Make Failure inherit from MaybeObject instead of Object.

src/objects.cc

 // Copyright 2010 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 36 matching lines @@
 
 namespace v8 {
 namespace internal {
 
 // Getters and setters are stored in a fixed array property.  These are
 // constants for their indices.
 const int kGetterIndex = 0;
 const int kSetterIndex = 1;
 
 
-MUST_USE_RESULT static Object* CreateJSValue(JSFunction* constructor,
-                                             Object* value) {
-  Object* result = Heap::AllocateJSObject(constructor);
-  if (result->IsFailure()) return result;
+MUST_USE_RESULT static MaybeObject* CreateJSValue(JSFunction* constructor,
+                                                  Object* value) {
+  Object* result;
+  { MaybeObject* maybe_result = Heap::AllocateJSObject(constructor);
+    if (!maybe_result->ToObject(&result)) return maybe_result;
+  }
   JSValue::cast(result)->set_value(value);
   return result;
 }
 
 
-Object* Object::ToObject(Context* global_context) {
+MaybeObject* Object::ToObject(Context* global_context) {
   if (IsNumber()) {
     return CreateJSValue(global_context->number_function(), this);
   } else if (IsBoolean()) {
     return CreateJSValue(global_context->boolean_function(), this);
   } else if (IsString()) {
     return CreateJSValue(global_context->string_function(), this);
   }
   ASSERT(IsJSObject());
   return this;
 }
 
 
-Object* Object::ToObject() {
+MaybeObject* Object::ToObject() {
   Context* global_context = Top::context()->global_context();
   if (IsJSObject()) {
     return this;
   } else if (IsNumber()) {
     return CreateJSValue(global_context->number_function(), this);
   } else if (IsBoolean()) {
     return CreateJSValue(global_context->boolean_function(), this);
   } else if (IsString()) {
     return CreateJSValue(global_context->string_function(), this);
   }
@@ skipping 33 matching lines @@
   } else if (IsNumber()) {
     holder = global_context->number_function()->instance_prototype();
   } else if (IsBoolean()) {
     holder = global_context->boolean_function()->instance_prototype();
   }
   ASSERT(holder != NULL);  // Cannot handle null or undefined.
   JSObject::cast(holder)->Lookup(name, result);
 }
 
 
-Object* Object::GetPropertyWithReceiver(Object* receiver,
-                                        String* name,
-                                        PropertyAttributes* attributes) {
+MaybeObject* Object::GetPropertyWithReceiver(Object* receiver,
+                                             String* name,
+                                             PropertyAttributes* attributes) {
   LookupResult result;
   Lookup(name, &result);
-  Object* value = GetProperty(receiver, &result, name, attributes);
+  MaybeObject* value = GetProperty(receiver, &result, name, attributes);
   ASSERT(*attributes <= ABSENT);
   return value;
 }
 
 
-Object* Object::GetPropertyWithCallback(Object* receiver,
-                                        Object* structure,
-                                        String* name,
-                                        Object* holder) {
+MaybeObject* Object::GetPropertyWithCallback(Object* receiver,
+                                             Object* structure,
+                                             String* name,
+                                             Object* holder) {
   // To accommodate both the old and the new api we switch on the
   // data structure used to store the callbacks.  Eventually proxy
   // callbacks should be phased out.
   if (structure->IsProxy()) {
     AccessorDescriptor* callback =
         reinterpret_cast<AccessorDescriptor*>(Proxy::cast(structure)->proxy());
-    Object* value = (callback->getter)(receiver, callback->data);
+    MaybeObject* value = (callback->getter)(receiver, callback->data);
     RETURN_IF_SCHEDULED_EXCEPTION();
     return value;
   }
 
   // api style callbacks.
   if (structure->IsAccessorInfo()) {
     AccessorInfo* data = AccessorInfo::cast(structure);
     Object* fun_obj = data->getter();
     v8::AccessorGetter call_fun = v8::ToCData<v8::AccessorGetter>(fun_obj);
     HandleScope scope;
@@ skipping 23 matching lines @@
     }
     // Getter is not a function.
     return Heap::undefined_value();
   }
 
