There are quite a few classes that inherit either directly or indirectly from JSCell. To get around having to submit one gigantic patch, I can submit the changes to the hierarchy incrementally in a top-down fashion. The first step is to add the validation functionality to JSCell (see: https://bugs.webkit.org/show_bug.cgi?id=65288). This will essentially check and set the "isInitializing" flag inside the allocateCell function and add a constructorBody() to JSCell, which will in turn check and clear the "isInitializing" flag. This change alone will not perform very extensive checks, since the flag will be turned on and then almost immediately turned back off before we visit any constructor bodies except for JSCell's. We will then move down the inheritance hierarchy level by level, starting from the top, adding constructorBody() methods wherever there is a non-trivial constructor body, which will call the next constructorBody() method above it in the inheritance hierarchy. As we go down, we will move those constructorBody() calls out of their constructors and into their static create methods. This leads to a kind of "unzipping" of initialization lists and constructor bodies down the inheritance hierarchy, which allows us to maintain the correctness of the code across each patch. As there are seven levels of the inheritance hierarchy not including JSCell, it seems appropriate to split this into seven patches. This will be a tracking bug for those seven sub-bugs.

Finished all the levels, closing bug.