell/JSObject that take VM& as a parameter. >+ For example, we have JSCell::structure() and JSCell::structure(VM&), the former retrieves VM& from the cell and invokes structure(VM&). >+ If we can get VM& from ExecState* or the other place, it reduces the inlined code size. >+ This patch attempts to pass VM& parameter to such functions as much as possible. >+ >+ * API/APICast.h: >+ (toJS): >+ (toJSForGC): >+ * API/JSCallbackObjectFunctions.h: >+ (JSC::JSCallbackObject<Parent>::getOwnPropertySlotByIndex): >+ (JSC::JSCallbackObject<Parent>::deletePropertyByIndex): >+ (JSC::JSCallbackObject<Parent>::staticFunctionGetter): >+ * API/JSObjectRef.cpp: >+ (JSObjectIsConstructor): >+ * API/JSTypedArray.cpp: >+ (JSObjectGetTypedArrayBuffer): >+ * API/JSValueRef.cpp: >+ (JSValueIsInstanceOfConstructor): >+ * bindings/ScriptFunctionCall.cpp: >+ (Deprecated::ScriptFunctionCall::call): >+ * bindings/ScriptValue.cpp: >+ (Inspector::jsToInspectorValue): >+ * bytecode/AccessCase.cpp: >+ (JSC::AccessCase::generateImpl): >+ * bytecode/CodeBlock.cpp: >+ (JSC::CodeBlock::CodeBlock): >+ * bytecode/ObjectAllocationProfileInlines.h: >+ (JSC::ObjectAllocationProfile::possibleDefaultPropertyCount): >+ * bytecode/ObjectPropertyConditionSet.cpp: >+ (JSC::generateConditionsForInstanceOf): >+ * bytecode/PropertyCondition.cpp: >+ (JSC::PropertyCondition::isWatchableWhenValid const): >+ (JSC::PropertyCondition::attemptToMakeEquivalenceWithoutBarrier const): >+ * bytecode/StructureStubClearingWatchpoint.cpp: >+ (JSC::StructureStubClearingWatchpoint::fireInternal): >+ * debugger/Debugger.cpp: >+ (JSC::Debugger::detach): >+ * debugger/DebuggerScope.cpp: >+ (JSC::DebuggerScope::create): >+ (JSC::DebuggerScope::put): >+ (JSC::DebuggerScope::deleteProperty): >+ (JSC::DebuggerScope::getOwnPropertyNames): >+ (JSC::DebuggerScope::defineOwnProperty): >+ * dfg/DFGAbstractInterpreterInlines.h: >+ (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): >+ * dfg/DFGAbstractValue.cpp: >+ (JSC::DFG::AbstractValue::mergeOSREntryValue): >+ * dfg/DFGArgumentsEliminationPhase.cpp: >+ * dfg/DFGArrayMode.cpp: >+ (JSC::DFG::ArrayMode::refine const): >+ * dfg/DFGByteCodeParser.cpp: >+ (JSC::DFG::ByteCodeParser::handleIntrinsicCall): >+ (JSC::DFG::ByteCodeParser::handleTypedArrayConstructor): >+ (JSC::DFG::ByteCodeParser::handleConstantInternalFunction): >+ (JSC::DFG::ByteCodeParser::check): >+ * dfg/DFGConstantFoldingPhase.cpp: >+ (JSC::DFG::ConstantFoldingPhase::foldConstants): >+ (JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck): >+ * dfg/DFGFixupPhase.cpp: >+ (JSC::DFG::FixupPhase::fixupNode): >+ * dfg/DFGGraph.cpp: >+ (JSC::DFG::Graph::tryGetConstantProperty): >+ * dfg/DFGOperations.cpp: >+ * dfg/DFGSpeculativeJIT.cpp: >+ (JSC::DFG::SpeculativeJIT::compileGetByValOnString): >+ * dfg/DFGStrengthReductionPhase.cpp: >+ (JSC::DFG::StrengthReductionPhase::handleNode): >+ * ftl/FTLLowerDFGToB3.cpp: >+ (JSC::FTL::DFG::LowerDFGToB3::compileStringCharAt): >+ * ftl/FTLOperations.cpp: >+ (JSC::FTL::operationPopulateObjectInOSR): >+ * inspector/InjectedScriptManager.cpp: >+ (Inspector::InjectedScriptManager::createInjectedScript): >+ * inspector/JSJavaScriptCallFrame.cpp: >+ (Inspector::JSJavaScriptCallFrame::caller const): >+ (Inspector::JSJavaScriptCallFrame::scopeChain const): >+ * interpreter/CallFrame.cpp: >+ (JSC::CallFrame::wasmAwareLexicalGlobalObject): >+ * interpreter/Interpreter.cpp: >+ (JSC::Interpreter::executeProgram): >+ (JSC::Interpreter::executeCall): >+ (JSC::Interpreter::executeConstruct): >+ (JSC::Interpreter::execute): >+ (JSC::Interpreter::executeModuleProgram): >+ * jit/JITOperations.cpp: >+ (JSC::getByVal): >+ * jit/Repatch.cpp: >+ (JSC::tryCacheInByID): >+ * jsc.cpp: >+ (functionDollarAgentReceiveBroadcast): >+ (functionHasCustomProperties): >+ * llint/LLIntSlowPaths.cpp: >+ (JSC::LLInt::LLINT_SLOW_PATH_DECL): >+ (JSC::LLInt::setupGetByIdPrototypeCache): >+ (JSC::LLInt::getByVal): >+ (JSC::LLInt::handleHostCall): >+ (JSC::LLInt::llint_throw_stack_overflow_error): >+ * runtime/AbstractModuleRecord.cpp: >+ (JSC::AbstractModuleRecord::finishCreation): >+ * runtime/ArrayConstructor.cpp: >+ (JSC::constructArrayWithSizeQuirk): >+ * runtime/ArrayPrototype.cpp: >+ (JSC::speciesWatchpointIsValid): >+ (JSC::arrayProtoFuncToString): >+ (JSC::arrayProtoFuncToLocaleString): >+ (JSC::ArrayPrototype::tryInitializeSpeciesWatchpoint): >+ * runtime/AsyncFunctionConstructor.cpp: >+ (JSC::callAsyncFunctionConstructor): >+ (JSC::constructAsyncFunctionConstructor): >+ * runtime/AsyncGeneratorFunctionConstructor.cpp: >+ (JSC::callAsyncGeneratorFunctionConstructor): >+ (JSC::constructAsyncGeneratorFunctionConstructor): >+ * runtime/BooleanConstructor.cpp: >+ (JSC::constructWithBooleanConstructor): >+ * runtime/ClonedArguments.cpp: >+ (JSC::ClonedArguments::createEmpty): >+ (JSC::ClonedArguments::createWithInlineFrame): >+ (JSC::ClonedArguments::createWithMachineFrame): >+ (JSC::ClonedArguments::createByCopyingFrom): >+ (JSC::ClonedArguments::getOwnPropertySlot): >+ (JSC::ClonedArguments::materializeSpecials): >+ * runtime/CommonSlowPaths.cpp: >+ (JSC::SLOW_PATH_DECL): >+ * runtime/CommonSlowPaths.h: >+ (JSC::CommonSlowPaths::tryCachePutToScopeGlobal): >+ (JSC::CommonSlowPaths::tryCacheGetFromScopeGlobal): >+ (JSC::CommonSlowPaths::canAccessArgumentIndexQuickly): >+ * runtime/ConstructData.cpp: >+ (JSC::construct): >+ * runtime/DateConstructor.cpp: >+ (JSC::constructWithDateConstructor): >+ * runtime/DatePrototype.cpp: >+ (JSC::dateProtoFuncToJSON): >+ * runtime/DirectArguments.cpp: >+ (JSC::DirectArguments::overrideThings): >+ * runtime/Error.cpp: >+ (JSC::getStackTrace): >+ * runtime/ErrorConstructor.cpp: >+ (JSC::Interpreter::constructWithErrorConstructor): >+ (JSC::Interpreter::callErrorConstructor): >+ * runtime/FunctionConstructor.cpp: >+ (JSC::constructWithFunctionConstructor): >+ (JSC::callFunctionConstructor): >+ * runtime/GeneratorFunctionConstructor.cpp: >+ (JSC::callGeneratorFunctionConstructor): >+ (JSC::constructGeneratorFunctionConstructor): >+ * runtime/GenericArgumentsInlines.h: >+ (JSC::GenericArguments<Type>::getOwnPropertySlot): >+ * runtime/InferredStructureWatchpoint.cpp: >+ (JSC::InferredStructureWatchpoint::fireInternal): >+ * runtime/InferredType.cpp: >+ (JSC::InferredType::removeStructure): >+ * runtime/InferredType.h: >+ * runtime/InferredTypeInlines.h: >+ (JSC::InferredType::finalizeUnconditionally): >+ * runtime/IntlCollator.cpp: >+ (JSC::IntlCollator::initializeCollator): >+ * runtime/IntlCollatorConstructor.cpp: >+ (JSC::IntlCollatorConstructorFuncSupportedLocalesOf): >+ * runtime/IntlCollatorPrototype.cpp: >+ (JSC::IntlCollatorPrototypeGetterCompare): >+ * runtime/IntlDateTimeFormat.cpp: >+ (JSC::IntlDateTimeFormat::initializeDateTimeFormat): >+ (JSC::IntlDateTimeFormat::formatToParts): >+ * runtime/IntlDateTimeFormatConstructor.cpp: >+ (JSC::IntlDateTimeFormatConstructorFuncSupportedLocalesOf): >+ * runtime/IntlDateTimeFormatPrototype.cpp: >+ (JSC::IntlDateTimeFormatPrototypeGetterFormat): >+ * runtime/IntlNumberFormat.cpp: >+ (JSC::IntlNumberFormat::initializeNumberFormat): >+ (JSC::IntlNumberFormat::formatToParts): >+ * runtime/IntlNumberFormatConstructor.cpp: >+ (JSC::IntlNumberFormatConstructorFuncSupportedLocalesOf): >+ * runtime/IntlNumberFormatPrototype.cpp: >+ (JSC::IntlNumberFormatPrototypeGetterFormat): >+ * runtime/IntlObject.cpp: >+ (JSC::canonicalizeLocaleList): >+ (JSC::defaultLocale): >+ (JSC::lookupSupportedLocales): >+ (JSC::intlObjectFuncGetCanonicalLocales): >+ * runtime/IntlPluralRules.cpp: >+ (JSC::IntlPluralRules::initializePluralRules): >+ (JSC::IntlPluralRules::resolvedOptions): >+ * runtime/IntlPluralRulesConstructor.cpp: >+ (JSC::IntlPluralRulesConstructorFuncSupportedLocalesOf): >+ * runtime/IteratorOperations.cpp: >+ (JSC::iteratorNext): >+ (JSC::iteratorClose): >+ (JSC::iteratorForIterable): >+ * runtime/JSArray.cpp: >+ (JSC::JSArray::shiftCountWithArrayStorage): >+ (JSC::JSArray::unshiftCountWithArrayStorage): >+ (JSC::JSArray::isIteratorProtocolFastAndNonObservable): >+ * runtime/JSArrayBufferConstructor.cpp: >+ (JSC::JSArrayBufferConstructor::finishCreation): >+ (JSC::constructArrayBuffer): >+ * runtime/JSArrayBufferPrototype.cpp: >+ (JSC::arrayBufferProtoFuncSlice): >+ * runtime/JSArrayBufferView.cpp: >+ (JSC::JSArrayBufferView::unsharedJSBuffer): >+ (JSC::JSArrayBufferView::possiblySharedJSBuffer): >+ * runtime/JSAsyncFunction.cpp: >+ (JSC::JSAsyncFunction::createImpl): >+ (JSC::JSAsyncFunction::create): >+ (JSC::JSAsyncFunction::createWithInvalidatedReallocationWatchpoint): >+ * runtime/JSAsyncGeneratorFunction.cpp: >+ (JSC::JSAsyncGeneratorFunction::createImpl): >+ (JSC::JSAsyncGeneratorFunction::create): >+ (JSC::JSAsyncGeneratorFunction::createWithInvalidatedReallocationWatchpoint): >+ * runtime/JSBoundFunction.cpp: >+ (JSC::boundThisNoArgsFunctionCall): >+ (JSC::boundFunctionCall): >+ (JSC::boundThisNoArgsFunctionConstruct): >+ (JSC::boundFunctionConstruct): >+ (JSC::getBoundFunctionStructure): >+ (JSC::JSBoundFunction::create): >+ (JSC::JSBoundFunction::boundArgsCopy): >+ * runtime/JSCJSValue.cpp: >+ (JSC::JSValue::putToPrimitive): >+ * runtime/JSCellInlines.h: >+ (JSC::JSCell::setStructure): >+ (JSC::JSCell::methodTable const): >+ (JSC::JSCell::toBoolean const): >+ * runtime/JSFunction.h: >+ (JSC::JSFunction::createImpl): >+ * runtime/JSGeneratorFunction.cpp: >+ (JSC::JSGeneratorFunction::createImpl): >+ (JSC::JSGeneratorFunction::create): >+ (JSC::JSGeneratorFunction::createWithInvalidatedReallocationWatchpoint): >+ * runtime/JSGenericTypedArrayViewConstructorInlines.h: >+ (JSC::constructGenericTypedArrayViewWithArguments): >+ (JSC::constructGenericTypedArrayView): >+ * runtime/JSGenericTypedArrayViewInlines.h: >+ (JSC::JSGenericTypedArrayView<Adaptor>::getOwnPropertySlotByIndex): >+ (JSC::JSGenericTypedArrayView<Adaptor>::putByIndex): >+ (JSC::JSGenericTypedArrayView<Adaptor>::deletePropertyByIndex): >+ (JSC::JSGenericTypedArrayView<Adaptor>::slowDownAndWasteMemory): >+ * runtime/JSGenericTypedArrayViewPrototypeFunctions.h: >+ (JSC::genericTypedArrayViewProtoFuncSlice): >+ (JSC::genericTypedArrayViewPrivateFuncSubarrayCreate): >+ * runtime/JSGlobalObject.cpp: >+ (JSC::JSGlobalObject::init): >+ (JSC::JSGlobalObject::exposeDollarVM): >+ (JSC::JSGlobalObject::finishCreation): >+ * runtime/JSGlobalObject.h: >+ * runtime/JSGlobalObjectFunctions.cpp: >+ (JSC::globalFuncEval): >+ * runtime/JSInternalPromise.cpp: >+ (JSC::JSInternalPromise::then): >+ * runtime/JSInternalPromiseConstructor.cpp: >+ (JSC::constructPromise): >+ * runtime/JSJob.cpp: >+ (JSC::JSJobMicrotask::run): >+ * runtime/JSLexicalEnvironment.cpp: >+ (JSC::JSLexicalEnvironment::getOwnPropertySlot): >+ (JSC::JSLexicalEnvironment::put): >+ * runtime/JSMap.cpp: >+ (JSC::JSMap::isIteratorProtocolFastAndNonObservable): >+ * runtime/JSMapIterator.cpp: >+ (JSC::JSMapIterator::createPair): >+ * runtime/JSModuleLoader.cpp: >+ (JSC::JSModuleLoader::provideFetch): >+ (JSC::JSModuleLoader::loadAndEvaluateModule): >+ (JSC::JSModuleLoader::loadModule): >+ (JSC::JSModuleLoader::linkAndEvaluateModule): >+ (JSC::JSModuleLoader::requestImportModule): >+ * runtime/JSONObject.cpp: >+ (JSC::JSONProtoFuncParse): >+ * runtime/JSObject.cpp: >+ (JSC::JSObject::putInlineSlow): >+ (JSC::JSObject::putByIndex): >+ (JSC::JSObject::notifyPresenceOfIndexedAccessors): >+ (JSC::JSObject::createInitialIndexedStorage): >+ (JSC::JSObject::createArrayStorage): >+ (JSC::JSObject::convertUndecidedToArrayStorage): >+ (JSC::JSObject::convertInt32ToArrayStorage): >+ (JSC::JSObject::convertDoubleToArrayStorage): >+ (JSC::JSObject::convertContiguousToArrayStorage): >+ (JSC::JSObject::convertFromCopyOnWrite): >+ (JSC::JSObject::ensureWritableInt32Slow): >+ (JSC::JSObject::ensureWritableDoubleSlow): >+ (JSC::JSObject::ensureWritableContiguousSlow): >+ (JSC::JSObject::ensureArrayStorageSlow): >+ (JSC::JSObject::setPrototypeDirect): >+ (JSC::JSObject::deleteProperty): >+ (JSC::callToPrimitiveFunction): >+ (JSC::JSObject::hasInstance): >+ (JSC::JSObject::getOwnNonIndexPropertyNames): >+ (JSC::JSObject::preventExtensions): >+ (JSC::JSObject::isExtensible): >+ (JSC::JSObject::reifyAllStaticProperties): >+ (JSC::JSObject::fillGetterPropertySlot): >+ (JSC::JSObject::defineOwnIndexedProperty): >+ (JSC::JSObject::putByIndexBeyondVectorLengthWithoutAttributes): >+ (JSC::JSObject::putByIndexBeyondVectorLengthWithArrayStorage): >+ (JSC::JSObject::putByIndexBeyondVectorLength): >+ (JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage): >+ (JSC::JSObject::putDirectIndexSlowOrBeyondVectorLength): >+ (JSC::JSObject::getNewVectorLength): >+ (JSC::JSObject::increaseVectorLength): >+ (JSC::JSObject::reallocateAndShrinkButterfly): >+ (JSC::JSObject::shiftButterflyAfterFlattening): >+ (JSC::JSObject::anyObjectInChainMayInterceptIndexedAccesses const): >+ (JSC::JSObject::prototypeChainMayInterceptStoreTo): >+ (JSC::JSObject::needsSlowPutIndexing const): >+ (JSC::JSObject::suggestedArrayStorageTransition const): >+ * runtime/JSObject.h: >+ (JSC::JSObject::mayInterceptIndexedAccesses): >+ (JSC::JSObject::hasIndexingHeader const): >+ (JSC::JSObject::hasCustomProperties): >+ (JSC::JSObject::hasGetterSetterProperties): >+ (JSC::JSObject::hasCustomGetterSetterProperties): >+ (JSC::JSObject::isExtensibleImpl): >+ (JSC::JSObject::isStructureExtensible): >+ (JSC::JSObject::indexingShouldBeSparse): >+ (JSC::JSObject::staticPropertiesReified): >+ (JSC::JSObject::globalObject const): >+ (JSC::JSObject::finishCreation): >+ (JSC::JSNonFinalObject::finishCreation): >+ (JSC::getCallData): >+ (JSC::getConstructData): >+ (JSC::JSObject::getOwnNonIndexPropertySlot): >+ (JSC::JSObject::putOwnDataProperty): >+ (JSC::JSObject::putOwnDataPropertyMayBeIndex): >+ (JSC::JSObject::butterflyPreCapacity): >+ (JSC::JSObject::butterflyTotalSize): >+ * runtime/JSObjectInlines.h: >+ (JSC::JSObject::putDirectInternal): >+ * runtime/JSPromise.cpp: >+ (JSC::JSPromise::initialize): >+ (JSC::JSPromise::resolve): >+ * runtime/JSPromiseConstructor.cpp: >+ (JSC::constructPromise): >+ * runtime/JSPromiseDeferred.cpp: >+ (JSC::newPromiseCapability): >+ (JSC::callFunction): >+ * runtime/JSScope.cpp: >+ (JSC::abstractAccess): >+ * runtime/JSScope.h: >+ (JSC::JSScope::globalObject): Deleted. >+ Remove this JSScope::globalObject function since it is completely the same to JSObject::globalObject(). >+ >+ * runtime/JSSet.cpp: >+ (JSC::JSSet::isIteratorProtocolFastAndNonObservable): >+ * runtime/JSSetIterator.cpp: >+ (JSC::JSSetIterator::createPair): >+ * runtime/JSStringIterator.cpp: >+ (JSC::JSStringIterator::clone): >+ * runtime/Lookup.cpp: >+ (JSC::reifyStaticAccessor): >+ (JSC::setUpStaticFunctionSlot): >+ * runtime/Lookup.h: >+ (JSC::getStaticPropertySlotFromTable): >+ (JSC::replaceStaticPropertySlot): >+ (JSC::reifyStaticProperty): >+ * runtime/MapConstructor.cpp: >+ (JSC::constructMap): >+ * runtime/NumberConstructor.cpp: >+ (JSC::NumberConstructor::finishCreation): >+ * runtime/ObjectConstructor.cpp: >+ (JSC::constructObject): >+ (JSC::objectConstructorAssign): >+ (JSC::toPropertyDescriptor): >+ * runtime/ObjectPrototype.cpp: >+ (JSC::objectProtoFuncDefineGetter): >+ (JSC::objectProtoFuncDefineSetter): >+ (JSC::objectProtoFuncToLocaleString): >+ * runtime/Operations.cpp: >+ (JSC::jsIsFunctionType): Deleted. >+ Replace it with JSValue::isFunction(VM&). >+ >+ * runtime/Operations.h: >+ * runtime/ProgramExecutable.cpp: >+ (JSC::ProgramExecutable::initializeGlobalProperties): >+ * runtime/RegExpConstructor.cpp: >+ (JSC::constructWithRegExpConstructor): >+ (JSC::callRegExpConstructor): >+ * runtime/SamplingProfiler.cpp: >+ (JSC::SamplingProfiler::processUnverifiedStackTraces): >+ (JSC::SamplingProfiler::StackFrame::nameFromCallee): >+ * runtime/ScopedArguments.cpp: >+ (JSC::ScopedArguments::overrideThings): >+ * runtime/ScriptExecutable.cpp: >+ (JSC::ScriptExecutable::newCodeBlockFor): >+ (JSC::ScriptExecutable::prepareForExecutionImpl): >+ * runtime/SetConstructor.cpp: >+ (JSC::constructSet): >+ * runtime/SparseArrayValueMap.cpp: >+ (JSC::SparseArrayValueMap::putEntry): >+ (JSC::SparseArrayValueMap::putDirect): >+ * runtime/StringConstructor.cpp: >+ (JSC::constructWithStringConstructor): >+ * runtime/StringPrototype.cpp: >+ (JSC::replaceUsingRegExpSearch): >+ (JSC::replaceUsingStringSearch): >+ (JSC::stringProtoFuncIterator): >+ * runtime/Structure.cpp: >+ (JSC::Structure::materializePropertyTable): >+ (JSC::Structure::willStoreValueSlow): >+ * runtime/StructureCache.cpp: >+ (JSC::StructureCache::emptyStructureForPrototypeFromBaseStructure): >+ * runtime/StructureInlines.h: >+ (JSC::Structure::get): >+ * runtime/WeakMapConstructor.cpp: >+ (JSC::constructWeakMap): >+ * runtime/WeakSetConstructor.cpp: >+ (JSC::constructWeakSet): >+ * tools/HeapVerifier.cpp: >+ (JSC::HeapVerifier::reportCell): >+ * tools/JSDollarVM.cpp: >+ (JSC::functionGlobalObjectForObject): >+ (JSC::JSDollarVM::finishCreation): >+ * wasm/js/JSWebAssemblyInstance.cpp: >+ (JSC::JSWebAssemblyInstance::finalizeCreation): >+ * wasm/js/WasmToJS.cpp: >+ (JSC::Wasm::handleBadI64Use): >+ (JSC::Wasm::wasmToJSException): >+ * wasm/js/WebAssemblyCompileErrorConstructor.cpp: >+ (JSC::constructJSWebAssemblyCompileError): >+ (JSC::callJSWebAssemblyCompileError): >+ * wasm/js/WebAssemblyLinkErrorConstructor.cpp: >+ (JSC::constructJSWebAssemblyLinkError): >+ (JSC::callJSWebAssemblyLinkError): >+ * wasm/js/WebAssemblyModuleRecord.cpp: >+ (JSC::WebAssemblyModuleRecord::evaluate): >+ * wasm/js/WebAssemblyPrototype.cpp: >+ (JSC::instantiate): >+ * wasm/js/WebAssemblyRuntimeErrorConstructor.cpp: >+ (JSC::constructJSWebAssemblyRuntimeError): >+ (JSC::callJSWebAssemblyRuntimeError): >+ * wasm/js/WebAssemblyToJSCallee.cpp: >+ (JSC::WebAssemblyToJSCallee::create): >+ > 2018-05-29 Yusuke Suzuki <utatane.tea@gmail.com> > > [Baseline] Merge loading functionalities >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index 06db959ebf4119790b56c71b9b5e283837eaf8f0..635ca9d1d90815720a72ea894975bcc7954c5dad 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,64 @@ >+2018-05-30 Yusuke Suzuki <utatane.tea@gmail.com> >+ >+ [JSC] Pass VM& parameter as much as possible >+ https://bugs.webkit.org/show_bug.cgi?id=186085 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ No behavior change. >+ >+ * bindings/js/JSCSSRuleListCustom.cpp: >+ (WebCore::JSCSSRuleListOwner::isReachableFromOpaqueRoots): >+ * bindings/js/JSCallbackData.cpp: >+ (WebCore::JSCallbackData::invokeCallback): >+ * bindings/js/JSCustomXPathNSResolver.cpp: >+ (WebCore::JSCustomXPathNSResolver::lookupNamespaceURI): >+ * bindings/js/JSDOMBuiltinConstructorBase.cpp: >+ (WebCore::JSDOMBuiltinConstructorBase::callFunctionWithCurrentArguments): >+ * bindings/js/JSDOMConvertScheduledAction.h: >+ (WebCore::Converter<IDLScheduledAction>::convert): >+ * bindings/js/JSDOMIterator.h: >+ (WebCore::iteratorForEach): >+ * bindings/js/JSDOMMapLike.cpp: >+ (WebCore::forwardFunctionCallToBackingMap): >+ (WebCore::forwardForEachCallToBackingMap): >+ * bindings/js/JSDOMPromise.cpp: >+ (WebCore::callFunction): >+ * bindings/js/JSDOMPromiseDeferred.cpp: >+ (WebCore::DeferredPromise::callFunction): >+ (WebCore::createRejectedPromiseWithTypeError): >+ * bindings/js/JSDeprecatedCSSOMValueCustom.cpp: >+ (WebCore::JSDeprecatedCSSOMValueOwner::isReachableFromOpaqueRoots): >+ * bindings/js/JSEventListener.cpp: >+ (WebCore::JSEventListener::handleEvent): >+ * bindings/js/JSNodeListCustom.cpp: >+ (WebCore::JSNodeListOwner::isReachableFromOpaqueRoots): >+ * bindings/js/JSPluginElementFunctions.cpp: >+ (WebCore::pluginElementCustomPut): >+ (WebCore::callPlugin): >+ * bindings/js/JSWindowProxy.cpp: >+ (WebCore::JSWindowProxy::setWindow): >+ * bindings/js/ReadableStream.cpp: >+ (WebCore::ReadableStreamInternal::callFunction): >+ * bindings/js/ReadableStreamDefaultController.cpp: >+ (WebCore::callFunction): >+ * bindings/js/ScheduledAction.cpp: >+ (WebCore::ScheduledAction::executeFunctionInContext): >+ * bindings/js/SerializedScriptValue.cpp: >+ (WebCore::CloneSerializer::getProperty): >+ (WebCore::CloneSerializer::serialize): >+ * bindings/js/StructuredClone.cpp: >+ (WebCore::structuredCloneArrayBufferView): >+ * bindings/js/WorkerScriptController.cpp: >+ (WebCore::WorkerScriptController::initScript): >+ * bridge/NP_jsobject.cpp: >+ * bridge/objc/WebScriptObject.mm: >+ (-[WebScriptObject callWebScriptMethod:withArguments:]): >+ * testing/Internals.cpp: >+ (WebCore::Internals::cloneArrayBuffer): >+ * testing/js/WebCoreTestSupport.cpp: >+ (WebCoreTestSupport::injectInternalsObject): >+ > 2018-05-29 Ryosuke Niwa <rniwa@webkit.org> > > iOS WK1: Occasional crash in sanitizedMarkupForFragmentInDocument >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index 5dcf71d5bd42f373fd0f2c20416434c5e8b66b20..c6efbf9e7a1f572bc0748a7b73362975f53932a5 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,15 @@ >+2018-05-30 Yusuke Suzuki <utatane.tea@gmail.com> >+ >+ [JSC] Pass VM& parameter as much as possible >+ https://bugs.webkit.org/show_bug.cgi?id=186085 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * WebProcess/Plugins/Netscape/NPJSObject.cpp: >+ (WebKit::NPJSObject::hasMethod): >+ (WebKit::NPJSObject::construct): >+ (WebKit::NPJSObject::invoke): >+ > 2018-05-28 Jeff Miller <jeffm@apple.com> > > Expose additional WKMenuItemIdentifier strings >diff --git a/Source/WebKitLegacy/mac/ChangeLog b/Source/WebKitLegacy/mac/ChangeLog >index e7785501b26e57c0a8f43376d6d9c9ab1316e8c1..3033c9b21a4c17db2779c5ef4462c0008a9b44d2 100644 >--- a/Source/WebKitLegacy/mac/ChangeLog >+++ b/Source/WebKitLegacy/mac/ChangeLog >@@ -1,3 +1,13 @@ >+2018-05-30 Yusuke Suzuki <utatane.tea@gmail.com> >+ >+ [JSC] Pass VM& parameter as much as possible >+ https://bugs.webkit.org/show_bug.cgi?id=186085 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * Plugins/Hosted/NetscapePluginInstanceProxy.mm: >+ (WebKit::NetscapePluginInstanceProxy::invoke): >+ > 2018-05-27 Dan Bernstein <mitz@apple.com> > > Reverted the changes made for https://webkit.org/b/186016 >diff --git a/Source/WebKitLegacy/win/ChangeLog b/Source/WebKitLegacy/win/ChangeLog >index 18b047d43da383a50c20bbc64d1e60519e68d14b..6d63e4d769202c18772aa9adf7c3beb458fffa1f 100644 >--- a/Source/WebKitLegacy/win/ChangeLog >+++ b/Source/WebKitLegacy/win/ChangeLog >@@ -1,3 +1,13 @@ >+2018-05-30 Yusuke Suzuki <utatane.tea@gmail.com> >+ >+ [JSC] Pass VM& parameter as much as possible >+ https://bugs.webkit.org/show_bug.cgi?id=186085 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * Plugins/PluginPackage.cpp: >+ (WebCore::NPN_Invoke): >+ > 2018-05-27 Fujii Hironori <Hironori.Fujii@sony.com> > > REGRESSION(r232198) [WinCairo] cannot convert from 'WTF::StringView' to 'const WTF::String' >diff --git a/Source/JavaScriptCore/API/APICast.h b/Source/JavaScriptCore/API/APICast.h >index 21f3a7de946096f0050c7230a4c6614ea94d347c..7d6d3f74904073762fb5bb72fc065692d2be500b 100644 >--- a/Source/JavaScriptCore/API/APICast.h >+++ b/Source/JavaScriptCore/API/APICast.h >@@ -83,7 +83,7 @@ inline JSC::JSValue toJS(JSC::ExecState* exec, JSValueRef v) > if (!result) > return JSC::jsNull(); > if (result.isCell()) >- RELEASE_ASSERT(result.asCell()->methodTable()); >+ RELEASE_ASSERT(result.asCell()->methodTable(exec->vm())); > return result; > } > >@@ -99,7 +99,7 @@ inline JSC::JSValue toJSForGC(JSC::ExecState* exec, JSValueRef v) > JSC::JSValue result = JSC::JSValue::decode(reinterpret_cast<JSC::EncodedJSValue>(const_cast<OpaqueJSValue*>(v))); > #endif > if (result && result.isCell()) >- RELEASE_ASSERT(result.asCell()->methodTable()); >+ RELEASE_ASSERT(result.asCell()->methodTable(exec->vm())); > return result; > } > >diff --git a/Source/JavaScriptCore/API/JSCallbackObjectFunctions.h b/Source/JavaScriptCore/API/JSCallbackObjectFunctions.h >index 0eeddebde86b454dce20fed363dbc066fd6c3345..f933a99e7b939c6cd1b5d9e2b004583b513a5539 100644 >--- a/Source/JavaScriptCore/API/JSCallbackObjectFunctions.h >+++ b/Source/JavaScriptCore/API/JSCallbackObjectFunctions.h >@@ -207,7 +207,7 @@ bool JSCallbackObject<Parent>::getOwnPropertySlot(JSObject* object, ExecState* e > template <class Parent> > bool JSCallbackObject<Parent>::getOwnPropertySlotByIndex(JSObject* object, ExecState* exec, unsigned propertyName, PropertySlot& slot) > { >- return object->methodTable()->getOwnPropertySlot(object, exec, Identifier::from(exec, propertyName), slot); >+ return object->methodTable(exec->vm())->getOwnPropertySlot(object, exec, Identifier::from(exec, propertyName), slot); > } > > template <class Parent> >@@ -414,7 +414,7 @@ template <class Parent> > bool JSCallbackObject<Parent>::deletePropertyByIndex(JSCell* cell, ExecState* exec, unsigned propertyName) > { > JSCallbackObject* thisObject = jsCast<JSCallbackObject*>(cell); >- return thisObject->methodTable()->deleteProperty(thisObject, exec, Identifier::from(exec, propertyName)); >+ return thisObject->methodTable(exec->vm())->deleteProperty(thisObject, exec, Identifier::from(exec, propertyName)); > } > > template <class Parent> >@@ -653,7 +653,7 @@ EncodedJSValue JSCallbackObject<Parent>::staticFunctionGetter(ExecState* exec, E > if (OpaqueJSClassStaticFunctionsTable* staticFunctions = jsClass->staticFunctions(exec)) { > if (StaticFunctionEntry* entry = staticFunctions->get(name)) { > if (JSObjectCallAsFunctionCallback callAsFunction = entry->callAsFunction) { >- JSObject* o = JSCallbackFunction::create(vm, thisObj->globalObject(), callAsFunction, name); >+ JSObject* o = JSCallbackFunction::create(vm, thisObj->globalObject(vm), callAsFunction, name); > thisObj->putDirect(vm, propertyName, o, entry->attributes); > return JSValue::encode(o); > } >diff --git a/Source/JavaScriptCore/API/JSObjectRef.cpp b/Source/JavaScriptCore/API/JSObjectRef.cpp >index 4f8868196a2b731af269d408aaf06214caec78d3..d80a070b7ab698fb48a710de5a763395bb49b207 100644 >--- a/Source/JavaScriptCore/API/JSObjectRef.cpp >+++ b/Source/JavaScriptCore/API/JSObjectRef.cpp >@@ -623,13 +623,16 @@ JSValueRef JSObjectCallAsFunction(JSContextRef ctx, JSObjectRef object, JSObject > return result; > } > >-bool JSObjectIsConstructor(JSContextRef, JSObjectRef object) >+bool JSObjectIsConstructor(JSContextRef ctx, JSObjectRef object) > { >+ ExecState* exec = toJS(ctx); >+ VM& vm = exec->vm(); >+ JSLockHolder locker(vm); > if (!object) > return false; > JSObject* jsObject = toJS(object); > ConstructData constructData; >- return jsObject->methodTable()->getConstructData(jsObject, constructData) != ConstructType::None; >+ return jsObject->methodTable(vm)->getConstructData(jsObject, constructData) != ConstructType::None; > } > > JSObjectRef JSObjectCallAsConstructor(JSContextRef ctx, JSObjectRef object, size_t argumentCount, const JSValueRef arguments[], JSValueRef* exception) >diff --git a/Source/JavaScriptCore/API/JSTypedArray.cpp b/Source/JavaScriptCore/API/JSTypedArray.cpp >index 4832597cb9b085f3000be15d3f2aae2b2d1a766a..45c47abc8c164bf59be8a9a104efeeaf751a4bc6 100644 >--- a/Source/JavaScriptCore/API/JSTypedArray.cpp >+++ b/Source/JavaScriptCore/API/JSTypedArray.cpp >@@ -301,7 +301,7 @@ JSObjectRef JSObjectGetTypedArrayBuffer(JSContextRef ctx, JSObjectRef objectRef, > JSObject* object = toJS(objectRef); > > if (JSArrayBufferView* typedArray = jsDynamicCast<JSArrayBufferView*>(vm, object)) >- return toRef(vm.m_typedArrayController->toJS(exec, typedArray->globalObject(), typedArray->possiblySharedBuffer())); >+ return toRef(vm.m_typedArrayController->toJS(exec, typedArray->globalObject(vm), typedArray->possiblySharedBuffer())); > > return nullptr; > } >diff --git a/Source/JavaScriptCore/API/JSValueRef.cpp b/Source/JavaScriptCore/API/JSValueRef.cpp >index 00bf061ada2d16c175874d8d8180693457fa9832..79559be907987151b2fa7d931264245188810fdc 100644 >--- a/Source/JavaScriptCore/API/JSValueRef.cpp >+++ b/Source/JavaScriptCore/API/JSValueRef.cpp >@@ -265,7 +265,7 @@ bool JSValueIsInstanceOfConstructor(JSContextRef ctx, JSValueRef value, JSObject > JSValue jsValue = toJS(exec, value); > > JSObject* jsConstructor = toJS(constructor); >- if (!jsConstructor->structure()->typeInfo().implementsHasInstance()) >+ if (!jsConstructor->structure(vm)->typeInfo().implementsHasInstance()) > return false; > bool result = jsConstructor->hasInstance(exec, jsValue); // false if an exception is thrown > handleExceptionIfNeeded(scope, exec, exception); >diff --git a/Source/JavaScriptCore/bindings/ScriptFunctionCall.cpp b/Source/JavaScriptCore/bindings/ScriptFunctionCall.cpp >index 4a70ad1397838da34ebb9836e5306ce7d0d963ed..44bff54fbddc46c19385b0c44322b5bfeae4d568 100644 >--- a/Source/JavaScriptCore/bindings/ScriptFunctionCall.cpp >+++ b/Source/JavaScriptCore/bindings/ScriptFunctionCall.cpp >@@ -115,7 +115,7 @@ JSValue ScriptFunctionCall::call(bool& hadException) > } > > CallData callData; >- CallType callType = getCallData(function, callData); >+ CallType callType = getCallData(vm, function, callData); > if (callType == CallType::None) > return { }; > >diff --git a/Source/JavaScriptCore/bindings/ScriptValue.cpp b/Source/JavaScriptCore/bindings/ScriptValue.cpp >index 10e4f95da9b823ecb60bd9aededd5faeb5b1e154..68c9ac2e75542978be7192f54309dc4f5fbc34ef 100644 >--- a/Source/JavaScriptCore/bindings/ScriptValue.cpp >+++ b/Source/JavaScriptCore/bindings/ScriptValue.cpp >@@ -76,10 +76,11 @@ static RefPtr<JSON::Value> jsToInspectorValue(ExecState& scriptState, JSValue va > } > return WTFMove(inspectorArray); > } >+ VM& vm = scriptState.vm(); > auto inspectorObject = JSON::Object::create(); > auto& object = *value.getObject(); >- PropertyNameArray propertyNames(&scriptState.vm(), PropertyNameMode::Strings, PrivateSymbolMode::Exclude); >- object.methodTable()->getOwnPropertyNames(&object, &scriptState, propertyNames, EnumerationMode()); >+ PropertyNameArray propertyNames(&vm, PropertyNameMode::Strings, PrivateSymbolMode::Exclude); >+ object.methodTable(vm)->getOwnPropertyNames(&object, &scriptState, propertyNames, EnumerationMode()); > for (auto& name : propertyNames) { > auto inspectorValue = jsToInspectorValue(scriptState, object.get(&scriptState, name), maxDepth); > if (!inspectorValue) >diff --git a/Source/JavaScriptCore/bytecode/AccessCase.cpp b/Source/JavaScriptCore/bytecode/AccessCase.cpp >index c2fbe337216f4b8fd96f2e7945cf57a1ba92a12f..f36c1fe248bdcaa31b967e19971464a250ac8b38 100644 >--- a/Source/JavaScriptCore/bytecode/AccessCase.cpp >+++ b/Source/JavaScriptCore/bytecode/AccessCase.cpp >@@ -650,7 +650,7 @@ void AccessCase::generateImpl(AccessGenerationState& state) > for (const ObjectPropertyCondition& condition : m_conditionSet) { > RELEASE_ASSERT(!m_polyProtoAccessChain); > >- Structure* structure = condition.object()->structure(); >+ Structure* structure = condition.object()->structure(vm); > > if (condition.isWatchableAssumingImpurePropertyWatchpoint()) { > structure->addTransitionWatchpoint(state.addWatchpoint(condition)); >@@ -710,7 +710,7 @@ void AccessCase::generateImpl(AccessGenerationState& state) > if (!hasAlternateBase()) > currStructure = structure(); > else >- currStructure = alternateBase()->structure(); >+ currStructure = alternateBase()->structure(vm); > currStructure->startWatchingPropertyForReplacements(vm, offset()); > } > >@@ -1239,7 +1239,7 @@ void AccessCase::generateImpl(AccessGenerationState& state) > if (!hasAlternateBase()) > currStructure = structure(); > else >- currStructure = alternateBase()->structure(); >+ currStructure = alternateBase()->structure(vm); > currStructure->startWatchingPropertyForReplacements(vm, offset()); > > this->as<IntrinsicGetterAccessCase>().emitIntrinsicGetter(state); >diff --git a/Source/JavaScriptCore/bytecode/CodeBlock.cpp b/Source/JavaScriptCore/bytecode/CodeBlock.cpp >index 8bd7fe7af83de12d9e19d2df40dbc3c474d1c37c..4ba3566deed895febdcd07ba0238d551bac8bee8 100644 >--- a/Source/JavaScriptCore/bytecode/CodeBlock.cpp >+++ b/Source/JavaScriptCore/bytecode/CodeBlock.cpp >@@ -360,7 +360,7 @@ void CodeBlock::finishCreation(VM& vm, CopyParsedBlockTag, CodeBlock& other) > CodeBlock::CodeBlock(VM* vm, Structure* structure, ScriptExecutable* ownerExecutable, UnlinkedCodeBlock* unlinkedCodeBlock, > JSScope* scope, RefPtr<SourceProvider>&& sourceProvider, unsigned sourceOffset, unsigned firstLineColumnOffset) > : JSCell(*vm, structure) >- , m_globalObject(*vm, this, scope->globalObject()) >+ , m_globalObject(*vm, this, scope->globalObject(*vm)) > , m_numCalleeLocals(unlinkedCodeBlock->m_numCalleeLocals) > , m_numVars(unlinkedCodeBlock->m_numVars) > , m_shouldAlwaysBeInlined(true) >diff --git a/Source/JavaScriptCore/bytecode/ObjectAllocationProfileInlines.h b/Source/JavaScriptCore/bytecode/ObjectAllocationProfileInlines.h >index 106dab1fc92bb96ef9003779eb38ebd4c9cc18ca..7021947cf7862ca9dbe23cdcbb4d7909322eb3e4 100644 >--- a/Source/JavaScriptCore/bytecode/ObjectAllocationProfileInlines.h >+++ b/Source/JavaScriptCore/bytecode/ObjectAllocationProfileInlines.h >@@ -144,12 +144,12 @@ ALWAYS_INLINE void ObjectAllocationProfile::initializeProfile(VM& vm, JSGlobalOb > > ALWAYS_INLINE unsigned ObjectAllocationProfile::possibleDefaultPropertyCount(VM& vm, JSObject* prototype) > { >- if (prototype == prototype->globalObject()->objectPrototype()) >+ if (prototype == prototype->globalObject(vm)->objectPrototype()) > return 0; > > size_t count = 0; > PropertyNameArray propertyNameArray(&vm, PropertyNameMode::StringsAndSymbols, PrivateSymbolMode::Include); >- prototype->structure()->getPropertyNamesFromStructure(vm, propertyNameArray, EnumerationMode()); >+ prototype->structure(vm)->getPropertyNamesFromStructure(vm, propertyNameArray, EnumerationMode()); > PropertyNameArrayData::PropertyNameVector& propertyNameVector = propertyNameArray.data()->propertyNameVector(); > for (size_t i = 0; i < propertyNameVector.size(); ++i) { > JSValue value = prototype->getDirect(vm, propertyNameVector[i]); >diff --git a/Source/JavaScriptCore/bytecode/ObjectPropertyConditionSet.cpp b/Source/JavaScriptCore/bytecode/ObjectPropertyConditionSet.cpp >index 9377195bc5259f588622f2c6911c88e047cfd562..1d9475cbc6d7d414455c845e221385a0be169728 100644 >--- a/Source/JavaScriptCore/bytecode/ObjectPropertyConditionSet.cpp >+++ b/Source/JavaScriptCore/bytecode/ObjectPropertyConditionSet.cpp >@@ -189,7 +189,7 @@ static const bool verbose = false; > ObjectPropertyCondition generateCondition( > VM& vm, JSCell* owner, JSObject* object, UniquedStringImpl* uid, PropertyCondition::Kind conditionKind) > { >- Structure* structure = object->structure(); >+ Structure* structure = object->structure(vm); > if (ObjectPropertyConditionSetInternal::verbose) > dataLog("Creating condition ", conditionKind, " for ", pointerDump(structure), "\n"); > >@@ -207,14 +207,14 @@ ObjectPropertyCondition generateCondition( > if (structure->hasPolyProto()) > return ObjectPropertyCondition(); > result = ObjectPropertyCondition::absence( >- vm, owner, object, uid, object->structure()->storedPrototypeObject()); >+ vm, owner, object, uid, object->structure(vm)->storedPrototypeObject()); > break; > } > case PropertyCondition::AbsenceOfSetEffect: { > if (structure->hasPolyProto()) > return ObjectPropertyCondition(); > result = ObjectPropertyCondition::absenceOfSetEffect( >- vm, owner, object, uid, object->structure()->storedPrototypeObject()); >+ vm, owner, object, uid, object->structure(vm)->storedPrototypeObject()); > break; > } > case PropertyCondition::Equivalence: { >@@ -411,7 +411,7 @@ ObjectPropertyConditionSet generateConditionsForInstanceOf( > } > conditions.append( > ObjectPropertyCondition::hasPrototype( >- vm, owner, object, object->structure()->storedPrototypeObject())); >+ vm, owner, object, object->structure(vm)->storedPrototypeObject())); > return true; > }); > if (result.isValid()) { >diff --git a/Source/JavaScriptCore/bytecode/PropertyCondition.cpp b/Source/JavaScriptCore/bytecode/PropertyCondition.cpp >index 7730f35012be8d115ad78f7e1bf274a5f16ee4cc..51d61c2173ab43a204e699a8ea93443acf71f7d0 100644 >--- a/Source/JavaScriptCore/bytecode/PropertyCondition.cpp >+++ b/Source/JavaScriptCore/bytecode/PropertyCondition.cpp >@@ -321,7 +321,7 @@ bool PropertyCondition::isWatchableWhenValid( > break; > case EnsureWatchability: > set = structure->ensurePropertyReplacementWatchpointSet( >- *Heap::heap(structure)->vm(), offset); >+ *structure->vm(), offset); > break; > } > >@@ -389,7 +389,7 @@ bool PropertyCondition::isValidValueForPresence(VM& vm, JSValue value) const > > PropertyCondition PropertyCondition::attemptToMakeEquivalenceWithoutBarrier(VM& vm, JSObject* base) const > { >- Structure* structure = base->structure(); >+ Structure* structure = base->structure(vm); > if (!structure->isValidOffset(offset())) > return PropertyCondition(); > JSValue value = base->getDirect(offset()); >diff --git a/Source/JavaScriptCore/bytecode/StructureStubClearingWatchpoint.cpp b/Source/JavaScriptCore/bytecode/StructureStubClearingWatchpoint.cpp >index f27e507b7eec24dfddfe40b3debf881182122ba3..3bd44532cd131efd6678774287c0c9ef31b44a7d 100644 >--- a/Source/JavaScriptCore/bytecode/StructureStubClearingWatchpoint.cpp >+++ b/Source/JavaScriptCore/bytecode/StructureStubClearingWatchpoint.cpp >@@ -59,14 +59,14 @@ void StructureStubClearingWatchpoint::fireInternal(const FireDetail&) > return; > } > >+ VM& vm = *m_key.object()->vm(); > if (m_key.kind() == PropertyCondition::Presence) { > // If this was a presence condition, let's watch the property for replacements. This is profitable > // for the DFG, which will want the replacement set to be valid in order to do constant folding. >- VM& vm = *Heap::heap(m_key.object())->vm(); >- m_key.object()->structure()->startWatchingPropertyForReplacements(vm, m_key.offset()); >+ m_key.object()->structure(vm)->startWatchingPropertyForReplacements(vm, m_key.offset()); > } > >- m_key.object()->structure()->addTransitionWatchpoint(this); >+ m_key.object()->structure(vm)->addTransitionWatchpoint(this); > } > > WatchpointsOnStructureStubInfo::~WatchpointsOnStructureStubInfo() >diff --git a/Source/JavaScriptCore/debugger/Debugger.cpp b/Source/JavaScriptCore/debugger/Debugger.cpp >index bcbabab55caf2a0d139d50c3c1605f3c5953a1ed..b6570bfadcac2dd3dfd426b757e0ef20425b8ec2 100644 >--- a/Source/JavaScriptCore/debugger/Debugger.cpp >+++ b/Source/JavaScriptCore/debugger/Debugger.cpp >@@ -173,7 +173,8 @@ void Debugger::detach(JSGlobalObject* globalObject, ReasonForDetach reason) > // stack, since we won't get further debugger callbacks to do so. Also, resume execution, > // since there's no point in staying paused once a window closes. > // We know there is an entry scope, otherwise, m_currentCallFrame would be null. >- if (m_isPaused && m_currentCallFrame && globalObject->vm().entryScope->globalObject() == globalObject) { >+ VM& vm = globalObject->vm(); >+ if (m_isPaused && m_currentCallFrame && vm.entryScope->globalObject() == globalObject) { > m_currentCallFrame = nullptr; > m_pauseOnCallFrame = nullptr; > continueProgram(); >diff --git a/Source/JavaScriptCore/debugger/DebuggerScope.cpp b/Source/JavaScriptCore/debugger/DebuggerScope.cpp >index 5d67efdad8cd7b1609563baaf292215871fd41de..55136ff462618650d0701527c7ceebd6956c26bd 100644 >--- a/Source/JavaScriptCore/debugger/DebuggerScope.cpp >+++ b/Source/JavaScriptCore/debugger/DebuggerScope.cpp >@@ -38,7 +38,7 @@ const ClassInfo DebuggerScope::s_info = { "DebuggerScope", &Base::s_info, nullpt > > DebuggerScope* DebuggerScope::create(VM& vm, JSScope* scope) > { >- Structure* structure = scope->globalObject()->debuggerScopeStructure(); >+ Structure* structure = scope->globalObject(vm)->debuggerScopeStructure(); > DebuggerScope* debuggerScope = new (NotNull, allocateCell<DebuggerScope>(vm.heap)) DebuggerScope(vm, structure, scope); > debuggerScope->finishCreation(vm); > return debuggerScope; >@@ -114,7 +114,7 @@ bool DebuggerScope::put(JSCell* cell, ExecState* exec, PropertyName propertyName > return false; > JSObject* thisObject = JSScope::objectAtScope(scope->jsScope()); > slot.setThisValue(JSValue(thisObject)); >- return thisObject->methodTable()->put(thisObject, exec, propertyName, value, slot); >+ return thisObject->methodTable(exec->vm())->put(thisObject, exec, propertyName, value, slot); > } > > bool DebuggerScope::deleteProperty(JSCell* cell, ExecState* exec, PropertyName propertyName) >@@ -124,7 +124,7 @@ bool DebuggerScope::deleteProperty(JSCell* cell, ExecState* exec, PropertyName p > if (!scope->isValid()) > return false; > JSObject* thisObject = JSScope::objectAtScope(scope->jsScope()); >- return thisObject->methodTable()->deleteProperty(thisObject, exec, propertyName); >+ return thisObject->methodTable(exec->vm())->deleteProperty(thisObject, exec, propertyName); > } > > void DebuggerScope::getOwnPropertyNames(JSObject* object, ExecState* exec, PropertyNameArray& propertyNames, EnumerationMode mode) >@@ -134,7 +134,7 @@ void DebuggerScope::getOwnPropertyNames(JSObject* object, ExecState* exec, Prope > if (!scope->isValid()) > return; > JSObject* thisObject = JSScope::objectAtScope(scope->jsScope()); >- thisObject->methodTable()->getPropertyNames(thisObject, exec, propertyNames, mode); >+ thisObject->methodTable(exec->vm())->getPropertyNames(thisObject, exec, propertyNames, mode); > } > > bool DebuggerScope::defineOwnProperty(JSObject* object, ExecState* exec, PropertyName propertyName, const PropertyDescriptor& descriptor, bool shouldThrow) >@@ -144,7 +144,7 @@ bool DebuggerScope::defineOwnProperty(JSObject* object, ExecState* exec, Propert > if (!scope->isValid()) > return false; > JSObject* thisObject = JSScope::objectAtScope(scope->jsScope()); >- return thisObject->methodTable()->defineOwnProperty(thisObject, exec, propertyName, descriptor, shouldThrow); >+ return thisObject->methodTable(exec->vm())->defineOwnProperty(thisObject, exec, propertyName, descriptor, shouldThrow); > } > > DebuggerScope* DebuggerScope::next() >diff --git a/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h b/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h >index a1a8349c73bb5dc8712dfffaf673dd6e1a6a20d4..8b60ad98fc9727604909ddf65586de3c4a4405b7 100644 >--- a/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h >+++ b/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h >@@ -1244,7 +1244,7 @@ bool AbstractInterpreter<AbstractStateType>::executeEffects(unsigned clobberLimi > case IsUndefined: > setConstant(node, jsBoolean( > child.value().isCell() >- ? child.value().asCell()->structure()->masqueradesAsUndefined(m_codeBlock->globalObjectFor(node->origin.semantic)) >+ ? child.value().asCell()->structure(m_vm)->masqueradesAsUndefined(m_codeBlock->globalObjectFor(node->origin.semantic)) > : child.value().isUndefined())); > break; > case IsBoolean: >@@ -1265,7 +1265,7 @@ bool AbstractInterpreter<AbstractStateType>::executeEffects(unsigned clobberLimi > if (object->type() == JSFunctionType) > setConstant(node, jsBoolean(false)); > else if (!(object->inlineTypeFlags() & OverridesGetCallData)) >- setConstant(node, jsBoolean(!child.value().asCell()->structure()->masqueradesAsUndefined(m_codeBlock->globalObjectFor(node->origin.semantic)))); >+ setConstant(node, jsBoolean(!child.value().asCell()->structure(m_vm)->masqueradesAsUndefined(m_codeBlock->globalObjectFor(node->origin.semantic)))); > else { > // FIXME: This could just call getCallData. > // https://bugs.webkit.org/show_bug.cgi?id=144457 >@@ -2533,7 +2533,7 @@ bool AbstractInterpreter<AbstractStateType>::executeEffects(unsigned clobberLimi > case GetGlobalObject: { > JSValue child = forNode(node->child1()).value(); > if (child) { >- setConstant(node, *m_graph.freeze(JSValue(asObject(child)->globalObject()))); >+ setConstant(node, *m_graph.freeze(JSValue(asObject(child)->globalObject(m_vm)))); > break; > } > >diff --git a/Source/JavaScriptCore/dfg/DFGAbstractValue.cpp b/Source/JavaScriptCore/dfg/DFGAbstractValue.cpp >index 936a977ac59edb10a69a9fd07e61e6c3723c2ea2..b11fe3e7be183b8b224a856b5a751643d234f8ee 100644 >--- a/Source/JavaScriptCore/dfg/DFGAbstractValue.cpp >+++ b/Source/JavaScriptCore/dfg/DFGAbstractValue.cpp >@@ -239,7 +239,7 @@ bool AbstractValue::mergeOSREntryValue(Graph& graph, JSValue value) > } else { > mergeSpeculation(m_type, speculationFromValue(value)); > if (!!value && value.isCell()) { >- RegisteredStructure structure = graph.registerStructure(value.asCell()->structure()); >+ RegisteredStructure structure = graph.registerStructure(value.asCell()->structure(graph.m_vm)); > mergeArrayModes(m_arrayModes, asArrayModes(structure->indexingType())); > m_structure.merge(RegisteredStructureSet(structure)); > } >diff --git a/Source/JavaScriptCore/dfg/DFGArgumentsEliminationPhase.cpp b/Source/JavaScriptCore/dfg/DFGArgumentsEliminationPhase.cpp >index a3d04adf37bff8b42c91d4078c97b39687918c49..968498dd580cbd137c50f0052090d6f1783e0542 100644 >--- a/Source/JavaScriptCore/dfg/DFGArgumentsEliminationPhase.cpp >+++ b/Source/JavaScriptCore/dfg/DFGArgumentsEliminationPhase.cpp >@@ -252,7 +252,7 @@ class ArgumentsEliminationPhase : public Phase { > // If we're out-of-bounds then we proceed only if the prototype chain > // for the allocation is sane (i.e. doesn't have indexed properties). > JSGlobalObject* globalObject = m_graph.globalObjectFor(edge->origin.semantic); >- Structure* objectPrototypeStructure = globalObject->objectPrototype()->structure(); >+ Structure* objectPrototypeStructure = globalObject->objectPrototype()->structure(m_graph.m_vm); > if (objectPrototypeStructure->transitionWatchpointSetIsStillValid() > && globalObject->objectPrototypeIsSane()) { > m_graph.registerAndWatchStructureTransition(objectPrototypeStructure); >@@ -275,9 +275,9 @@ class ArgumentsEliminationPhase : public Phase { > // If we're out-of-bounds then we proceed only if the prototype chain > // for the allocation is sane (i.e. doesn't have indexed properties). > JSGlobalObject* globalObject = m_graph.globalObjectFor(edge->origin.semantic); >- Structure* objectPrototypeStructure = globalObject->objectPrototype()->structure(); >+ Structure* objectPrototypeStructure = globalObject->objectPrototype()->structure(m_graph.m_vm); > if (edge->op() == CreateRest) { >- Structure* arrayPrototypeStructure = globalObject->arrayPrototype()->structure(); >+ Structure* arrayPrototypeStructure = globalObject->arrayPrototype()->structure(m_graph.m_vm); > if (arrayPrototypeStructure->transitionWatchpointSetIsStillValid() > && objectPrototypeStructure->transitionWatchpointSetIsStillValid() > && globalObject->arrayPrototypeChainIsSane()) { >diff --git a/Source/JavaScriptCore/dfg/DFGArrayMode.cpp b/Source/JavaScriptCore/dfg/DFGArrayMode.cpp >index 0e88d2a36fb47d8306222bcc90441b6b305e157b..1baa62a922ad745c6424af6ee6952cbf9e41de2a 100644 >--- a/Source/JavaScriptCore/dfg/DFGArrayMode.cpp >+++ b/Source/JavaScriptCore/dfg/DFGArrayMode.cpp >@@ -239,8 +239,8 @@ ArrayMode ArrayMode::refine( > // If we have an OriginalArray and the JSArray prototype chain is sane, > // any indexed access always return undefined. We have a fast path for that. > JSGlobalObject* globalObject = graph.globalObjectFor(node->origin.semantic); >- Structure* arrayPrototypeStructure = globalObject->arrayPrototype()->structure(); >- Structure* objectPrototypeStructure = globalObject->objectPrototype()->structure(); >+ Structure* arrayPrototypeStructure = globalObject->arrayPrototype()->structure(graph.m_vm); >+ Structure* objectPrototypeStructure = globalObject->objectPrototype()->structure(graph.m_vm); > if ((node->op() == GetByVal || canBecomeGetArrayLength(graph, node)) > && arrayClass() == Array::OriginalArray > && !graph.hasExitSite(node->origin.semantic, OutOfBounds) >diff --git a/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp b/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp >index 7442b815707b837b816ba8aa96eeb766a8245ca4..966644062310024059e384840894557efea5f805 100644 >--- a/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp >+++ b/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp >@@ -2264,8 +2264,8 @@ bool ByteCodeParser::handleIntrinsicCall(Node* callee, int resultOperand, Intrin > case Array::Contiguous: { > JSGlobalObject* globalObject = m_graph.globalObjectFor(currentNodeOrigin().semantic); > >- Structure* arrayPrototypeStructure = globalObject->arrayPrototype()->structure(); >- Structure* objectPrototypeStructure = globalObject->objectPrototype()->structure(); >+ Structure* arrayPrototypeStructure = globalObject->arrayPrototype()->structure(*m_vm); >+ Structure* objectPrototypeStructure = globalObject->objectPrototype()->structure(*m_vm); > > // FIXME: We could easily relax the Array/Object.prototype transition as long as we OSR exitted if we saw a hole. > // https://bugs.webkit.org/show_bug.cgi?id=173171 >@@ -2354,8 +2354,8 @@ bool ByteCodeParser::handleIntrinsicCall(Node* callee, int resultOperand, Intrin > case Array::Contiguous: { > JSGlobalObject* globalObject = m_graph.globalObjectFor(currentNodeOrigin().semantic); > >- Structure* arrayPrototypeStructure = globalObject->arrayPrototype()->structure(); >- Structure* objectPrototypeStructure = globalObject->objectPrototype()->structure(); >+ Structure* arrayPrototypeStructure = globalObject->arrayPrototype()->structure(*m_vm); >+ Structure* objectPrototypeStructure = globalObject->objectPrototype()->structure(*m_vm); > > // FIXME: We could easily relax the Array/Object.prototype transition as long as we OSR exitted if we saw a hole. > // https://bugs.webkit.org/show_bug.cgi?id=173171 >@@ -3388,7 +3388,7 @@ bool ByteCodeParser::handleTypedArrayConstructor( > if (function->classInfo() != constructorClassInfoForType(type)) > return false; > >- if (function->globalObject() != m_inlineStackTop->m_codeBlock->globalObject()) >+ if (function->globalObject(*m_vm) != m_inlineStackTop->m_codeBlock->globalObject()) > return false; > > // We only have an intrinsic for the case where you say: >@@ -3425,7 +3425,7 @@ bool ByteCodeParser::handleTypedArrayConstructor( > if (argumentCountIncludingThis != 2) > return false; > >- if (!function->globalObject()->typedArrayStructureConcurrently(type)) >+ if (!function->globalObject(*m_vm)->typedArrayStructureConcurrently(type)) > return false; > > insertChecks(); >@@ -3456,7 +3456,7 @@ bool ByteCodeParser::handleConstantInternalFunction( > } > > if (function->classInfo() == ArrayConstructor::info()) { >- if (function->globalObject() != m_inlineStackTop->m_codeBlock->globalObject()) >+ if (function->globalObject(*m_vm) != m_inlineStackTop->m_codeBlock->globalObject()) > return false; > > insertChecks(); >@@ -3497,7 +3497,7 @@ bool ByteCodeParser::handleConstantInternalFunction( > result = addToGraph(CallStringConstructor, get(virtualRegisterForArgument(1, registerOffset))); > > if (kind == CodeForConstruct) >- result = addToGraph(NewStringObject, OpInfo(m_graph.registerStructure(function->globalObject()->stringObjectStructure())), result); >+ result = addToGraph(NewStringObject, OpInfo(m_graph.registerStructure(function->globalObject(*m_vm)->stringObjectStructure())), result); > > set(VirtualRegister(resultOperand), result); > return true; >@@ -3509,9 +3509,9 @@ bool ByteCodeParser::handleConstantInternalFunction( > > Node* result; > if (argumentCountIncludingThis <= 1) >- result = addToGraph(NewObject, OpInfo(m_graph.registerStructure(function->globalObject()->objectStructureForObjectConstructor()))); >+ result = addToGraph(NewObject, OpInfo(m_graph.registerStructure(function->globalObject(*m_vm)->objectStructureForObjectConstructor()))); > else >- result = addToGraph(CallObjectConstructor, OpInfo(m_graph.freeze(function->globalObject())), OpInfo(prediction), get(virtualRegisterForArgument(1, registerOffset))); >+ result = addToGraph(CallObjectConstructor, OpInfo(m_graph.freeze(function->globalObject(*m_vm))), OpInfo(prediction), get(virtualRegisterForArgument(1, registerOffset))); > set(VirtualRegister(resultOperand), result); > return true; > } >@@ -3577,7 +3577,7 @@ bool ByteCodeParser::check(const ObjectPropertyCondition& condition) > if (m_graph.watchCondition(condition)) > return true; > >- Structure* structure = condition.object()->structure(); >+ Structure* structure = condition.object()->structure(*m_vm); > if (!condition.structureEnsuresValidity(structure)) > return false; > >diff --git a/Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp b/Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp >index d214df7b052e3b57dae7750d6e01eec6b53ac8fe..99976e00254c7ba5f7900dcc59c4fce6358ca805 100644 >--- a/Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp >+++ b/Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp >@@ -622,7 +622,7 @@ class ConstantFoldingPhase : public Phase { > if (m_graph.watchCondition(condition)) > continue; > >- Structure* structure = condition.object()->structure(); >+ Structure* structure = condition.object()->structure(m_graph.m_vm); > if (!condition.structureEnsuresValidity(structure)) { > allGood = false; > break; >@@ -1149,7 +1149,7 @@ class ConstantFoldingPhase : public Phase { > { > { > StructureRegistrationResult result; >- m_graph.registerStructure(cell->structure(), result); >+ m_graph.registerStructure(cell->structure(m_graph.m_vm), result); > if (result == StructureRegisteredAndWatched) > return; > } >diff --git a/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp b/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp >index 5dc859675dfe753b6cc842136acc2ff112966a5b..19346e0a37e162d33993f31088724c869c7c1312 100644 >--- a/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp >+++ b/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp >@@ -714,8 +714,8 @@ class FixupPhase : public Phase { > > if (canDoSaneChain) { > JSGlobalObject* globalObject = m_graph.globalObjectFor(node->origin.semantic); >- Structure* arrayPrototypeStructure = globalObject->arrayPrototype()->structure(); >- Structure* objectPrototypeStructure = globalObject->objectPrototype()->structure(); >+ Structure* arrayPrototypeStructure = globalObject->arrayPrototype()->structure(vm()); >+ Structure* objectPrototypeStructure = globalObject->objectPrototype()->structure(vm()); > if (arrayPrototypeStructure->transitionWatchpointSetIsStillValid() > && objectPrototypeStructure->transitionWatchpointSetIsStillValid() > && globalObject->arrayPrototypeChainIsSane()) { >@@ -1184,8 +1184,8 @@ class FixupPhase : public Phase { > // When we go down the fast path, we don't consult the prototype chain, so we must prove > // that it doesn't contain any indexed properties, and that any holes will result in > // jsUndefined(). >- Structure* arrayPrototypeStructure = globalObject->arrayPrototype()->structure(); >- Structure* objectPrototypeStructure = globalObject->objectPrototype()->structure(); >+ Structure* arrayPrototypeStructure = globalObject->arrayPrototype()->structure(vm()); >+ Structure* objectPrototypeStructure = globalObject->objectPrototype()->structure(vm()); > if (node->child1()->shouldSpeculateArray() > && arrayPrototypeStructure->transitionWatchpointSetIsStillValid() > && objectPrototypeStructure->transitionWatchpointSetIsStillValid() >diff --git a/Source/JavaScriptCore/dfg/DFGGraph.cpp b/Source/JavaScriptCore/dfg/DFGGraph.cpp >index e17ac7d0fa9802df69fbd2e45d6b29618a82b3f2..dcbc2d1293a44610827c82a21ff5e6a320a5e71f 100644 >--- a/Source/JavaScriptCore/dfg/DFGGraph.cpp >+++ b/Source/JavaScriptCore/dfg/DFGGraph.cpp >@@ -1274,7 +1274,7 @@ JSValue Graph::tryGetConstantProperty( > // incompatible with the getDirect we're trying to do. The easiest way to do that is to > // determine if the structure belongs to the proven set. > >- if (!structureSet.toStructureSet().contains(object->structure())) >+ if (!structureSet.toStructureSet().contains(object->structure(m_vm))) > return JSValue(); > > return object->getDirect(offset); >diff --git a/Source/JavaScriptCore/dfg/DFGOperations.cpp b/Source/JavaScriptCore/dfg/DFGOperations.cpp >index e08d2e919731ea036f73885a00b3145de34170a9..7777368d6babb7683fe2fef3d4d59527e2eaa074 100644 >--- a/Source/JavaScriptCore/dfg/DFGOperations.cpp >+++ b/Source/JavaScriptCore/dfg/DFGOperations.cpp >@@ -1517,8 +1517,8 @@ JSCell* JIT_OPERATION operationNewArrayBuffer(ExecState* exec, Structure* arrayS > auto* immutableButterfly = jsCast<JSImmutableButterfly*>(immutableButterflyCell); > ASSERT(arrayStructure->indexingMode() == immutableButterfly->indexingMode() || hasAnyArrayStorage(arrayStructure->indexingMode())); > auto* result = CommonSlowPaths::allocateNewArrayBuffer(vm, arrayStructure, immutableButterfly); >- ASSERT(result->indexingMode() == result->structure()->indexingMode()); >- ASSERT(result->structure() == arrayStructure); >+ ASSERT(result->indexingMode() == result->structure(vm)->indexingMode()); >+ ASSERT(result->structure(vm) == arrayStructure); > return result; > } > >@@ -1838,7 +1838,7 @@ char* JIT_OPERATION operationAllocateComplexPropertyStorageWithInitialCapacity(E > VM& vm = exec->vm(); > NativeCallFrameTracer tracer(&vm, exec); > >- ASSERT(!object->structure()->outOfLineCapacity()); >+ ASSERT(!object->structure(vm)->outOfLineCapacity()); > return reinterpret_cast<char*>( > object->allocateMoreOutOfLineStorage(vm, 0, initialOutOfLineCapacity)); > } >@@ -1849,7 +1849,7 @@ char* JIT_OPERATION operationAllocateComplexPropertyStorage(ExecState* exec, JSO > NativeCallFrameTracer tracer(&vm, exec); > > return reinterpret_cast<char*>( >- object->allocateMoreOutOfLineStorage(vm, object->structure()->outOfLineCapacity(), newSize)); >+ object->allocateMoreOutOfLineStorage(vm, object->structure(vm)->outOfLineCapacity(), newSize)); > } > > char* JIT_OPERATION operationEnsureInt32(ExecState* exec, JSCell* cell) >@@ -2587,7 +2587,7 @@ JSCell* JIT_OPERATION operationSpreadGeneric(ExecState* exec, JSCell* iterable) > { > JSFunction* iterationFunction = globalObject->iteratorProtocolFunction(); > CallData callData; >- CallType callType = JSC::getCallData(iterationFunction, callData); >+ CallType callType = JSC::getCallData(vm, iterationFunction, callData); > ASSERT(callType != CallType::None); > > MarkedArgumentBuffer arguments; >diff --git a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp >index 42f05467b166426325dc12d90ad6fb6b54e911b2..4a9985e6e01bcb7600544d59cc2d8aa76d5731bd 100644 >--- a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp >+++ b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp >@@ -2221,8 +2221,8 @@ void SpeculativeJIT::compileGetByValOnString(Node* node) > // on a stringPrototypeChainIsSane() guaranteeing that the prototypes have no negative > // indexed properties either. > // https://bugs.webkit.org/show_bug.cgi?id=144668 >- m_jit.graph().registerAndWatchStructureTransition(globalObject->stringPrototype()->structure()); >- m_jit.graph().registerAndWatchStructureTransition(globalObject->objectPrototype()->structure()); >+ m_jit.graph().registerAndWatchStructureTransition(globalObject->stringPrototype()->structure(*m_jit.vm())); >+ m_jit.graph().registerAndWatchStructureTransition(globalObject->objectPrototype()->structure(*m_jit.vm())); > prototypeChainIsSane = globalObject->stringPrototypeChainIsSane(); > } > if (prototypeChainIsSane) { >diff --git a/Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp b/Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp >index 5c1c97d3da4571690de46910be9587c41a2b5170..2e98b82d84e2f07042b2f13fae705881516b5e92 100644 >--- a/Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp >+++ b/Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp >@@ -452,7 +452,7 @@ class StrengthReductionPhase : public Phase { > > case GetGlobalObject: { > if (JSObject* object = m_node->child1()->dynamicCastConstant<JSObject*>(vm())) { >- m_graph.convertToConstant(m_node, object->globalObject()); >+ m_graph.convertToConstant(m_node, object->globalObject(vm())); > m_changed = true; > break; > } >diff --git a/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp b/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp >index cca064a673d503b91b4352fc538e4a0d13f5c418..c603a2aeb3c521db06a17aa76de229123c5218f8 100644 >--- a/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp >+++ b/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp >@@ -6313,8 +6313,8 @@ class LowerDFGToB3 { > // SaneChainOutOfBounds. > // https://bugs.webkit.org/show_bug.cgi?id=144668 > >- m_graph.registerAndWatchStructureTransition(globalObject->stringPrototype()->structure()); >- m_graph.registerAndWatchStructureTransition(globalObject->objectPrototype()->structure()); >+ m_graph.registerAndWatchStructureTransition(globalObject->stringPrototype()->structure(vm())); >+ m_graph.registerAndWatchStructureTransition(globalObject->objectPrototype()->structure(vm())); > > prototypeChainIsSane = globalObject->stringPrototypeChainIsSane(); > } >diff --git a/Source/JavaScriptCore/ftl/FTLOperations.cpp b/Source/JavaScriptCore/ftl/FTLOperations.cpp >index a77655ba24b03682560f178f9a02f47f5823384d..b016e188aded9a9d5282b5f50c9f2eede3ba39c7 100644 >--- a/Source/JavaScriptCore/ftl/FTLOperations.cpp >+++ b/Source/JavaScriptCore/ftl/FTLOperations.cpp >@@ -61,7 +61,7 @@ extern "C" void JIT_OPERATION operationPopulateObjectInOSR( > switch (materialization->type()) { > case PhantomNewObject: { > JSFinalObject* object = jsCast<JSFinalObject*>(JSValue::decode(*encodedValue)); >- Structure* structure = object->structure(); >+ Structure* structure = object->structure(vm); > > // Figure out what the heck to populate the object with. Use > // getPropertiesConcurrently() because that happens to be >diff --git a/Source/JavaScriptCore/inspector/InjectedScriptManager.cpp b/Source/JavaScriptCore/inspector/InjectedScriptManager.cpp >index fe1133c7feb5edabc4c36a85e0a205a4b00ce62b..f5ac4de08cf39f3149402482526bf519d89428f1 100644 >--- a/Source/JavaScriptCore/inspector/InjectedScriptManager.cpp >+++ b/Source/JavaScriptCore/inspector/InjectedScriptManager.cpp >@@ -150,7 +150,7 @@ JSC::JSObject* InjectedScriptManager::createInjectedScript(const String& source, > return nullptr; > > CallData callData; >- CallType callType = getCallData(functionValue, callData); >+ CallType callType = getCallData(vm, functionValue, callData); > if (callType == CallType::None) > return nullptr; > >diff --git a/Source/JavaScriptCore/inspector/JSJavaScriptCallFrame.cpp b/Source/JavaScriptCore/inspector/JSJavaScriptCallFrame.cpp >index 093cd4a4993a359b1e284b008d67eb394b0f4397..a400425b851c787a18c6357d115937b718e9b933 100644 >--- a/Source/JavaScriptCore/inspector/JSJavaScriptCallFrame.cpp >+++ b/Source/JavaScriptCore/inspector/JSJavaScriptCallFrame.cpp >@@ -155,7 +155,7 @@ JSValue JSJavaScriptCallFrame::scopeDescriptions(ExecState* exec) > > JSValue JSJavaScriptCallFrame::caller(ExecState* exec) const > { >- return toJS(exec, globalObject(), impl().caller()); >+ return toJS(exec, globalObject(exec->vm()), impl().caller()); > } > > JSValue JSJavaScriptCallFrame::sourceID(ExecState*) const >@@ -203,7 +203,7 @@ JSValue JSJavaScriptCallFrame::scopeChain(ExecState* exec) const > return { }; > } > >- return constructArray(exec, nullptr, globalObject(), list); >+ return constructArray(exec, nullptr, globalObject(vm), list); > } > > JSValue JSJavaScriptCallFrame::thisObject(ExecState*) const >diff --git a/Source/JavaScriptCore/interpreter/CallFrame.cpp b/Source/JavaScriptCore/interpreter/CallFrame.cpp >index 559704f55583bc75277ce09d2ddfd5a7a1f729f3..2b631e205f63ad6d8d352d4af25f601e3aeb54fa 100644 >--- a/Source/JavaScriptCore/interpreter/CallFrame.cpp >+++ b/Source/JavaScriptCore/interpreter/CallFrame.cpp >@@ -220,7 +220,7 @@ JSGlobalObject* CallFrame::wasmAwareLexicalGlobalObject(VM& vm) > #if ENABLE(WEBASSEMBLY) > if (!callee().isWasm()) > return lexicalGlobalObject(); >- return vm.wasmContext.load()->owner<JSWebAssemblyInstance>()->globalObject(); >+ return vm.wasmContext.load()->owner<JSWebAssemblyInstance>()->globalObject(vm); > #else > UNUSED_PARAM(vm); > return lexicalGlobalObject(); >diff --git a/Source/JavaScriptCore/interpreter/Interpreter.cpp b/Source/JavaScriptCore/interpreter/Interpreter.cpp >index bb623cac694cf95204246a3342edf9ff2d45851e..95da8ee29566e251abb74ca0b67947f529638b94 100644 >--- a/Source/JavaScriptCore/interpreter/Interpreter.cpp >+++ b/Source/JavaScriptCore/interpreter/Interpreter.cpp >@@ -801,6 +801,7 @@ JSValue Interpreter::executeProgram(const SourceCode& source, CallFrame* callFra > // we'll handle the JSON object here. Else, we'll handle real JS code > // below at failedJSONP. > >+ JSGlobalObject* globalObject = scope->globalObject(vm); > Vector<JSONPData> JSONPData; > bool parseResult; > StringView programSource = program->source().view(); >@@ -808,15 +809,14 @@ JSValue Interpreter::executeProgram(const SourceCode& source, CallFrame* callFra > return jsUndefined(); > if (programSource.is8Bit()) { > LiteralParser<LChar> literalParser(callFrame, programSource.characters8(), programSource.length(), JSONP); >- parseResult = literalParser.tryJSONPParse(JSONPData, scope->globalObject()->globalObjectMethodTable()->supportsRichSourceInfo(scope->globalObject())); >+ parseResult = literalParser.tryJSONPParse(JSONPData, globalObject->globalObjectMethodTable()->supportsRichSourceInfo(globalObject)); > } else { > LiteralParser<UChar> literalParser(callFrame, programSource.characters16(), programSource.length(), JSONP); >- parseResult = literalParser.tryJSONPParse(JSONPData, scope->globalObject()->globalObjectMethodTable()->supportsRichSourceInfo(scope->globalObject())); >+ parseResult = literalParser.tryJSONPParse(JSONPData, globalObject->globalObjectMethodTable()->supportsRichSourceInfo(globalObject)); > } > > RETURN_IF_EXCEPTION(throwScope, { }); > if (parseResult) { >- JSGlobalObject* globalObject = scope->globalObject(); > JSValue result; > for (unsigned entry = 0; entry < JSONPData.size(); entry++) { > Vector<JSONPPathEntry> JSONPPath; >@@ -894,7 +894,7 @@ JSValue Interpreter::executeProgram(const SourceCode& source, CallFrame* callFra > JSValue function = baseObject.get(callFrame, JSONPPath.last().m_pathEntryName); > RETURN_IF_EXCEPTION(throwScope, JSValue()); > CallData callData; >- CallType callType = getCallData(function, callData); >+ CallType callType = getCallData(vm, function, callData); > if (callType == CallType::None) > return throwException(callFrame, throwScope, createNotAFunctionError(callFrame, function)); > MarkedArgumentBuffer jsonArg; >@@ -927,7 +927,7 @@ JSValue Interpreter::executeProgram(const SourceCode& source, CallFrame* callFra > // If we get here, then we have already proven that the script is not a JSON > // object. > >- VMEntryScope entryScope(vm, scope->globalObject()); >+ VMEntryScope entryScope(vm, globalObject); > > // Compile source to bytecode if necessary: > JSObject* error = program->initializeGlobalProperties(vm, callFrame, scope); >@@ -951,13 +951,13 @@ JSValue Interpreter::executeProgram(const SourceCode& source, CallFrame* callFra > RETURN_IF_EXCEPTION(throwScope, throwScope.exception()); > } > >- if (scope->structure()->isUncacheableDictionary()) >+ if (scope->structure(vm)->isUncacheableDictionary()) > scope->flattenDictionaryObject(vm); > > ASSERT(codeBlock->numParameters() == 1); // 1 parameter for 'this'. > > ProtoCallFrame protoCallFrame; >- protoCallFrame.init(codeBlock, JSCallee::create(vm, scope->globalObject(), scope), thisObj, 1); >+ protoCallFrame.init(codeBlock, JSCallee::create(vm, globalObject, scope), thisObj, 1); > > // Execute the code: > throwScope.release(); >@@ -984,10 +984,10 @@ JSValue Interpreter::executeCall(CallFrame* callFrame, JSObject* function, CallT > > if (isJSCall) { > scope = callData.js.scope; >- globalObject = scope->globalObject(); >+ globalObject = scope->globalObject(vm); > } else { > ASSERT(callType == CallType::Host); >- globalObject = function->globalObject(); >+ globalObject = function->globalObject(vm); > } > > VMEntryScope entryScope(vm, globalObject); >@@ -1051,10 +1051,10 @@ JSObject* Interpreter::executeConstruct(CallFrame* callFrame, JSObject* construc > > if (isJSConstruct) { > scope = constructData.js.scope; >- globalObject = scope->globalObject(); >+ globalObject = scope->globalObject(vm); > } else { > ASSERT(constructType == ConstructType::Host); >- globalObject = constructor->globalObject(); >+ globalObject = constructor->globalObject(vm); > } > > VMEntryScope entryScope(vm, globalObject); >@@ -1137,7 +1137,7 @@ JSValue Interpreter::execute(EvalExecutable* eval, CallFrame* callFrame, JSValue > if (vm.isCollectorBusyOnCurrentThread()) > return jsNull(); > >- VMEntryScope entryScope(vm, scope->globalObject()); >+ VMEntryScope entryScope(vm, scope->globalObject(vm)); > if (UNLIKELY(!vm.isSafeToRecurseSoft())) > return checkedReturn(throwStackOverflowError(callFrame, throwScope)); > >@@ -1196,13 +1196,13 @@ JSValue Interpreter::execute(EvalExecutable* eval, CallFrame* callFrame, JSValue > } > } > >- if (variableObject->structure()->isUncacheableDictionary()) >+ if (variableObject->structure(vm)->isUncacheableDictionary()) > variableObject->flattenDictionaryObject(vm); > > if (numVariables || numTopLevelFunctionDecls || numFunctionHoistingCandidates) { > BatchedTransitionOptimizer optimizer(vm, variableObject); > if (variableObject->next() && !eval->isStrictMode()) >- variableObject->globalObject()->varInjectionWatchpoint()->fireAll(vm, "Executed eval, fired VarInjection watchpoint"); >+ variableObject->globalObject(vm)->varInjectionWatchpoint()->fireAll(vm, "Executed eval, fired VarInjection watchpoint"); > > for (unsigned i = 0; i < numVariables; ++i) { > const Identifier& ident = codeBlock->variable(i); >@@ -1264,7 +1264,7 @@ JSValue Interpreter::execute(EvalExecutable* eval, CallFrame* callFrame, JSValue > ASSERT(codeBlock->numParameters() == 1); // 1 parameter for 'this'. > > ProtoCallFrame protoCallFrame; >- protoCallFrame.init(codeBlock, JSCallee::create(vm, scope->globalObject(), scope), thisValue, 1); >+ protoCallFrame.init(codeBlock, JSCallee::create(vm, scope->globalObject(vm), scope), thisValue, 1); > > // Execute the code: > throwScope.release(); >@@ -1285,7 +1285,7 @@ JSValue Interpreter::executeModuleProgram(ModuleProgramExecutable* executable, C > if (vm.isCollectorBusyOnCurrentThread()) > return jsNull(); > >- VMEntryScope entryScope(vm, scope->globalObject()); >+ VMEntryScope entryScope(vm, scope->globalObject(vm)); > if (UNLIKELY(!vm.isSafeToRecurseSoft())) > return checkedReturn(throwStackOverflowError(callFrame, throwScope)); > >@@ -1305,7 +1305,7 @@ JSValue Interpreter::executeModuleProgram(ModuleProgramExecutable* executable, C > RETURN_IF_EXCEPTION(throwScope, throwScope.exception()); > } > >- if (scope->structure()->isUncacheableDictionary()) >+ if (scope->structure(vm)->isUncacheableDictionary()) > scope->flattenDictionaryObject(vm); > > ASSERT(codeBlock->numParameters() == 1); // 1 parameter for 'this'. >@@ -1314,7 +1314,7 @@ JSValue Interpreter::executeModuleProgram(ModuleProgramExecutable* executable, C > // http://www.ecma-international.org/ecma-262/6.0/#sec-module-environment-records-hasthisbinding > // http://www.ecma-international.org/ecma-262/6.0/#sec-module-environment-records-getthisbinding > ProtoCallFrame protoCallFrame; >- protoCallFrame.init(codeBlock, JSCallee::create(vm, scope->globalObject(), scope), jsUndefined(), 1); >+ protoCallFrame.init(codeBlock, JSCallee::create(vm, scope->globalObject(vm), scope), jsUndefined(), 1); > > // Execute the code: > throwScope.release(); >diff --git a/Source/JavaScriptCore/jit/JITOperations.cpp b/Source/JavaScriptCore/jit/JITOperations.cpp >index e788d648a4abe249b4465fc4028ba71d11f19dd4..d381c1d2f41b9b0d13856eb425c4cd9b655a0b77 100644 >--- a/Source/JavaScriptCore/jit/JITOperations.cpp >+++ b/Source/JavaScriptCore/jit/JITOperations.cpp >@@ -976,7 +976,7 @@ static SlowPathReturnType handleHostCall(ExecState* execCallee, JSValue callee, > > if (callLinkInfo->specializationKind() == CodeForCall) { > CallData callData; >- CallType callType = getCallData(callee, callData); >+ CallType callType = getCallData(*vm, callee, callData); > > ASSERT(callType != CallType::JS); > >@@ -1005,7 +1005,7 @@ static SlowPathReturnType handleHostCall(ExecState* execCallee, JSValue callee, > ASSERT(callLinkInfo->specializationKind() == CodeForConstruct); > > ConstructData constructData; >- ConstructType constructType = getConstructData(callee, constructData); >+ ConstructType constructType = getConstructData(*vm, callee, constructData); > > ASSERT(constructType != ConstructType::JS); > >@@ -1822,7 +1822,7 @@ int32_t JIT_OPERATION operationInstanceOfCustom(ExecState* exec, EncodedJSValue > JSValue value = JSValue::decode(encodedValue); > JSValue hasInstanceValue = JSValue::decode(encodedHasInstance); > >- ASSERT(hasInstanceValue != exec->lexicalGlobalObject()->functionProtoHasInstanceSymbolFunction() || !constructor->structure()->typeInfo().implementsDefaultHasInstance()); >+ ASSERT(hasInstanceValue != exec->lexicalGlobalObject()->functionProtoHasInstanceSymbolFunction() || !constructor->structure(vm)->typeInfo().implementsDefaultHasInstance()); > > if (constructor->hasInstance(exec, value, hasInstanceValue)) > return 1; >@@ -1872,8 +1872,8 @@ static JSValue getByVal(ExecState* exec, JSValue baseValue, JSValue subscript, B > if (object->indexingType() == ArrayWithContiguous && i < object->butterfly()->publicLength()) { > // FIXME: expand this to ArrayStorage, Int32, and maybe Double: > // https://bugs.webkit.org/show_bug.cgi?id=182940 >- auto* globalObject = object->globalObject(); >- skipMarkingOutOfBounds = globalObject->isOriginalArrayStructure(object->structure()) && globalObject->arrayPrototypeChainIsSane(); >+ auto* globalObject = object->globalObject(vm); >+ skipMarkingOutOfBounds = globalObject->isOriginalArrayStructure(object->structure(vm)) && globalObject->arrayPrototypeChainIsSane(); > } > > if (!skipMarkingOutOfBounds && !CommonSlowPaths::canAccessArgumentIndexQuickly(*object, i)) { >@@ -2432,7 +2432,7 @@ char* JIT_OPERATION operationReallocateButterflyToHavePropertyStorageWithInitial > VM& vm = exec->vm(); > NativeCallFrameTracer tracer(&vm, exec); > >- ASSERT(!object->structure()->outOfLineCapacity()); >+ ASSERT(!object->structure(vm)->outOfLineCapacity()); > Butterfly* result = object->allocateMoreOutOfLineStorage(vm, 0, initialOutOfLineCapacity); > object->nukeStructureAndSetButterfly(vm, object->structureID(), result); > return reinterpret_cast<char*>(result); >@@ -2443,7 +2443,7 @@ char* JIT_OPERATION operationReallocateButterflyToGrowPropertyStorage(ExecState* > VM& vm = exec->vm(); > NativeCallFrameTracer tracer(&vm, exec); > >- Butterfly* result = object->allocateMoreOutOfLineStorage(vm, object->structure()->outOfLineCapacity(), newSize); >+ Butterfly* result = object->allocateMoreOutOfLineStorage(vm, object->structure(vm)->outOfLineCapacity(), newSize); > object->nukeStructureAndSetButterfly(vm, object->structureID(), result); > return reinterpret_cast<char*>(result); > } >diff --git a/Source/JavaScriptCore/jit/Repatch.cpp b/Source/JavaScriptCore/jit/Repatch.cpp >index 8f19fa302f862018ef54db4ca1d042699ebac7b1..dd6c25479a3befb8419f3de5be704d44351f8297 100644 >--- a/Source/JavaScriptCore/jit/Repatch.cpp >+++ b/Source/JavaScriptCore/jit/Repatch.cpp >@@ -623,7 +623,7 @@ static InlineCacheAction tryCacheInByID( > if (forceICFailure(exec)) > return GiveUpOnCache; > >- if (!base->structure()->propertyAccessesAreCacheable() || (!wasFound && !base->structure()->propertyAccessesAreCacheableForAbsence())) >+ if (!base->structure(vm)->propertyAccessesAreCacheable() || (!wasFound && !base->structure(vm)->propertyAccessesAreCacheableForAbsence())) > return GiveUpOnCache; > > if (wasFound) { >diff --git a/Source/JavaScriptCore/jsc.cpp b/Source/JavaScriptCore/jsc.cpp >index c7f8139c97aad897fbc97a0905eada8ad99be0c4..4cbbb3d88ab84afe0a3f01d3e026f7f8cdeb9804 100644 >--- a/Source/JavaScriptCore/jsc.cpp >+++ b/Source/JavaScriptCore/jsc.cpp >@@ -1662,7 +1662,7 @@ EncodedJSValue JSC_HOST_CALL functionDollarAgentReceiveBroadcast(ExecState* exec > > JSValue callback = exec->argument(0); > CallData callData; >- CallType callType = getCallData(callback, callData); >+ CallType callType = getCallData(vm, callback, callData); > if (callType == CallType::None) > return JSValue::encode(throwException(exec, scope, createError(exec, ASCIILiteral("Expected callback")))); > >@@ -1932,7 +1932,7 @@ EncodedJSValue JSC_HOST_CALL functionHasCustomProperties(ExecState* exec) > { > JSValue value = exec->argument(0); > if (value.isObject()) >- return JSValue::encode(jsBoolean(asObject(value)->hasCustomProperties())); >+ return JSValue::encode(jsBoolean(asObject(value)->hasCustomProperties(exec->vm()))); > return JSValue::encode(jsBoolean(false)); > } > >diff --git a/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp b/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp >index de4c13452f4be8cba647ec37d1bb5e3dc3450adc..c7417141e29754d72a39203c70c8b116097bea61 100644 >--- a/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp >+++ b/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp >@@ -572,7 +572,7 @@ LLINT_SLOW_PATH_DECL(slow_path_instanceof_custom) > JSValue hasInstanceValue = LLINT_OP_C(4).jsValue(); > > ASSERT(constructor.isObject()); >- ASSERT(hasInstanceValue != exec->lexicalGlobalObject()->functionProtoHasInstanceSymbolFunction() || !constructor.getObject()->structure()->typeInfo().implementsDefaultHasInstance()); >+ ASSERT(hasInstanceValue != exec->lexicalGlobalObject()->functionProtoHasInstanceSymbolFunction() || !constructor.getObject()->structure(vm)->typeInfo().implementsDefaultHasInstance()); > > JSValue result = jsBoolean(constructor.getObject()->hasInstance(exec, value, hasInstanceValue)); > LLINT_RETURN(result); >@@ -620,7 +620,7 @@ LLINT_SLOW_PATH_DECL(slow_path_get_by_id_direct) > } > > JSCell* baseCell = baseValue.asCell(); >- Structure* structure = baseCell->structure(); >+ Structure* structure = baseCell->structure(vm); > if (slot.isValue()) { > // Start out by clearing out the old cache. > pc[4].u.pointer = nullptr; // old structure >@@ -645,7 +645,7 @@ LLINT_SLOW_PATH_DECL(slow_path_get_by_id_direct) > static void setupGetByIdPrototypeCache(ExecState* exec, VM& vm, Instruction* pc, JSCell* baseCell, PropertySlot& slot, const Identifier& ident) > { > CodeBlock* codeBlock = exec->codeBlock(); >- Structure* structure = baseCell->structure(); >+ Structure* structure = baseCell->structure(vm); > > if (structure->typeInfo().prohibitsPropertyCaching()) > return; >@@ -733,7 +733,7 @@ LLINT_SLOW_PATH_DECL(slow_path_get_by_id) > } > > JSCell* baseCell = baseValue.asCell(); >- Structure* structure = baseCell->structure(); >+ Structure* structure = baseCell->structure(vm); > if (slot.isValue() && slot.slotBase() == baseValue) { > // Start out by clearing out the old cache. > pc[0].u.opcode = LLInt::getOpcode(op_get_by_id); >@@ -763,7 +763,7 @@ LLINT_SLOW_PATH_DECL(slow_path_get_by_id) > && ident == vm.propertyNames->length) { > pc[0].u.opcode = LLInt::getOpcode(op_get_array_length); > ArrayProfile* arrayProfile = codeBlock->getOrAddArrayProfile(codeBlock->bytecodeOffset(pc)); >- arrayProfile->observeStructure(baseValue.asCell()->structure()); >+ arrayProfile->observeStructure(baseValue.asCell()->structure(vm)); > pc[4].u.arrayProfile = arrayProfile; > > // Prevent the prototype cache from ever happening. >@@ -827,7 +827,7 @@ LLINT_SLOW_PATH_DECL(slow_path_put_by_id) > static_cast<PutByIdFlags>(pc[8].u.putByIdFlags & PutByIdPersistentFlagsMask); > > JSCell* baseCell = baseValue.asCell(); >- Structure* structure = baseCell->structure(); >+ Structure* structure = baseCell->structure(vm); > > if (!structure->isUncacheableDictionary() > && !structure->typeInfo().prohibitsPropertyCaching() >@@ -919,8 +919,8 @@ static ALWAYS_INLINE JSValue getByVal(VM& vm, ExecState* exec, Instruction* pc, > if (object->indexingType() == ArrayWithContiguous && i < object->butterfly()->publicLength()) { > // FIXME: expand this to ArrayStorage, Int32, and maybe Double: > // https://bugs.webkit.org/show_bug.cgi?id=182940 >- auto* globalObject = object->globalObject(); >- skipMarkingOutOfBounds = globalObject->isOriginalArrayStructure(object->structure()) && globalObject->arrayPrototypeChainIsSane(); >+ auto* globalObject = object->globalObject(vm); >+ skipMarkingOutOfBounds = globalObject->isOriginalArrayStructure(object->structure(vm)) && globalObject->arrayPrototypeChainIsSane(); > } > > if (!skipMarkingOutOfBounds && !CommonSlowPaths::canAccessArgumentIndexQuickly(*object, i)) >@@ -1368,7 +1368,7 @@ static SlowPathReturnType handleHostCall(ExecState* execCallee, Instruction* pc, > > if (kind == CodeForCall) { > CallData callData; >- CallType callType = getCallData(callee, callData); >+ CallType callType = getCallData(vm, callee, callData); > > ASSERT(callType != CallType::JS); > >@@ -1392,7 +1392,7 @@ static SlowPathReturnType handleHostCall(ExecState* execCallee, Instruction* pc, > ASSERT(kind == CodeForConstruct); > > ConstructData constructData; >- ConstructType constructType = getConstructData(callee, constructData); >+ ConstructType constructType = getConstructData(vm, callee, constructData); > > ASSERT(constructType != ConstructType::JS); > >@@ -1834,7 +1834,7 @@ extern "C" SlowPathReturnType llint_throw_stack_overflow_error(VM* vm, ProtoCall > auto scope = DECLARE_THROW_SCOPE(*vm); > > if (!exec) >- exec = protoFrame->callee()->globalObject()->globalExec(); >+ exec = protoFrame->callee()->globalObject(*vm)->globalExec(); > throwStackOverflowError(exec, scope); > return encodeResult(0, 0); > } >diff --git a/Source/JavaScriptCore/runtime/AbstractModuleRecord.cpp b/Source/JavaScriptCore/runtime/AbstractModuleRecord.cpp >index c06099f82c1efeefa50ae6b9dc7077ff687157a4..ee89101c339787ae5b5b7e88d58eee47075e2849 100644 >--- a/Source/JavaScriptCore/runtime/AbstractModuleRecord.cpp >+++ b/Source/JavaScriptCore/runtime/AbstractModuleRecord.cpp >@@ -61,7 +61,7 @@ void AbstractModuleRecord::finishCreation(ExecState* exec, VM& vm) > ASSERT(inherits(vm, info())); > > auto scope = DECLARE_THROW_SCOPE(vm); >- JSMap* map = JSMap::create(exec, vm, globalObject()->mapStructure()); >+ JSMap* map = JSMap::create(exec, vm, globalObject(vm)->mapStructure()); > scope.releaseAssertNoException(); > m_dependenciesMap.set(vm, this, map); > putDirect(vm, Identifier::fromString(&vm, ASCIILiteral("dependenciesMap")), m_dependenciesMap.get()); >diff --git a/Source/JavaScriptCore/runtime/ArrayConstructor.cpp b/Source/JavaScriptCore/runtime/ArrayConstructor.cpp >index ac6f3e979e10b84399fdb24af6dfa3f68a48563a..2ef591882a4dea571e5baaf27f0a9d9773bb15db 100644 >--- a/Source/JavaScriptCore/runtime/ArrayConstructor.cpp >+++ b/Source/JavaScriptCore/runtime/ArrayConstructor.cpp >@@ -89,7 +89,8 @@ JSArray* constructArrayWithSizeQuirk(ExecState* exec, ArrayAllocationProfile* pr > > static inline JSArray* constructArrayWithSizeQuirk(ExecState* exec, const ArgList& args, JSValue newTarget) > { >- JSGlobalObject* globalObject = jsCast<InternalFunction*>(exec->jsCallee())->globalObject(); >+ VM& vm = exec->vm(); >+ JSGlobalObject* globalObject = jsCast<InternalFunction*>(exec->jsCallee())->globalObject(vm); > > // a single numeric argument denotes the array size (!) > if (args.size() == 1) >diff --git a/Source/JavaScriptCore/runtime/ArrayPrototype.cpp b/Source/JavaScriptCore/runtime/ArrayPrototype.cpp >index dc1a9da97f27de837daaf2dfd9153d115871776c..3a8233495fcea6fc232f70be43516090beda27d7 100644 >--- a/Source/JavaScriptCore/runtime/ArrayPrototype.cpp >+++ b/Source/JavaScriptCore/runtime/ArrayPrototype.cpp >@@ -194,7 +194,8 @@ static ALWAYS_INLINE void setLength(ExecState* exec, VM& vm, JSObject* obj, unsi > > ALWAYS_INLINE bool speciesWatchpointIsValid(ExecState* exec, JSObject* thisObject) > { >- JSGlobalObject* globalObject = thisObject->globalObject(); >+ VM& vm = exec->vm(); >+ JSGlobalObject* globalObject = thisObject->globalObject(vm); > ArrayPrototype* arrayPrototype = globalObject->arrayPrototype(); > > if (globalObject->arraySpeciesWatchpoint().stateOnJSThread() == ClearWatchpoint) { >@@ -202,8 +203,8 @@ ALWAYS_INLINE bool speciesWatchpointIsValid(ExecState* exec, JSObject* thisObjec > ASSERT(globalObject->arraySpeciesWatchpoint().stateOnJSThread() != ClearWatchpoint); > } > >- return !thisObject->hasCustomProperties() >- && arrayPrototype == thisObject->getPrototypeDirect(globalObject->vm()) >+ return !thisObject->hasCustomProperties(vm) >+ && arrayPrototype == thisObject->getPrototypeDirect(vm) > && globalObject->arraySpeciesWatchpoint().stateOnJSThread() == IsWatched; > } > >@@ -238,7 +239,7 @@ static ALWAYS_INLINE std::pair<SpeciesConstructResult, JSObject*> speciesConstru > RETURN_IF_EXCEPTION(scope, exceptionResult()); > if (constructor.isConstructor()) { > JSObject* constructorObject = jsCast<JSObject*>(constructor); >- if (exec->lexicalGlobalObject() != constructorObject->globalObject()) >+ if (exec->lexicalGlobalObject() != constructorObject->globalObject(vm)) > return std::make_pair(SpeciesConstructResult::FastPath, nullptr);; > } > if (constructor.isObject()) { >@@ -406,7 +407,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncToString(ExecState* exec) > if (!function.isCell()) > customJoinCase = true; > CallData callData; >- CallType callType = getCallData(function, callData); >+ CallType callType = getCallData(vm, function, callData); > if (callType == CallType::None) > customJoinCase = true; > >@@ -485,7 +486,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncToLocaleString(ExecState* exec) > JSValue conversionFunction = element.get(exec, vm.propertyNames->toLocaleString); > RETURN_IF_EXCEPTION(scope, encodedJSValue()); > CallData callData; >- CallType callType = getCallData(conversionFunction, callData); >+ CallType callType = getCallData(vm, conversionFunction, callData); > if (callType != CallType::None) { > #if ENABLE(INTL) > element = call(exec, conversionFunction, callType, callData, element, arguments); >@@ -1418,7 +1419,7 @@ void ArrayPrototype::tryInitializeSpeciesWatchpoint(ExecState* exec) > auto scope = DECLARE_THROW_SCOPE(vm); > > if (ArrayPrototypeInternal::verbose) >- dataLog("Initializing Array species watchpoints for Array.prototype: ", pointerDump(this), " with structure: ", pointerDump(this->structure()), "\nand Array: ", pointerDump(this->globalObject()->arrayConstructor()), " with structure: ", pointerDump(this->globalObject()->arrayConstructor()->structure()), "\n"); >+ dataLog("Initializing Array species watchpoints for Array.prototype: ", pointerDump(this), " with structure: ", pointerDump(this->structure(vm)), "\nand Array: ", pointerDump(this->globalObject(vm)->arrayConstructor()), " with structure: ", pointerDump(this->globalObject(vm)->arrayConstructor()->structure(vm)), "\n"); > // First we need to make sure that the Array.prototype.constructor property points to Array > // and that Array[Symbol.species] is the primordial GetterSetter. > >@@ -1428,7 +1429,7 @@ void ArrayPrototype::tryInitializeSpeciesWatchpoint(ExecState* exec) > prototypeStructure = prototypeStructure->flattenDictionaryStructure(vm, this); > RELEASE_ASSERT(!prototypeStructure->isDictionary()); > >- JSGlobalObject* globalObject = this->globalObject(); >+ JSGlobalObject* globalObject = this->globalObject(vm); > ArrayConstructor* arrayConstructor = globalObject->arrayConstructor(); > > auto invalidateWatchpoint = [&] { >diff --git a/Source/JavaScriptCore/runtime/AsyncFunctionConstructor.cpp b/Source/JavaScriptCore/runtime/AsyncFunctionConstructor.cpp >index a74a77651af124df635273f8c3728ed5c3c9357c..da64dea1c23795cbeadc57ef71bb374f960da645 100644 >--- a/Source/JavaScriptCore/runtime/AsyncFunctionConstructor.cpp >+++ b/Source/JavaScriptCore/runtime/AsyncFunctionConstructor.cpp >@@ -39,13 +39,13 @@ const ClassInfo AsyncFunctionConstructor::s_info = { "AsyncFunction", &Base::s_i > static EncodedJSValue JSC_HOST_CALL callAsyncFunctionConstructor(ExecState* exec) > { > ArgList args(exec); >- return JSValue::encode(constructFunction(exec, jsCast<InternalFunction*>(exec->jsCallee())->globalObject(), args, FunctionConstructionMode::Async)); >+ return JSValue::encode(constructFunction(exec, jsCast<InternalFunction*>(exec->jsCallee())->globalObject(exec->vm()), args, FunctionConstructionMode::Async)); > } > > static EncodedJSValue JSC_HOST_CALL constructAsyncFunctionConstructor(ExecState* exec) > { > ArgList args(exec); >- return JSValue::encode(constructFunction(exec, jsCast<InternalFunction*>(exec->jsCallee())->globalObject(), args, FunctionConstructionMode::Async)); >+ return JSValue::encode(constructFunction(exec, jsCast<InternalFunction*>(exec->jsCallee())->globalObject(exec->vm()), args, FunctionConstructionMode::Async)); > } > > AsyncFunctionConstructor::AsyncFunctionConstructor(VM& vm, Structure* structure) >diff --git a/Source/JavaScriptCore/runtime/AsyncGeneratorFunctionConstructor.cpp b/Source/JavaScriptCore/runtime/AsyncGeneratorFunctionConstructor.cpp >index e90a063c55353edc9e76877a6bac238cf333a236..9127ad9cb3725d78abed620637215fc7a852a866 100644 >--- a/Source/JavaScriptCore/runtime/AsyncGeneratorFunctionConstructor.cpp >+++ b/Source/JavaScriptCore/runtime/AsyncGeneratorFunctionConstructor.cpp >@@ -39,13 +39,13 @@ const ClassInfo AsyncGeneratorFunctionConstructor::s_info = { "AsyncGeneratorFun > static EncodedJSValue JSC_HOST_CALL callAsyncGeneratorFunctionConstructor(ExecState* exec) > { > ArgList args(exec); >- return JSValue::encode(constructFunction(exec, jsCast<InternalFunction*>(exec->jsCallee())->globalObject(), args, FunctionConstructionMode::AsyncGenerator)); >+ return JSValue::encode(constructFunction(exec, jsCast<InternalFunction*>(exec->jsCallee())->globalObject(exec->vm()), args, FunctionConstructionMode::AsyncGenerator)); > } > > static EncodedJSValue JSC_HOST_CALL constructAsyncGeneratorFunctionConstructor(ExecState* exec) > { > ArgList args(exec); >- return JSValue::encode(constructFunction(exec, jsCast<InternalFunction*>(exec->jsCallee())->globalObject(), args, FunctionConstructionMode::AsyncGenerator)); >+ return JSValue::encode(constructFunction(exec, jsCast<InternalFunction*>(exec->jsCallee())->globalObject(exec->vm()), args, FunctionConstructionMode::AsyncGenerator)); > } > > AsyncGeneratorFunctionConstructor::AsyncGeneratorFunctionConstructor(VM& vm, Structure* structure) >diff --git a/Source/JavaScriptCore/runtime/BooleanConstructor.cpp b/Source/JavaScriptCore/runtime/BooleanConstructor.cpp >index 9f97fbead8811fb3200288454db6e781179f6f9e..b8fa66c5f65320473c88830febbb13364846cbe4 100644 >--- a/Source/JavaScriptCore/runtime/BooleanConstructor.cpp >+++ b/Source/JavaScriptCore/runtime/BooleanConstructor.cpp >@@ -43,7 +43,7 @@ static EncodedJSValue JSC_HOST_CALL constructWithBooleanConstructor(ExecState* e > VM& vm = exec->vm(); > auto scope = DECLARE_THROW_SCOPE(vm); > JSValue boolean = jsBoolean(exec->argument(0).toBoolean(exec)); >- Structure* booleanStructure = InternalFunction::createSubclassStructure(exec, exec->newTarget(), jsCast<InternalFunction*>(exec->jsCallee())->globalObject()->booleanObjectStructure()); >+ Structure* booleanStructure = InternalFunction::createSubclassStructure(exec, exec->newTarget(), jsCast<InternalFunction*>(exec->jsCallee())->globalObject(vm)->booleanObjectStructure()); > RETURN_IF_EXCEPTION(scope, encodedJSValue()); > BooleanObject* obj = BooleanObject::create(vm, booleanStructure); > obj->setInternalValue(vm, boolean); >diff --git a/Source/JavaScriptCore/runtime/ClonedArguments.cpp b/Source/JavaScriptCore/runtime/ClonedArguments.cpp >index 8f461d0037ea4706e5bc79e2a5a46cb748732898..185215530346f5a22ccd1b0a0de2fa896c1ddbd6 100644 >--- a/Source/JavaScriptCore/runtime/ClonedArguments.cpp >+++ b/Source/JavaScriptCore/runtime/ClonedArguments.cpp >@@ -49,7 +49,7 @@ ClonedArguments* ClonedArguments::createEmpty( > return 0; > > Butterfly* butterfly; >- if (UNLIKELY(structure->mayInterceptIndexedAccesses() || structure->storedPrototypeObject()->needsSlowPutIndexing())) { >+ if (UNLIKELY(structure->mayInterceptIndexedAccesses() || structure->storedPrototypeObject()->needsSlowPutIndexing(vm))) { > butterfly = createArrayStorageButterfly(vm, nullptr, structure, length, vectorLength); > butterfly->arrayStorage()->m_numValuesInVector = vectorLength; > } else { >@@ -80,7 +80,7 @@ ClonedArguments* ClonedArguments::createEmpty(ExecState* exec, JSFunction* calle > // NB. Some clients might expect that the global object of of this object is the global object > // of the callee. We don't do this for now, but maybe we should. > ClonedArguments* result = createEmpty(vm, exec->lexicalGlobalObject()->clonedArgumentsStructure(), callee, length); >- ASSERT(!result->needsSlowPutIndexing() || shouldUseSlowPut(result->structure(vm)->indexingType())); >+ ASSERT(!result->needsSlowPutIndexing(vm) || shouldUseSlowPut(result->structure(vm)->indexingType())); > return result; > } > >@@ -123,15 +123,15 @@ ClonedArguments* ClonedArguments::createWithInlineFrame(ExecState* myFrame, Exec > break; > } } > >- ASSERT(myFrame->lexicalGlobalObject()->clonedArgumentsStructure() == result->structure()); >- ASSERT(!result->needsSlowPutIndexing() || shouldUseSlowPut(result->structure()->indexingType())); >+ ASSERT(myFrame->lexicalGlobalObject()->clonedArgumentsStructure() == result->structure(myFrame->vm())); >+ ASSERT(!result->needsSlowPutIndexing(myFrame->vm()) || shouldUseSlowPut(result->structure(myFrame->vm())->indexingType())); > return result; > } > > ClonedArguments* ClonedArguments::createWithMachineFrame(ExecState* myFrame, ExecState* targetFrame, ArgumentsMode mode) > { > ClonedArguments* result = createWithInlineFrame(myFrame, targetFrame, nullptr, mode); >- ASSERT(!result->needsSlowPutIndexing() || shouldUseSlowPut(result->structure()->indexingType())); >+ ASSERT(!result->needsSlowPutIndexing(myFrame->vm()) || shouldUseSlowPut(result->structure(myFrame->vm())->indexingType())); > return result; > } > >@@ -144,7 +144,7 @@ ClonedArguments* ClonedArguments::createByCopyingFrom( > > for (unsigned i = length; i--;) > result->putDirectIndex(exec, i, argumentStart[i].jsValue()); >- ASSERT(!result->needsSlowPutIndexing() || shouldUseSlowPut(result->structure(vm)->indexingType())); >+ ASSERT(!result->needsSlowPutIndexing(vm) || shouldUseSlowPut(result->structure(vm)->indexingType())); > return result; > } > >@@ -179,7 +179,7 @@ bool ClonedArguments::getOwnPropertySlot(JSObject* object, ExecState* exec, Prop > > if (ident == vm.propertyNames->callee) { > if (isStrictMode) { >- slot.setGetterSlot(thisObject, PropertyAttribute::DontDelete | PropertyAttribute::DontEnum | PropertyAttribute::Accessor, thisObject->globalObject()->throwTypeErrorArgumentsCalleeAndCallerGetterSetter()); >+ slot.setGetterSlot(thisObject, PropertyAttribute::DontDelete | PropertyAttribute::DontEnum | PropertyAttribute::Accessor, thisObject->globalObject(vm)->throwTypeErrorArgumentsCalleeAndCallerGetterSetter()); > return true; > } > slot.setValue(thisObject, 0, thisObject->m_callee.get()); >@@ -187,7 +187,7 @@ bool ClonedArguments::getOwnPropertySlot(JSObject* object, ExecState* exec, Prop > } > > if (ident == vm.propertyNames->iteratorSymbol) { >- slot.setValue(thisObject, static_cast<unsigned>(PropertyAttribute::DontEnum), thisObject->globalObject()->arrayProtoValuesFunction()); >+ slot.setValue(thisObject, static_cast<unsigned>(PropertyAttribute::DontEnum), thisObject->globalObject(vm)->arrayProtoValuesFunction()); > return true; > } > } >@@ -250,11 +250,11 @@ void ClonedArguments::materializeSpecials(ExecState* exec) > bool isStrictMode = executable->isStrictMode(); > > if (isStrictMode) >- putDirectAccessor(exec, vm.propertyNames->callee, globalObject()->throwTypeErrorArgumentsCalleeAndCallerGetterSetter(), PropertyAttribute::DontDelete | PropertyAttribute::DontEnum | PropertyAttribute::Accessor); >+ putDirectAccessor(exec, vm.propertyNames->callee, globalObject(vm)->throwTypeErrorArgumentsCalleeAndCallerGetterSetter(), PropertyAttribute::DontDelete | PropertyAttribute::DontEnum | PropertyAttribute::Accessor); > else > putDirect(vm, vm.propertyNames->callee, JSValue(m_callee.get())); > >- putDirect(vm, vm.propertyNames->iteratorSymbol, globalObject()->arrayProtoValuesFunction(), static_cast<unsigned>(PropertyAttribute::DontEnum)); >+ putDirect(vm, vm.propertyNames->iteratorSymbol, globalObject(vm)->arrayProtoValuesFunction(), static_cast<unsigned>(PropertyAttribute::DontEnum)); > > m_callee.clear(); > } >diff --git a/Source/JavaScriptCore/runtime/CommonSlowPaths.cpp b/Source/JavaScriptCore/runtime/CommonSlowPaths.cpp >index cba4f5f9c247f2451649e4d68a07a185cf132e8d..efff326341c37b9ca36b6bbbc6ffe5ed2a7d5f62 100644 >--- a/Source/JavaScriptCore/runtime/CommonSlowPaths.cpp >+++ b/Source/JavaScriptCore/runtime/CommonSlowPaths.cpp >@@ -661,7 +661,7 @@ SLOW_PATH_DECL(slow_path_is_object_or_null) > SLOW_PATH_DECL(slow_path_is_function) > { > BEGIN(); >- RETURN(jsBoolean(jsIsFunctionType(OP_C(2).jsValue()))); >+ RETURN(jsBoolean(OP_C(2).jsValue().isFunction(vm))); > } > > SLOW_PATH_DECL(slow_path_in_by_val) >@@ -1161,7 +1161,7 @@ SLOW_PATH_DECL(slow_path_spread) > { > JSFunction* iterationFunction = globalObject->iteratorProtocolFunction(); > CallData callData; >- CallType callType = JSC::getCallData(iterationFunction, callData); >+ CallType callType = JSC::getCallData(vm, iterationFunction, callData); > ASSERT(callType != CallType::None); > > MarkedArgumentBuffer arguments; >diff --git a/Source/JavaScriptCore/runtime/CommonSlowPaths.h b/Source/JavaScriptCore/runtime/CommonSlowPaths.h >index e7e36a660bbe535cbdd264f31c6e5dac97c99f62..1ece89592cd63118dd9b89f1b96bd008dd0ab5ed 100644 >--- a/Source/JavaScriptCore/runtime/CommonSlowPaths.h >+++ b/Source/JavaScriptCore/runtime/CommonSlowPaths.h >@@ -143,12 +143,13 @@ inline void tryCachePutToScopeGlobal( > } > > if (resolveType == GlobalProperty || resolveType == GlobalPropertyWithVarInjectionChecks) { >+ VM& vm = exec->vm(); > JSGlobalObject* globalObject = codeBlock->globalObject(); > ASSERT(globalObject == scope || globalObject->varInjectionWatchpoint()->hasBeenInvalidated()); > if (!slot.isCacheablePut() > || slot.base() != scope > || scope != globalObject >- || !scope->structure()->propertyAccessesAreCacheable()) >+ || !scope->structure(vm)->propertyAccessesAreCacheable()) > return; > > if (slot.type() == PutPropertySlot::NewProperty) { >@@ -157,11 +158,10 @@ inline void tryCachePutToScopeGlobal( > return; > } > >- VM& vm = exec->vm(); >- scope->structure()->didCachePropertyReplacement(vm, slot.cachedOffset()); >+ scope->structure(vm)->didCachePropertyReplacement(vm, slot.cachedOffset()); > > ConcurrentJSLocker locker(codeBlock->m_lock); >- pc[5].u.structure.set(vm, codeBlock, scope->structure()); >+ pc[5].u.structure.set(vm, codeBlock, scope->structure(vm)); > pc[6].u.operand = slot.cachedOffset(); > } > } >@@ -195,7 +195,7 @@ inline void tryCacheGetFromScopeGlobal( > CodeBlock* codeBlock = exec->codeBlock(); > JSGlobalObject* globalObject = codeBlock->globalObject(); > ASSERT(scope == globalObject || globalObject->varInjectionWatchpoint()->hasBeenInvalidated()); >- if (slot.isCacheableValue() && slot.slotBase() == scope && scope == globalObject && scope->structure()->propertyAccessesAreCacheable()) { >+ if (slot.isCacheableValue() && slot.slotBase() == scope && scope == globalObject && scope->structure(vm)->propertyAccessesAreCacheable()) { > Structure* structure = scope->structure(vm); > { > ConcurrentJSLocker locker(codeBlock->m_lock); >@@ -209,7 +209,7 @@ inline void tryCacheGetFromScopeGlobal( > > inline bool canAccessArgumentIndexQuickly(JSObject& object, uint32_t index) > { >- switch (object.structure()->typeInfo().type()) { >+ switch (object.type()) { > case DirectArgumentsType: { > DirectArguments* directArguments = jsCast<DirectArguments*>(&object); > if (directArguments->isMappedArgumentInDFG(index)) >diff --git a/Source/JavaScriptCore/runtime/ConstructData.cpp b/Source/JavaScriptCore/runtime/ConstructData.cpp >index 062e11ce337ec753357cd519930a3886a980cc5d..e35da35e4d7f90bb1c5eb6f558c7f1b97a134245 100644 >--- a/Source/JavaScriptCore/runtime/ConstructData.cpp >+++ b/Source/JavaScriptCore/runtime/ConstructData.cpp >@@ -40,7 +40,7 @@ JSObject* construct(ExecState* exec, JSValue constructorObject, const ArgList& a > auto scope = DECLARE_THROW_SCOPE(vm); > > ConstructData constructData; >- ConstructType constructType = getConstructData(constructorObject, constructData); >+ ConstructType constructType = getConstructData(vm, constructorObject, constructData); > if (constructType == ConstructType::None) > return throwTypeError(exec, scope, errorMessage); > >diff --git a/Source/JavaScriptCore/runtime/DateConstructor.cpp b/Source/JavaScriptCore/runtime/DateConstructor.cpp >index ce99634592146f2b0a7858bfe39fe8069a268f2f..fd442216fec77ca2e4a7b188cfe0c256faae9053 100644 >--- a/Source/JavaScriptCore/runtime/DateConstructor.cpp >+++ b/Source/JavaScriptCore/runtime/DateConstructor.cpp >@@ -155,7 +155,7 @@ JSObject* constructDate(ExecState* exec, JSGlobalObject* globalObject, JSValue n > static EncodedJSValue JSC_HOST_CALL constructWithDateConstructor(ExecState* exec) > { > ArgList args(exec); >- return JSValue::encode(constructDate(exec, jsCast<InternalFunction*>(exec->jsCallee())->globalObject(), exec->newTarget(), args)); >+ return JSValue::encode(constructDate(exec, jsCast<InternalFunction*>(exec->jsCallee())->globalObject(exec->vm()), exec->newTarget(), args)); > } > > // ECMA 15.9.2 >diff --git a/Source/JavaScriptCore/runtime/DatePrototype.cpp b/Source/JavaScriptCore/runtime/DatePrototype.cpp >index 6f233687352c0bfdf4a59641f926b810d5af1e21..bfb01b29df3a6ecbd29b7afbc1af5186fedcb038 100644 >--- a/Source/JavaScriptCore/runtime/DatePrototype.cpp >+++ b/Source/JavaScriptCore/runtime/DatePrototype.cpp >@@ -1165,7 +1165,7 @@ EncodedJSValue JSC_HOST_CALL dateProtoFuncToJSON(ExecState* exec) > RETURN_IF_EXCEPTION(scope, encodedJSValue()); > > CallData callData; >- CallType callType = getCallData(toISOValue, callData); >+ CallType callType = getCallData(vm, toISOValue, callData); > if (callType == CallType::None) > return throwVMTypeError(exec, scope, ASCIILiteral("toISOString is not a function")); > >diff --git a/Source/JavaScriptCore/runtime/DirectArguments.cpp b/Source/JavaScriptCore/runtime/DirectArguments.cpp >index d30f2ce670d55379eb6e32a2bbb6c01398e9edfe..b629556e05324209edc25c4edb6c869c7ed3bbaa 100644 >--- a/Source/JavaScriptCore/runtime/DirectArguments.cpp >+++ b/Source/JavaScriptCore/runtime/DirectArguments.cpp >@@ -116,7 +116,7 @@ void DirectArguments::overrideThings(VM& vm) > > putDirect(vm, vm.propertyNames->length, jsNumber(m_length), static_cast<unsigned>(PropertyAttribute::DontEnum)); > putDirect(vm, vm.propertyNames->callee, m_callee.get(), static_cast<unsigned>(PropertyAttribute::DontEnum)); >- putDirect(vm, vm.propertyNames->iteratorSymbol, globalObject()->arrayProtoValuesFunction(), static_cast<unsigned>(PropertyAttribute::DontEnum)); >+ putDirect(vm, vm.propertyNames->iteratorSymbol, globalObject(vm)->arrayProtoValuesFunction(), static_cast<unsigned>(PropertyAttribute::DontEnum)); > > void* backingStore = vm.gigacageAuxiliarySpace(m_mappedArguments.kind).allocateNonVirtual(vm, mappedArgumentsSize(), nullptr, AllocationFailureMode::Assert); > bool* overrides = static_cast<bool*>(backingStore); >diff --git a/Source/JavaScriptCore/runtime/Error.cpp b/Source/JavaScriptCore/runtime/Error.cpp >index 601f823656a1ccef9889a8905d96d2f217749f85..5f67f8c7437889d131847e876f46cf25bab44302 100644 >--- a/Source/JavaScriptCore/runtime/Error.cpp >+++ b/Source/JavaScriptCore/runtime/Error.cpp >@@ -160,7 +160,7 @@ class FindFirstCallerFrameWithCodeblockFunctor { > > std::unique_ptr<Vector<StackFrame>> getStackTrace(ExecState* exec, VM& vm, JSObject* obj, bool useCurrentFrame) > { >- JSGlobalObject* globalObject = obj->globalObject(); >+ JSGlobalObject* globalObject = obj->globalObject(vm); > ErrorConstructor* errorConstructor = globalObject->errorConstructor(); > if (!errorConstructor->stackTraceLimit()) > return nullptr; >diff --git a/Source/JavaScriptCore/runtime/ErrorConstructor.cpp b/Source/JavaScriptCore/runtime/ErrorConstructor.cpp >index ff123f5eeab3087d3470f408d1e9730e7806ac6a..a0eb358781cb2e1dea91a0da8eeddd7841918fb0 100644 >--- a/Source/JavaScriptCore/runtime/ErrorConstructor.cpp >+++ b/Source/JavaScriptCore/runtime/ErrorConstructor.cpp >@@ -57,7 +57,7 @@ EncodedJSValue JSC_HOST_CALL Interpreter::constructWithErrorConstructor(ExecStat > VM& vm = exec->vm(); > auto scope = DECLARE_THROW_SCOPE(vm); > JSValue message = exec->argument(0); >- Structure* errorStructure = InternalFunction::createSubclassStructure(exec, exec->newTarget(), jsCast<InternalFunction*>(exec->jsCallee())->globalObject()->errorStructure()); >+ Structure* errorStructure = InternalFunction::createSubclassStructure(exec, exec->newTarget(), jsCast<InternalFunction*>(exec->jsCallee())->globalObject(vm)->errorStructure()); > RETURN_IF_EXCEPTION(scope, encodedJSValue()); > scope.release(); > return JSValue::encode(ErrorInstance::create(exec, errorStructure, message, nullptr, TypeNothing, false)); >@@ -66,7 +66,7 @@ EncodedJSValue JSC_HOST_CALL Interpreter::constructWithErrorConstructor(ExecStat > EncodedJSValue JSC_HOST_CALL Interpreter::callErrorConstructor(ExecState* exec) > { > JSValue message = exec->argument(0); >- Structure* errorStructure = jsCast<InternalFunction*>(exec->jsCallee())->globalObject()->errorStructure(); >+ Structure* errorStructure = jsCast<InternalFunction*>(exec->jsCallee())->globalObject(exec->vm())->errorStructure(); > return JSValue::encode(ErrorInstance::create(exec, errorStructure, message, nullptr, TypeNothing, false)); > } > >diff --git a/Source/JavaScriptCore/runtime/FunctionConstructor.cpp b/Source/JavaScriptCore/runtime/FunctionConstructor.cpp >index 031fe320adaf9d557ddea89988c05ac34b819c38..6035dca1a047eb08b37f703bc97ec64fa6ac12b0 100644 >--- a/Source/JavaScriptCore/runtime/FunctionConstructor.cpp >+++ b/Source/JavaScriptCore/runtime/FunctionConstructor.cpp >@@ -41,14 +41,14 @@ const ClassInfo FunctionConstructor::s_info = { "Function", &Base::s_info, nullp > static EncodedJSValue JSC_HOST_CALL constructWithFunctionConstructor(ExecState* exec) > { > ArgList args(exec); >- return JSValue::encode(constructFunction(exec, jsCast<InternalFunction*>(exec->jsCallee())->globalObject(), args, FunctionConstructionMode::Function, exec->newTarget())); >+ return JSValue::encode(constructFunction(exec, jsCast<InternalFunction*>(exec->jsCallee())->globalObject(exec->vm()), args, FunctionConstructionMode::Function, exec->newTarget())); > } > > // ECMA 15.3.1 The Function Constructor Called as a Function > static EncodedJSValue JSC_HOST_CALL callFunctionConstructor(ExecState* exec) > { > ArgList args(exec); >- return JSValue::encode(constructFunction(exec, jsCast<InternalFunction*>(exec->jsCallee())->globalObject(), args)); >+ return JSValue::encode(constructFunction(exec, jsCast<InternalFunction*>(exec->jsCallee())->globalObject(exec->vm()), args)); > } > > FunctionConstructor::FunctionConstructor(VM& vm, Structure* structure) >diff --git a/Source/JavaScriptCore/runtime/GeneratorFunctionConstructor.cpp b/Source/JavaScriptCore/runtime/GeneratorFunctionConstructor.cpp >index 800f0e3393bb5adf1efd643426a44d6cb4740569..46946d6b12e5d5dd5bd5e8bd50988e315a3e8c9b 100644 >--- a/Source/JavaScriptCore/runtime/GeneratorFunctionConstructor.cpp >+++ b/Source/JavaScriptCore/runtime/GeneratorFunctionConstructor.cpp >@@ -39,13 +39,13 @@ const ClassInfo GeneratorFunctionConstructor::s_info = { "GeneratorFunction", &B > static EncodedJSValue JSC_HOST_CALL callGeneratorFunctionConstructor(ExecState* exec) > { > ArgList args(exec); >- return JSValue::encode(constructFunction(exec, jsCast<InternalFunction*>(exec->jsCallee())->globalObject(), args, FunctionConstructionMode::Generator)); >+ return JSValue::encode(constructFunction(exec, jsCast<InternalFunction*>(exec->jsCallee())->globalObject(exec->vm()), args, FunctionConstructionMode::Generator)); > } > > static