   UNREACHABLE();
   return NULL;
 }
 
 
-Object* Object::GetPropertyWithDefinedGetter(Object* receiver,
-                                             JSFunction* getter) {
+MaybeObject* Object::GetPropertyWithDefinedGetter(Object* receiver,
+                                                  JSFunction* getter) {
   HandleScope scope;
   Handle<JSFunction> fun(JSFunction::cast(getter));
   Handle<Object> self(receiver);
 #ifdef ENABLE_DEBUGGER_SUPPORT
   // Handle stepping into a getter if step into is active.
   if (Debug::StepInActive()) {
     Debug::HandleStepIn(fun, Handle<Object>::null(), 0, false);
   }
 #endif
   bool has_pending_exception;
   Handle<Object> result =
       Execution::Call(fun, self, 0, NULL, &has_pending_exception);
   // Check for pending exception and return the result.
   if (has_pending_exception) return Failure::Exception();
   return *result;
 }
 
 
 // Only deal with CALLBACKS and INTERCEPTOR
-Object* JSObject::GetPropertyWithFailedAccessCheck(
+MaybeObject* JSObject::GetPropertyWithFailedAccessCheck(
     Object* receiver,
     LookupResult* result,
     String* name,
     PropertyAttributes* attributes) {
   if (result->IsProperty()) {
     switch (result->type()) {
       case CALLBACKS: {
         // Only allow API accessors.
         Object* obj = result->GetCallbackObject();
         if (obj->IsAccessorInfo()) {
@@ skipping 128 matching lines @@
         JSGlobalPropertyCell::cast(
             property_dictionary()->ValueAt(result->GetDictionaryEntry()));
     cell->set_value(value);
   } else {
     property_dictionary()->ValueAtPut(result->GetDictionaryEntry(), value);
   }
   return value;
 }
 
 
-Object* JSObject::SetNormalizedProperty(String* name,
-                                        Object* value,
-                                        PropertyDetails details) {
+MaybeObject* JSObject::SetNormalizedProperty(String* name,
+                                             Object* value,
+                                             PropertyDetails details) {
   ASSERT(!HasFastProperties());
   int entry = property_dictionary()->FindEntry(name);
   if (entry == StringDictionary::kNotFound) {
     Object* store_value = value;
     if (IsGlobalObject()) {
-      store_value = Heap::AllocateJSGlobalPropertyCell(value);
-      if (store_value->IsFailure()) return store_value;
+      { MaybeObject* maybe_store_value =
+            Heap::AllocateJSGlobalPropertyCell(value);
+        if (!maybe_store_value->ToObject(&store_value)) {
+          return maybe_store_value;
+        }
+      }
     }
-    Object* dict = property_dictionary()->Add(name, store_value, details);
-    if (dict->IsFailure()) return dict;
+    Object* dict;
+    { MaybeObject* maybe_dict =
+          property_dictionary()->Add(name, store_value, details);
+      if (!maybe_dict->ToObject(&dict)) return maybe_dict;
+    }
     set_properties(StringDictionary::cast(dict));
     return value;
   }
   // Preserve enumeration index.
   details = PropertyDetails(details.attributes(),
                             details.type(),
                             property_dictionary()->DetailsAt(entry).index());
   if (IsGlobalObject()) {
     JSGlobalPropertyCell* cell =
         JSGlobalPropertyCell::cast(property_dictionary()->ValueAt(entry));
     cell->set_value(value);
     // Please note we have to update the property details.
     property_dictionary()->DetailsAtPut(entry, details);
   } else {
     property_dictionary()->SetEntry(entry, name, value, details);
   }
   return value;
 }
 
 
-Object* JSObject::DeleteNormalizedProperty(String* name, DeleteMode mode) {
+MaybeObject* JSObject::DeleteNormalizedProperty(String* name, DeleteMode mode) {
   ASSERT(!HasFastProperties());
   StringDictionary* dictionary = property_dictionary();
   int entry = dictionary->FindEntry(name);
   if (entry != StringDictionary::kNotFound) {
     // If we have a global object set the cell to the hole.
     if (IsGlobalObject()) {
       PropertyDetails details = dictionary->DetailsAt(entry);
       if (details.IsDontDelete()) {
         if (mode != FORCE_DELETION) return Heap::false_value();
         // When forced to delete global properties, we have to make a
         // map change to invalidate any ICs that think they can load
         // from the DontDelete cell without checking if it contains
         // the hole value.
-        Object* new_map = map()->CopyDropDescriptors();
-        if (new_map->IsFailure()) return new_map;
+        Object* new_map;
+        { MaybeObject* maybe_new_map = map()->CopyDropDescriptors();
+          if (!maybe_new_map->ToObject(&new_map)) return maybe_new_map;
+        }
         set_map(Map::cast(new_map));
       }
       JSGlobalPropertyCell* cell =
           JSGlobalPropertyCell::cast(dictionary->ValueAt(entry));
       cell->set_value(Heap::the_hole_value());
       dictionary->DetailsAtPut(entry, details.AsDeleted());
     } else {
       return dictionary->DeleteProperty(entry, mode);
     }
   }
   return Heap::true_value();
 }
 
 
 bool JSObject::IsDirty() {
   Object* cons_obj = map()->constructor();
   if (!cons_obj->IsJSFunction())
     return true;
   JSFunction* fun = JSFunction::cast(cons_obj);
   if (!fun->shared()->IsApiFunction())
     return true;
   // If the object is fully fast case and has the same map it was
   // created with then no changes can have been made to it.
   return map() != fun->initial_map()
       || !HasFastElements()
       || !HasFastProperties();
 }
 
 
-Object* Object::GetProperty(Object* receiver,
-                            LookupResult* result,
-                            String* name,
-                            PropertyAttributes* attributes) {
+MaybeObject* Object::GetProperty(Object* receiver,
+                                 LookupResult* result,
+                                 String* name,
+                                 PropertyAttributes* attributes) {
   // Make sure that the top context does not change when doing
   // callbacks or interceptor calls.
   AssertNoContextChange ncc;
 
   // Traverse the prototype chain from the current object (this) to
   // the holder and check for access rights. This avoid traversing the
   // objects more than once in case of interceptors, because the
   // holder will always be the interceptor holder and the search may
   // only continue with a current object just after the interceptor
   // holder in the prototype chain.
@@ skipping 45 matching lines @@
       JSObject* recvr = JSObject::cast(receiver);
       return holder->GetPropertyWithInterceptor(recvr, name, attributes);
     }
     default:
       UNREACHABLE();
       return NULL;
   }
 }
 
 
-Object* Object::GetElementWithReceiver(Object* receiver, uint32_t index) {
+MaybeObject* Object::GetElementWithReceiver(Object* receiver, uint32_t index) {
   // Non-JS objects do not have integer indexed properties.
   if (!IsJSObject()) return Heap::undefined_value();
   return JSObject::cast(this)->GetElementWithReceiver(JSObject::cast(receiver),
                                                       index);
 }
 
 
 Object* Object::GetPrototype() {
   // The object is either a number, a string, a boolean, or a real JS object.
   if (IsJSObject()) return JSObject::cast(this)->map()->prototype();
@@ skipping 65 matching lines @@
     return true;    // An Ape, an ABCBook.
   } else if ((c1 == 0 || (c1 >= 'A' && c1 <= 'Z')) &&
            (c0 == 'F' || c0 == 'H' || c0 == 'M' || c0 == 'N' || c0 == 'R' ||
             c0 == 'S' || c0 == 'X')) {
     return true;    // An MP3File, an M.
   }
   return false;
 }
 
 
-Object* String::SlowTryFlatten(PretenureFlag pretenure) {
+MaybeObject* String::SlowTryFlatten(PretenureFlag pretenure) {
 #ifdef DEBUG
   // Do not attempt to flatten in debug mode when allocation is not
   // allowed.  This is to avoid an assertion failure when allocating.
   // Flattening strings is the only case where we always allow
   // allocation because no GC is performed if the allocation fails.
   if (!Heap::IsAllocationAllowed()) return this;
 #endif
 