EncodedJSValue JSC_HOST_CALL constructGeneratorFunctionConstructor(ExecState* exec) > { > ArgList args(exec); >- return JSValue::encode(constructFunction(exec, jsCast<InternalFunction*>(exec->jsCallee())->globalObject(), args, FunctionConstructionMode::Generator, exec->newTarget())); >+ return JSValue::encode(constructFunction(exec, jsCast<InternalFunction*>(exec->jsCallee())->globalObject(exec->vm()), args, FunctionConstructionMode::Generator, exec->newTarget())); > } > > GeneratorFunctionConstructor::GeneratorFunctionConstructor(VM& vm, Structure* structure) >diff --git a/Source/JavaScriptCore/runtime/GenericArgumentsInlines.h b/Source/JavaScriptCore/runtime/GenericArgumentsInlines.h >index e49b619cbd1719d8e5e1d5d259323bbd0d5cf1ed..1aa4754cffb2efdf77b7cccba5a39d731ae386e4 100644 >--- a/Source/JavaScriptCore/runtime/GenericArgumentsInlines.h >+++ b/Source/JavaScriptCore/runtime/GenericArgumentsInlines.h >@@ -56,7 +56,7 @@ bool GenericArguments<Type>::getOwnPropertySlot(JSObject* object, ExecState* exe > return true; > } > if (ident == vm.propertyNames->iteratorSymbol) { >- slot.setValue(thisObject, static_cast<unsigned>(PropertyAttribute::DontEnum), thisObject->globalObject()->arrayProtoValuesFunction()); >+ slot.setValue(thisObject, static_cast<unsigned>(PropertyAttribute::DontEnum), thisObject->globalObject(vm)->arrayProtoValuesFunction()); > return true; > } > } >diff --git a/Source/JavaScriptCore/runtime/InferredStructureWatchpoint.cpp b/Source/JavaScriptCore/runtime/InferredStructureWatchpoint.cpp >index 33052acc3ec798b77c8389eff1769a6a340cc767..d39e86c101f03334153a85db23acf12d6104fe9b 100644 >--- a/Source/JavaScriptCore/runtime/InferredStructureWatchpoint.cpp >+++ b/Source/JavaScriptCore/runtime/InferredStructureWatchpoint.cpp >@@ -41,7 +41,7 @@ void InferredStructureWatchpoint::fireInternal(const FireDetail&) > if (!inferredType->isLive()) > return; > >- inferredType->removeStructure(); >+ inferredType->removeStructure(*inferredType->vm()); > } > > } // namespace JSC >diff --git a/Source/JavaScriptCore/runtime/InferredType.cpp b/Source/JavaScriptCore/runtime/InferredType.cpp >index 85fc2c0ad63cc49cb8adb09e88e3bd56ea8b20b6..aa06db6a027830f7257c1f54f37d1c9dafcb6fd4 100644 >--- a/Source/JavaScriptCore/runtime/InferredType.cpp >+++ b/Source/JavaScriptCore/runtime/InferredType.cpp >@@ -484,13 +484,11 @@ bool InferredType::set(const ConcurrentJSLocker& locker, VM& vm, Descriptor newD > return shouldFireWatchpointSet; > } > >-void InferredType::removeStructure() >+void InferredType::removeStructure(VM& vm) > { > // FIXME: Find an elegant and cheap way to thread information about why we got here into the fire > // detail in set(). > >- VM& vm = *Heap::heap(this)->vm(); >- > Descriptor oldDescriptor; > Descriptor newDescriptor; > { >diff --git a/Source/JavaScriptCore/runtime/InferredType.h b/Source/JavaScriptCore/runtime/InferredType.h >index 4cc487e6cdfc09b6825b616241691d210889545b..1ff02338d7ab23c39102a181bf1109db9a018ff3 100644 >--- a/Source/JavaScriptCore/runtime/InferredType.h >+++ b/Source/JavaScriptCore/runtime/InferredType.h >@@ -247,7 +247,7 @@ class InferredType final : public JSCell { > // watchpoint set. > bool set(const ConcurrentJSLocker&, VM&, Descriptor); > >- void removeStructure(); >+ void removeStructure(VM&); > > friend class InferredStructure; > friend class InferredStructureWatchpoint; >diff --git a/Source/JavaScriptCore/runtime/InferredTypeInlines.h b/Source/JavaScriptCore/runtime/InferredTypeInlines.h >index 40812b3c49b394fbb2794bec957ee92bf5af296c..f60cc36fd1e8a602620c504cde823d017e84bfd6 100644 >--- a/Source/JavaScriptCore/runtime/InferredTypeInlines.h >+++ b/Source/JavaScriptCore/runtime/InferredTypeInlines.h >@@ -37,7 +37,7 @@ inline void InferredType::finalizeUnconditionally(VM& vm) > if (Heap::isMarked(m_structure->structure.get())) > return; > >- removeStructure(); >+ removeStructure(vm); > } > > vm.inferredTypesWithFinalizers.remove(this); >diff --git a/Source/JavaScriptCore/runtime/IntlCollator.cpp b/Source/JavaScriptCore/runtime/IntlCollator.cpp >index f7350862fbf7bebecac38e2294499bdbabdf7124..28eb9e6be136ebf8fa5b2865be52cb2892936f8d 100644 >--- a/Source/JavaScriptCore/runtime/IntlCollator.cpp >+++ b/Source/JavaScriptCore/runtime/IntlCollator.cpp >@@ -224,7 +224,7 @@ void IntlCollator::initializeCollator(ExecState& state, JSValue locales, JSValue > opt.add(ASCIILiteral("kf"), caseFirst); > } > >- auto& availableLocales = state.jsCallee()->globalObject()->intlCollatorAvailableLocales(); >+ auto& availableLocales = state.jsCallee()->globalObject(vm)->intlCollatorAvailableLocales(); > auto result = resolveLocale(state, availableLocales, requestedLocales, opt, relevantCollatorExtensionKeys, WTF_ARRAY_LENGTH(relevantCollatorExtensionKeys), localeData); > > m_locale = result.get(ASCIILiteral("locale")); >diff --git a/Source/JavaScriptCore/runtime/IntlCollatorConstructor.cpp b/Source/JavaScriptCore/runtime/IntlCollatorConstructor.cpp >index 86ae3f0908fca8eac0862e4c71b9ba040a93e31d..ccb56509dbde3e9419e5bb98bcc4eee6ba898d2c 100644 >--- a/Source/JavaScriptCore/runtime/IntlCollatorConstructor.cpp >+++ b/Source/JavaScriptCore/runtime/IntlCollatorConstructor.cpp >@@ -140,7 +140,7 @@ EncodedJSValue JSC_HOST_CALL IntlCollatorConstructorFuncSupportedLocalesOf(ExecS > RETURN_IF_EXCEPTION(scope, encodedJSValue()); > > // 3. Return SupportedLocales(%Collator%.[[availableLocales]], requestedLocales, options). >- JSGlobalObject* globalObject = state->jsCallee()->globalObject(); >+ JSGlobalObject* globalObject = state->jsCallee()->globalObject(vm); > scope.release(); > return JSValue::encode(supportedLocales(*state, globalObject->intlCollatorAvailableLocales(), requestedLocales, state->argument(1))); > } >diff --git a/Source/JavaScriptCore/runtime/IntlCollatorPrototype.cpp b/Source/JavaScriptCore/runtime/IntlCollatorPrototype.cpp >index bf47529d8a8b7ca3be49d03bb222ae56c2dcee63..996722db2b67640e3e320c9314a748868a1aee80 100644 >--- a/Source/JavaScriptCore/runtime/IntlCollatorPrototype.cpp >+++ b/Source/JavaScriptCore/runtime/IntlCollatorPrototype.cpp >@@ -122,7 +122,7 @@ EncodedJSValue JSC_HOST_CALL IntlCollatorPrototypeGetterCompare(ExecState* state > JSBoundFunction* boundCompare = collator->boundCompare(); > // 2. If collator.[[boundCompare]] is undefined, > if (!boundCompare) { >- JSGlobalObject* globalObject = collator->globalObject(); >+ JSGlobalObject* globalObject = collator->globalObject(vm); > // a. Let F be a new built-in function object as defined in 11.3.4. > // b. The value of F’s length property is 2. > JSFunction* targetObject = JSFunction::create(vm, globalObject, 2, ASCIILiteral("compare"), IntlCollatorFuncCompare, NoIntrinsic); >diff --git a/Source/JavaScriptCore/runtime/IntlDateTimeFormat.cpp b/Source/JavaScriptCore/runtime/IntlDateTimeFormat.cpp >index 1573c7295f149796a05ad79782d07263347233e4..3aa779faafc857e39e41e3a37d8dea67b9c8fd66 100644 >--- a/Source/JavaScriptCore/runtime/IntlDateTimeFormat.cpp >+++ b/Source/JavaScriptCore/runtime/IntlDateTimeFormat.cpp >@@ -454,7 +454,7 @@ void IntlDateTimeFormat::initializeDateTimeFormat(ExecState& exec, JSValue local > > // 11. Let localeData be the value of %DateTimeFormat%.[[localeData]]. > // 12. Let r be ResolveLocale( %DateTimeFormat%.[[availableLocales]], requestedLocales, opt, %DateTimeFormat%.[[relevantExtensionKeys]], localeData). >- const HashSet<String> availableLocales = exec.jsCallee()->globalObject()->intlDateTimeFormatAvailableLocales(); >+ const HashSet<String> availableLocales = exec.jsCallee()->globalObject(vm)->intlDateTimeFormatAvailableLocales(); > HashMap<String, String> resolved = resolveLocale(exec, availableLocales, requestedLocales, localeOpt, IntlDTFInternal::relevantExtensionKeys, WTF_ARRAY_LENGTH(IntlDTFInternal::relevantExtensionKeys), IntlDTFInternal::localeData); > > // 13. Set dateTimeFormat.[[locale]] to the value of r.[[locale]]. >@@ -1001,7 +1001,7 @@ JSValue IntlDateTimeFormat::formatToParts(ExecState& exec, double value) > if (U_FAILURE(status)) > return throwTypeError(&exec, scope, ASCIILiteral("failed to format date value")); > >- JSGlobalObject* globalObject = exec.jsCallee()->globalObject(); >+ JSGlobalObject* globalObject = exec.jsCallee()->globalObject(vm); > JSArray* parts = JSArray::tryCreate(vm, globalObject->arrayStructureForIndexingTypeDuringAllocation(ArrayWithContiguous), 0); > if (!parts) > return throwOutOfMemoryError(&exec, scope); >diff --git a/Source/JavaScriptCore/runtime/IntlDateTimeFormatConstructor.cpp b/Source/JavaScriptCore/runtime/IntlDateTimeFormatConstructor.cpp >index 5351e43dcdadde2b5cfac5d29f7c6627405cf2c1..32cec7e620b40df8c9b9d5953515f8bbc9bc9894 100644 >--- a/Source/JavaScriptCore/runtime/IntlDateTimeFormatConstructor.cpp >+++ b/Source/JavaScriptCore/runtime/IntlDateTimeFormatConstructor.cpp >@@ -134,7 +134,7 @@ EncodedJSValue JSC_HOST_CALL IntlDateTimeFormatConstructorFuncSupportedLocalesOf > // 12.2.2 Intl.DateTimeFormat.supportedLocalesOf(locales [, options]) (ECMA-402 2.0) > > // 1. Let availableLocales be %DateTimeFormat%.[[availableLocales]]. >- JSGlobalObject* globalObject = state->jsCallee()->globalObject(); >+ JSGlobalObject* globalObject = state->jsCallee()->globalObject(vm); > const HashSet<String> availableLocales = globalObject->intlDateTimeFormatAvailableLocales(); > > // 2. Let requestedLocales be CanonicalizeLocaleList(locales). >diff --git a/Source/JavaScriptCore/runtime/IntlDateTimeFormatPrototype.cpp b/Source/JavaScriptCore/runtime/IntlDateTimeFormatPrototype.cpp >index 9b7971add198dd0bfb23a6bcc07f03cc96dd4931..4f189669ababd6a07eae755a98aedca880a55a42 100644 >--- a/Source/JavaScriptCore/runtime/IntlDateTimeFormatPrototype.cpp >+++ b/Source/JavaScriptCore/runtime/IntlDateTimeFormatPrototype.cpp >@@ -139,7 +139,7 @@ EncodedJSValue JSC_HOST_CALL IntlDateTimeFormatPrototypeGetterFormat(ExecState* > JSBoundFunction* boundFormat = dtf->boundFormat(); > // 3. If the [[boundFormat]] internal slot of this DateTimeFormat object is undefined, > if (!boundFormat) { >- JSGlobalObject* globalObject = dtf->globalObject(); >+ JSGlobalObject* globalObject = dtf->globalObject(vm); > // a. Let F be a new built-in function object as defined in 12.3.4. > // b. The value of F’s length property is 1. (Note: F’s length property was 0 in ECMA-402 1.0) > JSFunction* targetObject = JSFunction::create(vm, globalObject, 1, ASCIILiteral("format"), IntlDateTimeFormatFuncFormatDateTime, NoIntrinsic); >diff --git a/Source/JavaScriptCore/runtime/IntlNumberFormat.cpp b/Source/JavaScriptCore/runtime/IntlNumberFormat.cpp >index a1466346b29aa163de95dc589b146d4c0479fbdd..b76328b55fa9eeb0d1d1e0a3e50967bb6f50471e 100644 >--- a/Source/JavaScriptCore/runtime/IntlNumberFormat.cpp >+++ b/Source/JavaScriptCore/runtime/IntlNumberFormat.cpp >@@ -184,7 +184,7 @@ void IntlNumberFormat::initializeNumberFormat(ExecState& state, JSValue locales, > RETURN_IF_EXCEPTION(scope, void()); > opt.add(ASCIILiteral("localeMatcher"), matcher); > >- auto& availableLocales = state.jsCallee()->globalObject()->intlNumberFormatAvailableLocales(); >+ auto& availableLocales = state.jsCallee()->globalObject(vm)->intlNumberFormatAvailableLocales(); > auto result = resolveLocale(state, availableLocales, requestedLocales, opt, relevantNumberExtensionKeys, WTF_ARRAY_LENGTH(relevantNumberExtensionKeys), IntlNFInternal::localeData); > > m_locale = result.get(ASCIILiteral("locale")); >@@ -538,7 +538,7 @@ JSValue IntlNumberFormat::formatToParts(ExecState& exec, double value) > fieldType = ufieldpositer_next(fieldItr.get(), &beginIndex, &endIndex); > } > >- JSGlobalObject* globalObject = exec.jsCallee()->globalObject(); >+ JSGlobalObject* globalObject = exec.jsCallee()->globalObject(vm); > JSArray* parts = JSArray::tryCreate(vm, globalObject->arrayStructureForIndexingTypeDuringAllocation(ArrayWithContiguous), 0); > if (!parts) > return throwOutOfMemoryError(&exec, scope); >diff --git a/Source/JavaScriptCore/runtime/IntlNumberFormatConstructor.cpp b/Source/JavaScriptCore/runtime/IntlNumberFormatConstructor.cpp >index 274703c25b8584f9118171763fd5f68ef606ecca..bf7624932962f01cf9955f1778bcca7aab78ee9a 100644 >--- a/Source/JavaScriptCore/runtime/IntlNumberFormatConstructor.cpp >+++ b/Source/JavaScriptCore/runtime/IntlNumberFormatConstructor.cpp >@@ -134,7 +134,7 @@ EncodedJSValue JSC_HOST_CALL IntlNumberFormatConstructorFuncSupportedLocalesOf(E > // 11.2.2 Intl.NumberFormat.supportedLocalesOf(locales [, options]) (ECMA-402 2.0) > > // 1. Let availableLocales be %NumberFormat%.[[availableLocales]]. >- JSGlobalObject* globalObject = state->jsCallee()->globalObject(); >+ JSGlobalObject* globalObject = state->jsCallee()->globalObject(vm); > const HashSet<String> availableLocales = globalObject->intlNumberFormatAvailableLocales(); > > // 2. Let requestedLocales be CanonicalizeLocaleList(locales). >diff --git a/Source/JavaScriptCore/runtime/IntlNumberFormatPrototype.cpp b/Source/JavaScriptCore/runtime/IntlNumberFormatPrototype.cpp >index c9e17dc9ae9e68a7023aee74824a2407a367d2e2..f9568af1ee7cb862063a139dd7596c67a7ee890c 100644 >--- a/Source/JavaScriptCore/runtime/IntlNumberFormatPrototype.cpp >+++ b/Source/JavaScriptCore/runtime/IntlNumberFormatPrototype.cpp >@@ -133,7 +133,7 @@ EncodedJSValue JSC_HOST_CALL IntlNumberFormatPrototypeGetterFormat(ExecState* st > JSBoundFunction* boundFormat = nf->boundFormat(); > // 2. If nf.[[boundFormat]] is undefined, > if (!boundFormat) { >- JSGlobalObject* globalObject = nf->globalObject(); >+ JSGlobalObject* globalObject = nf->globalObject(vm); > // a. Let F be a new built-in function object as defined in 11.3.4. > // b. The value of F’s length property is 1. > JSFunction* targetObject = JSFunction::create(vm, globalObject, 1, ASCIILiteral("format"), IntlNumberFormatFuncFormatNumber, NoIntrinsic); >diff --git a/Source/JavaScriptCore/runtime/IntlObject.cpp b/Source/JavaScriptCore/runtime/IntlObject.cpp >index 68e0ca8ae1759e6c13024f70f872bbd8208b68ae..fb78e461b3151cde8ac387e5c902bac11f4ee92f 100644 >--- a/Source/JavaScriptCore/runtime/IntlObject.cpp >+++ b/Source/JavaScriptCore/runtime/IntlObject.cpp >@@ -497,7 +497,7 @@ Vector<String> canonicalizeLocaleList(ExecState& state, JSValue locales) > VM& vm = state.vm(); > auto scope = DECLARE_THROW_SCOPE(vm); > >- JSGlobalObject* globalObject = state.jsCallee()->globalObject(); >+ JSGlobalObject* globalObject = state.jsCallee()->globalObject(vm); > Vector<String> seen; > > if (locales.isUndefined()) >@@ -588,7 +588,8 @@ String defaultLocale(ExecState& state) > // WebCore's global objects will have their own ideas of how to determine the language. It may > // be determined by WebCore-specific logic like some WK settings. Usually this will return the > // same thing as userPreferredLanguages()[0]. >- if (auto defaultLanguage = state.jsCallee()->globalObject()->globalObjectMethodTable()->defaultLanguage) { >+ VM& vm = state.vm(); >+ if (auto defaultLanguage = state.jsCallee()->globalObject(vm)->globalObjectMethodTable()->defaultLanguage) { > String locale = defaultLanguage(); > if (!locale.isEmpty()) > return canonicalizeLanguageTag(locale); >@@ -792,7 +793,7 @@ static JSArray* lookupSupportedLocales(ExecState& state, const HashSet<String>& > auto scope = DECLARE_THROW_SCOPE(vm); > > size_t len = requestedLocales.size(); >- JSGlobalObject* globalObject = state.jsCallee()->globalObject(); >+ JSGlobalObject* globalObject = state.jsCallee()->globalObject(vm); > JSArray* subset = JSArray::tryCreate(vm, globalObject->arrayStructureForIndexingTypeDuringAllocation(ArrayWithUndecided), 0); > if (!subset) { > throwOutOfMemoryError(&state, scope); >@@ -907,7 +908,7 @@ EncodedJSValue JSC_HOST_CALL intlObjectFuncGetCanonicalLocales(ExecState* state) > RETURN_IF_EXCEPTION(scope, encodedJSValue()); > auto length = localeList.size(); > >- JSGlobalObject* globalObject = state->jsCallee()->globalObject(); >+ JSGlobalObject* globalObject = state->jsCallee()->globalObject(vm); > JSArray* localeArray = JSArray::tryCreate(vm, globalObject->arrayStructureForIndexingTypeDuringAllocation(ArrayWithContiguous), length); > if (!localeArray) { > throwOutOfMemoryError(state, scope); >diff --git a/Source/JavaScriptCore/runtime/IntlPluralRules.cpp b/Source/JavaScriptCore/runtime/IntlPluralRules.cpp >index 4ded13b42f35e32cd896e6e8c13e1c1b1313ec3d..adf155042a863f5770b19e6906a9987b6ad3f058 100644 >--- a/Source/JavaScriptCore/runtime/IntlPluralRules.cpp >+++ b/Source/JavaScriptCore/runtime/IntlPluralRules.cpp >@@ -125,7 +125,7 @@ void IntlPluralRules::initializePluralRules(ExecState& exec, JSValue locales, JS > RETURN_IF_EXCEPTION(scope, void()); > localeOpt.add(vm.propertyNames->localeMatcher.string(), localeMatcher); > >- const HashSet<String> availableLocales = exec.jsCallee()->globalObject()->intlNumberFormatAvailableLocales(); >+ const HashSet<String> availableLocales = exec.jsCallee()->globalObject(vm)->intlNumberFormatAvailableLocales(); > HashMap<String, String> resolved = resolveLocale(exec, availableLocales, requestedLocales, localeOpt, nullptr, 0, IntlPRInternal::localeData); > m_locale = resolved.get(vm.propertyNames->locale.string()); > if (m_locale.isEmpty()) { >@@ -215,7 +215,7 @@ JSObject* IntlPluralRules::resolvedOptions(ExecState& exec) > } > > #if JSC_ICU_HAS_PLURALRULES_KEYWORDS >- JSGlobalObject* globalObject = exec.jsCallee()->globalObject(); >+ JSGlobalObject* globalObject = exec.jsCallee()->globalObject(vm); > JSArray* categories = JSArray::tryCreate(vm, globalObject->arrayStructureForIndexingTypeDuringAllocation(ArrayWithContiguous), 0); > if (!categories) > return throwOutOfMemoryError(&exec, scope); >diff --git a/Source/JavaScriptCore/runtime/IntlPluralRulesConstructor.cpp b/Source/JavaScriptCore/runtime/IntlPluralRulesConstructor.cpp >index 9e50a9badcc71c03ec0d0ea017b7db3443b6bad4..7af69c5ea7d35be5f5228ae5cc63cfc1d5bab08d 100644 >--- a/Source/JavaScriptCore/runtime/IntlPluralRulesConstructor.cpp >+++ b/Source/JavaScriptCore/runtime/IntlPluralRulesConstructor.cpp >@@ -118,7 +118,7 @@ EncodedJSValue JSC_HOST_CALL IntlPluralRulesConstructorFuncSupportedLocalesOf(Ex > > // 13.3.2 Intl.PluralRules.supportedLocalesOf (locales [, options ]) > // https://tc39.github.io/ecma402/#sec-intl.pluralrules.supportedlocalesof >- JSGlobalObject* globalObject = state->jsCallee()->globalObject(); >+ JSGlobalObject* globalObject = state->jsCallee()->globalObject(vm); > const HashSet<String> availableLocales = globalObject->intlNumberFormatAvailableLocales(); > > Vector<String> requestedLocales = canonicalizeLocaleList(*state, state->argument(0)); >diff --git a/Source/JavaScriptCore/runtime/IteratorOperations.cpp b/Source/JavaScriptCore/runtime/IteratorOperations.cpp >index 2fa773c3678f77e05f22f4b57189d245ccbbff26..6910f01bdae0881f89862f146ece53dbe83d337e 100644 >--- a/Source/JavaScriptCore/runtime/IteratorOperations.cpp >+++ b/Source/JavaScriptCore/runtime/IteratorOperations.cpp >@@ -45,7 +45,7 @@ JSValue iteratorNext(ExecState* exec, IterationRecord iterationRecord, JSValue a > JSValue nextFunction = iterationRecord.nextMethod; > > CallData nextFunctionCallData; >- CallType nextFunctionCallType = getCallData(nextFunction, nextFunctionCallData); >+ CallType nextFunctionCallType = getCallData(vm, nextFunction, nextFunctionCallData); > if (nextFunctionCallType == CallType::None) > return throwTypeError(exec, scope); > >@@ -108,7 +108,7 @@ void iteratorClose(ExecState* exec, IterationRecord iterationRecord) > } > > CallData returnFunctionCallData; >- CallType returnFunctionCallType = getCallData(returnFunction, returnFunctionCallData); >+ CallType returnFunctionCallType = getCallData(vm, returnFunction, returnFunctionCallData); > if (returnFunctionCallType == CallType::None) { > if (exception) > throwException(exec, throwScope, exception); >@@ -193,7 +193,7 @@ IterationRecord iteratorForIterable(ExecState& state, JSObject* object, JSValue > auto scope = DECLARE_THROW_SCOPE(vm); > > CallData iteratorMethodCallData; >- CallType iteratorMethodCallType = getCallData(iteratorMethod, iteratorMethodCallData); >+ CallType iteratorMethodCallType = getCallData(vm, iteratorMethod, iteratorMethodCallData); > if (iteratorMethodCallType == CallType::None) { > throwTypeError(&state, scope); > return { }; >@@ -223,7 +223,7 @@ IterationRecord iteratorForIterable(ExecState* state, JSValue iterable) > RETURN_IF_EXCEPTION(scope, { }); > > CallData iteratorFunctionCallData; >- CallType iteratorFunctionCallType = getCallData(iteratorFunction, iteratorFunctionCallData); >+ CallType iteratorFunctionCallType = getCallData(vm, iteratorFunction, iteratorFunctionCallData); > if (iteratorFunctionCallType == CallType::None) { > throwTypeError(state, scope); > return { }; >diff --git a/Source/JavaScriptCore/runtime/JSArray.cpp b/Source/JavaScriptCore/runtime/JSArray.cpp >index a52ceca13ea2efd8c76c5b8d67b342b3eeff0243..1ad6eb3edf2182d29b074a333a06f7cf8ce212ae 100644 >--- a/Source/JavaScriptCore/runtime/JSArray.cpp >+++ b/Source/JavaScriptCore/runtime/JSArray.cpp >@@ -861,7 +861,7 @@ bool JSArray::shiftCountWithArrayStorage(VM& vm, unsigned startIndex, unsigned c > // Adjust the Butterfly and the index bias. We only need to do this here because we're changing > // the start of the Butterfly, which needs to point at the first indexed property in the used > // portion of the vector. >- Butterfly* butterfly = this->butterfly()->shift(structure(), count); >+ Butterfly* butterfly = this->butterfly()->shift(structure(vm), count); > storage = butterfly->arrayStorage(); > storage->m_indexBias += count; > >@@ -1031,7 +1031,7 @@ bool JSArray::unshiftCountWithArrayStorage(ExecState* exec, unsigned startIndex, > auto locker = holdLock(cellLock()); > > if (moveFront && storage->m_indexBias >= count) { >- Butterfly* newButterfly = storage->butterfly()->unshift(structure(), count); >+ Butterfly* newButterfly = storage->butterfly()->unshift(structure(vm), count); > storage = newButterfly->arrayStorage(); > storage->m_indexBias -= count; > storage->setVectorLength(vectorLength + count); >@@ -1335,7 +1335,8 @@ bool JSArray::isIteratorProtocolFastAndNonObservable() > if (!globalObject->isArrayPrototypeIteratorProtocolFastAndNonObservable()) > return false; > >- Structure* structure = this->structure(); >+ VM& vm = globalObject->vm(); >+ Structure* structure = this->structure(vm); > // This is the fast case. Many arrays will be an original array. > if (globalObject->isOriginalArrayStructure(structure)) > return true; >@@ -1343,7 +1344,6 @@ bool JSArray::isIteratorProtocolFastAndNonObservable() > if (structure->mayInterceptIndexedAccesses()) > return false; > >- VM& vm = globalObject->vm(); > if (getPrototypeDirect(vm) != globalObject->arrayPrototype()) > return false; > >diff --git a/Source/JavaScriptCore/runtime/JSArrayBufferConstructor.cpp b/Source/JavaScriptCore/runtime/JSArrayBufferConstructor.cpp >index bf2e917efa109cfff4fb9d3f8a5e6654f8ca88b7..ff45b3eee866357a6ba86c592f2ef6fb3953241f 100644 >--- a/Source/JavaScriptCore/runtime/JSArrayBufferConstructor.cpp >+++ b/Source/JavaScriptCore/runtime/JSArrayBufferConstructor.cpp >@@ -61,7 +61,7 @@ void JSArrayBufferConstructor::finishCreation(VM& vm, JSArrayBufferPrototype* pr > putDirectNonIndexAccessor(vm, vm.propertyNames->speciesSymbol, speciesSymbol, PropertyAttribute::Accessor | PropertyAttribute::ReadOnly | PropertyAttribute::DontEnum); > > if (m_sharingMode == ArrayBufferSharingMode::Default) { >- JSGlobalObject* globalObject = this->globalObject(); >+ JSGlobalObject* globalObject = this->globalObject(vm); > JSC_NATIVE_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->isView, arrayBufferFuncIsView, static_cast<unsigned>(PropertyAttribute::DontEnum), 1); > JSC_NATIVE_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->builtinNames().isViewPrivateName(), arrayBufferFuncIsView, static_cast<unsigned>(PropertyAttribute::DontEnum), 1); > } >@@ -91,7 +91,7 @@ static EncodedJSValue JSC_HOST_CALL constructArrayBuffer(ExecState* exec) > JSArrayBufferConstructor* constructor = > jsCast<JSArrayBufferConstructor*>(exec->jsCallee()); > >- Structure* arrayBufferStructure = InternalFunction::createSubclassStructure(exec, exec->newTarget(), constructor->globalObject()->arrayBufferStructure(constructor->sharingMode())); >+ Structure* arrayBufferStructure = InternalFunction::createSubclassStructure(exec, exec->newTarget(), constructor->globalObject(vm)->arrayBufferStructure(constructor->sharingMode())); > RETURN_IF_EXCEPTION(scope, { }); > > unsigned length; >diff --git a/Source/JavaScriptCore/runtime/JSArrayBufferPrototype.cpp b/Source/JavaScriptCore/runtime/JSArrayBufferPrototype.cpp >index a6ffa7a95068ad3c5c6373efb8aeef05f84d0178..603b208ba3eed5583333855d58cfcd3cfefa3cc1 100644 >--- a/Source/JavaScriptCore/runtime/JSArrayBufferPrototype.cpp >+++ b/Source/JavaScriptCore/runtime/JSArrayBufferPrototype.cpp >@@ -63,7 +63,7 @@ static EncodedJSValue JSC_HOST_CALL arrayBufferProtoFuncSlice(ExecState* exec) > if (!newBuffer) > return JSValue::encode(throwOutOfMemoryError(exec, scope)); > >- Structure* structure = callee->globalObject()->arrayBufferStructure(newBuffer->sharingMode()); >+ Structure* structure = callee->globalObject(vm)->arrayBufferStructure(newBuffer->sharingMode()); > > JSArrayBuffer* result = JSArrayBuffer::create(vm, structure, WTFMove(newBuffer)); > >diff --git a/Source/JavaScriptCore/runtime/JSArrayBufferView.cpp b/Source/JavaScriptCore/runtime/JSArrayBufferView.cpp >index 82e688504233c8c15c3ea7d1e6e1250b6217fadb..730eefdd240d46b917aabda89c5f2bc039c99976 100644 >--- a/Source/JavaScriptCore/runtime/JSArrayBufferView.cpp >+++ b/Source/JavaScriptCore/runtime/JSArrayBufferView.cpp >@@ -199,12 +199,14 @@ void JSArrayBufferView::finalize(JSCell* cell) > > JSArrayBuffer* JSArrayBufferView::unsharedJSBuffer(ExecState* exec) > { >- return exec->vm().m_typedArrayController->toJS(exec, globalObject(), unsharedBuffer()); >+ VM& vm = exec->vm(); >+ return vm.m_typedArrayController->toJS(exec, globalObject(vm), unsharedBuffer()); > } > > JSArrayBuffer* JSArrayBufferView::possiblySharedJSBuffer(ExecState* exec) > { >- return exec->vm().m_typedArrayController->toJS(exec, globalObject(), possiblySharedBuffer()); >+ VM& vm = exec->vm(); >+ return vm.m_typedArrayController->toJS(exec, globalObject(vm), possiblySharedBuffer()); > } > > void JSArrayBufferView::neuter() >diff --git a/Source/JavaScriptCore/runtime/JSAsyncFunction.cpp b/Source/JavaScriptCore/runtime/JSAsyncFunction.cpp >index 01b714901c913673ebf7b15caccf6b638b5751a8..c89d032f1a9e4baa5f77f604147b8aa34113c964 100644 >--- a/Source/JavaScriptCore/runtime/JSAsyncFunction.cpp >+++ b/Source/JavaScriptCore/runtime/JSAsyncFunction.cpp >@@ -47,14 +47,14 @@ JSAsyncFunction::JSAsyncFunction(VM& vm, FunctionExecutable* executable, JSScope > JSAsyncFunction* JSAsyncFunction::createImpl(VM& vm, FunctionExecutable* executable, JSScope* scope, Structure* structure) > { > JSAsyncFunction* asyncFunction = new (NotNull, allocateCell<JSAsyncFunction>(vm.heap)) JSAsyncFunction(vm, executable, scope, structure); >- ASSERT(asyncFunction->structure()->globalObject()); >+ ASSERT(asyncFunction->structure(vm)->globalObject()); > asyncFunction->finishCreation(vm); > return asyncFunction; > } > > JSAsyncFunction* JSAsyncFunction::create(VM& vm, FunctionExecutable* executable, JSScope* scope) > { >- JSAsyncFunction* asyncFunction = createImpl(vm, executable, scope, scope->globalObject()->asyncFunctionStructure()); >+ JSAsyncFunction* asyncFunction = createImpl(vm, executable, scope, scope->globalObject(vm)->asyncFunctionStructure()); > executable->singletonFunction()->notifyWrite(vm, asyncFunction, "Allocating an async function"); > return asyncFunction; > } >@@ -68,7 +68,7 @@ JSAsyncFunction* JSAsyncFunction::create(VM& vm, FunctionExecutable* executable, > > JSAsyncFunction* JSAsyncFunction::createWithInvalidatedReallocationWatchpoint(VM& vm, FunctionExecutable* executable, JSScope* scope) > { >- return createImpl(vm, executable, scope, scope->globalObject()->asyncFunctionStructure()); >+ return createImpl(vm, executable, scope, scope->globalObject(vm)->asyncFunctionStructure()); > } > > } >diff --git a/Source/JavaScriptCore/runtime/JSAsyncGeneratorFunction.cpp b/Source/JavaScriptCore/runtime/JSAsyncGeneratorFunction.cpp >index b9a37ab98b4bcaaa89cc6c58c5283b427c1e9491..87f958399b3cd40f1e156db5083c4c4c4b13dc40 100644 >--- a/Source/JavaScriptCore/runtime/JSAsyncGeneratorFunction.cpp >+++ b/Source/JavaScriptCore/runtime/JSAsyncGeneratorFunction.cpp >@@ -47,14 +47,14 @@ JSAsyncGeneratorFunction::JSAsyncGeneratorFunction(VM& vm, FunctionExecutable* e > JSAsyncGeneratorFunction* JSAsyncGeneratorFunction::createImpl(VM& vm, FunctionExecutable* executable, JSScope* scope, Structure* structure) > { > JSAsyncGeneratorFunction* asyncGenerator = new (NotNull, allocateCell<JSAsyncGeneratorFunction>(vm.heap)) JSAsyncGeneratorFunction(vm, executable, scope, structure); >- ASSERT(asyncGenerator->structure()->globalObject()); >+ ASSERT(asyncGenerator->structure(vm)->globalObject()); > asyncGenerator->finishCreation(vm); > return asyncGenerator; > } > > JSAsyncGeneratorFunction* JSAsyncGeneratorFunction::create(VM& vm, FunctionExecutable* executable, JSScope* scope) > { >- JSAsyncGeneratorFunction* asyncGenerator = createImpl(vm, executable, scope, scope->globalObject()->asyncGeneratorFunctionStructure()); >+ JSAsyncGeneratorFunction* asyncGenerator = createImpl(vm, executable, scope, scope->globalObject(vm)->asyncGeneratorFunctionStructure()); > executable->singletonFunction()->notifyWrite(vm, asyncGenerator, "Allocating an async generator"); > return asyncGenerator; > } >@@ -68,7 +68,7 @@ JSAsyncGeneratorFunction* JSAsyncGeneratorFunction::create(VM& vm, FunctionExecu > > JSAsyncGeneratorFunction* JSAsyncGeneratorFunction::createWithInvalidatedReallocationWatchpoint(VM& vm, FunctionExecutable* executable, JSScope* scope) > { >- return createImpl(vm, executable, scope, scope->globalObject()->asyncGeneratorFunctionStructure()); >+ return createImpl(vm, executable, scope, scope->globalObject(vm)->asyncGeneratorFunctionStructure()); > } > > } >diff --git a/Source/JavaScriptCore/runtime/JSBoundFunction.cpp b/Source/JavaScriptCore/runtime/JSBoundFunction.cpp >index ea6e0ab6aeff00ac0743ac61e4106895e14929db..2cbdb935c52e45d5622e6e763fa5127b3a9aea66 100644 >--- a/Source/JavaScriptCore/runtime/JSBoundFunction.cpp >+++ b/Source/JavaScriptCore/runtime/JSBoundFunction.cpp >@@ -50,7 +50,7 @@ EncodedJSValue JSC_HOST_CALL boundThisNoArgsFunctionCall(ExecState* exec) > executable->entrypointFor(CodeForCall, MustCheckArity); > } > CallData callData; >- CallType callType = getCallData(targetFunction, callData); >+ CallType callType = getCallData(exec->vm(), targetFunction, callData); > ASSERT(callType != CallType::None); > return JSValue::encode(call(exec, targetFunction, callType, callData, boundFunction->boundThis(), args)); > } >@@ -77,7 +77,7 @@ EncodedJSValue JSC_HOST_CALL boundFunctionCall(ExecState* exec) > > JSObject* targetFunction = boundFunction->targetFunction(); > CallData callData; >- CallType callType = getCallData(targetFunction, callData); >+ CallType callType = getCallData(vm, targetFunction, callData); > ASSERT(callType != CallType::None); > scope.release(); > return JSValue::encode(call(exec, targetFunction, callType, callData, boundFunction->boundThis(), args)); >@@ -94,7 +94,7 @@ EncodedJSValue JSC_HOST_CALL boundThisNoArgsFunctionConstruct(ExecState* exec) > > JSFunction* targetFunction = jsCast<JSFunction*>(boundFunction->targetFunction()); > ConstructData constructData; >- ConstructType constructType = getConstructData(targetFunction, constructData); >+ ConstructType constructType = getConstructData(exec->vm(), targetFunction, constructData); > ASSERT(constructType != ConstructType::None); > return JSValue::encode(construct(exec, targetFunction, constructType, constructData, args)); > } >@@ -121,7 +121,7 @@ EncodedJSValue JSC_HOST_CALL boundFunctionConstruct(ExecState* exec) > > JSObject* targetFunction = boundFunction->targetFunction(); > ConstructData constructData; >- ConstructType constructType = getConstructData(targetFunction, constructData); >+ ConstructType constructType = getConstructData(vm, targetFunction, constructData); > ASSERT(constructType != ConstructType::None); > scope.release(); > return JSValue::encode(construct(exec, targetFunction, constructType, constructData, args)); >@@ -160,7 +160,7 @@ inline Structure* getBoundFunctionStructure(VM& vm, ExecState* exec, JSGlobalObj > // It would be nice if the structure map was keyed global objects in addition to the other things. Unfortunately, it is not > // currently. Whoever works on caching structure changes for prototype transistions should consider this problem as well. > // See: https://bugs.webkit.org/show_bug.cgi?id=152738 >- if (prototype.isObject() && prototype.getObject()->globalObject() == globalObject) { >+ if (prototype.isObject() && prototype.getObject()->globalObject(vm) == globalObject) { > result = vm.structureCache.emptyStructureForPrototypeFromBaseStructure(globalObject, prototype.getObject(), result); > ASSERT_WITH_SECURITY_IMPLICATION(result->globalObject() == globalObject); > } else >@@ -176,7 +176,7 @@ JSBoundFunction* JSBoundFunction::create(VM& vm, ExecState* exec, JSGlobalObject > { > auto scope = DECLARE_THROW_SCOPE(vm); > ConstructData constructData; >- ConstructType constructType = JSC::getConstructData(targetFunction, constructData); >+ ConstructType constructType = JSC::getConstructData(vm, targetFunction, constructData); > bool canConstruct = constructType != ConstructType::None; > > bool slowCase = boundArgs || !getJSFunction(targetFunction); >@@ -211,7 +211,7 @@ JSArray* JSBoundFunction::boundArgsCopy(ExecState* exec) > { > VM& vm = exec->vm(); > auto scope = DECLARE_THROW_SCOPE(vm); >- JSArray* result = constructEmptyArray(exec, nullptr, globalObject()); >+ JSArray* result = constructEmptyArray(exec, nullptr, globalObject(vm)); > RETURN_IF_EXCEPTION(scope, nullptr); > for (unsigned i = 0; i < m_boundArgs->length(); ++i) { > result->push(exec, m_boundArgs->getIndexQuickly(i)); >diff --git a/Source/JavaScriptCore/runtime/JSCJSValue.cpp b/Source/JavaScriptCore/runtime/JSCJSValue.cpp >index 9edc6019df3df1f7f627f2ee648c33e5038179c0..8a181f74d063d9ddf62a80d26e7d19e376e3124a 100644 >--- a/Source/JavaScriptCore/runtime/JSCJSValue.cpp >+++ b/Source/JavaScriptCore/runtime/JSCJSValue.cpp >@@ -164,7 +164,7 @@ bool JSValue::putToPrimitive(ExecState* exec, PropertyName propertyName, JSValue > return false; > JSValue prototype; > if (propertyName != vm.propertyNames->underscoreProto) { >- for (; !obj->structure()->hasReadOnlyOrGetterSetterPropertiesExcludingProto(); obj = asObject(prototype)) { >+ for (; !obj->structure(vm)->hasReadOnlyOrGetterSetterPropertiesExcludingProto(); obj = asObject(prototype)) { > prototype = obj->getPrototype(vm, exec); > RETURN_IF_EXCEPTION(scope, false); > >@@ -175,7 +175,7 @@ bool JSValue::putToPrimitive(ExecState* exec, PropertyName propertyName, JSValue > > for (; ; obj = asObject(prototype)) { > unsigned attributes; >- PropertyOffset offset = obj->structure()->get(vm, propertyName, attributes); >+ PropertyOffset offset = obj->structure(vm)->get(vm, propertyName, attributes); > if (offset != invalidOffset) { > if (attributes & PropertyAttribute::ReadOnly) > return typeError(exec, scope, slot.isStrictMode(), ASCIILiteral(ReadonlyPropertyWriteError)); >diff --git a/Source/JavaScriptCore/runtime/JSCellInlines.h b/Source/JavaScriptCore/runtime/JSCellInlines.h >index 478f478112d1ffb4d7e0934981a0b88b5af5bc97..234736e47612275c2765dcc2eda57f77f0e7e1b7 100644 >--- a/Source/JavaScriptCore/runtime/JSCellInlines.h >+++ b/Source/JavaScriptCore/runtime/JSCellInlines.h >@@ -254,9 +254,9 @@ inline bool JSCell::isAPIValueWrapper() const > > ALWAYS_INLINE void