   switch (StringShape(this).representation_tag()) {
     case kConsStringTag: {
       ConsString* cs = ConsString::cast(this);
       if (cs->second()->length() == 0) {
         return cs->first();
       }
       // There's little point in putting the flat string in new space if the
       // cons string is in old space.  It can never get GCed until there is
       // an old space GC.
       PretenureFlag tenure = Heap::InNewSpace(this) ? pretenure : TENURED;
       int len = length();
       Object* object;
       String* result;
       if (IsAsciiRepresentation()) {
-        object = Heap::AllocateRawAsciiString(len, tenure);
-        if (object->IsFailure()) return object;
+        { MaybeObject* maybe_object = Heap::AllocateRawAsciiString(len, tenure);
+          if (!maybe_object->ToObject(&object)) return maybe_object;
+        }
         result = String::cast(object);
         String* first = cs->first();
         int first_length = first->length();
         char* dest = SeqAsciiString::cast(result)->GetChars();
         WriteToFlat(first, dest, 0, first_length);
         String* second = cs->second();
         WriteToFlat(second,
                     dest + first_length,
                     0,
                     len - first_length);
       } else {
-        object = Heap::AllocateRawTwoByteString(len, tenure);
-        if (object->IsFailure()) return object;
+        { MaybeObject* maybe_object =
+              Heap::AllocateRawTwoByteString(len, tenure);
+          if (!maybe_object->ToObject(&object)) return maybe_object;
+        }
         result = String::cast(object);
         uc16* dest = SeqTwoByteString::cast(result)->GetChars();
         String* first = cs->first();
         int first_length = first->length();
         WriteToFlat(first, dest, 0, first_length);
         String* second = cs->second();
         WriteToFlat(second,
                     dest + first_length,
                     0,
                     len - first_length);
@@ skipping 513 matching lines @@
     String* inferred_name = constructor->shared()->inferred_name();
     if (inferred_name->length() > 0) return inferred_name;
     Object* proto = GetPrototype();
     if (proto->IsJSObject()) return JSObject::cast(proto)->constructor_name();
   }
   // If the constructor is not present, return "Object".
   return Heap::Object_symbol();
 }
 
 
-Object* JSObject::AddFastPropertyUsingMap(Map* new_map,
-                                          String* name,
-                                          Object* value) {
+MaybeObject* JSObject::AddFastPropertyUsingMap(Map* new_map,
+                                               String* name,
+                                               Object* value) {
   int index = new_map->PropertyIndexFor(name);
   if (map()->unused_property_fields() == 0) {
     ASSERT(map()->unused_property_fields() == 0);
     int new_unused = new_map->unused_property_fields();
-    Object* values =
-        properties()->CopySize(properties()->length() + new_unused + 1);
-    if (values->IsFailure()) return values;
+    Object* values;
+    { MaybeObject* maybe_values =
+          properties()->CopySize(properties()->length() + new_unused + 1);
+      if (!maybe_values->ToObject(&values)) return maybe_values;
+    }
     set_properties(FixedArray::cast(values));
   }
   set_map(new_map);
   return FastPropertyAtPut(index, value);
 }
 
 
-Object* JSObject::AddFastProperty(String* name,
-                                  Object* value,
-                                  PropertyAttributes attributes) {
+MaybeObject* JSObject::AddFastProperty(String* name,
+                                       Object* value,
+                                       PropertyAttributes attributes) {
   // Normalize the object if the name is an actual string (not the
   // hidden symbols) and is not a real identifier.
   StringInputBuffer buffer(name);
   if (!Scanner::IsIdentifier(&buffer) && name != Heap::hidden_symbol()) {
-    Object* obj = NormalizeProperties(CLEAR_INOBJECT_PROPERTIES, 0);
-    if (obj->IsFailure()) return obj;
+    Object* obj;
+    { MaybeObject* maybe_obj =
+          NormalizeProperties(CLEAR_INOBJECT_PROPERTIES, 0);
+      if (!maybe_obj->ToObject(&obj)) return maybe_obj;
+    }
     return AddSlowProperty(name, value, attributes);
   }
 
   DescriptorArray* old_descriptors = map()->instance_descriptors();
   // Compute the new index for new field.
   int index = map()->NextFreePropertyIndex();
 
   // Allocate new instance descriptors with (name, index) added
   FieldDescriptor new_field(name, index, attributes);
-  Object* new_descriptors =
-      old_descriptors->CopyInsert(&new_field, REMOVE_TRANSITIONS);
-  if (new_descriptors->IsFailure()) return new_descriptors;
+  Object* new_descriptors;
+  { MaybeObject* maybe_new_descriptors =
+        old_descriptors->CopyInsert(&new_field, REMOVE_TRANSITIONS);
+    if (!maybe_new_descriptors->ToObject(&new_descriptors)) {
+      return maybe_new_descriptors;
+    }
+  }
 
   // Only allow map transition if the object's map is NOT equal to the
   // global object_function's map and there is not a transition for name.
   bool allow_map_transition =
         !old_descriptors->Contains(name) &&
         (Top::context()->global_context()->object_function()->map() != map());
 
   ASSERT(index < map()->inobject_properties() ||
          (index - map()->inobject_properties()) < properties()->length() ||
          map()->unused_property_fields() == 0);
   // Allocate a new map for the object.
-  Object* r = map()->CopyDropDescriptors();
-  if (r->IsFailure()) return r;
+  Object* r;
+  { MaybeObject* maybe_r = map()->CopyDropDescriptors();
+    if (!maybe_r->ToObject(&r)) return maybe_r;
+  }
   Map* new_map = Map::cast(r);
   if (allow_map_transition) {
     // Allocate new instance descriptors for the old map with map transition.
     MapTransitionDescriptor d(name, Map::cast(new_map), attributes);
-    Object* r = old_descriptors->CopyInsert(&d, KEEP_TRANSITIONS);
-    if (r->IsFailure()) return r;
+    Object* r;
+    { MaybeObject* maybe_r = old_descriptors->CopyInsert(&d, KEEP_TRANSITIONS);
+      if (!maybe_r->ToObject(&r)) return maybe_r;
+    }
     old_descriptors = DescriptorArray::cast(r);
   }
 
   if (map()->unused_property_fields() == 0) {
     if (properties()->length() > MaxFastProperties()) {
-      Object* obj = NormalizeProperties(CLEAR_INOBJECT_PROPERTIES, 0);
-      if (obj->IsFailure()) return obj;
+      Object* obj;
+      { MaybeObject* maybe_obj =
+            NormalizeProperties(CLEAR_INOBJECT_PROPERTIES, 0);
+        if (!maybe_obj->ToObject(&obj)) return maybe_obj;
+      }
       return AddSlowProperty(name, value, attributes);
     }
     // Make room for the new value
-    Object* values =
-        properties()->CopySize(properties()->length() + kFieldsAdded);
-    if (values->IsFailure()) return values;
+    Object* values;
+    { MaybeObject* maybe_values =
+          properties()->CopySize(properties()->length() + kFieldsAdded);
+      if (!maybe_values->ToObject(&values)) return maybe_values;
+    }
     set_properties(FixedArray::cast(values));
     new_map->set_unused_property_fields(kFieldsAdded - 1);
   } else {
     new_map->set_unused_property_fields(map()->unused_property_fields() - 1);
   }
   // We have now allocated all the necessary objects.
   // All the changes can be applied at once, so they are atomic.
   map()->set_instance_descriptors(old_descriptors);
   new_map->set_instance_descriptors(DescriptorArray::cast(new_descriptors));
   set_map(new_map);
   return FastPropertyAtPut(index, value);
 }
 
 
-Object* JSObject::AddConstantFunctionProperty(String* name,
-                                              JSFunction* function,
-                                              PropertyAttributes attributes) {
+MaybeObject* JSObject::AddConstantFunctionProperty(
+    String* name,
+    JSFunction* function,
+    PropertyAttributes attributes) {
   ASSERT(!Heap::InNewSpace(function));
 
   // Allocate new instance descriptors with (name, function) added
   ConstantFunctionDescriptor d(name, function, attributes);
-  Object* new_descriptors =
-      map()->instance_descriptors()->CopyInsert(&d, REMOVE_TRANSITIONS);
-  if (new_descriptors->IsFailure()) return new_descriptors;
+  Object* new_descriptors;
+  { MaybeObject* maybe_new_descriptors =
+        map()->instance_descriptors()->CopyInsert(&d, REMOVE_TRANSITIONS);
+    if (!maybe_new_descriptors->ToObject(&new_descriptors)) {
+      return maybe_new_descriptors;
+    }
+  }
 