JSCell::setStructure(VM& vm, Structure* structure) > { >- ASSERT(structure->classInfo() == this->structure()->classInfo()); >- ASSERT(!this->structure() >- || this->structure()->transitionWatchpointSetHasBeenInvalidated() >+ ASSERT(structure->classInfo() == this->structure(vm)->classInfo()); >+ ASSERT(!this->structure(vm) >+ || this->structure(vm)->transitionWatchpointSetHasBeenInvalidated() > || Heap::heap(this)->structureIDTable().get(structure->id()) == structure); > m_structureID = structure->id(); > m_flags = TypeInfo::mergeInlineTypeFlags(structure->typeInfo().inlineTypeFlags(), m_flags); >@@ -276,8 +276,7 @@ ALWAYS_INLINE void JSCell::setStructure(VM& vm, Structure* structure) > > inline const MethodTable* JSCell::methodTable() const > { >- VM& vm = *Heap::heap(this)->vm(); >- return methodTable(vm); >+ return methodTable(*vm()); > } > > inline const MethodTable* JSCell::methodTable(VM& vm) const >@@ -331,7 +330,7 @@ inline bool JSCell::toBoolean(ExecState* exec) const > { > if (isString()) > return static_cast<const JSString*>(this)->toBoolean(); >- return !structure()->masqueradesAsUndefined(exec->lexicalGlobalObject()); >+ return !structure(exec->vm())->masqueradesAsUndefined(exec->lexicalGlobalObject()); > } > > inline TriState JSCell::pureToBoolean() const >diff --git a/Source/JavaScriptCore/runtime/JSFunction.h b/Source/JavaScriptCore/runtime/JSFunction.h >index a0b7f2ca87859bb2d5024ed7e85b78fb5902a6df..1e77632b511f2e26e2c4d2af892d9a6966b4c63b 100644 >--- a/Source/JavaScriptCore/runtime/JSFunction.h >+++ b/Source/JavaScriptCore/runtime/JSFunction.h >@@ -184,7 +184,7 @@ class JSFunction : public JSCallee { > static JSFunction* createImpl(VM& vm, FunctionExecutable* executable, JSScope* scope, Structure* structure) > { > JSFunction* function = new (NotNull, allocateCell<JSFunction>(vm.heap)) JSFunction(vm, executable, scope, structure); >- ASSERT(function->structure()->globalObject()); >+ ASSERT(function->structure(vm)->globalObject()); > function->finishCreation(vm); > return function; > } >diff --git a/Source/JavaScriptCore/runtime/JSGeneratorFunction.cpp b/Source/JavaScriptCore/runtime/JSGeneratorFunction.cpp >index c89abc09ddd4e638a898788c96cc9e8da8047c2d..05b3604cff02f76433a3d4bec7ec8df7edd7abf5 100644 >--- a/Source/JavaScriptCore/runtime/JSGeneratorFunction.cpp >+++ b/Source/JavaScriptCore/runtime/JSGeneratorFunction.cpp >@@ -47,14 +47,14 @@ JSGeneratorFunction::JSGeneratorFunction(VM& vm, FunctionExecutable* executable, > JSGeneratorFunction* JSGeneratorFunction::createImpl(VM& vm, FunctionExecutable* executable, JSScope* scope, Structure* structure) > { > JSGeneratorFunction* generatorFunction = new (NotNull, allocateCell<JSGeneratorFunction>(vm.heap)) JSGeneratorFunction(vm, executable, scope, structure); >- ASSERT(generatorFunction->structure()->globalObject()); >+ ASSERT(generatorFunction->structure(vm)->globalObject()); > generatorFunction->finishCreation(vm); > return generatorFunction; > } > > JSGeneratorFunction* JSGeneratorFunction::create(VM& vm, FunctionExecutable* executable, JSScope* scope) > { >- return create(vm, executable, scope, scope->globalObject()->generatorFunctionStructure()); >+ return create(vm, executable, scope, scope->globalObject(vm)->generatorFunctionStructure()); > } > > JSGeneratorFunction* JSGeneratorFunction::create(VM& vm, FunctionExecutable* executable, JSScope* scope, Structure* structure) >@@ -66,7 +66,7 @@ JSGeneratorFunction* JSGeneratorFunction::create(VM& vm, FunctionExecutable* exe > > JSGeneratorFunction* JSGeneratorFunction::createWithInvalidatedReallocationWatchpoint(VM& vm, FunctionExecutable* executable, JSScope* scope) > { >- return createImpl(vm, executable, scope, scope->globalObject()->generatorFunctionStructure()); >+ return createImpl(vm, executable, scope, scope->globalObject(vm)->generatorFunctionStructure()); > } > > } // namespace JSC >diff --git a/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewConstructorInlines.h b/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewConstructorInlines.h >index 4f4492c5f3582e5fbbfc271c5cdcfd5b3540b0bd..d04acee773c02ceb888ac7e384c394b8040cab06 100644 >--- a/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewConstructorInlines.h >+++ b/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewConstructorInlines.h >@@ -167,7 +167,7 @@ inline JSObject* constructGenericTypedArrayViewWithArguments(ExecState* exec, St > // it should not be observable that we do not use the iterator. > > if (!iteratorFunc.isUndefined() >- && (iteratorFunc != object->globalObject()->arrayProtoValuesFunction() >+ && (iteratorFunc != object->globalObject(vm)->arrayProtoValuesFunction() > || lengthSlot.isAccessor() || lengthSlot.isCustom() || lengthSlot.isTaintedByOpaqueObject() > || hasAnyArrayStorage(object->indexingType()))) { > >@@ -211,7 +211,7 @@ EncodedJSValue JSC_HOST_CALL constructGenericTypedArrayView(ExecState* exec) > auto scope = DECLARE_THROW_SCOPE(vm); > > InternalFunction* function = jsCast<InternalFunction*>(exec->jsCallee()); >- Structure* parentStructure = function->globalObject()->typedArrayStructure(ViewClass::TypedArrayStorageType); >+ Structure* parentStructure = function->globalObject(vm)->typedArrayStructure(ViewClass::TypedArrayStorageType); > Structure* structure = InternalFunction::createSubclassStructure(exec, exec->newTarget(), parentStructure); > RETURN_IF_EXCEPTION(scope, encodedJSValue()); > >diff --git a/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewInlines.h b/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewInlines.h >index dec530f15b480d11cfa6fe8f8483e8aac4f6e6bc..3e3f36cd377ad1664880296f4d91141ce6fa6406 100644 >--- a/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewInlines.h >+++ b/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewInlines.h >@@ -451,7 +451,7 @@ bool JSGenericTypedArrayView<Adaptor>::getOwnPropertySlotByIndex( > } > > if (propertyName > MAX_ARRAY_INDEX) { >- return thisObject->methodTable()->getOwnPropertySlot( >+ return thisObject->methodTable(exec->vm())->getOwnPropertySlot( > thisObject, exec, Identifier::from(exec, propertyName), slot); > } > >@@ -470,7 +470,7 @@ bool JSGenericTypedArrayView<Adaptor>::putByIndex( > > if (propertyName > MAX_ARRAY_INDEX) { > PutPropertySlot slot(JSValue(thisObject), shouldThrow); >- return thisObject->methodTable()->put(thisObject, exec, Identifier::from(exec, propertyName), value, slot); >+ return thisObject->methodTable(exec->vm())->put(thisObject, exec, Identifier::from(exec, propertyName), value, slot); > } > > return thisObject->setIndex(exec, propertyName, value); >@@ -480,7 +480,7 @@ template<typename Adaptor> > bool JSGenericTypedArrayView<Adaptor>::deletePropertyByIndex( > JSCell* cell, ExecState* exec, unsigned propertyName) > { >- return cell->methodTable()->deleteProperty(cell, exec, Identifier::from(exec, propertyName)); >+ return cell->methodTable(exec->vm())->deleteProperty(cell, exec, Identifier::from(exec, propertyName)); > } > > template<typename Adaptor> >@@ -570,10 +570,10 @@ ArrayBuffer* JSGenericTypedArrayView<Adaptor>::slowDownAndWasteMemory(JSArrayBuf > VM& vm = *heap->vm(); > DeferGCForAWhile deferGC(*heap); > >- RELEASE_ASSERT(!thisObject->hasIndexingHeader()); >+ RELEASE_ASSERT(!thisObject->hasIndexingHeader(vm)); > thisObject->setButterfly(vm, Butterfly::createOrGrowArrayRight( >- thisObject->butterfly(), vm, thisObject, thisObject->structure(), >- thisObject->structure()->outOfLineCapacity(), false, 0, 0)); >+ thisObject->butterfly(), vm, thisObject, thisObject->structure(vm), >+ thisObject->structure(vm)->outOfLineCapacity(), false, 0, 0)); > > RefPtr<ArrayBuffer> buffer; > >diff --git a/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewPrototypeFunctions.h b/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewPrototypeFunctions.h >index 49bcbb784869fa6ed2768b8dc73ad30f24d3d9a3..9abc983527cdbef1a16c73fab58f1795fecb5d92 100644 >--- a/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewPrototypeFunctions.h >+++ b/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewPrototypeFunctions.h >@@ -452,7 +452,7 @@ EncodedJSValue JSC_HOST_CALL genericTypedArrayViewProtoFuncSlice(VM& vm, ExecSta > ASSERT(!args.hasOverflowed()); > > JSArrayBufferView* result = speciesConstruct(exec, thisObject, args, [&]() { >- Structure* structure = callee->globalObject()->typedArrayStructure(ViewClass::TypedArrayStorageType); >+ Structure* structure = callee->globalObject(vm)->typedArrayStructure(ViewClass::TypedArrayStorageType); > return ViewClass::createUninitialized(exec, structure, length); > }); > RETURN_IF_EXCEPTION(scope, encodedJSValue()); >@@ -548,10 +548,10 @@ EncodedJSValue JSC_HOST_CALL genericTypedArrayViewPrivateFuncSubarrayCreate(VM&v > > unsigned newByteOffset = thisObject->byteOffset() + offset * ViewClass::elementSize; > >- JSObject* defaultConstructor = callee->globalObject()->typedArrayConstructor(ViewClass::TypedArrayStorageType); >+ JSObject* defaultConstructor = callee->globalObject(vm)->typedArrayConstructor(ViewClass::TypedArrayStorageType); > JSValue species = exec->uncheckedArgument(2); > if (species == defaultConstructor) { >- Structure* structure = callee->globalObject()->typedArrayStructure(ViewClass::TypedArrayStorageType); >+ Structure* structure = callee->globalObject(vm)->typedArrayStructure(ViewClass::TypedArrayStorageType); > > scope.release(); > return JSValue::encode(ViewClass::create( >@@ -561,7 +561,7 @@ EncodedJSValue JSC_HOST_CALL genericTypedArrayViewPrivateFuncSubarrayCreate(VM&v > } > > MarkedArgumentBuffer args; >- args.append(vm.m_typedArrayController->toJS(exec, thisObject->globalObject(), arrayBuffer.get())); >+ args.append(vm.m_typedArrayController->toJS(exec, thisObject->globalObject(vm), arrayBuffer.get())); > args.append(jsNumber(newByteOffset)); > args.append(jsNumber(length)); > ASSERT(!args.hasOverflowed()); >diff --git a/Source/JavaScriptCore/runtime/JSGlobalObject.cpp b/Source/JavaScriptCore/runtime/JSGlobalObject.cpp >index d3b9d7952a103ad617e12f4866eb35a8be9db042..14ee14704c1f66a43552bda5cd7cbe3f0ff6933d 100644 >--- a/Source/JavaScriptCore/runtime/JSGlobalObject.cpp >+++ b/Source/JavaScriptCore/runtime/JSGlobalObject.cpp >@@ -394,7 +394,7 @@ void JSGlobalObject::init(VM& vm) > ASSERT(vm.currentThreadIsHoldingAPILock()); > auto catchScope = DECLARE_CATCH_SCOPE(vm); > >- Base::setStructure(vm, Structure::toCacheableDictionaryTransition(vm, structure())); >+ Base::setStructure(vm, Structure::toCacheableDictionaryTransition(vm, structure(vm))); > > m_debugger = 0; > >@@ -477,7 +477,7 @@ void JSGlobalObject::init(VM& vm) > JSFunction::create(vm, this, 0, makeString("get ", vm.propertyNames->underscoreProto.string()), globalFuncProtoGetter, UnderscoreProtoIntrinsic), > JSFunction::create(vm, this, 0, makeString("set ", vm.propertyNames->underscoreProto.string()), globalFuncProtoSetter)); > m_objectPrototype->putDirectNonIndexAccessor(vm, vm.propertyNames->underscoreProto, protoAccessor, PropertyAttribute::Accessor | PropertyAttribute::DontEnum); >- m_functionPrototype->structure()->setPrototypeWithoutTransition(vm, m_objectPrototype.get()); >+ m_functionPrototype->structure(vm)->setPrototypeWithoutTransition(vm, m_objectPrototype.get()); > m_objectStructureForObjectConstructor.set(vm, this, vm.structureCache.emptyObjectStructureForPrototype(this, m_objectPrototype.get(), JSFinalObject::defaultInlineCapacity())); > m_objectProtoValueOfFunction.set(vm, this, jsCast<JSFunction*>(objectPrototype()->getDirect(vm, vm.propertyNames->valueOf))); > >@@ -960,7 +960,7 @@ putDirectWithoutTransition(vm, vm.propertyNames-> jsName, lowerName ## Construct > m_linkTimeConstants[static_cast<unsigned>(LinkTimeConstant::ThrowTypeErrorFunction)] = m_throwTypeErrorFunction.get(); > > if (UNLIKELY(Options::useDollarVM())) >- exposeDollarVM(); >+ exposeDollarVM(vm); > > #if ENABLE(WEBASSEMBLY) > if (Options::useWebAssembly()) { >@@ -1203,7 +1203,7 @@ inline void ObjectsWithBrokenIndexingFinder::visit(JSCell* cell) > // a different global object that have prototypes from our global object. > auto isInEffectedGlobalObject = [&] (JSObject* object) { > for (JSObject* current = object; ;) { >- if (current->globalObject() == m_globalObject) >+ if (current->globalObject(vm) == m_globalObject) > return true; > > JSValue prototypeValue = current->getPrototypeDirect(vm); >@@ -1467,10 +1467,8 @@ ExecState* JSGlobalObject::globalExec() > return CallFrame::create(m_globalCallFrame); > } > >-void JSGlobalObject::exposeDollarVM() >+void JSGlobalObject::exposeDollarVM(VM& vm) > { >- VM& vm = this->vm(); >- > if (hasOwnProperty(globalExec(), vm.propertyNames->builtinNames().dollarVMPrivateName())) > return; > >@@ -1637,7 +1635,7 @@ JSGlobalObject* JSGlobalObject::create(VM& vm, Structure* structure) > void JSGlobalObject::finishCreation(VM& vm) > { > Base::finishCreation(vm); >- structure()->setGlobalObject(vm, this); >+ structure(vm)->setGlobalObject(vm, this); > m_runtimeFlags = m_globalObjectMethodTable->javaScriptRuntimeFlags(this); > init(vm); > setGlobalThis(vm, JSProxy::create(vm, JSProxy::createStructure(vm, this, getPrototypeDirect(vm), PureForwardingProxyType), this)); >@@ -1647,7 +1645,7 @@ void JSGlobalObject::finishCreation(VM& vm) > void JSGlobalObject::finishCreation(VM& vm, JSObject* thisValue) > { > Base::finishCreation(vm); >- structure()->setGlobalObject(vm, this); >+ structure(vm)->setGlobalObject(vm, this); > m_runtimeFlags = m_globalObjectMethodTable->javaScriptRuntimeFlags(this); > init(vm); > setGlobalThis(vm, thisValue); >diff --git a/Source/JavaScriptCore/runtime/JSGlobalObject.h b/Source/JavaScriptCore/runtime/JSGlobalObject.h >index 52d211c0baf409fa2f495d30aa96369eddbbb196..d42caabe34e0d1dadabf8c94b4fde49ff06b6b15 100644 >--- a/Source/JavaScriptCore/runtime/JSGlobalObject.h >+++ b/Source/JavaScriptCore/runtime/JSGlobalObject.h >@@ -901,7 +901,7 @@ class JSGlobalObject : public JSSegmentedVariableObject { > WeakRandom& weakRandom() { return m_weakRandom; } > > bool needsSiteSpecificQuirks() const { return m_needsSiteSpecificQuirks; } >- JS_EXPORT_PRIVATE void exposeDollarVM(); >+ JS_EXPORT_PRIVATE void exposeDollarVM(VM&); > > #if JSC_OBJC_API_ENABLED > JSWrapperMap* wrapperMap() const { return m_wrapperMap.get(); } >diff --git a/Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp b/Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp >index 7313673e11519a4a8813f77422e566c23c1ee37e..4d9da0ef0f5dabd339d1b786409ba379b3f916e3 100644 >--- a/Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp >+++ b/Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp >@@ -498,7 +498,7 @@ EncodedJSValue JSC_HOST_CALL globalFuncEval(ExecState* exec) > return JSValue::encode(parsedObject); > > SourceOrigin sourceOrigin = exec->callerSourceOrigin(); >- JSGlobalObject* calleeGlobalObject = exec->jsCallee()->globalObject(); >+ JSGlobalObject* calleeGlobalObject = exec->jsCallee()->globalObject(vm); > EvalExecutable* eval = IndirectEvalExecutable::create(exec, makeSource(s, sourceOrigin), false, DerivedContextType::None, false, EvalContextType::None); > EXCEPTION_ASSERT(!!scope.exception() == !eval); > if (!eval) >diff --git a/Source/JavaScriptCore/runtime/JSInternalPromise.cpp b/Source/JavaScriptCore/runtime/JSInternalPromise.cpp >index eadf340840f5e12d3404f692e0f9f2884e884363..12f52945f32e17bad766473a8b9784126ad98c92 100644 >--- a/Source/JavaScriptCore/runtime/JSInternalPromise.cpp >+++ b/Source/JavaScriptCore/runtime/JSInternalPromise.cpp >@@ -58,7 +58,7 @@ JSInternalPromise* JSInternalPromise::then(ExecState* exec, JSFunction* onFulfil > JSObject* function = jsCast<JSObject*>(get(exec, vm.propertyNames->builtinNames().thenPublicName())); > RETURN_IF_EXCEPTION(scope, nullptr); > CallData callData; >- CallType callType = JSC::getCallData(function, callData); >+ CallType callType = JSC::getCallData(vm, function, callData); > ASSERT(callType != CallType::None); > > MarkedArgumentBuffer arguments; >diff --git a/Source/JavaScriptCore/runtime/JSInternalPromiseConstructor.cpp b/Source/JavaScriptCore/runtime/JSInternalPromiseConstructor.cpp >index da3f813d336d12efd6d30f34ec8517aa4a7e7869..149344082fb8d326ba0ea91b6b2385dfbd0cc5ee 100644 >--- a/Source/JavaScriptCore/runtime/JSInternalPromiseConstructor.cpp >+++ b/Source/JavaScriptCore/runtime/JSInternalPromiseConstructor.cpp >@@ -59,8 +59,8 @@ Structure* JSInternalPromiseConstructor::createStructure(VM& vm, JSGlobalObject* > > static EncodedJSValue JSC_HOST_CALL constructPromise(ExecState* exec) > { >- JSGlobalObject* globalObject = exec->jsCallee()->globalObject(); > VM& vm = exec->vm(); >+ JSGlobalObject* globalObject = exec->jsCallee()->globalObject(vm); > JSInternalPromise* promise = JSInternalPromise::create(vm, globalObject->internalPromiseStructure()); > promise->initialize(exec, globalObject, exec->argument(0)); > return JSValue::encode(promise); >diff --git a/Source/JavaScriptCore/runtime/JSJob.cpp b/Source/JavaScriptCore/runtime/JSJob.cpp >index ad6254af521b4036800da784eea8e2d3fa926726..7ac663a48d0144a669e97333a55cb9da613675b9 100644 >--- a/Source/JavaScriptCore/runtime/JSJob.cpp >+++ b/Source/JavaScriptCore/runtime/JSJob.cpp >@@ -67,7 +67,7 @@ void JSJobMicrotask::run(ExecState* exec) > auto scope = DECLARE_CATCH_SCOPE(vm); > > CallData handlerCallData; >- CallType handlerCallType = getCallData(m_job.get(), handlerCallData); >+ CallType handlerCallType = getCallData(vm, m_job.get(), handlerCallData); > ASSERT(handlerCallType != CallType::None); > > MarkedArgumentBuffer handlerArguments; >diff --git a/Source/JavaScriptCore/runtime/JSLexicalEnvironment.cpp b/Source/JavaScriptCore/runtime/JSLexicalEnvironment.cpp >index 9943d0ed4f811bff60d4d2f5e8e1a5d0971639a2..2034a73e3949a8d7368a9b666032a077b9afd09b 100644 >--- a/Source/JavaScriptCore/runtime/JSLexicalEnvironment.cpp >+++ b/Source/JavaScriptCore/runtime/JSLexicalEnvironment.cpp >@@ -94,16 +94,17 @@ bool JSLexicalEnvironment::getOwnPropertySlot(JSObject* object, ExecState* exec, > if (symbolTableGet(thisObject, propertyName, slot)) > return true; > >+ VM& vm = exec->vm(); > unsigned attributes; >- if (JSValue value = thisObject->getDirect(exec->vm(), propertyName, attributes)) { >+ if (JSValue value = thisObject->getDirect(vm, propertyName, attributes)) { > slot.setValue(thisObject, attributes, value); > return true; > } > > // We don't call through to JSObject because there's no way to give a > // lexical environment object getter properties or a prototype. >- ASSERT(!thisObject->hasGetterSetterProperties()); >- ASSERT(thisObject->getPrototypeDirect(exec->vm()).isNull()); >+ ASSERT(!thisObject->hasGetterSetterProperties(vm)); >+ ASSERT(thisObject->getPrototypeDirect(vm).isNull()); > return false; > } > >@@ -121,7 +122,7 @@ bool JSLexicalEnvironment::put(JSCell* cell, ExecState* exec, PropertyName prope > // We don't call through to JSObject because __proto__ and getter/setter > // properties are non-standard extensions that other implementations do not > // expose in the lexicalEnvironment object. >- ASSERT(!thisObject->hasGetterSetterProperties()); >+ ASSERT(!thisObject->hasGetterSetterProperties(exec->vm())); > return thisObject->putOwnDataProperty(exec->vm(), propertyName, value, slot); > } > >diff --git a/Source/JavaScriptCore/runtime/JSMap.cpp b/Source/JavaScriptCore/runtime/JSMap.cpp >index 96ae55f7cad260bcbef56e9ead417ffde9eeaa1d..be96198c665049493951a4db0696eac2b313f7e8 100644 >--- a/Source/JavaScriptCore/runtime/JSMap.cpp >+++ b/Source/JavaScriptCore/runtime/JSMap.cpp >@@ -51,12 +51,12 @@ bool JSMap::isIteratorProtocolFastAndNonObservable() > if (!globalObject->isMapPrototypeIteratorProtocolFastAndNonObservable()) > return false; > >- Structure* structure = this->structure(); >+ VM& vm = globalObject->vm(); >+ Structure* structure = this->structure(vm); > // This is the fast case. Many maps will be an original map. > if (structure == globalObject->mapStructure()) > return true; > >- VM& vm = globalObject->vm(); > if (getPrototypeDirect(vm) != globalObject->mapPrototype()) > return false; > >diff --git a/Source/JavaScriptCore/runtime/JSMapIterator.cpp b/Source/JavaScriptCore/runtime/JSMapIterator.cpp >index c3fd56f969a166a5ca34c09fd1af31528ab607d8..2560dca171dbf8f0cc79b46405744790742855f1 100644 >--- a/Source/JavaScriptCore/runtime/JSMapIterator.cpp >+++ b/Source/JavaScriptCore/runtime/JSMapIterator.cpp >@@ -55,7 +55,7 @@ JSValue JSMapIterator::createPair(CallFrame* callFrame, JSValue key, JSValue val > args.append(key); > args.append(value); > ASSERT(!args.hasOverflowed()); >- JSGlobalObject* globalObject = callFrame->jsCallee()->globalObject(); >+ JSGlobalObject* globalObject = callFrame->jsCallee()->globalObject(callFrame->vm()); > return constructArray(callFrame, 0, globalObject, args); > } > >diff --git a/Source/JavaScriptCore/runtime/JSModuleLoader.cpp b/Source/JavaScriptCore/runtime/JSModuleLoader.cpp >index 6598d544361c325cd2e3358b8f038ae9f2868bd4..4553829039f7a03ad82b2f2fe732d311ea60a989 100644 >--- a/Source/JavaScriptCore/runtime/JSModuleLoader.cpp >+++ b/Source/JavaScriptCore/runtime/JSModuleLoader.cpp >@@ -129,7 +129,7 @@ JSValue JSModuleLoader::provideFetch(ExecState* exec, JSValue key, const SourceC > JSObject* function = jsCast<JSObject*>(get(exec, vm.propertyNames->builtinNames().provideFetchPublicName())); > RETURN_IF_EXCEPTION(scope, { }); > CallData callData; >- CallType callType = JSC::getCallData(function, callData); >+ CallType callType = JSC::getCallData(vm, function, callData); > ASSERT(callType != CallType::None); > > SourceCode source { sourceCode }; >@@ -150,7 +150,7 @@ JSInternalPromise* JSModuleLoader::loadAndEvaluateModule(ExecState* exec, JSValu > JSObject* function = jsCast<JSObject*>(get(exec, vm.propertyNames->builtinNames().loadAndEvaluateModulePublicName())); > RETURN_IF_EXCEPTION(scope, nullptr); > CallData callData; >- CallType callType = JSC::getCallData(function, callData); >+ CallType callType = JSC::getCallData(vm, function, callData); > ASSERT(callType != CallType::None); > > MarkedArgumentBuffer arguments; >@@ -171,7 +171,7 @@ JSInternalPromise* JSModuleLoader::loadModule(ExecState* exec, JSValue moduleNam > JSObject* function = jsCast<JSObject*>(get(exec, vm.propertyNames->builtinNames().loadModulePublicName())); > RETURN_IF_EXCEPTION(scope, nullptr); > CallData callData; >- CallType callType = JSC::getCallData(function, callData); >+ CallType callType = JSC::getCallData(vm, function, callData); > ASSERT(callType != CallType::None); > > MarkedArgumentBuffer arguments; >@@ -192,7 +192,7 @@ JSValue JSModuleLoader::linkAndEvaluateModule(ExecState* exec, JSValue moduleKey > JSObject* function = jsCast<JSObject*>(get(exec, vm.propertyNames->builtinNames().linkAndEvaluateModulePublicName())); > RETURN_IF_EXCEPTION(scope, { }); > CallData callData; >- CallType callType = JSC::getCallData(function, callData); >+ CallType callType = JSC::getCallData(vm, function, callData); > ASSERT(callType != CallType::None); > > MarkedArgumentBuffer arguments; >@@ -212,7 +212,7 @@ JSInternalPromise* JSModuleLoader::requestImportModule(ExecState* exec, const Id > auto* function = jsCast<JSObject*>(get(exec, vm.propertyNames->builtinNames().requestImportModulePublicName())); > RETURN_IF_EXCEPTION(scope, nullptr); > CallData callData; >- auto callType = JSC::getCallData(function, callData); >+ auto callType = JSC::getCallData(vm, function, callData); > ASSERT(callType != CallType::None); > > MarkedArgumentBuffer arguments; >diff --git a/Source/JavaScriptCore/runtime/JSONObject.cpp b/Source/JavaScriptCore/runtime/JSONObject.cpp >index 7d8439417eec863bb497975ebf54d2f0b9abf006..ddcfc18e9dc0aabdb82457d3b44924f2cc5994f7 100644 >--- a/Source/JavaScriptCore/runtime/JSONObject.cpp >+++ b/Source/JavaScriptCore/runtime/JSONObject.cpp >@@ -819,7 +819,7 @@ EncodedJSValue JSC_HOST_CALL JSONProtoFuncParse(ExecState* exec) > > JSValue function = exec->uncheckedArgument(1); > CallData callData; >- CallType callType = getCallData(function, callData); >+ CallType callType = getCallData(vm, function, callData); > if (callType == CallType::None) > return JSValue::encode(unfiltered); > scope.release(); >diff --git a/Source/JavaScriptCore/runtime/JSObject.cpp b/Source/JavaScriptCore/runtime/JSObject.cpp >index 19733e061e13c3f4b4e2ac7d08e1635a3b914f63..a4c9bf1eaf6524ffa2d738f001370badc317e46f 100644 >--- a/Source/JavaScriptCore/runtime/JSObject.cpp >+++ b/Source/JavaScriptCore/runtime/JSObject.cpp >@@ -775,7 +775,7 @@ bool JSObject::putInlineSlow(ExecState* exec, PropertyName propertyName, JSValue > JSValue gs = obj->getDirect(offset); > if (gs.isGetterSetter()) { > // We need to make sure that we decide to cache this property before we potentially execute aribitrary JS. >- if (!structure()->isDictionary()) >+ if (!structure(vm)->isDictionary()) > slot.setCacheableSetter(obj, offset); > > bool result = callSetter(exec, slot.thisValue(), gs, value, slot.isStrictMode() ? StrictMode : NotStrictMode); >@@ -799,7 +799,7 @@ bool JSObject::putInlineSlow(ExecState* exec, PropertyName propertyName, JSValue > // prototypes it should be replaced, so break here. > break; > } >- if (!obj->staticPropertiesReified()) { >+ if (!obj->staticPropertiesReified(vm)) { > if (obj->classInfo(vm)->hasStaticSetterOrReadonlyProperties()) { > if (auto entry = obj->findPropertyHashEntry(vm, propertyName)) { > scope.release(); >@@ -834,7 +834,7 @@ bool JSObject::putByIndex(JSCell* cell, ExecState* exec, unsigned propertyName, > > if (propertyName > MAX_ARRAY_INDEX) { > PutPropertySlot slot(cell, shouldThrow); >- return thisObject->methodTable()->put(thisObject, exec, Identifier::from(exec, propertyName), value, slot); >+ return thisObject->methodTable(vm)->put(thisObject, exec, Identifier::from(exec, propertyName), value, slot); > } > > if (isCopyOnWrite(thisObject->indexingMode())) >@@ -1006,7 +1006,7 @@ void JSObject::enterDictionaryIndexingMode(VM& vm) > > void JSObject::notifyPresenceOfIndexedAccessors(VM& vm) > { >- if (mayInterceptIndexedAccesses()) >+ if (mayInterceptIndexedAccesses(vm)) > return; > > setStructure(vm, Structure::nonPropertyTransition(vm, structure(vm), NonPropertyTransition::AddIndexedAccessors)); >@@ -1022,8 +1022,8 @@ Butterfly* JSObject::createInitialIndexedStorage(VM& vm, unsigned length) > ASSERT(length <= MAX_STORAGE_VECTOR_LENGTH); > IndexingType oldType = indexingType(); > ASSERT_UNUSED(oldType, !hasIndexedProperties(oldType)); >- ASSERT(!needsSlowPutIndexing()); >- ASSERT(!indexingShouldBeSparse()); >+ ASSERT(!needsSlowPutIndexing(vm)); >+ ASSERT(!indexingShouldBeSparse(vm)); > Structure* structure = this->structure(vm); > unsigned propertyCapacity = structure->outOfLineCapacity(); > unsigned vectorLength = Butterfly::optimalContiguousVectorLength(propertyCapacity, length); >@@ -1118,7 +1118,7 @@ ArrayStorage* JSObject::createArrayStorage(VM& vm, unsigned length, unsigned vec > > Butterfly* newButterfly = createArrayStorageButterfly(vm, this, oldStructure, length, vectorLength, butterfly()); > ArrayStorage* result = newButterfly->arrayStorage(); >- Structure* newStructure = Structure::nonPropertyTransition(vm, oldStructure, suggestedArrayStorageTransition()); >+ Structure* newStructure = Structure::nonPropertyTransition(vm, oldStructure, suggestedArrayStorageTransition(vm)); > nukeStructureAndSetButterfly(vm, oldStructureID, newButterfly); > setStructure(vm, newStructure); > return result; >@@ -1213,7 +1213,7 @@ ArrayStorage* JSObject::convertUndecidedToArrayStorage(VM& vm, NonPropertyTransi > > ArrayStorage* JSObject::convertUndecidedToArrayStorage(VM& vm) > { >- return convertUndecidedToArrayStorage(vm, suggestedArrayStorageTransition()); >+ return convertUndecidedToArrayStorage(vm, suggestedArrayStorageTransition(vm)); > } > > ContiguousDoubles JSObject::convertInt32ToDouble(VM& vm) >@@ -1272,7 +1272,7 @@ ArrayStorage* JSObject::convertInt32ToArrayStorage(VM& vm, NonPropertyTransition > > ArrayStorage* JSObject::convertInt32ToArrayStorage(VM& vm) > { >- return convertInt32ToArrayStorage(vm, suggestedArrayStorageTransition()); >+ return convertInt32ToArrayStorage(vm, suggestedArrayStorageTransition(vm)); > } > > ContiguousJSValues JSObject::convertDoubleToContiguous(VM& vm) >@@ -1326,7 +1326,7 @@ ArrayStorage* JSObject::convertDoubleToArrayStorage(VM& vm, NonPropertyTransitio > > ArrayStorage* JSObject::convertDoubleToArrayStorage(VM& vm) > { >- return convertDoubleToArrayStorage(vm, suggestedArrayStorageTransition()); >+ return convertDoubleToArrayStorage(vm, suggestedArrayStorageTransition(vm)); > } > > ArrayStorage* JSObject::convertContiguousToArrayStorage(VM& vm, NonPropertyTransition transition) >@@ -1375,7 +1375,7 @@ ArrayStorage* JSObject::convertContiguousToArrayStorage(VM& vm, NonPropertyTrans > > ArrayStorage* JSObject::convertContiguousToArrayStorage(VM& vm) > { >- return convertContiguousToArrayStorage(vm, suggestedArrayStorageTransition()); >+ return convertContiguousToArrayStorage(vm, suggestedArrayStorageTransition(vm)); > } > > void JSObject::convertUndecidedForValue(VM& vm, JSValue value) >@@ -1428,7 +1428,7 @@ void JSObject::convertInt32ForValue(VM& vm, JSValue value) > void JSObject::convertFromCopyOnWrite(VM& vm) > { > ASSERT(isCopyOnWrite(indexingMode())); >- ASSERT(structure()->indexingMode() == indexingMode()); >+ ASSERT(structure(vm)->indexingMode() == indexingMode()); > > const bool hasIndexingHeader = true; > Butterfly* oldButterfly = butterfly(); >@@ -1494,7 +1494,7 @@ ContiguousJSValues JSObject::ensureWritableInt32Slow(VM& vm) > > switch (indexingType()) { > case ALL_BLANK_INDEXING_TYPES: >- if (UNLIKELY(indexingShouldBeSparse() || needsSlowPutIndexing())) >+ if (UNLIKELY(indexingShouldBeSparse(vm) || needsSlowPutIndexing(vm))) > return ContiguousJSValues(); > return createInitialInt32(vm, 0); > >@@ -1527,7 +1527,7 @@ ContiguousDoubles JSObject::ensureWritableDoubleSlow(VM& vm) > > switch (indexingType()) { > case ALL_BLANK_INDEXING_TYPES: >- if (UNLIKELY(indexingShouldBeSparse() || needsSlowPutIndexing())) >+ if (UNLIKELY(indexingShouldBeSparse(vm) || needsSlowPutIndexing(vm))) > return ContiguousDoubles(); > return createInitialDouble(vm, 0); > >@@ -1562,7 +1562,7 @@ ContiguousJSValues JSObject::ensureWritableContiguousSlow(VM& vm) > > switch (indexingType()) { > case ALL_BLANK_INDEXING_TYPES: >- if (UNLIKELY(indexingShouldBeSparse() || needsSlowPutIndexing())) >+ if (UNLIKELY(indexingShouldBeSparse(vm) || needsSlowPutIndexing(vm))) > return ContiguousJSValues(); > return createInitialContiguous(vm, 0); > >@@ -1596,28 +1596,28 @@ ArrayStorage* JSObject::ensureArrayStorageSlow(VM& vm) > > switch (indexingType()) { > case ALL_BLANK_INDEXING_TYPES: >- if (UNLIKELY(indexingShouldBeSparse())) >+ if (UNLIKELY(indexingShouldBeSparse(vm))) > return ensureArrayStorageExistsAndEnterDictionaryIndexingMode(vm); > return createInitialArrayStorage(vm); > > case ALL_UNDECIDED_INDEXING_TYPES: >- ASSERT(!indexingShouldBeSparse()); >- ASSERT(!needsSlowPutIndexing()); >+ ASSERT(!indexingShouldBeSparse(vm)); >+ ASSERT(!needsSlowPutIndexing(vm)); > return convertUndecidedToArrayStorage(vm); > > case ALL_INT32_INDEXING_TYPES: >- ASSERT(!indexingShouldBeSparse()); >- ASSERT(!needsSlowPutIndexing()); >+ ASSERT(!indexingShouldBeSparse(vm)); >+ ASSERT(!needsSlowPutIndexing(vm)); > return convertInt32ToArrayStorage(vm); > > case ALL_DOUBLE_INDEXING_TYPES: >- ASSERT(!indexingShouldBeSparse()); >- ASSERT(!needsSlowPutIndexing()); >+ ASSERT(!indexingShouldBeSparse(vm)); >+ ASSERT(!needsSlowPutIndexing(vm)); > return convertDoubleToArrayStorage(vm); > > case ALL_CONTIGUOUS_INDEXING_TYPES: >- ASSERT(!indexingShouldBeSparse()); >- ASSERT(!needsSlowPutIndexing()); >+ ASSERT(!indexingShouldBeSparse(vm)); >+ ASSERT(!needsSlowPutIndexing(vm)); > return convertContiguousToArrayStorage(vm); > > default: >@@ -1716,7 +1716,7 @@ void JSObject::setPrototypeDirect(VM& vm, JSValue prototype) > } else > putDirect(vm, knownPolyProtoOffset, prototype); > >- if (!anyObjectInChainMayInterceptIndexedAccesses()) >+ if (!anyObjectInChainMayInterceptIndexedAccesses(vm)) > return; > > if (mayBePrototype()) { >@@ -1889,7 +1889,7 @@ bool JSObject::deleteProperty(JSCell* cell, ExecState* exec, PropertyName proper > > unsigned attributes; > >- if (!thisObject->staticPropertiesReified()) { >+ if (!thisObject->staticPropertiesReified(vm)) { > if (auto entry = thisObject->findPropertyHashEntry(vm, propertyName)) { > // If the static table contains a non-configurable (DontDelete) property then we can return early; > // if there is a property in the storage array it too must be non-configurable (the language does >@@ -2009,7 +2009,7 @@ static ALWAYS_INLINE JSValue callToPrimitiveFunction(ExecState* exec, const JSOb > if (function.isUndefinedOrNull() && mode == TypeHintMode::TakesHint) > return JSValue(); > CallData callData; >- CallType callType = getCallData(function, callData); >+ CallType callType = getCallData(vm, function, callData); > if (callType == CallType::None) { > if (mode == TypeHintMode::TakesHint) > throwTypeError(exec, scope, ASCIILiteral("Symbol.toPrimitive is not a function, undefined, or null")); >@@ -2139,7 +2139,7 @@ bool JSObject::hasInstance(ExecState* exec, JSValue value, JSValue hasInstanceVa > > if (!hasInstanceValue.isUndefinedOrNull() && hasInstanceValue != exec->lexicalGlobalObject()->functionProtoHasInstanceSymbolFunction()) { > CallData callData; >- CallType callType = JSC::getCallData(hasInstanceValue, callData); >+ CallType callType = JSC::getCallData(vm, hasInstanceValue, callData); > if (callType == CallType::None) { > throwException(exec, scope, createInvalidInstanceofParameterErrorHasInstanceValueNotFunction(exec, this)); > return false; >@@ -2322,7 +2322,7 @@ void JSObject::getOwnPropertyNames(JSObject* object, ExecState* exec, PropertyNa > void JSObject::getOwnNonIndexPropertyNames(JSObject* object, ExecState* exec, PropertyNameArray& propertyNames, EnumerationMode mode) > { > VM& vm = exec->vm(); >- if (!object->staticPropertiesReified()) >+ if (!object->staticPropertiesReified(vm)) > getClassPropertyNames(exec, object->classInfo(vm), propertyNames, mode); > > if (!mode.includeJSObjectProperties()) >@@ -2373,22 +2373,22 @@ void JSObject::freeze(VM& vm) > > bool JSObject::preventExtensions(JSObject* object, ExecState* exec) > { >- if (!object->isStructureExtensible()) { >+ VM& vm = exec->vm(); >+ if (!object->isStructureExtensible(vm)) { > // We've already set the internal [[PreventExtensions]] field to false. > // We don't call the methodTable isExtensible here because it's not defined > // that way in the specification. We are just doing an optimization here. > return true; > } > >- VM& vm = exec->vm(); > object->enterDictionaryIndexingMode(vm); > object->setStructure(vm, Structure::preventExtensionsTransition(vm, object->structure(vm))); > return true; > } > >-bool JSObject::isExtensible(JSObject* obj, ExecState*) >+bool JSObject::isExtensible(JSObject* obj, ExecState* exec) > { >- return obj->isExtensibleImpl(); >+ return obj->isExtensibleImpl(exec->vm()); > } > > bool JSObject::isExtensible(ExecState* exec) >@@ -2399,8 +2399,8 @@ bool JSObject::isExtensible(ExecState* exec) > > void JSObject::reifyAllStaticProperties(ExecState* exec) > { >- ASSERT(!staticPropertiesReified()); > VM& vm = exec->vm(); >+ ASSERT(!staticPropertiesReified(vm)); > > // If this object's ClassInfo has no static properties, then nothing to reify! > // We can safely set the flag to avoid the expensive check again in the future. >@@ -2429,9 +2429,9 @@ void JSObject::reifyAllStaticProperties(ExecState* exec) > structure(vm)->setStaticPropertiesReified(true); > } > >-NEVER_INLINE void JSObject::fillGetterPropertySlot(PropertySlot& slot, JSCell* getterSetter, unsigned attributes, PropertyOffset offset) >+NEVER_INLINE void JSObject::fillGetterPropertySlot(VM& vm, PropertySlot& slot, JSCell* getterSetter, unsigned attributes, PropertyOffset offset) > { >- if (structure()->isUncacheableDictionary()) { >+ if (structure(vm)->isUncacheableDictionary()) { > slot.setGetterSlot(this, attributes, jsCast<GetterSetter*>(getterSetter)); > return; > } >@@ -2525,7 +2525,7 @@ bool JSObject::defineOwnIndexedProperty(ExecState* exec, unsigned index, const P > // 3. If current is undefined and extensible is false, then Reject. > // 4. If current is undefined and extensible is true, then > if (result.isNewEntry) { >- if (!isStructureExtensible()) { >+ if (!isStructureExtensible(vm)) { > map->remove(result.iterator); > return typeError(exec, scope, throwException, ASCIILiteral(NonExtensibleObjectPropertyDefineError)); > } >@@ -2680,7 +2680,7 @@ bool JSObject::putByIndexBeyondVectorLengthWithoutAttributes(ExecState* exec, un > > RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(!isCopyOnWrite(indexingMode())); > ASSERT((indexingType() & IndexingShapeMask) == indexingShape); >- ASSERT(!indexingShouldBeSparse()); >+ ASSERT(!indexingShouldBeSparse(vm)); > > Butterfly* butterfly = m_butterfly.get(); > >@@ -2752,7 +2752,7 @@ bool JSObject::putByIndexBeyondVectorLengthWithArrayStorage(ExecState* exec, uns > // First, handle cases where we don't currently have a sparse map. > if (LIKELY(!map)) { > // If the array is not extensible, we should have entered dictionary mode, and created the sparse map. >- ASSERT(isStructureExtensible()); >+ ASSERT(isStructureExtensible(vm)); > > // Update m_length if necessary. > if (i >= storage->length()) >@@ -2778,7 +2778,7 @@ bool JSObject::putByIndexBeyondVectorLengthWithArrayStorage(ExecState* exec, uns > unsigned length = storage->length(); > if (i >= length) { > // Prohibit growing the array if length is not writable. >- if (map->lengthIsReadOnly() || !isStructureExtensible()) >+ if (map->lengthIsReadOnly() || !isStructureExtensible(vm)) > return typeError(exec, scope, shouldThrow, ASCIILiteral(ReadonlyPropertyWriteError)); > length = i + 1; > storage->setLength(length); >@@ -2822,7 +2822,7 @@ bool JSObject::putByIndexBeyondVectorLength(ExecState* exec, unsigned i, JSValue > > switch (indexingType()) { > case ALL_BLANK_INDEXING_TYPES: { >- if (indexingShouldBeSparse()) { >+ if (indexingShouldBeSparse(vm)) { > return putByIndexBeyondVectorLengthWithArrayStorage( > exec, i, value, shouldThrow, > ensureArrayStorageExistsAndEnterDictionaryIndexingMode(vm)); >@@ -2831,9 +2831,9 @@ bool JSObject::putByIndexBeyondVectorLength(ExecState* exec, unsigned i, JSValue > return putByIndexBeyondVectorLengthWithArrayStorage( > exec, i, value, shouldThrow, createArrayStorage(vm, 0, 0)); > } >- if (needsSlowPutIndexing()) { >+ if (needsSlowPutIndexing(vm)) { > // Convert the indexing type to the SlowPutArrayStorage and retry. >- createArrayStorage(vm, i + 1, getNewVectorLength(0, 0, 0, i + 1)); >+ createArrayStorage(vm, i + 1, getNewVectorLength(vm, 0, 0, 0, i + 1)); > return putByIndex(this, exec, i, value, shouldThrow); > } > >@@ -2891,7 +2891,7 @@ bool JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage(ExecState* exec, > // First, handle cases where we don't currently have a sparse map. > if (LIKELY(!map)) { > // If the array is not extensible, we should have entered dictionary mode, and created the spare map. >- ASSERT(isStructureExtensible()); >+ ASSERT(isStructureExtensible(vm)); > > // Update m_length if necessary. > if (i >= storage->length()) >@@ -2922,7 +2922,7 @@ bool JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage(ExecState* exec, > // Prohibit growing the array if length is not writable. > if (map->lengthIsReadOnly()) > return typeError(exec, scope, mode == PutDirectIndexShouldThrow, ASCIILiteral(ReadonlyPropertyWriteError)); >- if (!isStructureExtensible()) >+ if (!isStructureExtensible(vm)) > return typeError(exec, scope, mode == PutDirectIndexShouldThrow, ASCIILiteral(NonExtensibleObjectPropertyDefineError)); > } > length = i + 1; >@@ -2974,7 +2974,7 @@ bool JSObject::putDirectIndexSlowOrBeyondVectorLength(ExecState* exec, unsigned > > switch (indexingType()) { > case ALL_BLANK_INDEXING_TYPES: { >- if (indexingShouldBeSparse() || attributes) { >+ if (indexingShouldBeSparse(vm) || attributes) { > return putDirectIndexBeyondVectorLengthWithArrayStorage( > exec, i, value, attributes, mode, > ensureArrayStorageExistsAndEnterDictionaryIndexingMode(vm)); >@@ -2983,8 +2983,8 @@ bool JSObject::putDirectIndexSlowOrBeyondVectorLength(ExecState* exec, unsigned > return putDirectIndexBeyondVectorLengthWithArrayStorage( > exec, i, value, attributes, mode, createArrayStorage(vm, 0, 0)); > } >- if (needsSlowPutIndexing()) { >- ArrayStorage* storage = createArrayStorage(vm, i + 1, getNewVectorLength(0, 0, 0, i + 1)); >+ if (needsSlowPutIndexing(vm)) { >+ ArrayStorage* storage = createArrayStorage(vm, i + 1, getNewVectorLength(vm, 0, 0, 0, i + 1)); > storage->m_vector[i].set(vm, this, value); > storage->m_numValuesInVector++; > return true; >@@ -3001,7 +3001,7 @@ bool JSObject::putDirectIndexSlowOrBeyondVectorLength(ExecState* exec, unsigned > } > > case ALL_INT32_INDEXING_TYPES: { >- ASSERT(!indexingShouldBeSparse()); >+ ASSERT(!indexingShouldBeSparse(vm)); > if (attributes) > return putDirectIndexBeyondVectorLengthWithArrayStorage(exec, i, value, attributes, mode, ensureArrayStorageExistsAndEnterDictionaryIndexingMode(vm)); > if (!value.isInt32()) { >@@ -3013,7 +3013,7 @@ bool JSObject::putDirectIndexSlowOrBeyondVectorLength(ExecState* exec, unsigned > } > > case ALL_DOUBLE_INDEXING_TYPES: { >- ASSERT(!indexingShouldBeSparse()); >+ ASSERT(!indexingShouldBeSparse(vm)); > if (attributes) > return putDirectIndexBeyondVectorLengthWithArrayStorage(exec, i, value, attributes, mode, ensureArrayStorageExistsAndEnterDictionaryIndexingMode(vm)); > if (!value.isNumber()) { >@@ -3030,7 +3030,7 @@ bool JSObject::putDirectIndexSlowOrBeyondVectorLength(ExecState* exec, unsigned > } > > case ALL_CONTIGUOUS_INDEXING_TYPES: { >- ASSERT(!indexingShouldBeSparse()); >+ ASSERT(!indexingShouldBeSparse(vm)); > if (attributes) > return putDirectIndexBeyondVectorLengthWithArrayStorage(exec, i, value, attributes, mode, ensureArrayStorageExistsAndEnterDictionaryIndexingMode(vm)); > putByIndexBeyondVectorLengthWithoutAttributes<ContiguousShape>(exec, i, value); >@@ -3106,7 +3106,7 @@ JSFunction* JSObject::putDirectBuiltinFunctionWithoutTransition(VM& vm, JSGlobal > } > > // NOTE: This method is for ArrayStorage vectors. >-ALWAYS_INLINE unsigned JSObject::getNewVectorLength(unsigned indexBias, unsigned currentVectorLength, unsigned currentLength, unsigned desiredLength) >+ALWAYS_INLINE unsigned JSObject::getNewVectorLength(VM& vm, unsigned indexBias, unsigned currentVectorLength, unsigned currentLength, unsigned desiredLength) > { > ASSERT(desiredLength <= MAX_STORAGE_VECTOR_LENGTH); > >@@ -3126,11 +3126,11 @@ ALWAYS_INLINE unsigned JSObject::getNewVectorLength(unsigned indexBias, unsigned > lastArraySize = std::min(increasedLength, FIRST_ARRAY_STORAGE_VECTOR_GROW); > > return ArrayStorage::optimalVectorLength( >- indexBias, structure()->outOfLineCapacity(), >+ indexBias, structure(vm)->outOfLineCapacity(), > std::min(increasedLength, MAX_STORAGE_VECTOR_LENGTH)); > } > >-ALWAYS_INLINE unsigned JSObject::getNewVectorLength(unsigned desiredLength) >+ALWAYS_INLINE unsigned JSObject::getNewVectorLength(VM& vm, unsigned desiredLength) > { > unsigned indexBias = 0; > unsigned vectorLength = 0; >@@ -3143,7 +3143,7 @@ ALWAYS_INLINE unsigned JSObject::getNewVectorLength(unsigned desiredLength) > length = m_butterfly->publicLength(); > } > >- return getNewVectorLength(indexBias, vectorLength, length, desiredLength); >+ return getNewVectorLength(vm, indexBias, vectorLength, length, desiredLength); > } > > template<IndexingType indexingShape> >@@ -3219,7 +3219,7 @@ bool JSObject::increaseVectorLength(VM& vm, unsigned newLength) > > unsigned indexBias = storage->m_indexBias; > ASSERT(newLength > vectorLength); >- unsigned newVectorLength = getNewVectorLength(newLength); >+ unsigned newVectorLength = getNewVectorLength(vm, newLength); > > // Fast case - there is no precapacity. In these cases a realloc makes sense. > Structure* structure = this->structure(vm); >@@ -3316,10 +3316,10 @@ void JSObject::reallocateAndShrinkButterfly(VM& vm, unsigned length) > ASSERT(length <= MAX_STORAGE_VECTOR_LENGTH); > ASSERT(hasContiguous(indexingType()) || hasInt32(indexingType()) || hasDouble(indexingType()) || hasUndecided(indexingType())); > ASSERT(m_butterfly->vectorLength() > length); >- ASSERT(!m_butterfly->indexingHeader()->preCapacity(structure())); >+ ASSERT(!m_butterfly->indexingHeader()->preCapacity(structure(vm))); > > DeferGC deferGC(vm.heap); >- Butterfly* newButterfly = butterfly()->resizeArray(vm, this, structure(), 0, ArrayStorage::sizeFor(length)); >+ Butterfly* newButterfly = butterfly()->resizeArray(vm, this, structure(vm), 0, ArrayStorage::sizeFor(length)); > newButterfly->setVectorLength(length); > newButterfly->setPublicLength(length); > WTF::storeStoreFence(); >@@ -3637,7 +3637,7 @@ void JSObject::shiftButterflyAfterFlattening(const GCSafeConcurrentJSLocker&, VM > Butterfly* oldButterfly = this->butterfly(); > size_t preCapacity; > size_t indexingPayloadSizeInBytes; >- bool hasIndexingHeader = this->hasIndexingHeader(); >+ bool hasIndexingHeader = this->hasIndexingHeader(vm); > if (UNLIKELY(hasIndexingHeader)) { > preCapacity = oldButterfly->indexingHeader()->preCapacity(structure); > indexingPayloadSizeInBytes = oldButterfly->indexingHeader()->indexingPayloadSizeInBytes(structure); >@@ -3771,9 +3771,8 @@ JSValue JSObject::getMethod(ExecState* exec, CallData& callData, CallType& callT > return method; > } > >-bool JSObject::anyObjectInChainMayInterceptIndexedAccesses() const >+bool JSObject::anyObjectInChainMayInterceptIndexedAccesses(VM& vm) const > { >- VM& vm = *this->vm(); > for (const JSObject* current = this; ;) { > if (current->structure(vm)->mayInterceptIndexedAccesses()) > return true; >@@ -3789,7 +3788,7 @@ bool JSObject::anyObjectInChainMayInterceptIndexedAccesses() const > bool JSObject::prototypeChainMayInterceptStoreTo(VM& vm, PropertyName propertyName) > { > if (parseIndex(propertyName)) >- return anyObjectInChainMayInterceptIndexedAccesses(); >+ return anyObjectInChainMayInterceptIndexedAccesses(vm); > > for (JSObject* current = this; ;) { > JSValue prototype = current->getPrototypeDirect(vm); >@@ -3810,14 +3809,14 @@ bool JSObject::prototypeChainMayInterceptStoreTo(VM& vm, PropertyName propertyNa > } > } > >-bool JSObject::needsSlowPutIndexing() const >+bool JSObject::needsSlowPutIndexing(VM& vm) const > { >- return anyObjectInChainMayInterceptIndexedAccesses() || globalObject()->isHavingABadTime(); >+ return anyObjectInChainMayInterceptIndexedAccesses(vm) || globalObject(vm)->isHavingABadTime(); > } > >-NonPropertyTransition JSObject::suggestedArrayStorageTransition() const >+NonPropertyTransition JSObject::suggestedArrayStorageTransition(VM& vm) const > { >- if (needsSlowPutIndexing()) >+ if (needsSlowPutIndexing(vm)) > return NonPropertyTransition::AllocateSlowPutArrayStorage; > > return NonPropertyTransition::AllocateArrayStorage; >diff --git a/Source/JavaScriptCore/runtime/JSObject.h b/Source/JavaScriptCore/runtime/JSObject.h >index 4a6128a3956d87031fae236b18c033840020634b..faabc5d6c6e414e68d56c5adcbd5d637da5b8c77 100644 >--- a/Source/JavaScriptCore/runtime/JSObject.h >+++ b/Source/JavaScriptCore/runtime/JSObject.h >@@ -159,9 +159,9 @@ class JSObject : public JSCell { > bool setPrototype(VM&, ExecState*, JSValue prototype, bool shouldThrowIfCantSet = false); > JS_EXPORT_PRIVATE static bool setPrototype(JSObject*, ExecState*, JSValue prototype, bool shouldThrowIfCantSet); > >- bool mayInterceptIndexedAccesses() >+ bool mayInterceptIndexedAccesses(VM& vm) > { >- return structure()->mayInterceptIndexedAccesses(); >+ return structure(vm)->mayInterceptIndexedAccesses(); > } > > JSValue get(ExecState*, PropertyName) const; >@@ -257,9 +257,9 @@ class JSObject : public JSCell { > // want to ensure that this won't throw an exception. > JS_EXPORT_PRIVATE bool putDirectMayBeIndex(ExecState*, PropertyName, JSValue); > >- bool hasIndexingHeader() const >+ bool hasIndexingHeader(VM& vm) const > { >- return structure()->hasIndexingHeader(this); >+ return structure(vm)->hasIndexingHeader(this); > } > > bool canGetIndexQuickly(unsigned i) >@@ -703,9 +703,9 @@ class JSObject : public JSCell { > > void transitionTo(VM&, Structure*); > >- bool hasCustomProperties() { return structure()->didTransition(); } >- bool hasGetterSetterProperties() { return structure()->hasGetterSetterProperties(); } >- bool hasCustomGetterSetterProperties() { return structure()->hasCustomGetterSetterProperties(); } >+ bool hasCustomProperties(VM& vm) { return structure(vm)->didTransition(); } >+ bool hasGetterSetterProperties(VM& vm) { return structure(vm)->hasGetterSetterProperties(); } >+ bool hasCustomGetterSetterProperties(VM& vm) { return structure(vm)->hasCustomGetterSetterProperties(); } > > // putOwnDataProperty has 'put' like semantics, however this method: > // - assumes the object contains no own getter/setter properties. >@@ -747,31 +747,31 @@ class JSObject : public JSCell { > bool isSealed(VM& vm) { return structure(vm)->isSealed(vm); } > bool isFrozen(VM& vm) { return structure(vm)->isFrozen(vm); } > >- bool anyObjectInChainMayInterceptIndexedAccesses() const; >+ bool anyObjectInChainMayInterceptIndexedAccesses(VM&) const; > JS_EXPORT_PRIVATE bool prototypeChainMayInterceptStoreTo(VM&, PropertyName); >- bool needsSlowPutIndexing() const; >- NonPropertyTransition suggestedArrayStorageTransition() const; >+ bool needsSlowPutIndexing(VM&) const; > > private: >- ALWAYS_INLINE bool isExtensibleImpl() { return isStructureExtensible(); } >+ NonPropertyTransition suggestedArrayStorageTransition(VM&) const; >+ ALWAYS_INLINE bool isExtensibleImpl(VM& vm) { return isStructureExtensible(vm); } > public: > // You should only call isStructureExtensible() when: > // - Performing this check in a way that isn't described in the specification > // as calling the virtual [[IsExtensible]] trap. > // - When you're guaranteed that object->methodTable()->isExtensible isn't > // overridden. >- ALWAYS_INLINE bool isStructureExtensible() { return structure()->isStructureExtensible(); } >+ ALWAYS_INLINE bool isStructureExtensible(VM& vm) { return structure(vm)->isStructureExtensible(); } > // You should call this when performing [[IsExtensible]] trap in a place > // that is described in the specification. This performs the fully virtual > // [[IsExtensible]] trap. > bool isExtensible(ExecState*); >- bool indexingShouldBeSparse() >+ bool indexingShouldBeSparse(VM& vm) > { >- return !isStructureExtensible() >- || structure()->typeInfo().interceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero(); >+ return !isStructureExtensible(vm) >+ || structure(vm)->typeInfo().interceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero(); > } > >- bool staticPropertiesReified() { return structure()->staticPropertiesReified(); } >+ bool staticPropertiesReified(VM& vm) { return structure(vm)->staticPropertiesReified(); } > void reifyAllStaticProperties(ExecState*); > > JS_EXPORT_PRIVATE Butterfly* allocateMoreOutOfLineStorage(VM&, size_t oldSize, size_t newSize); >@@ -803,7 +803,7 @@ class JSObject : public JSCell { > JSGlobalObject* globalObject(VM& vm) const > { > ASSERT(structure(vm)->globalObject()); >- ASSERT(!isGlobalObject() || ((JSObject*)structure()->globalObject()) == this); >+ ASSERT(!isGlobalObject() || ((JSObject*)structure(vm)->globalObject()) == this); > return structure(vm)->globalObject(); > } > >@@ -887,8 +887,8 @@ class JSObject : public JSCell { > { > Base::finishCreation(vm); > ASSERT(jsDynamicCast<JSObject*>(vm, this)); >- ASSERT(structure()->hasPolyProto() || getPrototypeDirect(vm).isNull() || Heap::heap(this) == Heap::heap(getPrototypeDirect(vm))); >- ASSERT(structure()->isObject()); >+ ASSERT(structure(vm)->hasPolyProto() || getPrototypeDirect(vm).isNull() || Heap::heap(this) == Heap::heap(getPrototypeDirect(vm))); >+ ASSERT(structure(vm)->isObject()); > ASSERT(classInfo(vm)); > } > >@@ -1032,7 +1032,7 @@ class JSObject : public JSCell { > > bool getNonIndexPropertySlot(ExecState*, PropertyName, PropertySlot&); > bool getOwnNonIndexPropertySlot(VM&, Structure*, PropertyName, PropertySlot&); >- JS_EXPORT_PRIVATE void fillGetterPropertySlot(PropertySlot&, JSCell*, unsigned, PropertyOffset); >+ JS_EXPORT_PRIVATE void fillGetterPropertySlot(VM&, PropertySlot&, JSCell*, unsigned, PropertyOffset); > void fillCustomGetterPropertySlot(VM&, PropertySlot&, CustomGetterSetter*, unsigned, Structure*); > > JS_EXPORT_PRIVATE bool getOwnStaticPropertySlot(VM&, PropertyName, PropertySlot&); >@@ -1048,8 +1048,8 @@ class JSObject : public JSCell { > bool putDirectIndexBeyondVectorLengthWithArrayStorage(ExecState*, unsigned propertyName, JSValue, unsigned attributes, PutDirectIndexMode, ArrayStorage*); > JS_EXPORT_PRIVATE bool putDirectIndexSlowOrBeyondVectorLength(ExecState*, unsigned propertyName, JSValue, unsigned attributes, PutDirectIndexMode); > >- unsigned getNewVectorLength(unsigned indexBias, unsigned currentVectorLength, unsigned currentLength, unsigned desiredLength); >- unsigned getNewVectorLength(unsigned desiredLength); >+ unsigned getNewVectorLength(VM&, unsigned indexBias, unsigned currentVectorLength, unsigned currentLength, unsigned desiredLength); >+ unsigned getNewVectorLength(VM&, unsigned desiredLength); > > ArrayStorage* constructConvertedArrayStorageWithoutCopyingElements(VM&, unsigned neededLength); > >@@ -1095,7 +1095,7 @@ class JSNonFinalObject : public JSObject { > void finishCreation(VM& vm) > { > Base::finishCreation(vm); >- ASSERT(!this->structure()->hasInlineStorage()); >+ ASSERT(!this->structure(vm)->hasInlineStorage()); > ASSERT(classInfo(vm)); > } > }; >@@ -1148,7 +1148,7 @@ class JSFinalObject final : public JSObject { > void finishCreation(VM& vm) > { > Base::finishCreation(vm); >- ASSERT(structure()->totalStorageCapacity() == structure()->inlineCapacity()); >+ ASSERT(structure(vm)->totalStorageCapacity() == structure(vm)->inlineCapacity()); > ASSERT(classInfo(vm)); > } > >@@ -1275,16 +1275,16 @@ inline void JSObject::nukeStructureAndSetButterfly(VM& vm, StructureID oldStruct > m_butterfly.set(vm, this, butterfly); > } > >-inline CallType getCallData(JSValue value, CallData& callData) >+inline CallType getCallData(VM& vm, JSValue value, CallData& callData) > { >- CallType result = value.isCell() ? value.asCell()->methodTable()->getCallData(value.asCell(), callData) : CallType::None; >+ CallType result = value.isCell() ? value.asCell()->methodTable(vm)->getCallData(value.asCell(), callData) : CallType::None; > ASSERT(result == CallType::None || value.isValidCallee()); > return result; > } > >-inline ConstructType getConstructData(JSValue value, ConstructData& constructData) >+inline ConstructType getConstructData(VM& vm, JSValue value, ConstructData& constructData) > { >- ConstructType result = value.isCell() ? value.asCell()->methodTable()->getConstructData(value.asCell(), constructData) : ConstructType::None; >+ ConstructType result = value.isCell() ? value.asCell()->methodTable(vm)->getConstructData(value.asCell(), constructData) : ConstructType::None; > ASSERT(result == ConstructType::None || value.isValidCallee()); > return result; > } >@@ -1342,7 +1342,7 @@ ALWAYS_INLINE bool JSObject::getOwnNonIndexPropertySlot(VM& vm, Structure* struc > JSType type = cell->type(); > switch (type) { > case GetterSetterType: >- fillGetterPropertySlot(slot, cell, attributes, offset); >+ fillGetterPropertySlot(vm, slot, cell, attributes, offset); > return true; > case CustomGetterSetterType: > fillCustomGetterPropertySlot(vm, slot, jsCast<CustomGetterSetter*>(cell), attributes, structure); >@@ -1455,23 +1455,24 @@ inline bool JSObject::putOwnDataProperty(VM& vm, PropertyName propertyName, JSVa > { > ASSERT(value); > ASSERT(!Heap::heap(value) || Heap::heap(value) == Heap::heap(this)); >- ASSERT(!structure()->hasGetterSetterProperties()); >- ASSERT(!structure()->hasCustomGetterSetterProperties()); >+ ASSERT(!structure(vm)->hasGetterSetterProperties()); >+ ASSERT(!structure(vm)->hasCustomGetterSetterProperties()); > > return putDirectInternal<PutModePut>(vm, propertyName, value, 0, slot); > } > > inline bool JSObject::putOwnDataPropertyMayBeIndex(ExecState* exec, PropertyName propertyName, JSValue value, PutPropertySlot& slot) > { >+ VM& vm = exec->vm(); > ASSERT(value); > ASSERT(!Heap::heap(value) || Heap::heap(value) == Heap::heap(this)); >- ASSERT(!structure()->hasGetterSetterProperties()); >- ASSERT(!structure()->hasCustomGetterSetterProperties()); >+ ASSERT(!structure(vm)->hasGetterSetterProperties()); >+ ASSERT(!structure(vm)->hasCustomGetterSetterProperties()); > > if (std::optional<uint32_t> index = parseIndex(propertyName)) > return putDirectIndex(exec, index.value(), value, 0, PutDirectIndexLikePutDirect); > >- return putDirectInternal<PutModePut>(exec->vm(), propertyName, value, 0, slot); >+ return putDirectInternal<PutModePut>(vm, propertyName, value, 0, slot); > } > > inline bool JSObject::putDirect(VM& vm, PropertyName propertyName, JSValue value, unsigned attributes) >@@ -1507,18 +1508,20 @@ inline size_t offsetInButterfly(PropertyOffset offset) > > inline size_t JSObject::butterflyPreCapacity() > { >- if (UNLIKELY(hasIndexingHeader())) >- return butterfly()->indexingHeader()->preCapacity(structure()); >+ VM& vm = *this->vm(); >+ if (UNLIKELY(hasIndexingHeader(vm))) >+ return butterfly()->indexingHeader()->preCapacity(structure(vm)); > return 0; > } > > inline size_t JSObject::butterflyTotalSize() > { >- Structure* structure = this->structure(); >+ VM& vm = *this->vm(); >+ Structure* structure = this->structure(vm); > Butterfly* butterfly = this->butterfly(); > size_t preCapacity; > size_t indexingPayloadSizeInBytes; >- bool hasIndexingHeader = this->hasIndexingHeader(); >+ bool hasIndexingHeader = this->hasIndexingHeader(vm); > > if (UNLIKELY(hasIndexingHeader)) { > preCapacity = butterfly->indexingHeader()->preCapacity(structure); >diff --git a/Source/JavaScriptCore/runtime/JSObjectInlines.h b/Source/JavaScriptCore/runtime/JSObjectInlines.h >index 527fc2295fd16b2237269b7c3f784ca80938ec47..efb0f53534624bffef984c4139f999b27823fbb6 100644 >--- a/Source/JavaScriptCore/runtime/JSObjectInlines.h >+++ b/Source/JavaScriptCore/runtime/JSObjectInlines.h >@@ -296,7 +296,7 @@ ALWAYS_INLINE bool JSObject::putDirectInternal(VM& vm, PropertyName propertyName > return true; > } > >- if ((mode == PutModePut) && !isStructureExtensible()) >+ if ((mode == PutModePut) && !isStructureExtensible(vm)) > return false; > > offset = prepareToPutDirectWithoutTransition(vm, propertyName, attributes, structureID, structure); >@@ -304,12 +304,12 @@ ALWAYS_INLINE bool JSObject::putDirectInternal(VM& vm, PropertyName propertyName > putDirect(vm, offset, value); > slot.setNewProperty(this, offset); > if (attributes & PropertyAttribute::ReadOnly) >- this->structure()->setContainsReadOnlyProperties(); >+ this->structure(vm)->setContainsReadOnlyProperties(); > return true; > } > > PropertyOffset offset; >- size_t currentCapacity = this->structure()->outOfLineCapacity(); >+ size_t currentCapacity = this->structure(vm)->outOfLineCapacity(); > Structure* newStructure = Structure::addPropertyTransitionToExistingStructure( > structure, propertyName, attributes, offset); > if (newStructure) { >@@ -318,7 +318,7 @@ ALWAYS_INLINE bool JSObject::putDirectInternal(VM& vm, PropertyName propertyName > > Butterfly* newButterfly = butterfly(); > if (currentCapacity != newStructure->outOfLineCapacity()) { >- ASSERT(newStructure != this->structure()); >+ ASSERT(newStructure != this->structure(vm)); > newButterfly = allocateMoreOutOfLineStorage(vm, currentCapacity, newStructure->outOfLineCapacity()); > nukeStructureAndSetButterfly(vm, structureID, newButterfly); > } >@@ -355,7 +355,7 @@ ALWAYS_INLINE bool JSObject::putDirectInternal(VM& vm, PropertyName propertyName > return true; > } > >- if ((mode == PutModePut) && !isStructureExtensible()) >+ if ((mode == PutModePut) && !isStructureExtensible(vm)) > return false; > > // We want the structure transition watchpoint to fire after this object has switched >diff --git a/Source/JavaScriptCore/runtime/JSPromise.cpp b/Source/JavaScriptCore/runtime/JSPromise.cpp >index 3e6887e595c8756197cd60fdd2cf421d69ac659f..75e1e23caafefb8c7d001c61c5947580f3ad6765 100644 >--- a/Source/JavaScriptCore/runtime/JSPromise.cpp >+++ b/Source/JavaScriptCore/runtime/JSPromise.cpp >@@ -65,7 +65,7 @@ void JSPromise::initialize(ExecState* exec, JSGlobalObject* globalObject, JSValu > { > JSFunction* initializePromise = globalObject->initializePromiseFunction(); > CallData callData; >- CallType callType = JSC::getCallData(initializePromise, callData); >+ CallType callType = JSC::getCallData(exec->vm(), initializePromise, callData); > ASSERT(callType != CallType::None); > > MarkedArgumentBuffer arguments; >@@ -101,7 +101,7 @@ JSPromise* JSPromise::resolve(JSGlobalObject& globalObject, JSValue value) > > auto* promiseResolveFunction = globalObject.promiseResolveFunction(); > CallData callData; >- auto callType = JSC::getCallData(promiseResolveFunction, callData); >+ auto callType = JSC::getCallData(vm, promiseResolveFunction, callData); > ASSERT(callType != CallType::None); > > MarkedArgumentBuffer arguments; >diff --git a/Source/JavaScriptCore/runtime/JSPromiseConstructor.cpp b/Source/JavaScriptCore/runtime/JSPromiseConstructor.cpp >index d47b8d4543c46df744fac8c77bc0dc2292e83ad7..c5c512bd5d229222417193464d5e1e3a82ef3982 100644 >--- a/Source/JavaScriptCore/runtime/JSPromiseConstructor.cpp >+++ b/Source/JavaScriptCore/runtime/JSPromiseConstructor.cpp >@@ -105,7 +105,7 @@ static EncodedJSValue JSC_HOST_CALL constructPromise(ExecState* exec) > { > VM& vm = exec->vm(); > auto scope = DECLARE_THROW_SCOPE(vm); >- JSGlobalObject* globalObject = exec->jsCallee()->globalObject(); >+ JSGlobalObject* globalObject = exec->jsCallee()->globalObject(vm); > > JSValue newTarget = exec->newTarget(); > if (newTarget.isUndefined()) >diff --git a/Source/JavaScriptCore/runtime/JSPromiseDeferred.cpp b/Source/JavaScriptCore/runtime/JSPromiseDeferred.cpp >index d7f7d789fe143f709621e3c4eab9c258a75347d0..147a949eade8b22857961e014b90514406597a3e 100644 >--- a/Source/JavaScriptCore/runtime/JSPromiseDeferred.cpp >+++ b/Source/JavaScriptCore/runtime/JSPromiseDeferred.cpp >@@ -43,7 +43,7 @@ JSValue newPromiseCapability(ExecState* exec, JSGlobalObject* globalObject, JSPr > { > JSFunction* newPromiseCapabilityFunction = globalObject->newPromiseCapabilityFunction(); > CallData callData; >- CallType callType = JSC::getCallData(newPromiseCapabilityFunction, callData); >+ CallType callType = JSC::getCallData(exec->vm(), newPromiseCapabilityFunction, callData); > ASSERT(callType != CallType::None); > > MarkedArgumentBuffer arguments; >@@ -92,7 +92,7 @@ JSPromiseDeferred::JSPromiseDeferred(VM& vm, Structure* structure) > static inline void callFunction(ExecState* exec, JSValue function, JSValue value) > { > CallData callData; >- CallType callType = getCallData(function, callData); >+ CallType callType = getCallData(exec->vm(), function, callData); > ASSERT(callType != CallType::None); > > MarkedArgumentBuffer arguments; >diff --git a/Source/JavaScriptCore/runtime/JSScope.cpp b/Source/JavaScriptCore/runtime/JSScope.cpp >index 3f7f3f1497d0aa2c9e5344e7a3a8ef40b160f80c..ccc001561022bf66cbf2e8b342f6fee6d76adef9 100644 >--- a/Source/JavaScriptCore/runtime/JSScope.cpp >+++ b/Source/JavaScriptCore/runtime/JSScope.cpp >@@ -161,9 +161,10 @@ static inline bool abstractAccess(ExecState* exec, JSScope* scope, const Identif > return true; > } > >+ Structure* structure = globalObject->structure(vm); > if (!slot.isCacheableValue() >- || !globalObject->structure()->propertyAccessesAreCacheable() >- || (globalObject->structure()->hasReadOnlyOrGetterSetterPropertiesExcludingProto() && getOrPut == Put)) { >+ || !structure->propertyAccessesAreCacheable() >+ || (structure->hasReadOnlyOrGetterSetterPropertiesExcludingProto() && getOrPut == Put)) { > // We know the property will be at global scope, but we don't know how to cache it. > ASSERT(!scope->next()); > op = ResolveOp(makeType(GlobalProperty, needsVarInjectionChecks), 0, 0, 0, 0, 0); >@@ -171,7 +172,7 @@ static inline bool abstractAccess(ExecState* exec, JSScope* scope, const Identif > } > > >- WatchpointState state = globalObject->structure()->ensurePropertyReplacementWatchpointSet(exec->vm(), slot.cachedOffset())->state(); >+ WatchpointState state = structure->ensurePropertyReplacementWatchpointSet(vm, slot.cachedOffset())->state(); > if (state == IsWatched && getOrPut == Put) { > // The field exists, but because the replacement watchpoint is still intact. This is > // kind of dangerous. We have two options: >@@ -182,7 +183,7 @@ static inline bool abstractAccess(ExecState* exec, JSScope* scope, const Identif > // We go with option (2) here because it seems less evil. > op = ResolveOp(makeType(GlobalProperty, needsVarInjectionChecks), depth, 0, 0, 0, 0); > } else >- op = ResolveOp(makeType(GlobalProperty, needsVarInjectionChecks), depth, globalObject->structure(), 0, 0, slot.cachedOffset()); >+ op = ResolveOp(makeType(GlobalProperty, needsVarInjectionChecks), depth, structure, 0, 0, slot.cachedOffset()); > return true; > } > >diff --git a/Source/JavaScriptCore/runtime/JSScope.h b/Source/JavaScriptCore/runtime/JSScope.h >index 6f239c53ac59506686337f98b217fe241584f74b..f6b773a7ad1bf6e4cd96ee273bb6e19fcfa92fdb 100644 >--- a/Source/JavaScriptCore/runtime/JSScope.h >+++ b/Source/JavaScriptCore/runtime/JSScope.h >@@ -70,8 +70,6 @@ class JSScope : public JSNonFinalObject { > ScopeChainIterator end(); > JSScope* next(); > >- JSGlobalObject* globalObject(); >- JSGlobalObject* globalObject(VM&); > JSObject* globalThis(); > > SymbolTable* symbolTable(VM&); >@@ -131,16 +129,6 @@ inline JSScope* JSScope::next() > return m_next.get(); > } > >-inline JSGlobalObject* JSScope::globalObject() >-{ >- return structure()->globalObject(); >-} >- >-inline JSGlobalObject* JSScope::globalObject(VM& vm) >-{ >- return structure(vm)->globalObject(); >-} >- > inline Register& Register::operator=(JSScope* scope) > { > *this = JSValue(scope); >diff --git a/Source/JavaScriptCore/runtime/JSSet.cpp b/Source/JavaScriptCore/runtime/JSSet.cpp >index 4b6879b4d4faede63a389cf950b0f8a72c30ac83..72cf5cb54de0982bc9d1120842906e5b7e0936ee 100644 >--- a/Source/JavaScriptCore/runtime/JSSet.cpp >+++ b/Source/JavaScriptCore/runtime/JSSet.cpp >@@ -51,12 +51,12 @@ bool JSSet::isIteratorProtocolFastAndNonObservable() > if (!globalObject->isSetPrototypeIteratorProtocolFastAndNonObservable()) > return false; > >- Structure* structure = this->structure(); >+ VM& vm = globalObject->vm(); >+ Structure* structure = this->structure(vm); > // This is the fast case. Many sets will be an original set. > if (structure == globalObject->setStructure()) > return true; > >- VM& vm = globalObject->vm(); > if (getPrototypeDirect(vm) != globalObject->jsSetPrototype()) > return false; > >diff --git a/Source/JavaScriptCore/runtime/JSSetIterator.cpp b/Source/JavaScriptCore/runtime/JSSetIterator.cpp >index e2b891a027452f411c934dec3563f0a8769660ca..d451e059fe35c8fecf109fe46ecebf451f6e3820 100644 >--- a/Source/JavaScriptCore/runtime/JSSetIterator.cpp >+++ b/Source/JavaScriptCore/runtime/JSSetIterator.cpp >@@ -55,7 +55,7 @@ JSValue JSSetIterator::createPair(CallFrame* callFrame, JSValue key, JSValue val > args.append(key); > args.append(value); > ASSERT(!args.hasOverflowed()); >- JSGlobalObject* globalObject = callFrame->jsCallee()->globalObject(); >+ JSGlobalObject* globalObject = callFrame->jsCallee()->globalObject(callFrame->vm()); > return constructArray(callFrame, 0, globalObject, args); > } > >diff --git a/Source/JavaScriptCore/runtime/JSStringIterator.cpp b/Source/JavaScriptCore/runtime/JSStringIterator.cpp >index 6d201d9ca0358c999d477c0a997663b573f7d3d0..ebc9f5716217febe8b95db44941c70955d936929 100644 >--- a/Source/JavaScriptCore/runtime/JSStringIterator.cpp >+++ b/Source/JavaScriptCore/runtime/JSStringIterator.cpp >@@ -53,7 +53,7 @@ JSStringIterator* JSStringIterator::clone(ExecState* exec) > JSValue iteratedString = getDirect(vm, vm.propertyNames->builtinNames().iteratedStringPrivateName()); > JSValue nextIndex = getDirect(vm, vm.propertyNames->builtinNames().stringIteratorNextIndexPrivateName()); > >- auto clone = JSStringIterator::create(exec, exec->jsCallee()->globalObject()->stringIteratorStructure(), asString(iteratedString)); >+ auto clone = JSStringIterator::create(exec, exec->jsCallee()->globalObject(vm)->stringIteratorStructure(), asString(iteratedString)); > clone->putDirect(vm, vm.propertyNames->builtinNames().stringIteratorNextIndexPrivateName(), nextIndex); > return clone; > } >diff --git a/Source/JavaScriptCore/runtime/Lookup.cpp b/Source/JavaScriptCore/runtime/Lookup.cpp >index bd24dfeb0b26c5689153de88002fca17e9ce650e..305f34ea0bc63162593e5d527812b68e9890d977 100644 >--- a/Source/JavaScriptCore/runtime/Lookup.cpp >+++ b/Source/JavaScriptCore/runtime/Lookup.cpp >@@ -28,7 +28,7 @@ namespace JSC { > > void reifyStaticAccessor(VM& vm, const HashTableValue& value, JSObject& thisObject, PropertyName propertyName) > { >- JSGlobalObject* globalObject = thisObject.globalObject(); >+ JSGlobalObject* globalObject = thisObject.globalObject(vm); > JSObject* getter = nullptr; > if (value.accessorGetter()) { > if (value.attributes() & PropertyAttribute::Builtin) >@@ -46,7 +46,7 @@ void reifyStaticAccessor(VM& vm, const HashTableValue& value, JSObject& thisObje > > bool setUpStaticFunctionSlot(VM& vm, const ClassInfo* classInfo, const HashTableValue* entry, JSObject* thisObject, PropertyName propertyName, PropertySlot& slot) > { >- ASSERT(thisObject->globalObject()); >+ ASSERT(thisObject->globalObject(vm)); > ASSERT(entry->attributes() & PropertyAttribute::BuiltinOrFunctionOrAccessorOrLazyProperty); > unsigned attributes; > bool isAccessor = entry->attributes() & PropertyAttribute::Accessor; >@@ -55,7 +55,7 @@ bool setUpStaticFunctionSlot(VM& vm, const ClassInfo* classInfo, const HashTable > if (!isValidOffset(offset)) { > // If a property is ever deleted from an object with a static table, then we reify > // all static functions at that time - after this we shouldn't be re-adding anything. >- if (thisObject->staticPropertiesReified()) >+ if (thisObject->staticPropertiesReified(vm)) > return false; > > reifyStaticProperty(vm, classInfo, propertyName, *entry, *thisObject); >diff --git a/Source/JavaScriptCore/runtime/Lookup.h b/Source/JavaScriptCore/runtime/Lookup.h >index bfee51e0b1acb446a35082b45bf01e938a688af7..890a16b92d75e840ef989ba8daeaddc9a3b173d3 100644 >--- a/Source/JavaScriptCore/runtime/Lookup.h >+++ b/Source/JavaScriptCore/runtime/Lookup.h >@@ -222,7 +222,7 @@ inline BuiltinGenerator HashTableValue::builtinAccessorSetterGenerator() const > > inline bool getStaticPropertySlotFromTable(VM& vm, const ClassInfo* classInfo, const HashTable& table, JSObject* thisObject, PropertyName propertyName, PropertySlot& slot) > { >- if (thisObject->staticPropertiesReified()) >+ if (thisObject->staticPropertiesReified(vm)) > return false; > > auto* entry = table.entry(propertyName); >@@ -257,8 +257,8 @@ inline bool replaceStaticPropertySlot(VM& vm, JSObject* thisObject, PropertyName > if (!thisObject->putDirect(vm, propertyName, value)) > return false; > >- if (!thisObject->staticPropertiesReified()) >- thisObject->JSObject::setStructure(vm, Structure::attributeChangeTransition(vm, thisObject->structure(), propertyName, 0)); >+ if (!thisObject->staticPropertiesReified(vm)) >+ thisObject->JSObject::setStructure(vm, Structure::attributeChangeTransition(vm, thisObject->structure(vm), propertyName, 0)); > > return true; > } >@@ -325,19 +325,19 @@ inline void reifyStaticProperty(VM& vm, const ClassInfo* classInfo, const Proper > if (value.attributes() & PropertyAttribute::Accessor) > reifyStaticAccessor(vm, value, thisObj, propertyName); > else >- thisObj.putDirectBuiltinFunction(vm, thisObj.globalObject(), propertyName, value.builtinGenerator()(vm), attributesForStructure(value.attributes())); >+ thisObj.putDirectBuiltinFunction(vm, thisObj.globalObject(vm), propertyName, value.builtinGenerator()(vm), attributesForStructure(value.attributes())); > return; > } > > if (value.attributes() & PropertyAttribute::Function) { > if (value.attributes() & PropertyAttribute::DOMJITFunction) { > thisObj.putDirectNativeFunction( >- vm, thisObj.globalObject(), propertyName, value.functionLength(), >+ vm, thisObj.globalObject(vm), propertyName, value.functionLength(), > value.function(), value.intrinsic(), value.signature(), attributesForStructure(value.attributes())); > return; > } > thisObj.putDirectNativeFunction( >- vm, thisObj.globalObject(), propertyName, value.functionLength(), >+ vm, thisObj.globalObject(vm), propertyName, value.functionLength(), > value.function(), value.intrinsic(), attributesForStructure(value.attributes())); > return; > } >diff --git a/Source/JavaScriptCore/runtime/MapConstructor.cpp b/Source/JavaScriptCore/runtime/MapConstructor.cpp >index 5eb234d9192afb3d6145b30e1aa9a61b9dc943df..ee85e01ca32436a9be92224bdb5cf7b0daad3fc9 100644 >--- a/Source/JavaScriptCore/runtime/MapConstructor.cpp >+++ b/Source/JavaScriptCore/runtime/MapConstructor.cpp >@@ -67,7 +67,7 @@ static EncodedJSValue JSC_HOST_CALL constructMap(ExecState* exec) > VM& vm = exec->vm(); > auto scope = DECLARE_THROW_SCOPE(vm); > >- JSGlobalObject* globalObject = jsCast<InternalFunction*>(exec->jsCallee())->globalObject(); >+ JSGlobalObject* globalObject = jsCast<InternalFunction*>(exec->jsCallee())->globalObject(vm); > Structure* mapStructure = InternalFunction::createSubclassStructure(exec, exec->newTarget(), globalObject->mapStructure()); > RETURN_IF_EXCEPTION(scope, encodedJSValue()); > >@@ -91,7 +91,7 @@ static EncodedJSValue JSC_HOST_CALL constructMap(ExecState* exec) > RETURN_IF_EXCEPTION(scope, encodedJSValue()); > > CallData adderFunctionCallData; >- CallType adderFunctionCallType = getCallData(adderFunction, adderFunctionCallData); >+ CallType adderFunctionCallType = getCallData(vm, adderFunction, adderFunctionCallData); > if (adderFunctionCallType == CallType::None) > return JSValue::encode(throwTypeError(exec, scope)); > >diff --git a/Source/JavaScriptCore/runtime/NumberConstructor.cpp b/Source/JavaScriptCore/runtime/NumberConstructor.cpp >index 2e7cb72fd827321d3055ee6ba7839a889d8725db..3471dde3f9558527beed4d57cd1c9d8a5a6c2d4a 100644 >--- a/Source/JavaScriptCore/runtime/NumberConstructor.cpp >+++ b/Source/JavaScriptCore/runtime/NumberConstructor.cpp >@@ -65,7 +65,7 @@ void NumberConstructor::finishCreation(VM& vm, NumberPrototype* numberPrototype) > Base::finishCreation(vm, NumberPrototype::info()->className); > ASSERT(inherits(vm, info())); > >- JSGlobalObject* globalObject = numberPrototype->globalObject(); >+ JSGlobalObject* globalObject = numberPrototype->globalObject(vm); > > putDirectWithoutTransition(vm, vm.propertyNames->prototype, numberPrototype, PropertyAttribute::DontEnum | PropertyAttribute::DontDelete | PropertyAttribute::ReadOnly); > putDirectWithoutTransition(vm, vm.propertyNames->length, jsNumber(1), PropertyAttribute::ReadOnly | PropertyAttribute::DontEnum); >@@ -79,8 +79,8 @@ void NumberConstructor::finishCreation(VM& vm, NumberPrototype* numberPrototype) > putDirectWithoutTransition(vm, Identifier::fromString(&vm, "POSITIVE_INFINITY"), jsDoubleNumber(std::numeric_limits<double>::infinity()), PropertyAttribute::DontDelete | PropertyAttribute::DontEnum | PropertyAttribute::ReadOnly); > putDirectWithoutTransition(vm, vm.propertyNames->NaN, jsNaN(), PropertyAttribute::DontDelete | PropertyAttribute::DontEnum | PropertyAttribute::ReadOnly); > >- putDirectWithoutTransition(vm, vm.propertyNames->parseInt, numberPrototype->globalObject()->parseIntFunction(), static_cast<unsigned>(PropertyAttribute::DontEnum)); >- putDirectWithoutTransition(vm, vm.propertyNames->parseFloat, numberPrototype->globalObject()->parseFloatFunction(), static_cast<unsigned>(PropertyAttribute::DontEnum)); >+ putDirectWithoutTransition(vm, vm.propertyNames->parseInt, numberPrototype->globalObject(vm)->parseIntFunction(), static_cast<unsigned>(PropertyAttribute::DontEnum)); >+ putDirectWithoutTransition(vm, vm.propertyNames->parseFloat, numberPrototype->globalObject(vm)->parseFloatFunction(), static_cast<unsigned>(PropertyAttribute::DontEnum)); > > JSC_NATIVE_INTRINSIC_FUNCTION_WITHOUT_TRANSITION(Identifier::fromString(&vm, "isInteger"), numberConstructorFuncIsInteger, static_cast<unsigned>(PropertyAttribute::DontEnum), 1, NumberIsIntegerIntrinsic); > } >diff --git a/Source/JavaScriptCore/runtime/ObjectConstructor.cpp b/Source/JavaScriptCore/runtime/ObjectConstructor.cpp >index 99210e49dbac747407b1e90d15ff9cef1e60f0ff..8152be7b3aae63e54ad8ce1053931041ca3b5238 100644 >--- a/Source/JavaScriptCore/runtime/ObjectConstructor.cpp >+++ b/Source/JavaScriptCore/runtime/ObjectConstructor.cpp >@@ -115,9 +115,9 @@ void ObjectConstructor::finishCreation(VM& vm, JSGlobalObject* globalObject, Obj > // ES 19.1.1.1 Object([value]) > static ALWAYS_INLINE JSObject* constructObject(ExecState* exec, JSValue newTarget) > { >+ VM& vm = exec->vm(); > ObjectConstructor* objectConstructor = jsCast<ObjectConstructor*>(exec->jsCallee()); >- JSGlobalObject* globalObject = objectConstructor->globalObject(); >- VM& vm = globalObject->vm(); >+ JSGlobalObject* globalObject = objectConstructor->globalObject(vm); > auto scope = DECLARE_THROW_SCOPE(vm); > > // We need to check newTarget condition in this caller side instead of InternalFunction::createSubclassStructure side. >@@ -313,7 +313,7 @@ EncodedJSValue JSC_HOST_CALL objectConstructorAssign(ExecState* exec) > RETURN_IF_EXCEPTION(scope, { }); > > if (targetCanPerformFastPut) { >- if (!source->staticPropertiesReified()) { >+ if (!source->staticPropertiesReified(vm)) { > source->reifyAllStaticProperties(exec); > RETURN_IF_EXCEPTION(scope, { }); > } >@@ -524,7 +524,7 @@ bool toPropertyDescriptor(ExecState* exec, JSValue in, PropertyDescriptor& desc) > RETURN_IF_EXCEPTION(scope, false); > if (!get.isUndefined()) { > CallData callData; >- if (getCallData(get, callData) == CallType::None) { >+ if (getCallData(vm, get, callData) == CallType::None) { > throwTypeError(exec, scope, ASCIILiteral("Getter must be a function.")); > return false; > } >@@ -540,7 +540,7 @@ bool toPropertyDescriptor(ExecState* exec, JSValue in, PropertyDescriptor& desc) > RETURN_IF_EXCEPTION(scope, false); > if (!set.isUndefined()) { > CallData callData; >- if (getCallData(set, callData) == CallType::None) { >+ if (getCallData(vm, set, callData) == CallType::None) { > throwTypeError(exec, scope, ASCIILiteral("Setter must be a function.")); > return false; > } >diff --git a/Source/JavaScriptCore/runtime/ObjectPrototype.cpp b/Source/JavaScriptCore/runtime/ObjectPrototype.cpp >index 2a12df5530cff7d9b4fe323ad27b875814de4cb1..08a3a05dd0dc5a3dc6b4aa4a7116949e50aa901f 100644 >--- a/Source/JavaScriptCore/runtime/ObjectPrototype.cpp >+++ b/Source/JavaScriptCore/runtime/ObjectPrototype.cpp >@@ -154,7 +154,7 @@ EncodedJSValue JSC_HOST_CALL objectProtoFuncDefineGetter(ExecState* exec) > > JSValue get = exec->argument(1); > CallData callData; >- if (getCallData(get, callData) == CallType::None) >+ if (getCallData(vm, get, callData) == CallType::None) > return throwVMTypeError(exec, scope, ASCIILiteral("invalid getter usage")); > > auto propertyName = exec->argument(0).toPropertyKey(exec); >@@ -182,7 +182,7 @@ EncodedJSValue JSC_HOST_CALL objectProtoFuncDefineSetter(ExecState* exec) > > JSValue set = exec->argument(1); > CallData callData; >- if (getCallData(set, callData) == CallType::None) >+ if (getCallData(vm, set, callData) == CallType::None) > return throwVMTypeError(exec, scope, ASCIILiteral("invalid setter usage")); > > auto propertyName = exec->argument(0).toPropertyKey(exec); >@@ -301,7 +301,7 @@ EncodedJSValue JSC_HOST_CALL objectProtoFuncToLocaleString(ExecState* exec) > > // If IsCallable(toString) is false, throw a TypeError exception. > CallData callData; >- CallType callType = getCallData(toString, callData); >+ CallType callType = getCallData(vm, toString, callData); > if (callType == CallType::None) > return throwVMTypeError(exec, scope); > >diff --git a/Source/JavaScriptCore/runtime/Operations.cpp b/Source/JavaScriptCore/runtime/Operations.cpp >index 57aec03367afcf45f51e584fe36855955a8c17ae..c11d905c8d67bed495fad34aa2983184d10c97e6 100644 >--- a/Source/JavaScriptCore/runtime/Operations.cpp >+++ b/Source/JavaScriptCore/runtime/Operations.cpp >@@ -120,17 +120,6 @@ bool jsIsObjectTypeOrNull(CallFrame* callFrame, JSValue v) > return true; > } > >-bool jsIsFunctionType(JSValue v) >-{ >- if (v.isObject()) { >- CallData callData; >- JSObject* object = asObject(v); >- if (object->methodTable()->getCallData(object, callData) != CallType::None) >- return true; >- } >- return false; >-} >- > size_t normalizePrototypeChain(CallFrame* callFrame, JSCell* base, bool& sawPolyProto) > { > VM& vm = callFrame->vm(); >diff --git a/Source/JavaScriptCore/runtime/Operations.h b/Source/JavaScriptCore/runtime/Operations.h >index 495590bb886ea0af3ba5d81ef20ffd745500a75e..a672f8b0c92f6767a1fe6724db33075bc7526e98 100644 >--- a/Source/JavaScriptCore/runtime/Operations.h >+++ b/Source/JavaScriptCore/runtime/Operations.h >@@ -35,7 +35,6 @@ NEVER_INLINE JSValue jsAddSlowCase(CallFrame*, JSValue, JSValue); > JSValue jsTypeStringForValue(CallFrame*, JSValue); > JSValue jsTypeStringForValue(VM&, JSGlobalObject*, JSValue); > bool jsIsObjectTypeOrNull(CallFrame*, JSValue); >-bool jsIsFunctionType(JSValue); > size_t normalizePrototypeChain(CallFrame*, JSCell*, bool& sawPolyProto); > > ALWAYS_INLINE JSString* jsString(ExecState* exec, JSString* s1, JSString* s2) >diff --git a/Source/JavaScriptCore/runtime/ProgramExecutable.cpp b/Source/JavaScriptCore/runtime/ProgramExecutable.cpp >index 9c4a803517be11d1c17855290b0d52e2b1b6c4a0..53a24615a17338bacf0276a638c341d11bab7476 100644 >--- a/Source/JavaScriptCore/runtime/ProgramExecutable.cpp >+++ b/Source/JavaScriptCore/runtime/ProgramExecutable.cpp >@@ -87,7 +87,7 @@ JSObject* ProgramExecutable::initializeGlobalProperties(VM& vm, CallFrame* callF > { > auto throwScope = DECLARE_THROW_SCOPE(vm); > RELEASE_ASSERT(scope); >- JSGlobalObject* globalObject = scope->globalObject(); >+ JSGlobalObject* globalObject = scope->globalObject(vm); > RELEASE_ASSERT(globalObject); > ASSERT(&globalObject->vm() == &vm); > >diff --git a/Source/JavaScriptCore/runtime/RegExpConstructor.cpp b/Source/JavaScriptCore/runtime/RegExpConstructor.cpp >index e8d485b30ff20b7b2fc2c7c6e94b990b04e3b8a3..04d1a58748724da51e3b6323fce8aec13803c5c8 100644 >--- a/Source/JavaScriptCore/runtime/RegExpConstructor.cpp >+++ b/Source/JavaScriptCore/runtime/RegExpConstructor.cpp >@@ -314,13 +314,13 @@ EncodedJSValue JSC_HOST_CALL esSpecRegExpCreate(ExecState* exec) > static EncodedJSValue JSC_HOST_CALL constructWithRegExpConstructor(ExecState* exec) > { > ArgList args(exec); >- return JSValue::encode(constructRegExp(exec, jsCast<InternalFunction*>(exec->jsCallee())->globalObject(), args, exec->jsCallee(), exec->newTarget())); >+ return JSValue::encode(constructRegExp(exec, jsCast<InternalFunction*>(exec->jsCallee())->globalObject(exec->vm()), args, exec->jsCallee(), exec->newTarget())); > } > > static EncodedJSValue JSC_HOST_CALL callRegExpConstructor(ExecState* exec) > { > ArgList args(exec); >- return JSValue::encode(constructRegExp(exec, jsCast<InternalFunction*>(exec->jsCallee())->globalObject(), args, exec->jsCallee())); >+ return JSValue::encode(constructRegExp(exec, jsCast<InternalFunction*>(exec->jsCallee())->globalObject(exec->vm()), args, exec->jsCallee())); > } > > } // namespace JSC >diff --git a/Source/JavaScriptCore/runtime/SamplingProfiler.cpp b/Source/JavaScriptCore/runtime/SamplingProfiler.cpp >index 592af41ca1bd852094a8116fc1c1d5c190629a6e..5dad640feea387805746653b1df31f436c196d14 100644 >--- a/Source/JavaScriptCore/runtime/SamplingProfiler.cpp >+++ b/Source/JavaScriptCore/runtime/SamplingProfiler.cpp >@@ -504,7 +504,7 @@ void SamplingProfiler::processUnverifiedStackTraces() > FrameType result = FrameType::Unknown; > CallData callData; > CallType callType; >- callType = getCallData(calleeCell, callData); >+ callType = getCallData(m_vm, calleeCell, callData); > if (callType == CallType::Host) > result = FrameType::Host; > >@@ -716,7 +716,7 @@ String SamplingProfiler::StackFrame::nameFromCallee(VM& vm) > return String(); > > auto scope = DECLARE_CATCH_SCOPE(vm); >- ExecState* exec = callee->globalObject()->globalExec(); >+ ExecState* exec = callee->globalObject(vm)->globalExec(); > auto getPropertyIfPureOperation = [&] (const Identifier& ident) -> String { > PropertySlot slot(callee, PropertySlot::InternalMethodType::VMInquiry); > PropertyName propertyName(ident); >diff --git a/Source/JavaScriptCore/runtime/ScopedArguments.cpp b/Source/JavaScriptCore/runtime/ScopedArguments.cpp >index 9c24c0d9227d4dfc324b62c19bcbd5f8626e6b17..d1b8c2068e23bb86284865ef242d2c77d8865fc8 100644 >--- a/Source/JavaScriptCore/runtime/ScopedArguments.cpp >+++ b/Source/JavaScriptCore/runtime/ScopedArguments.cpp >@@ -135,7 +135,7 @@ void ScopedArguments::overrideThings(VM& vm) > > putDirect(vm, vm.propertyNames->length, jsNumber(m_table->length()), static_cast<unsigned>(PropertyAttribute::DontEnum)); > putDirect(vm, vm.propertyNames->callee, m_callee.get(), static_cast<unsigned>(PropertyAttribute::DontEnum)); >- putDirect(vm, vm.propertyNames->iteratorSymbol, globalObject()->arrayProtoValuesFunction(), static_cast<unsigned>(PropertyAttribute::DontEnum)); >+ putDirect(vm, vm.propertyNames->iteratorSymbol, globalObject(vm)->arrayProtoValuesFunction(), static_cast<unsigned>(PropertyAttribute::DontEnum)); > > storageHeader().overrodeThings = true; > } >diff --git a/Source/JavaScriptCore/runtime/ScriptExecutable.cpp b/Source/JavaScriptCore/runtime/ScriptExecutable.cpp >index 5edf7aa294284a748825e5eb0aead17634c40047..390cddec5cbb0354a64a67aee1e2d482c67dc043 100644 >--- a/Source/JavaScriptCore/runtime/ScriptExecutable.cpp >+++ b/Source/JavaScriptCore/runtime/ScriptExecutable.cpp >@@ -177,7 +177,7 @@ CodeBlock* ScriptExecutable::newCodeBlockFor( > ASSERT(vm->heap.isDeferred()); > ASSERT(endColumn() != UINT_MAX); > >- JSGlobalObject* globalObject = scope->globalObject(); >+ JSGlobalObject* globalObject = scope->globalObject(*vm); > ExecState* exec = globalObject->globalExec(); > > if (classInfo(*vm) == EvalExecutable::info()) { >@@ -331,7 +331,7 @@ JSObject* ScriptExecutable::prepareForExecutionImpl( > DeferGCForAWhile deferGC(vm.heap); > > if (vm.getAndClearFailNextNewCodeBlock()) { >- auto& state = *scope->globalObject()->globalExec(); >+ auto& state = *scope->globalObject(vm)->globalExec(); > return throwException(&state, throwScope, createError(&state, ASCIILiteral("Forced Failure"))); > } > >diff --git a/Source/JavaScriptCore/runtime/SetConstructor.cpp b/Source/JavaScriptCore/runtime/SetConstructor.cpp >index ff9d2b2fe58fb073b2cfe563c37beac67d93526c..0412e51bd5af1eee522f19bafaab139bda5df097 100644 >--- a/Source/JavaScriptCore/runtime/SetConstructor.cpp >+++ b/Source/JavaScriptCore/runtime/SetConstructor.cpp >@@ -67,7 +67,7 @@ static EncodedJSValue JSC_HOST_CALL constructSet(ExecState* exec) > VM& vm = exec->vm(); > auto scope = DECLARE_THROW_SCOPE(vm); > >- JSGlobalObject* globalObject = jsCast<InternalFunction*>(exec->jsCallee())->globalObject(); >+ JSGlobalObject* globalObject = jsCast<InternalFunction*>(exec->jsCallee())->globalObject(vm); > Structure* setStructure = InternalFunction::createSubclassStructure(exec, exec->newTarget(), globalObject->setStructure()); > RETURN_IF_EXCEPTION(scope, encodedJSValue()); > >@@ -91,7 +91,7 @@ static EncodedJSValue JSC_HOST_CALL constructSet(ExecState* exec) > RETURN_IF_EXCEPTION(scope, encodedJSValue()); > > CallData adderFunctionCallData; >- CallType adderFunctionCallType = getCallData(adderFunction, adderFunctionCallData); >+ CallType adderFunctionCallType = getCallData(vm, adderFunction, adderFunctionCallData); > if (UNLIKELY(adderFunctionCallType == CallType::None)) > return JSValue::encode(throwTypeError(exec, scope)); > >diff --git a/Source/JavaScriptCore/runtime/SparseArrayValueMap.cpp b/Source/JavaScriptCore/runtime/SparseArrayValueMap.cpp >index e992988e4cb836d36ad1e6bdde255c1cc657a0c7..a6882395bafad018482c689d40dc24566bd9a824 100644 >--- a/Source/JavaScriptCore/runtime/SparseArrayValueMap.cpp >+++ b/Source/JavaScriptCore/runtime/SparseArrayValueMap.cpp >@@ -117,7 +117,7 @@ bool SparseArrayValueMap::putEntry(ExecState* exec, JSObject* array, unsigned i, > // To save a separate find & add, we first always add to the sparse map. > // In the uncommon case that this is a new property, and the array is not > // extensible, this is not the right thing to have done - so remove again. >- if (result.isNewEntry && !array->isStructureExtensible()) { >+ if (result.isNewEntry && !array->isStructureExtensible(vm)) { > remove(result.iterator); > return typeError(exec, scope, shouldThrow, ASCIILiteral(ReadonlyPropertyWriteError)); > } >@@ -140,7 +140,7 @@ bool SparseArrayValueMap::putDirect(ExecState* exec, JSObject* array, unsigned i > // To save a separate find & add, we first always add to the sparse map. > // In the uncommon case that this is a new property, and the array is not > // extensible, this is not the right thing to have done - so remove again. >- if (mode != PutDirectIndexLikePutDirect && result.isNewEntry && !array->isStructureExtensible()) { >+ if (mode != PutDirectIndexLikePutDirect && result.isNewEntry && !array->isStructureExtensible(vm)) { > remove(result.iterator); > return typeError(exec, scope, shouldThrow, ASCIILiteral(NonExtensibleObjectPropertyDefineError)); > } >diff --git a/Source/JavaScriptCore/runtime/StringConstructor.cpp b/Source/JavaScriptCore/runtime/StringConstructor.cpp >index 0b10d8f40b8363cbd04368986c339b59512b209e..da63200d4454a887c79e1e17c80ef088b30ffdd9 100644 >--- a/Source/JavaScriptCore/runtime/StringConstructor.cpp >+++ b/Source/JavaScriptCore/runtime/StringConstructor.cpp >@@ -130,8 +130,8 @@ static EncodedJSValue JSC_HOST_CALL stringFromCodePoint(ExecState* exec) > > static EncodedJSValue JSC_HOST_CALL constructWithStringConstructor(ExecState* exec) > { >- JSGlobalObject* globalObject = jsCast<InternalFunction*>(exec->jsCallee())->globalObject(); >- VM& vm = globalObject->vm(); >+ VM& vm = exec->vm(); >+ JSGlobalObject* globalObject = jsCast<InternalFunction*>(exec->jsCallee())->globalObject(vm); > auto scope = DECLARE_THROW_SCOPE(vm); > > Structure* structure = InternalFunction::createSubclassStructure(exec, exec->newTarget(), globalObject->stringObjectStructure()); >diff --git a/Source/JavaScriptCore/runtime/StringPrototype.cpp b/Source/JavaScriptCore/runtime/StringPrototype.cpp >index b50b174cf90e37a49e1276d4cbe2c0e10629fca7..6bf91bd32e26e6acff588325341727496e26f2dd 100644 >--- a/Source/JavaScriptCore/runtime/StringPrototype.cpp >+++ b/Source/JavaScriptCore/runtime/StringPrototype.cpp >@@ -766,7 +766,7 @@ static ALWAYS_INLINE JSString* replaceUsingRegExpSearch(VM& vm, ExecState* exec, > > String replacementString; > CallData callData; >- CallType callType = getCallData(replaceValue, callData); >+ CallType callType = getCallData(vm, replaceValue, callData); > if (callType == CallType::None) { > replacementString = replaceValue.toWTFString(exec); > RETURN_IF_EXCEPTION(scope, nullptr); >@@ -792,7 +792,7 @@ static ALWAYS_INLINE JSString* replaceUsingStringSearch(VM& vm, ExecState* exec, > return jsString; > > CallData callData; >- CallType callType = getCallData(replaceValue, callData); >+ CallType callType = getCallData(vm, replaceValue, callData); > if (callType != CallType::None) { > MarkedArgumentBuffer args; > args.append(jsSubstring(exec, string, matchStart, searchString.impl()->length())); >@@ -1812,7 +1812,7 @@ EncodedJSValue JSC_HOST_CALL stringProtoFuncIterator(ExecState* exec) > return throwVMTypeError(exec, scope); > JSString* string = thisValue.toString(exec); > RETURN_IF_EXCEPTION(scope, encodedJSValue()); >- return JSValue::encode(JSStringIterator::create(exec, exec->jsCallee()->globalObject()->stringIteratorStructure(), string)); >+ return JSValue::encode(JSStringIterator::create(exec, exec->jsCallee()->globalObject(vm)->stringIteratorStructure(), string)); > } > > enum class NormalizationForm { >diff --git a/Source/JavaScriptCore/runtime/Structure.cpp b/Source/JavaScriptCore/runtime/Structure.cpp >index c5959b2f54e9ca6bc2b87a454ab16e9987d5917d..a7fef4542263f0fcacc2af786000d39babbac0f7 100644 >--- a/Source/JavaScriptCore/runtime/Structure.cpp >+++ b/Source/JavaScriptCore/runtime/Structure.cpp >@@ -346,7 +346,7 @@ void Structure::findStructuresAndMapForMaterialization(Vector<Structure*, 8>& st > > PropertyTable* Structure::materializePropertyTable(VM& vm, bool setPropertyTable) > { >- ASSERT(structure()->classInfo() == info()); >+ ASSERT(structure(vm)->classInfo() == info()); > ASSERT(!isAddingPropertyForTransition()); > > DeferGC deferGC(vm.heap); >@@ -897,7 +897,7 @@ void Structure::willStoreValueSlow( > InferredTypeTable::StoredPropertyAge age) > { > ASSERT(!isCompilationThread()); >- ASSERT(structure()->classInfo() == info()); >+ ASSERT(structure(vm)->classInfo() == info()); > ASSERT(!hasBeenDictionary()); > > ASSERT_WITH_MESSAGE(VM::canUseJIT(), "We don't want to use memory for inferred types unless we're using the JIT."); >diff --git a/Source/JavaScriptCore/runtime/StructureCache.cpp b/Source/JavaScriptCore/runtime/StructureCache.cpp >index 205dea6b026873ce739c40eaa8818a8964d41ae1..7dcdea23145c6b621444403ced1213612e9a5212 100644 >--- a/Source/JavaScriptCore/runtime/StructureCache.cpp >+++ b/Source/JavaScriptCore/runtime/StructureCache.cpp >@@ -67,7 +67,7 @@ Structure* StructureCache::emptyStructureForPrototypeFromBaseStructure(JSGlobalO > { > // We currently do not have inline capacity static analysis for subclasses and all internal function constructors have a default inline capacity of 0. > IndexingType indexingType = baseStructure->indexingType(); >- if (prototype->anyObjectInChainMayInterceptIndexedAccesses() && hasIndexedProperties(indexingType)) >+ if (prototype->anyObjectInChainMayInterceptIndexedAccesses(globalObject->vm()) && hasIndexedProperties(indexingType)) > indexingType = (indexingType & ~IndexingShapeMask) | SlowPutArrayStorageShape; > > return createEmptyStructure(globalObject, prototype, baseStructure->typeInfo(), baseStructure->classInfo(), indexingType, 0, false, nullptr); >diff --git a/Source/JavaScriptCore/runtime/StructureInlines.h b/Source/JavaScriptCore/runtime/StructureInlines.h >index 8cf28a89f1851067f5c191dc8d20eb402d5d1f51..6bd8ef4fe28820605724cb1334e78fef2606cbf6 100644 >--- a/Source/JavaScriptCore/runtime/StructureInlines.h >+++ b/Source/JavaScriptCore/runtime/StructureInlines.h >@@ -119,7 +119,7 @@ ALWAYS_INLINE PropertyOffset Structure::get(VM& vm, PropertyName propertyName, u > ALWAYS_INLINE PropertyOffset Structure::get(VM& vm, PropertyName propertyName, unsigned& attributes, bool& hasInferredType) > { > ASSERT(!isCompilationThread()); >- ASSERT(structure()->classInfo() == info()); >+ ASSERT(structure(vm)->classInfo() == info()); > > PropertyTable* propertyTable = ensurePropertyTableIfNotEmpty(vm); > if (!propertyTable) >diff --git a/Source/JavaScriptCore/runtime/WeakMapConstructor.cpp b/Source/JavaScriptCore/runtime/WeakMapConstructor.cpp >index 1963659e3f248c8ae39bdb5933a29e67b66984f4..e0fe2a81530b50662ff88a5d621a3ac5f57a0e33 100644 >--- a/Source/JavaScriptCore/runtime/WeakMapConstructor.cpp >+++ b/Source/JavaScriptCore/runtime/WeakMapConstructor.cpp >@@ -65,7 +65,7 @@ static EncodedJSValue JSC_HOST_CALL constructWeakMap(ExecState* exec) > VM& vm = exec->vm(); > auto scope = DECLARE_THROW_SCOPE(vm); > >- JSGlobalObject* globalObject = jsCast<InternalFunction*>(exec->jsCallee())->globalObject(); >+ JSGlobalObject* globalObject = jsCast<InternalFunction*>(exec->jsCallee())->globalObject(vm); > Structure* weakMapStructure = InternalFunction::createSubclassStructure(exec, exec->newTarget(), globalObject->weakMapStructure()); > RETURN_IF_EXCEPTION(scope, encodedJSValue()); > JSWeakMap* weakMap = JSWeakMap::create(vm, weakMapStructure); >@@ -77,7 +77,7 @@ static EncodedJSValue JSC_HOST_CALL constructWeakMap(ExecState* exec) > RETURN_IF_EXCEPTION(scope, encodedJSValue()); > > CallData adderFunctionCallData; >- CallType adderFunctionCallType = getCallData(adderFunction, adderFunctionCallData); >+ CallType adderFunctionCallType = getCallData(vm, adderFunction, adderFunctionCallData); > if (adderFunctionCallType == CallType::None) > return JSValue::encode(throwTypeError(exec, scope)); > >diff --git a/Source/JavaScriptCore/runtime/WeakSetConstructor.cpp b/Source/JavaScriptCore/runtime/WeakSetConstructor.cpp >index 001c86510211064e80796447e17b4e2b57618c12..07dd2fb2ad83183f0002fb406eef92b2fb3ce5e5 100644 >--- a/Source/JavaScriptCore/runtime/WeakSetConstructor.cpp >+++ b/Source/JavaScriptCore/runtime/WeakSetConstructor.cpp >@@ -65,7 +65,7 @@ static EncodedJSValue JSC_HOST_CALL constructWeakSet(ExecState* exec) > VM& vm = exec->vm(); > auto scope = DECLARE_THROW_SCOPE(vm); > >- JSGlobalObject* globalObject = jsCast<InternalFunction*>(exec->jsCallee())->globalObject(); >+ JSGlobalObject* globalObject = jsCast<InternalFunction*>(exec->jsCallee())->globalObject(vm); > Structure* weakSetStructure = InternalFunction::createSubclassStructure(exec, exec->newTarget(), globalObject->weakSetStructure()); > RETURN_IF_EXCEPTION(scope, encodedJSValue()); > JSWeakSet* weakSet = JSWeakSet::create(vm, weakSetStructure); >@@ -77,7 +77,7 @@ static EncodedJSValue JSC_HOST_CALL constructWeakSet(ExecState* exec) > RETURN_IF_EXCEPTION(scope, encodedJSValue()); > > CallData adderFunctionCallData; >- CallType adderFunctionCallType = getCallData(adderFunction, adderFunctionCallData); >+ CallType adderFunctionCallType = getCallData(vm, adderFunction, adderFunctionCallData); > if (adderFunctionCallType == CallType::None) > return JSValue::encode(throwTypeError(exec, scope)); > >diff --git a/Source/JavaScriptCore/tools/HeapVerifier.cpp b/Source/JavaScriptCore/tools/HeapVerifier.cpp >index a7f927f9b9f05a161d06dd902a11efcc2062d261..dff1707bc763841b64ad17eac9d92fe62df83f32 100644 >--- a/Source/JavaScriptCore/tools/HeapVerifier.cpp >+++ b/Source/JavaScriptCore/tools/HeapVerifier.cpp >@@ -388,7 +388,7 @@ void HeapVerifier::reportCell(CellProfile& profile, int cycleIndex, HeapVerifier > > if (profile.isLive() && profile.isJSCell()) { > JSCell* jsCell = profile.jsCell(); >- Structure* structure = jsCell->structure(); >+ Structure* structure = jsCell->structure(*vm); > dataLog(" structure:", RawPointer(structure)); > if (jsCell->isObject()) { > JSObject* obj = static_cast<JSObject*>(cell); >diff --git a/Source/JavaScriptCore/tools/JSDollarVM.cpp b/Source/JavaScriptCore/tools/JSDollarVM.cpp >index 3f466808bd76f7db3926cfd95c101b1044d7d191..1204fc3b0e778454031ed2713fcc37d117065573 100644 >--- a/Source/JavaScriptCore/tools/JSDollarVM.cpp >+++ b/Source/JavaScriptCore/tools/JSDollarVM.cpp >@@ -1691,7 +1691,7 @@ static EncodedJSValue JSC_HOST_CALL functionGlobalObjectForObject(ExecState* exe > { > JSValue value = exec->argument(0); > RELEASE_ASSERT(value.isObject()); >- JSGlobalObject* globalObject = jsCast<JSObject*>(value)->globalObject(); >+ JSGlobalObject* globalObject = jsCast<JSObject*>(value)->globalObject(exec->vm()); > RELEASE_ASSERT(globalObject); > return JSValue::encode(globalObject); > } >@@ -1767,7 +1767,7 @@ void JSDollarVM::finishCreation(VM& vm) > { > Base::finishCreation(vm); > >- JSGlobalObject* globalObject = structure(vm)->globalObject(); >+ JSGlobalObject* globalObject = this->globalObject(vm); > > auto addFunction = [&] (VM& vm, const char* name, NativeFunction function, unsigned arguments) { > JSDollarVM::addFunction(vm, globalObject, name, function, arguments); >diff --git a/Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.cpp b/Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.cpp >index 6bd056bf310ee7ab09debe6ea3436b1950a08969..d9dfd85e34de051ca9fa0b61e3ecbeefeb472b77 100644 >--- a/Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.cpp >+++ b/Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.cpp >@@ -98,7 +98,7 @@ void JSWebAssemblyInstance::finalizeCreation(VM& vm, ExecState* exec, Ref<Wasm:: > auto scope = DECLARE_THROW_SCOPE(vm); > > if (!wasmCodeBlock->runnable()) { >- throwException(exec, scope, JSWebAssemblyLinkError::create(exec, vm, globalObject()->WebAssemblyLinkErrorStructure(), wasmCodeBlock->errorMessage())); >+ throwException(exec, scope, JSWebAssemblyLinkError::create(exec, vm, globalObject(vm)->WebAssemblyLinkErrorStructure(), wasmCodeBlock->errorMessage())); > return; > } > >@@ -114,7 +114,7 @@ void JSWebAssemblyInstance::finalizeCreation(VM& vm, ExecState* exec, Ref<Wasm:: > } else { > jsCodeBlock = JSWebAssemblyCodeBlock::create(vm, WTFMove(wasmCodeBlock), module()->module().moduleInformation()); > if (UNLIKELY(!jsCodeBlock->runnable())) { >- throwException(exec, scope, JSWebAssemblyLinkError::create(exec, vm, globalObject()->WebAssemblyLinkErrorStructure(), jsCodeBlock->errorMessage())); >+ throwException(exec, scope, JSWebAssemblyLinkError::create(exec, vm, globalObject(vm)->WebAssemblyLinkErrorStructure(), jsCodeBlock->errorMessage())); > return; > } > m_codeBlock.set(vm, this, jsCodeBlock); >diff --git a/Source/JavaScriptCore/wasm/js/WasmToJS.cpp b/Source/JavaScriptCore/wasm/js/WasmToJS.cpp >index 96ca6fec3320a6ed428b76857335d391ad25bd39..934a3619527a218a391ad11ad527b3b0d542cb51 100644 >--- a/Source/JavaScriptCore/wasm/js/WasmToJS.cpp >+++ b/Source/JavaScriptCore/wasm/js/WasmToJS.cpp >@@ -102,7 +102,7 @@ static Expected<MacroAssemblerCodeRef<WasmEntryPtrTag>, BindingFailure> handleBa > > { > auto throwScope = DECLARE_THROW_SCOPE(*vm); >- JSGlobalObject* globalObject = instance->globalObject(); >+ JSGlobalObject* globalObject = instance->globalObject(*vm); > auto* error = ErrorInstance::create(exec, *vm, globalObject->typeErrorConstructor()->errorStructure(), ASCIILiteral("i64 not allowed as return type or argument to an imported function")); > throwException(exec, throwScope, error); > } >@@ -664,10 +664,10 @@ Expected<MacroAssemblerCodeRef<WasmEntryPtrTag>, BindingFailure> wasmToJS(VM* vm > > void* wasmToJSException(ExecState* exec, Wasm::ExceptionType type, Instance* wasmInstance) > { >+ VM& vm = exec->vm(); > wasmInstance->storeTopCallFrame(exec); > JSWebAssemblyInstance* instance = wasmInstance->owner<JSWebAssemblyInstance>(); >- JSGlobalObject* globalObject = instance->globalObject(); >- VM& vm = globalObject->vm(); >+ JSGlobalObject* globalObject = instance->globalObject(vm); > > { > auto throwScope = DECLARE_THROW_SCOPE(vm); >diff --git a/Source/JavaScriptCore/wasm/js/WebAssemblyCompileErrorConstructor.cpp b/Source/JavaScriptCore/wasm/js/WebAssemblyCompileErrorConstructor.cpp >index 640a4b587d093d08b04008f5ad15ea2951bab26a..53f798dbfe0b24fce0a0b5a962a98da4c9960380 100644 >--- a/Source/JavaScriptCore/wasm/js/WebAssemblyCompileErrorConstructor.cpp >+++ b/Source/JavaScriptCore/wasm/js/WebAssemblyCompileErrorConstructor.cpp >@@ -49,7 +49,7 @@ static EncodedJSValue JSC_HOST_CALL constructJSWebAssemblyCompileError(ExecState > auto& vm = exec->vm(); > auto scope = DECLARE_THROW_SCOPE(vm); > JSValue message = exec->argument(0); >- auto* structure = InternalFunction::createSubclassStructure(exec, exec->newTarget(), jsCast<InternalFunction*>(exec->jsCallee())->globalObject()->WebAssemblyCompileErrorStructure()); >+ auto* structure = InternalFunction::createSubclassStructure(exec, exec->newTarget(), jsCast<InternalFunction*>(exec->jsCallee())->globalObject(vm)->WebAssemblyCompileErrorStructure()); > RETURN_IF_EXCEPTION(scope, encodedJSValue()); > return JSValue::encode(JSWebAssemblyCompileError::create(exec, vm, structure, message)); > } >@@ -57,7 +57,7 @@ static EncodedJSValue JSC_HOST_CALL constructJSWebAssemblyCompileError(ExecState > static EncodedJSValue JSC_HOST_CALL callJSWebAssemblyCompileError(ExecState* exec) > { > JSValue message = exec->argument(0); >- Structure* errorStructure = jsCast<InternalFunction*>(exec->jsCallee())->globalObject()->WebAssemblyCompileErrorStructure(); >+ Structure* errorStructure = jsCast<InternalFunction*>(exec->jsCallee())->globalObject(exec->vm())->WebAssemblyCompileErrorStructure(); > return JSValue::encode(ErrorInstance::create(exec, errorStructure, message, nullptr, TypeNothing, false)); > } > >diff --git a/Source/JavaScriptCore/wasm/js/WebAssemblyLinkErrorConstructor.cpp b/Source/JavaScriptCore/wasm/js/WebAssemblyLinkErrorConstructor.cpp >index 14300282fc3c073c0d1723a99688efac8aaff213..991662751617bf2423cef7729180f0f90186e504 100644 >--- a/Source/JavaScriptCore/wasm/js/WebAssemblyLinkErrorConstructor.cpp >+++ b/Source/JavaScriptCore/wasm/js/WebAssemblyLinkErrorConstructor.cpp >@@ -49,7 +49,7 @@ static EncodedJSValue JSC_HOST_CALL constructJSWebAssemblyLinkError(ExecState* e > auto& vm = exec->vm(); > auto scope = DECLARE_THROW_SCOPE(vm); > JSValue message = exec->argument(0); >- auto* structure = InternalFunction::createSubclassStructure(exec, exec->newTarget(), jsCast<InternalFunction*>(exec->jsCallee())->globalObject()->WebAssemblyLinkErrorStructure()); >+ auto* structure = InternalFunction::createSubclassStructure(exec, exec->newTarget(), jsCast<InternalFunction*>(exec->jsCallee())->globalObject(vm)->WebAssemblyLinkErrorStructure()); > RETURN_IF_EXCEPTION(scope, encodedJSValue()); > return JSValue::encode(JSWebAssemblyLinkError::create(exec, vm, structure, message)); > } >@@ -57,7 +57,7 @@ static EncodedJSValue JSC_HOST_CALL constructJSWebAssemblyLinkError(ExecState* e > static EncodedJSValue JSC_HOST_CALL callJSWebAssemblyLinkError(ExecState* exec) > { > JSValue message = exec->argument(0); >- Structure* errorStructure = jsCast<InternalFunction*>(exec->jsCallee())->globalObject()->WebAssemblyLinkErrorStructure(); >+ Structure* errorStructure = jsCast<InternalFunction*>(exec->jsCallee())->globalObject(exec->vm())->WebAssemblyLinkErrorStructure(); > return JSValue::encode(ErrorInstance::create(exec, errorStructure, message, nullptr, TypeNothing, false)); > } > >diff --git a/Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp b/Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp >index 4c00a84fdd4c1074e9d8695a19a2a1160624188e..56404599ed6843f4c3e8b394db8d2e91302030a2 100644 >--- a/Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp >+++ b/Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp >@@ -510,6 +510,7 @@ JSValue WebAssemblyModuleRecord::evaluate(ExecState* exec) > if (UNLIKELY(exception)) > return exception.value(); > >+ JSGlobalObject* globalObject = m_instance->globalObject(vm); > forEachElement([&] (const Wasm::Element& element, uint32_t tableIndex) { > for (uint32_t i = 0; i < element.functionIndices.size(); ++i) { > // FIXME: This essentially means we're exporting an import. >@@ -532,7 +533,7 @@ JSValue WebAssemblyModuleRecord::evaluate(ExecState* exec) > } > > table->setFunction(vm, tableIndex, >- WebAssemblyWrapperFunction::create(vm, m_instance->globalObject(), functionImport, functionIndex, m_instance.get(), signatureIndex)); >+ WebAssemblyWrapperFunction::create(vm, globalObject, functionImport, functionIndex, m_instance.get(), signatureIndex)); > ++tableIndex; > continue; > } >@@ -545,7 +546,7 @@ JSValue WebAssemblyModuleRecord::evaluate(ExecState* exec) > // Does (new Instance(...)).exports.foo === table.get(0)? > // https://bugs.webkit.org/show_bug.cgi?id=165825 > WebAssemblyFunction* function = WebAssemblyFunction::create( >- vm, m_instance->globalObject(), signature.argumentCount(), String(), m_instance.get(), embedderEntrypointCallee, entrypointLoadLocation, signatureIndex); >+ vm, globalObject, signature.argumentCount(), String(), m_instance.get(), embedderEntrypointCallee, entrypointLoadLocation, signatureIndex); > > table->setFunction(vm, tableIndex, function); > ++tableIndex; >@@ -566,7 +567,7 @@ JSValue WebAssemblyModuleRecord::evaluate(ExecState* exec) > > if (JSObject* startFunction = m_startFunction.get()) { > CallData callData; >- CallType callType = JSC::getCallData(startFunction, callData); >+ CallType callType = JSC::getCallData(vm, startFunction, callData); > call(exec, startFunction, callType, callData, jsUndefined(), *vm.emptyList); > RETURN_IF_EXCEPTION(scope, { }); > } >diff --git a/Source/JavaScriptCore/wasm/js/WebAssemblyPrototype.cpp b/Source/JavaScriptCore/wasm/js/WebAssemblyPrototype.cpp >index be55f052ed30435598b552813d9795f20491e70a..1e40b8a996969ad518dddf1bb6647407d1465b0f 100644 >--- a/Source/JavaScriptCore/wasm/js/WebAssemblyPrototype.cpp >+++ b/Source/JavaScriptCore/wasm/js/WebAssemblyPrototype.cpp >@@ -178,7 +178,7 @@ static void instantiate(VM& vm, ExecState* exec, JSPromiseDeferred* promise, JSW > module->module().compileAsync(&vm.wasmContext, instance->memoryMode(), createSharedTask<Wasm::CodeBlock::CallbackType>([promise, instance, module, importObject, resolveKind, creationMode, &vm] (Ref<Wasm::CodeBlock>&& refCodeBlock) mutable { > RefPtr<Wasm::CodeBlock> codeBlock = WTFMove(refCodeBlock); > vm.promiseDeferredTimer->scheduleWorkSoon(promise, [promise, instance, module, importObject, resolveKind, creationMode, &vm, codeBlock = WTFMove(codeBlock)] () mutable { >- ExecState* exec = instance->globalObject()->globalExec(); >+ ExecState* exec = instance->globalObject(vm)->globalExec(); > resolve(vm, exec, promise, instance, module, importObject, codeBlock.releaseNonNull(), resolveKind, creationMode); > }); > }), &Wasm::createJSToWasmWrapper, &Wasm::wasmToJSException); >diff --git a/Source/JavaScriptCore/wasm/js/WebAssemblyRuntimeErrorConstructor.cpp b/Source/JavaScriptCore/wasm/js/WebAssemblyRuntimeErrorConstructor.cpp >index f5a04496ea627d95b0c2750c4e62786ff2f444cf..b1019dcb2b9dd23d7db8eb928c7ed4a8a876f1a5 100644 >--- a/Source/JavaScriptCore/wasm/js/WebAssemblyRuntimeErrorConstructor.cpp >+++ b/Source/JavaScriptCore/wasm/js/WebAssemblyRuntimeErrorConstructor.cpp >@@ -49,7 +49,7 @@ static EncodedJSValue JSC_HOST_CALL constructJSWebAssemblyRuntimeError(ExecState > auto& vm = exec->vm(); > auto scope = DECLARE_THROW_SCOPE(vm); > JSValue message = exec->argument(0); >- auto* structure = InternalFunction::createSubclassStructure(exec, exec->newTarget(), jsCast<InternalFunction*>(exec->jsCallee())->globalObject()->WebAssemblyRuntimeErrorStructure()); >+ auto* structure = InternalFunction::createSubclassStructure(exec, exec->newTarget(), jsCast<InternalFunction*>(exec->jsCallee())->globalObject(vm)->WebAssemblyRuntimeErrorStructure()); > RETURN_IF_EXCEPTION(scope, encodedJSValue()); > return JSValue::encode(JSWebAssemblyRuntimeError::create(exec, vm, structure, message)); > } >@@ -57,7 +57,7 @@ static EncodedJSValue JSC_HOST_CALL constructJSWebAssemblyRuntimeError(ExecState > static EncodedJSValue JSC_HOST_CALL callJSWebAssemblyRuntimeError(ExecState* exec) > { > JSValue message = exec->argument(0); >- Structure* errorStructure = jsCast<InternalFunction*>(exec->jsCallee())->globalObject()->WebAssemblyRuntimeErrorStructure(); >+ Structure* errorStructure = jsCast<InternalFunction*>(exec->jsCallee())->globalObject(exec->vm())->WebAssemblyRuntimeErrorStructure(); > return JSValue::encode(ErrorInstance::create(exec, errorStructure, message, nullptr, TypeNothing, false)); > } > >diff --git a/Source/JavaScriptCore/wasm/js/WebAssemblyToJSCallee.cpp b/Source/JavaScriptCore/wasm/js/WebAssemblyToJSCallee.cpp >index 8ddd4d238d2894a36e36af74c3145e13ea5eceb4..550d7a92e9c581f4c44b0b3fca860efdc2316a8c 100644 >--- a/Source/JavaScriptCore/wasm/js/WebAssemblyToJSCallee.cpp >+++ b/Source/JavaScriptCore/wasm/js/WebAssemblyToJSCallee.cpp >@@ -37,7 +37,7 @@ const ClassInfo WebAssemblyToJSCallee::s_info = { "WebAssemblyToJSCallee", &Base > > WebAssemblyToJSCallee* WebAssemblyToJSCallee::create(VM& vm, JSWebAssemblyModule* module) > { >- Structure* structure = module->globalObject()->webAssemblyToJSCalleeStructure(); >+ Structure* structure = module->globalObject(vm)->webAssemblyToJSCalleeStructure(); > WebAssemblyToJSCallee* callee = new (NotNull, allocateCell<WebAssemblyToJSCallee>(vm.heap)) WebAssemblyToJSCallee(vm, structure); > callee->finishCreation(vm, module); > return callee; >diff --git a/Source/WebCore/bindings/js/JSCSSRuleListCustom.cpp b/Source/WebCore/bindings/js/JSCSSRuleListCustom.cpp >index 2cc03c924935ed9743f7cc41b13545e131a73173..f0550aa6443ee9d44655b95c09720e462dcd7bfe 100644 >--- a/Source/WebCore/bindings/js/JSCSSRuleListCustom.cpp >+++ b/Source/WebCore/bindings/js/JSCSSRuleListCustom.cpp >@@ -39,7 +39,7 @@ using namespace JSC; > bool JSCSSRuleListOwner::isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown> handle, void*, SlotVisitor& visitor) > { > JSCSSRuleList* jsCSSRuleList = jsCast<JSCSSRuleList*>(handle.slot()->asCell()); >- if (!jsCSSRuleList->hasCustomProperties()) >+ if (!jsCSSRuleList->hasCustomProperties(*jsCSSRuleList->vm())) > return false; > if (CSSStyleSheet* styleSheet = jsCSSRuleList->wrapped().styleSheet()) > return visitor.containsOpaqueRoot(root(styleSheet)); >diff --git a/Source/WebCore/bindings/js/JSCallbackData.cpp b/Source/WebCore/bindings/js/JSCallbackData.cpp >index 565bc740799bbf7760adbbbe57150ccf7d87724c..90a837eeaadd6774655b8635db81dbe2c15304b4 100644 >--- a/Source/WebCore/bindings/js/JSCallbackData.cpp >+++ b/Source/WebCore/bindings/js/JSCallbackData.cpp >@@ -60,7 +60,7 @@ JSValue JSCallbackData::invokeCallback(JSDOMGlobalObject& globalObject, JSObject > > ASSERT(!functionName.isNull()); > function = callback->get(exec, functionName); >- callType = getCallData(function, callData); >+ callType = getCallData(vm, function, callData); > if (callType == CallType::None) { > returnedException = JSC::Exception::create(vm, createTypeError(exec)); > return JSValue(); >diff --git a/Source/WebCore/bindings/js/JSCustomXPathNSResolver.cpp b/Source/WebCore/bindings/js/JSCustomXPathNSResolver.cpp >index 9781459df86b6a1e9f51cae1e04314a6ef305f5a..ed156d7d625e665a1135347a7867c36ed6a1cf1c 100644 >--- a/Source/WebCore/bindings/js/JSCustomXPathNSResolver.cpp >+++ b/Source/WebCore/bindings/js/JSCustomXPathNSResolver.cpp >@@ -69,12 +69,13 @@ String JSCustomXPathNSResolver::lookupNamespaceURI(const String& prefix) > JSLockHolder lock(commonVM()); > > ExecState* exec = m_globalObject->globalExec(); >+ VM& vm = exec->vm(); > > JSValue function = m_customResolver->get(exec, Identifier::fromString(exec, "lookupNamespaceURI")); > CallData callData; >- CallType callType = getCallData(function, callData); >+ CallType callType = getCallData(vm, function, callData); > if (callType == CallType::None) { >- callType = m_customResolver->methodTable()->getCallData(m_customResolver.get(), callData); >+ callType = m_customResolver->methodTable(vm)->getCallData(m_customResolver.get(), callData); > if (callType == CallType::None) { > if (PageConsoleClient* console = m_globalObject->wrapped().console()) > console->addMessage(MessageSource::JS, MessageLevel::Error, ASCIILiteral("XPathNSResolver does not have a lookupNamespaceURI method.")); >diff --git a/Source/WebCore/bindings/js/JSDOMBuiltinConstructorBase.cpp b/Source/WebCore/bindings/js/JSDOMBuiltinConstructorBase.cpp >index 333150e11a57c24202e80f0104c7390969e7de48..88b34de51e0d259fa1ffc9c8256c26889120aa8a 100644 >--- a/Source/WebCore/bindings/js/JSDOMBuiltinConstructorBase.cpp >+++ b/Source/WebCore/bindings/js/JSDOMBuiltinConstructorBase.cpp >@@ -32,7 +32,7 @@ void JSDOMBuiltinConstructorBase::callFunctionWithCurrentArguments(JSC::ExecStat > JSC::VM& vm = state.vm(); > auto scope = DECLARE_THROW_SCOPE(vm); > JSC::CallData callData; >- JSC::CallType callType = JSC::getCallData(&function, callData); >+ JSC::CallType callType = JSC::getCallData(vm, &function, callData); > ASSERT(callType != CallType::None); > > JSC::MarkedArgumentBuffer arguments; >diff --git a/Source/WebCore/bindings/js/JSDOMConvertScheduledAction.h b/Source/WebCore/bindings/js/JSDOMConvertScheduledAction.h >index 2eff93aa11de78c212c2ff9cf56cad757242f064..f704045afc927fcaa19c18e5a48d692b6fda8b22 100644 >--- a/Source/WebCore/bindings/js/JSDOMConvertScheduledAction.h >+++ b/Source/WebCore/bindings/js/JSDOMConvertScheduledAction.h >@@ -39,7 +39,7 @@ template<> struct Converter<IDLScheduledAction> : DefaultConverter<IDLScheduledA > auto scope = DECLARE_THROW_SCOPE(vm); > > JSC::CallData callData; >- if (getCallData(value, callData) == JSC::CallType::None) { >+ if (getCallData(vm, value, callData) == JSC::CallType::None) { > auto code = Converter<IDLDOMString>::convert(state, value); > RETURN_IF_EXCEPTION(scope, nullptr); > return ScheduledAction::create(globalObject.world(), WTFMove(code)); >diff --git a/Source/WebCore/bindings/js/JSDOMIterator.h b/Source/WebCore/bindings/js/JSDOMIterator.h >index f2ed724fd9b8b838c06acbc61446839b3d9f9ed6..8f9ca26c49d15bd52030a932106ac33bc116e4b9 100644 >--- a/Source/WebCore/bindings/js/JSDOMIterator.h >+++ b/Source/WebCore/bindings/js/JSDOMIterator.h >@@ -206,7 +206,7 @@ template<typename JSIterator> JSC::JSValue iteratorForEach(JSC::ExecState& state > JSC::JSValue thisValue = state.argument(1); > > JSC::CallData callData; >- JSC::CallType callType = JSC::getCallData(callback, callData); >+ JSC::CallType callType = JSC::getCallData(state.vm(), callback, callData); > if (callType == JSC::CallType::None) > return throwTypeError(&state, scope, ASCIILiteral("Cannot call callback")); > >diff --git a/Source/WebCore/bindings/js/JSDOMMapLike.cpp b/Source/WebCore/bindings/js/JSDOMMapLike.cpp >index 378de2961494a81ab8f95b9d31585dfa52f6183a..ffa35b05fd15ea71ea10f6bccf0a63a3702ead73 100644 >--- a/Source/WebCore/bindings/js/JSDOMMapLike.cpp >+++ b/Source/WebCore/bindings/js/JSDOMMapLike.cpp >@@ -68,7 +68,7 @@ JSC::JSValue forwardFunctionCallToBackingMap(JSC::ExecState& state, JSC::JSObjec > ASSERT(function); > > JSC::CallData callData; >- JSC::CallType callType = JSC::getCallData(function, callData); >+ JSC::CallType callType = JSC::getCallData(state.vm(), function, callData); > ASSERT(callType != JSC::CallType::None); > JSC::MarkedArgumentBuffer arguments; > for (size_t cptr = 0; cptr < state.argumentCount(); ++cptr) >@@ -85,7 +85,7 @@ JSC::JSValue forwardForEachCallToBackingMap(JSC::ExecState& state, JSDOMGlobalOb > getBackingMap(state, mapLike); > > JSC::CallData callData; >- JSC::CallType callType = JSC::getCallData(function, callData); >+ JSC::CallType callType = JSC::getCallData(state.vm(), function, callData); > ASSERT(callType != JSC::CallType::None); > JSC::MarkedArgumentBuffer arguments; > for (size_t cptr = 0; cptr < state.argumentCount(); ++cptr) >diff --git a/Source/WebCore/bindings/js/JSDOMPromise.cpp b/Source/WebCore/bindings/js/JSDOMPromise.cpp >index 7a88d8305569a2e73852d9245b83b81232518150..24c5ce711ac60e62b124bb4624cd9f05256cf0ae 100644 >--- a/Source/WebCore/bindings/js/JSDOMPromise.cpp >+++ b/Source/WebCore/bindings/js/JSDOMPromise.cpp >@@ -40,9 +40,10 @@ namespace WebCore { > > static inline JSC::JSValue callFunction(JSC::ExecState& state, JSC::JSValue jsFunction, JSC::JSValue thisValue, const JSC::ArgList& arguments) > { >- auto scope = DECLARE_THROW_SCOPE(state.vm()); >+ VM& vm = state.vm(); >+ auto scope = DECLARE_THROW_SCOPE(vm); > JSC::CallData callData; >- auto callType = JSC::getCallData(jsFunction, callData); >+ auto callType = JSC::getCallData(vm, jsFunction, callData); > ASSERT(callType != JSC::CallType::None); > auto result = call(&state, jsFunction, callType, callData, thisValue, arguments); > >diff --git a/Source/WebCore/bindings/js/JSDOMPromiseDeferred.cpp b/Source/WebCore/bindings/js/JSDOMPromiseDeferred.cpp >index 2bc257d5c93ffe0ff04ece53f6645732f25d8608..09ad273342ebcfc6621e01536d050d7da6aceecd 100644 >--- a/Source/WebCore/bindings/js/JSDOMPromiseDeferred.cpp >+++ b/Source/WebCore/bindings/js/JSDOMPromiseDeferred.cpp >@@ -52,7 +52,7 @@ void DeferredPromise::callFunction(ExecState& exec, JSValue function, JSValue re > auto scope = DECLARE_THROW_SCOPE(vm); > > CallData callData; >- CallType callType = getCallData(function, callData); >+ CallType callType = getCallData(vm, function, callData); > ASSERT(callType != CallType::None); > > MarkedArgumentBuffer arguments; >@@ -207,7 +207,7 @@ JSC::EncodedJSValue createRejectedPromiseWithTypeError(JSC::ExecState& state, co > auto rejectionValue = createTypeError(&state, errorMessage); > > CallData callData; >- auto callType = getCallData(rejectFunction, callData); >+ auto callType = getCallData(state.vm(), rejectFunction, callData); > ASSERT(callType != CallType::None); > > MarkedArgumentBuffer arguments; >diff --git a/Source/WebCore/bindings/js/JSDeprecatedCSSOMValueCustom.cpp b/Source/WebCore/bindings/js/JSDeprecatedCSSOMValueCustom.cpp >index 3786790569091a3cc893a941152c3dad22686f5a..35c75fe347126421775609c4428cacf0a3cdf103 100644 >--- a/Source/WebCore/bindings/js/JSDeprecatedCSSOMValueCustom.cpp >+++ b/Source/WebCore/bindings/js/JSDeprecatedCSSOMValueCustom.cpp >@@ -38,7 +38,7 @@ using namespace JSC; > bool JSDeprecatedCSSOMValueOwner::isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown> handle, void*, SlotVisitor& visitor) > { > JSDeprecatedCSSOMValue* jsCSSValue = jsCast<JSDeprecatedCSSOMValue*>(handle.slot()->asCell()); >- if (!jsCSSValue->hasCustomProperties()) >+ if (!jsCSSValue->hasCustomProperties(*jsCSSValue->vm())) > return false; > return visitor.containsOpaqueRoot(root(&jsCSSValue->wrapped().owner())); > } >diff --git a/Source/WebCore/bindings/js/JSEventListener.cpp b/Source/WebCore/bindings/js/JSEventListener.cpp >index 123de4c0a2444c8562a84a37d8ebc25e2f43328e..9afacb5f67f94e4f166f8d31c621e847ebfc613f 100644 >--- a/Source/WebCore/bindings/js/JSEventListener.cpp >+++ b/Source/WebCore/bindings/js/JSEventListener.cpp >@@ -134,7 +134,7 @@ void JSEventListener::handleEvent(ScriptExecutionContext& scriptExecutionContext > JSValue handleEventFunction = jsFunction; > > CallData callData; >- CallType callType = getCallData(handleEventFunction, callData); >+ CallType callType = getCallData(vm, handleEventFunction, callData); > > // If jsFunction is not actually a function, see if it implements the EventListener interface and use that > if (callType == CallType::None) { >@@ -146,7 +146,7 @@ void JSEventListener::handleEvent(ScriptExecutionContext& scriptExecutionContext > reportException(exec, exception); > return; > } >- callType = getCallData(handleEventFunction, callData); >+ callType = getCallData(vm, handleEventFunction, callData); > } > > if (callType != CallType::None) { >diff --git a/Source/WebCore/bindings/js/JSNodeListCustom.cpp b/Source/WebCore/bindings/js/JSNodeListCustom.cpp >index 844880747004e835f7ebe1bbaba8dc8da6fc6539..9a1c873446953e321fb8e5569c94f3481ccef8f8 100644 >--- a/Source/WebCore/bindings/js/JSNodeListCustom.cpp >+++ b/Source/WebCore/bindings/js/JSNodeListCustom.cpp >@@ -40,7 +40,7 @@ using namespace JSC; > bool JSNodeListOwner::isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown> handle, void*, SlotVisitor& visitor) > { > JSNodeList* jsNodeList = jsCast<JSNodeList*>(handle.slot()->asCell()); >- if (!jsNodeList->hasCustomProperties()) >+ if (!jsNodeList->hasCustomProperties(*jsNodeList->vm())) > return false; > if (jsNodeList->wrapped().isLiveNodeList()) > return visitor.containsOpaqueRoot(root(static_cast<LiveNodeList&>(jsNodeList->wrapped()).ownerNode())); >diff --git a/Source/WebCore/bindings/js/JSPluginElementFunctions.cpp b/Source/WebCore/bindings/js/JSPluginElementFunctions.cpp >index 4e136c110e49bbcb7a9ebfd61c0b276b855d8fd5..7669ec7f2e7f07ae24e036e22703a08f2854ba8b 100644 >--- a/Source/WebCore/bindings/js/JSPluginElementFunctions.cpp >+++ b/Source/WebCore/bindings/js/JSPluginElementFunctions.cpp >@@ -135,7 +135,7 @@ bool pluginElementCustomPut(JSHTMLElement* element, ExecState* exec, PropertyNam > return false; > if (!scriptObject->hasProperty(exec, propertyName)) > return false; >- putResult = scriptObject->methodTable()->put(scriptObject, exec, propertyName, value, slot); >+ putResult = scriptObject->methodTable(exec->vm())->put(scriptObject, exec, propertyName, value, slot); > return true; > } > >@@ -154,7 +154,7 @@ static EncodedJSValue JSC_HOST_CALL callPlugin(ExecState* exec) > ASSERT(!argumentList.hasOverflowed()); > > CallData callData; >- CallType callType = getCallData(scriptObject, callData); >+ CallType callType = getCallData(exec->vm(), scriptObject, callData); > ASSERT(callType == CallType::Host); > > // Call the object. >diff --git a/Source/WebCore/bindings/js/JSWindowProxy.cpp b/Source/WebCore/bindings/js/JSWindowProxy.cpp >index ca32bb6a6e6113c5c0a81cd24ead1c63d96c9bd5..bf0e22591e546d0d81f63e48d66707fbacd61d63 100644 >--- a/Source/WebCore/bindings/js/JSWindowProxy.cpp >+++ b/Source/WebCore/bindings/js/JSWindowProxy.cpp >@@ -77,7 +77,7 @@ void JSWindowProxy::setWindow(VM& vm, JSDOMGlobalObject& window) > { > ASSERT(window.classInfo() == JSDOMWindow::info() || window.classInfo() == JSRemoteDOMWindow::info()); > setTarget(vm, &window); >- structure()->setGlobalObject(vm, &window); >+ structure(vm)->setGlobalObject(vm, &window); > GCController::singleton().garbageCollectSoon(); > } > >@@ -107,11 +107,11 @@ void JSWindowProxy::setWindow(AbstractDOMWindow& domWindow) > window = JSDOMWindow::create(vm, &windowStructure, downcast<DOMWindow>(domWindow), this); > } > >- prototype->structure()->setGlobalObject(vm, window); >+ prototype->structure(vm)->setGlobalObject(vm, window); > > auto& propertiesStructure = *JSDOMWindowProperties::createStructure(vm, window, JSEventTarget::prototype(vm, *window)); > auto& properties = *JSDOMWindowProperties::create(&propertiesStructure, *window); >- prototype->structure()->setPrototypeWithoutTransition(vm, &properties); >+ prototype->structure(vm)->setPrototypeWithoutTransition(vm, &properties); > > setWindow(vm, *window); > >diff --git a/Source/WebCore/bindings/js/ReadableStream.cpp b/Source/WebCore/bindings/js/ReadableStream.cpp >index 5d6186b6a9fbc88c51a528a8d57477512c1c9193..b793d41ba90cd80a945c4b73b003d2a772d0d7af 100644 >--- a/Source/WebCore/bindings/js/ReadableStream.cpp >+++ b/Source/WebCore/bindings/js/ReadableStream.cpp >@@ -62,9 +62,10 @@ Ref<ReadableStream> ReadableStream::create(JSC::ExecState& execState, RefPtr<Rea > namespace ReadableStreamInternal { > static inline JSC::JSValue callFunction(JSC::ExecState& state, JSC::JSValue jsFunction, JSC::JSValue thisValue, const JSC::ArgList& arguments) > { >- auto scope = DECLARE_CATCH_SCOPE(state.vm()); >+ VM& vm = state.vm(); >+ auto scope = DECLARE_CATCH_SCOPE(vm); > JSC::CallData callData; >- auto callType = JSC::getCallData(jsFunction, callData); >+ auto callType = JSC::getCallData(vm, jsFunction, callData); > ASSERT(callType != JSC::CallType::None); > auto result = call(&state, jsFunction, callType, callData, thisValue, arguments); > scope.assertNoException(); >diff --git a/Source/WebCore/bindings/js/ReadableStreamDefaultController.cpp b/Source/WebCore/bindings/js/ReadableStreamDefaultController.cpp >index 572ef567011912148531e508277c64e1922845e9..aa12d3ebca515fe8bcfb58777898f9852789a251 100644 >--- a/Source/WebCore/bindings/js/ReadableStreamDefaultController.cpp >+++ b/Source/WebCore/bindings/js/ReadableStreamDefaultController.cpp >@@ -44,7 +44,7 @@ namespace WebCore { > static inline JSC::JSValue callFunction(JSC::ExecState& state, JSC::JSValue jsFunction, JSC::JSValue thisValue, const JSC::ArgList& arguments) > { > JSC::CallData callData; >- auto callType = JSC::getCallData(jsFunction, callData); >+ auto callType = JSC::getCallData(state.vm(), jsFunction, callData); > return call(&state, jsFunction, callType, callData, thisValue, arguments); > } > >diff --git a/Source/WebCore/bindings/js/ScheduledAction.cpp b/Source/WebCore/bindings/js/ScheduledAction.cpp >index 510895fcd59961821dcd2fe3c29ad7250fb27372..15d126be3532b537b340d49aafa5264c01ff33f5 100644 >--- a/Source/WebCore/bindings/js/ScheduledAction.cpp >+++ b/Source/WebCore/bindings/js/ScheduledAction.cpp >@@ -96,7 +96,7 @@ void ScheduledAction::executeFunctionInContext(JSGlobalObject* globalObject, JSV > auto scope = DECLARE_THROW_SCOPE(vm); > > CallData callData; >- CallType callType = getCallData(m_function.get(), callData); >+ CallType callType = getCallData(vm, m_function.get(), callData); > if (callType == CallType::None) > return; > >diff --git a/Source/WebCore/bindings/js/SerializedScriptValue.cpp b/Source/WebCore/bindings/js/SerializedScriptValue.cpp >index 11f7664bb8e7afd6e6a97187a749bf3816a1f7b9..7388e0cfa5c1e84e77909dab8aa864972c8cd757 100644 >--- a/Source/WebCore/bindings/js/SerializedScriptValue.cpp >+++ b/Source/WebCore/bindings/js/SerializedScriptValue.cpp >@@ -699,10 +699,10 @@ class CloneSerializer : CloneBase { > write(TerminatorTag); > } > >- JSValue getProperty(JSObject* object, const Identifier& propertyName) >+ JSValue getProperty(VM& vm, JSObject* object, const Identifier& propertyName) > { > PropertySlot slot(object, PropertySlot::InternalMethodType::Get); >- if (object->methodTable()->getOwnPropertySlot(object, m_exec, propertyName, slot)) >+ if (object->methodTable(vm)->getOwnPropertySlot(object, m_exec, propertyName, slot)) > return slot.getValue(m_exec, propertyName); > return JSValue(); > } >@@ -1547,7 +1547,7 @@ SerializationReturnCode CloneSerializer::serialize(JSValue in) > propertyStack.removeLast(); > break; > } >- inValue = getProperty(object, properties[index]); >+ inValue = getProperty(vm, object, properties[index]); > if (shouldTerminate()) > return SerializationReturnCode::ExistingExceptionError; > >diff --git a/Source/WebCore/bindings/js/StructuredClone.cpp b/Source/WebCore/bindings/js/StructuredClone.cpp >index eed221235dc07d1ac7f4676dcd08f16c786cb0a1..3a38ac5ec6a23011bdb111ea016128a5b3bfe573 100644 >--- a/Source/WebCore/bindings/js/StructuredClone.cpp >+++ b/Source/WebCore/bindings/js/StructuredClone.cpp >@@ -90,27 +90,28 @@ EncodedJSValue JSC_HOST_CALL structuredCloneArrayBufferView(ExecState* state) > return { }; > } > auto bufferClone = ArrayBuffer::tryCreate(buffer->data(), buffer->byteLength()); >+ Structure* structure = bufferView->structure(vm); > > if (jsDynamicCast<JSInt8Array*>(vm, value)) >- return JSValue::encode(JSInt8Array::create(state, bufferView->structure(), WTFMove(bufferClone), bufferView->byteOffset(), bufferView->length())); >+ return JSValue::encode(JSInt8Array::create(state, structure, WTFMove(bufferClone), bufferView->byteOffset(), bufferView->length())); > if (jsDynamicCast<JSInt16Array*>(vm, value)) >- return JSValue::encode(JSInt16Array::create(state, bufferView->structure(), WTFMove(bufferClone), bufferView->byteOffset(), bufferView->length())); >+ return JSValue::encode(JSInt16Array::create(state, structure, WTFMove(bufferClone), bufferView->byteOffset(), bufferView->length())); > if (jsDynamicCast<JSInt32Array*>(vm, value)) >- return JSValue::encode(JSInt32Array::create(state, bufferView->structure(), WTFMove(bufferClone), bufferView->byteOffset(), bufferView->length())); >+ return JSValue::encode(JSInt32Array::create(state, structure, WTFMove(bufferClone), bufferView->byteOffset(), bufferView->length())); > if (jsDynamicCast<JSUint8Array*>(vm, value)) >- return JSValue::encode(JSUint8Array::create(state, bufferView->structure(), WTFMove(bufferClone), bufferView->byteOffset(), bufferView->length())); >+ return JSValue::encode(JSUint8Array::create(state, structure, WTFMove(bufferClone), bufferView->byteOffset(), bufferView->length())); > if (jsDynamicCast<JSUint8ClampedArray*>(vm, value)) >- return JSValue::encode(JSUint8ClampedArray::create(state, bufferView->structure(), WTFMove(bufferClone), bufferView->byteOffset(), bufferView->length())); >+ return JSValue::encode(JSUint8ClampedArray::create(state, structure, WTFMove(bufferClone), bufferView->byteOffset(), bufferView->length())); > if (jsDynamicCast<JSUint16Array*>(vm, value)) >- return JSValue::encode(JSUint16Array::create(state, bufferView->structure(), WTFMove(bufferClone), bufferView->byteOffset(), bufferView->length())); >+ return JSValue::encode(JSUint16Array::create(state, structure, WTFMove(bufferClone), bufferView->byteOffset(), bufferView->length())); > if (jsDynamicCast<JSUint32Array*>(vm, value)) >- return JSValue::encode(JSUint32Array::create(state, bufferView->structure(), WTFMove(bufferClone), bufferView->byteOffset(), bufferView->length())); >+ return JSValue::encode(JSUint32Array::create(state, structure, WTFMove(bufferClone), bufferView->byteOffset(), bufferView->length())); > if (jsDynamicCast<JSFloat32Array*>(vm, value)) >- return JSValue::encode(JSFloat32Array::create(state, bufferView->structure(), WTFMove(bufferClone), bufferView->byteOffset(), bufferView->length())); >+ return JSValue::encode(JSFloat32Array::create(state, structure, WTFMove(bufferClone), bufferView->byteOffset(), bufferView->length())); > if (jsDynamicCast<JSFloat64Array*>(vm, value)) >- return JSValue::encode(JSFloat64Array::create(state, bufferView->structure(), WTFMove(bufferClone), bufferView->byteOffset(), bufferView->length())); >+ return JSValue::encode(JSFloat64Array::create(state, structure, WTFMove(bufferClone), bufferView->byteOffset(), bufferView->length())); > if (jsDynamicCast<JSDataView*>(vm, value)) >- return JSValue::encode(JSDataView::create(state, bufferView->structure(), WTFMove(bufferClone), bufferView->byteOffset(), bufferView->length())); >+ return JSValue::encode(JSDataView::create(state, structure, WTFMove(bufferClone), bufferView->byteOffset(), bufferView->length())); > > ASSERT_NOT_REACHED(); > return JSValue::encode(jsUndefined()); >diff --git a/Source/WebCore/bindings/js/WorkerScriptController.cpp b/Source/WebCore/bindings/js/WorkerScriptController.cpp >index 547bb67405c18057a11c0ff2ec626a5248474b10..83ae56764a4bb1cc728a12d0009ca86c3ebf7858 100644 >--- a/Source/WebCore/bindings/js/WorkerScriptController.cpp >+++ b/Source/WebCore/bindings/js/WorkerScriptController.cpp >@@ -86,12 +86,12 @@ void WorkerScriptController::initScript() > m_workerGlobalScopeWrapper.set(*m_vm, JSDedicatedWorkerGlobalScope::create(*m_vm, structure, static_cast<DedicatedWorkerGlobalScope&>(*m_workerGlobalScope), proxy)); > dedicatedContextPrototypeStructure->setGlobalObject(*m_vm, m_workerGlobalScopeWrapper.get()); > ASSERT(structure->globalObject() == m_workerGlobalScopeWrapper); >- ASSERT(m_workerGlobalScopeWrapper->structure()->globalObject() == m_workerGlobalScopeWrapper); >- dedicatedContextPrototype->structure()->setGlobalObject(*m_vm, m_workerGlobalScopeWrapper.get()); >- dedicatedContextPrototype->structure()->setPrototypeWithoutTransition(*m_vm, JSWorkerGlobalScope::prototype(*m_vm, *m_workerGlobalScopeWrapper.get())); >+ ASSERT(m_workerGlobalScopeWrapper->structure(*m_vm)->globalObject() == m_workerGlobalScopeWrapper); >+ dedicatedContextPrototype->structure(*m_vm)->setGlobalObject(*m_vm, m_workerGlobalScopeWrapper.get()); >+ dedicatedContextPrototype->structure(*m_vm)->setPrototypeWithoutTransition(*m_vm, JSWorkerGlobalScope::prototype(*m_vm, *m_workerGlobalScopeWrapper.get())); > > proxy->setTarget(*m_vm, m_workerGlobalScopeWrapper.get()); >- proxy->structure()->setGlobalObject(*m_vm, m_workerGlobalScopeWrapper.get()); >+ proxy->structure(*m_vm)->setGlobalObject(*m_vm, m_workerGlobalScopeWrapper.get()); > #if ENABLE(SERVICE_WORKER) > } else if (m_workerGlobalScope->isServiceWorkerGlobalScope()) { > Structure* contextPrototypeStructure = JSServiceWorkerGlobalScopePrototype::createStructure(*m_vm, nullptr, jsNull()); >@@ -104,11 +104,11 @@ void WorkerScriptController::initScript() > contextPrototypeStructure->setGlobalObject(*m_vm, m_workerGlobalScopeWrapper.get()); > ASSERT(structure->globalObject() == m_workerGlobalScopeWrapper); > ASSERT(m_workerGlobalScopeWrapper->structure()->globalObject() == m_workerGlobalScopeWrapper); >- contextPrototype->structure()->setGlobalObject(*m_vm, m_workerGlobalScopeWrapper.get()); >- contextPrototype->structure()->setPrototypeWithoutTransition(*m_vm, JSWorkerGlobalScope::prototype(*m_vm, *m_workerGlobalScopeWrapper.get())); >+ contextPrototype->structure(*m_vm)->setGlobalObject(*m_vm, m_workerGlobalScopeWrapper.get()); >+ contextPrototype->structure(*m_vm)->setPrototypeWithoutTransition(*m_vm, JSWorkerGlobalScope::prototype(*m_vm, *m_workerGlobalScopeWrapper.get())); > > proxy->setTarget(*m_vm, m_workerGlobalScopeWrapper.get()); >- proxy->structure()->setGlobalObject(*m_vm, m_workerGlobalScopeWrapper.get()); >+ proxy->structure(*m_vm)->setGlobalObject(*m_vm, m_workerGlobalScopeWrapper.get()); > #endif > } > >diff --git a/Source/WebCore/bridge/NP_jsobject.cpp b/Source/WebCore/bridge/NP_jsobject.cpp >index d1ad3eb8796a9a9058b31e798bc05b3c168e73af..d9458c516ba73716172b9c51de03e81d4adfec6d 100644 >--- a/Source/WebCore/bridge/NP_jsobject.cpp >+++ b/Source/WebCore/bridge/NP_jsobject.cpp >@@ -189,7 +189,7 @@ bool _NPN_InvokeDefault(NPP, NPObject* o, const NPVariant* args, uint32_t argCou > // Call the function object. > JSValue function = obj->imp; > CallData callData; >- CallType callType = getCallData(function, callData); >+ CallType callType = getCallData(vm, function, callData); > if (callType == CallType::None) > return false; > >@@ -241,7 +241,7 @@ bool _NPN_Invoke(NPP npp, NPObject* o, NPIdentifier methodName, const NPVariant* > ExecState* exec = globalObject->globalExec(); > JSValue function = obj->imp->get(exec, identifierFromNPIdentifier(exec, i->string())); > CallData callData; >- CallType callType = getCallData(function, callData); >+ CallType callType = getCallData(vm, function, callData); > if (callType == CallType::None) > return false; > >@@ -532,7 +532,7 @@ bool _NPN_Construct(NPP, NPObject* o, const NPVariant* args, uint32_t argCount, > // Call the constructor object. > JSValue constructor = obj->imp; > ConstructData constructData; >- ConstructType constructType = getConstructData(constructor, constructData); >+ ConstructType constructType = getConstructData(vm, constructor, constructData); > if (constructType == ConstructType::None) > return false; > >diff --git a/Source/WebCore/bridge/objc/WebScriptObject.mm b/Source/WebCore/bridge/objc/WebScriptObject.mm >index a3964bba55512bcd37a5e729e5cb7de1b591bb54..0b5f8a9d9dfbe4f3873c6a07a8a8109d3132338e 100644 >--- a/Source/WebCore/bridge/objc/WebScriptObject.mm >+++ b/Source/WebCore/bridge/objc/WebScriptObject.mm >@@ -348,7 +348,7 @@ - (id)callWebScriptMethod:(NSString *)name withArguments:(NSArray *)args > > JSC::JSValue function = [self _imp]->get(exec, Identifier::fromString(exec, String(name))); > CallData callData; >- CallType callType = getCallData(function, callData); >+ CallType callType = getCallData(vm, function, callData); > if (callType == CallType::None) > return nil; > >diff --git a/Source/WebCore/testing/Internals.cpp b/Source/WebCore/testing/Internals.cpp >index f0b8c55aaf25c6f0b5a27ca1732e71fe1ba3568b..5cbe5b41e430a79222113ebfa232931b113e3fd9 100644 >--- a/Source/WebCore/testing/Internals.cpp >+++ b/Source/WebCore/testing/Internals.cpp >@@ -4045,7 +4045,7 @@ JSValue Internals::cloneArrayBuffer(JSC::ExecState& state, JSValue buffer, JSVal > > JSObject* function = value.getObject(); > CallData callData; >- CallType callType = JSC::getCallData(function, callData); >+ CallType callType = JSC::getCallData(vm, function, callData); > ASSERT(callType != JSC::CallType::None); > MarkedArgumentBuffer arguments; > arguments.append(buffer); >diff --git a/Source/WebCore/testing/js/WebCoreTestSupport.cpp b/Source/WebCore/testing/js/WebCoreTestSupport.cpp >index 9f6ff2a69d512d6762a65f4b9d45d925167ebf87..07ded44d8953efb0bf88d362e2d2da1d48f71d8c 100644 >--- a/Source/WebCore/testing/js/WebCoreTestSupport.cpp >+++ b/Source/WebCore/testing/js/WebCoreTestSupport.cpp >@@ -58,8 +58,9 @@ void injectInternalsObject(JSContextRef context) > JSDOMGlobalObject* globalObject = jsCast<JSDOMGlobalObject*>(exec->lexicalGlobalObject()); > ScriptExecutionContext* scriptContext = globalObject->scriptExecutionContext(); > if (is<Document>(*scriptContext)) { >- globalObject->putDirect(exec->vm(), Identifier::fromString(exec, Internals::internalsId), toJS(exec, globalObject, Internals::create(downcast<Document>(*scriptContext)))); >- globalObject->exposeDollarVM(); >+ VM& vm = exec->vm(); >+ globalObject->putDirect(vm, Identifier::fromString(&vm, Internals::internalsId), toJS(exec, globalObject, Internals::create(downcast<Document>(*scriptContext)))); >+ globalObject->exposeDollarVM(vm); > } > } > >diff --git a/Source/WebKit/WebProcess/Plugins/Netscape/NPJSObject.cpp b/Source/WebKit/WebProcess/Plugins/Netscape/NPJSObject.cpp >index d1267d77e57586641f3d0aa4b999b3e269b362c7..faf71dc22be0ccc59ae24e4f773c33a5f3649dcb 100644 >--- a/Source/WebKit/WebProcess/Plugins/Netscape/NPJSObject.cpp >+++ b/Source/WebKit/WebProcess/Plugins/Netscape/NPJSObject.cpp >@@ -110,7 +110,7 @@ bool NPJSObject::hasMethod(NPIdentifier methodName) > scope.clearException(); > > CallData callData; >- return getCallData(value, callData) != CallType::None; >+ return getCallData(vm, value, callData) != CallType::None; > } > > bool NPJSObject::invoke(NPIdentifier methodName, const NPVariant* arguments, uint32_t argumentCount, NPVariant* result) >@@ -278,7 +278,7 @@ bool NPJSObject::construct(const NPVariant* arguments, uint32_t argumentCount, N > auto scope = DECLARE_CATCH_SCOPE(vm); > > ConstructData constructData; >- ConstructType constructType = getConstructData(m_jsObject.get(), constructData); >+ ConstructType constructType = getConstructData(vm, m_jsObject.get(), constructData); > if (constructType == ConstructType::None) > return false; > >@@ -303,7 +303,7 @@ bool NPJSObject::invoke(ExecState* exec, JSGlobalObject* globalObject, JSValue f > auto scope = DECLARE_CATCH_SCOPE(vm); > > CallData callData; >- CallType callType = getCallData(function, callData); >+ CallType callType = getCallData(vm, function, callData); > if (callType == CallType::None) > return false; > >diff --git a/Source/WebKitLegacy/mac/Plugins/Hosted/NetscapePluginInstanceProxy.mm b/Source/WebKitLegacy/mac/Plugins/Hosted/NetscapePluginInstanceProxy.mm >index 39e9c44761e342fe46745601d741e5f80cd5c337..1c8d5326f14a90e76dd9a5aba821bdf79fd4d8e9 100644 >--- a/Source/WebKitLegacy/mac/Plugins/Hosted/NetscapePluginInstanceProxy.mm >+++ b/Source/WebKitLegacy/mac/Plugins/Hosted/NetscapePluginInstanceProxy.mm >@@ -921,7 +921,7 @@ bool NetscapePluginInstanceProxy::invoke(uint32_t objectID, const Identifier& me > ExecState* exec = frame->script().globalObject(pluginWorld())->globalExec(); > JSValue function = object->get(exec, methodName); > CallData callData; >- CallType callType = getCallData(function, callData); >+ CallType callType = getCallData(vm, function, callData); > if (callType == CallType::None) > return false; > >diff --git a/Source/WebKitLegacy/win/Plugins/PluginPackage.cpp b/Source/WebKitLegacy/win/Plugins/PluginPackage.cpp >index 4e59be3d0d543c33c032597948d6a01d98c975a4..e62bf263e386050f1a65a5d8e5927c510275fa2b 100644 >--- a/Source/WebKitLegacy/win/Plugins/PluginPackage.cpp >+++ b/Source/WebKitLegacy/win/Plugins/PluginPackage.cpp >@@ -256,7 +256,7 @@ static bool NPN_Invoke(NPP npp, NPObject* o, NPIdentifier methodName, const NPVa > JSC::ExecState* exec = globalObject->globalExec(); > JSC::JSValue function = obj->imp->get(exec, JSC::Bindings::identifierFromNPIdentifier(exec, i->string())); > JSC::CallData callData; >- JSC::CallType callType = getCallData(function, callData); >+ JSC::CallType callType = getCallData(vm, function, callData); > if (callType == JSC::CallType::None) > return false; >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=341560">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 186085
:
341560
|
341563