   // Allocate a new map for the object.
-  Object* new_map = map()->CopyDropDescriptors();
-  if (new_map->IsFailure()) return new_map;
+  Object* new_map;
+  { MaybeObject* maybe_new_map = map()->CopyDropDescriptors();
+    if (!maybe_new_map->ToObject(&new_map)) return maybe_new_map;
+  }
 
   DescriptorArray* descriptors = DescriptorArray::cast(new_descriptors);
   Map::cast(new_map)->set_instance_descriptors(descriptors);
   Map* old_map = map();
   set_map(Map::cast(new_map));
 
   // If the old map is the global object map (from new Object()),
   // then transitions are not added to it, so we are done.
   if (old_map == Top::context()->global_context()->object_function()->map()) {
     return function;
   }
 
   // Do not add CONSTANT_TRANSITIONS to global objects
   if (IsGlobalObject()) {
     return function;
   }
 
   // Add a CONSTANT_TRANSITION descriptor to the old map,
   // so future assignments to this property on other objects
   // of the same type will create a normal field, not a constant function.
   // Don't do this for special properties, with non-trival attributes.
   if (attributes != NONE) {
     return function;
   }
   ConstTransitionDescriptor mark(name, Map::cast(new_map));
-  new_descriptors =
-      old_map->instance_descriptors()->CopyInsert(&mark, KEEP_TRANSITIONS);
-  if (new_descriptors->IsFailure()) {
-    return function;  // We have accomplished the main goal, so return success.
+  { MaybeObject* maybe_new_descriptors =
+        old_map->instance_descriptors()->CopyInsert(&mark, KEEP_TRANSITIONS);
+    if (!maybe_new_descriptors->ToObject(&new_descriptors)) {
+      // We have accomplished the main goal, so return success.
+      return function;
+    }
   }
   old_map->set_instance_descriptors(DescriptorArray::cast(new_descriptors));
 
   return function;
 }
 
 
 // Add property in slow mode
-Object* JSObject::AddSlowProperty(String* name,
-                                  Object* value,
-                                  PropertyAttributes attributes) {
+MaybeObject* JSObject::AddSlowProperty(String* name,
+                                       Object* value,
+                                       PropertyAttributes attributes) {
   ASSERT(!HasFastProperties());
   StringDictionary* dict = property_dictionary();
   Object* store_value = value;
   if (IsGlobalObject()) {
     // In case name is an orphaned property reuse the cell.
     int entry = dict->FindEntry(name);
     if (entry != StringDictionary::kNotFound) {
       store_value = dict->ValueAt(entry);
       JSGlobalPropertyCell::cast(store_value)->set_value(value);
       // Assign an enumeration index to the property and update
       // SetNextEnumerationIndex.
       int index = dict->NextEnumerationIndex();
       PropertyDetails details = PropertyDetails(attributes, NORMAL, index);
       dict->SetNextEnumerationIndex(index + 1);
       dict->SetEntry(entry, name, store_value, details);
       return value;
     }
-    store_value = Heap::AllocateJSGlobalPropertyCell(value);
-    if (store_value->IsFailure()) return store_value;
+    { MaybeObject* maybe_store_value =
+          Heap::AllocateJSGlobalPropertyCell(value);
+      if (!maybe_store_value->ToObject(&store_value)) return maybe_store_value;
+    }
     JSGlobalPropertyCell::cast(store_value)->set_value(value);
   }
   PropertyDetails details = PropertyDetails(attributes, NORMAL);
-  Object* result = dict->Add(name, store_value, details);
-  if (result->IsFailure()) return result;
+  Object* result;
+  { MaybeObject* maybe_result = dict->Add(name, store_value, details);
+    if (!maybe_result->ToObject(&result)) return maybe_result;
+  }
   if (dict != result) set_properties(StringDictionary::cast(result));
   return value;
 }
 
 
-Object* JSObject::AddProperty(String* name,
-                              Object* value,
-                              PropertyAttributes attributes) {
+MaybeObject* JSObject::AddProperty(String* name,
+                                   Object* value,
+                                   PropertyAttributes attributes) {
   ASSERT(!IsJSGlobalProxy());
   if (!map()->is_extensible()) {
     Handle<Object> args[1] = {Handle<String>(name)};
     return Top::Throw(*Factory::NewTypeError("object_not_extensible",
                                                HandleVector(args, 1)));
   }
   if (HasFastProperties()) {
     // Ensure the descriptor array does not get too big.
     if (map()->instance_descriptors()->number_of_descriptors() <
         DescriptorArray::kMaxNumberOfDescriptors) {
       if (value->IsJSFunction() && !Heap::InNewSpace(value)) {
         return AddConstantFunctionProperty(name,
                                            JSFunction::cast(value),
                                            attributes);
       } else {
         return AddFastProperty(name, value, attributes);
       }
     } else {
       // Normalize the object to prevent very large instance descriptors.
       // This eliminates unwanted N^2 allocation and lookup behavior.
-      Object* obj = NormalizeProperties(CLEAR_INOBJECT_PROPERTIES, 0);
-      if (obj->IsFailure()) return obj;
+      Object* obj;
+      { MaybeObject* maybe_obj =
+            NormalizeProperties(CLEAR_INOBJECT_PROPERTIES, 0);
+        if (!maybe_obj->ToObject(&obj)) return maybe_obj;
+      }
     }
   }
   return AddSlowProperty(name, value, attributes);
 }
 
 
-Object* JSObject::SetPropertyPostInterceptor(String* name,
-                                             Object* value,
-                                             PropertyAttributes attributes) {
+MaybeObject* JSObject::SetPropertyPostInterceptor(
+    String* name,
+    Object* value,
+    PropertyAttributes attributes) {
   // Check local property, ignore interceptor.
   LookupResult result;
   LocalLookupRealNamedProperty(name, &result);
   if (result.IsFound()) {
     // An existing property, a map transition or a null descriptor was
     // found.  Use set property to handle all these cases.
     return SetProperty(&result, name, value, attributes);
   }
   // Add a new real property.
   return AddProperty(name, value, attributes);
 }
 
 
-Object* JSObject::ReplaceSlowProperty(String* name,
-                                      Object* value,
-                                      PropertyAttributes attributes) {
+MaybeObject* JSObject::ReplaceSlowProperty(String* name,
+                                           Object* value,
+                                           PropertyAttributes attributes) {
   StringDictionary* dictionary = property_dictionary();
   int old_index = dictionary->FindEntry(name);
   int new_enumeration_index = 0;  // 0 means "Use the next available index."
   if (old_index != -1) {
     // All calls to ReplaceSlowProperty have had all transitions removed.
     ASSERT(!dictionary->DetailsAt(old_index).IsTransition());
     new_enumeration_index = dictionary->DetailsAt(old_index).index();
   }
 
   PropertyDetails new_details(attributes, NORMAL, new_enumeration_index);
   return SetNormalizedProperty(name, value, new_details);
 }
 
 
-Object* JSObject::ConvertDescriptorToFieldAndMapTransition(
+MaybeObject* JSObject::ConvertDescriptorToFieldAndMapTransition(
     String* name,
     Object* new_value,
     PropertyAttributes attributes) {
   Map* old_map = map();
-  Object* result = ConvertDescriptorToField(name, new_value, attributes);
-  if (result->IsFailure()) return result;
+  Object* result;
+  { MaybeObject* maybe_result =
+        ConvertDescriptorToField(name, new_value, attributes);
+    if (!maybe_result->ToObject(&result)) return maybe_result;
+  }
   // If we get to this point we have succeeded - do not return failure
   // after this point.  Later stuff is optional.
   if (!HasFastProperties()) {
     return result;
   }
   // Do not add transitions to the map of "new Object()".
   if (map() == Top::context()->global_context()->object_function()->map()) {
     return result;
   }
 
   MapTransitionDescriptor transition(name,
                                      map(),
                                      attributes);
-  Object* new_descriptors =
-      old_map->instance_descriptors()->
-          CopyInsert(&transition, KEEP_TRANSITIONS);
-  if (new_descriptors->IsFailure()) return result;  // Yes, return _result_.
+  Object* new_descriptors;
+  { MaybeObject* maybe_new_descriptors = old_map->instance_descriptors()->
+        CopyInsert(&transition, KEEP_TRANSITIONS);
+    if (!maybe_new_descriptors->ToObject(&new_descriptors)) {
+      return result;  // Yes, return _result_.
+    }
+  }
   old_map->set_instance_descriptors(DescriptorArray::cast(new_descriptors));
   return result;
 }
 
 
-Object* JSObject::ConvertDescriptorToField(String* name,
-                                           Object* new_value,
-                                           PropertyAttributes attributes) {
+MaybeObject* JSObject::ConvertDescriptorToField(String* name,
+                                                Object* new_value,
+                                                PropertyAttributes attributes) {
   if (map()->unused_property_fields() == 0 &&
       properties()->length() > MaxFastProperties()) {
-    Object* obj = NormalizeProperties(CLEAR_INOBJECT_PROPERTIES, 0);
-    if (obj->IsFailure()) return obj;
+    Object* obj;
+    { MaybeObject* maybe_obj =
+          NormalizeProperties(CLEAR_INOBJECT_PROPERTIES, 0);
+      if (!maybe_obj->ToObject(&obj)) return maybe_obj;
+    }
     return ReplaceSlowProperty(name, new_value, attributes);
   }
 
   int index = map()->NextFreePropertyIndex();
   FieldDescriptor new_field(name, index, attributes);
   // Make a new DescriptorArray replacing an entry with FieldDescriptor.
-  Object* descriptors_unchecked = map()->instance_descriptors()->
-      CopyInsert(&new_field, REMOVE_TRANSITIONS);
-  if (descriptors_unchecked->IsFailure()) return descriptors_unchecked;
+  Object* descriptors_unchecked;
+  { MaybeObject* maybe_descriptors_unchecked = map()->instance_descriptors()->
+                                  CopyInsert(&new_field, REMOVE_TRANSITIONS);
+    if (!maybe_descriptors_unchecked->ToObject(&descriptors_unchecked)) {
+      return maybe_descriptors_unchecked;
+    }
+  }
   DescriptorArray* new_descriptors =
       DescriptorArray::cast(descriptors_unchecked);
 
   // Make a new map for the object.
-  Object* new_map_unchecked = map()->CopyDropDescriptors();
-  if (new_map_unchecked->IsFailure()) return new_map_unchecked;
+  Object* new_map_unchecked;
+  { MaybeObject* maybe_new_map_unchecked = map()->CopyDropDescriptors();
+    if (!maybe_new_map_unchecked->ToObject(&new_map_unchecked)) {
+      return maybe_new_map_unchecked;
+    }
+  }
   Map* new_map = Map::cast(new_map_unchecked);
   new_map->set_instance_descriptors(new_descriptors);
 
   // Make new properties array if necessary.
   FixedArray* new_properties = 0;  // Will always be NULL or a valid pointer.
   int new_unused_property_fields = map()->unused_property_fields() - 1;
   if (map()->unused_property_fields() == 0) {
     new_unused_property_fields = kFieldsAdded - 1;
-    Object* new_properties_unchecked =
-        properties()->CopySize(properties()->length() + kFieldsAdded);
-    if (new_properties_unchecked->IsFailure()) return new_properties_unchecked;
-    new_properties = FixedArray::cast(new_properties_unchecked);
+    Object* new_properties_object;
+    { MaybeObject* maybe_new_properties_object =
+          properties()->CopySize(properties()->length() + kFieldsAdded);
+      if (!maybe_new_properties_object->ToObject(&new_properties_object)) {
+        return maybe_new_properties_object;
+      }
+    }
+    new_properties = FixedArray::cast(new_properties_object);
   }
 
   // Update pointers to commit changes.
   // Object points to the new map.
   new_map->set_unused_property_fields(new_unused_property_fields);
   set_map(new_map);
   if (new_properties) {
     set_properties(FixedArray::cast(new_properties));
   }
   return FastPropertyAtPut(index, new_value);
 }
 
 
 
-Object* JSObject::SetPropertyWithInterceptor(String* name,
-                                             Object* value,
-                                             PropertyAttributes attributes) {
+MaybeObject* JSObject::SetPropertyWithInterceptor(
+    String* name,
+    Object* value,
+    PropertyAttributes attributes) {
   HandleScope scope;
   Handle<JSObject> this_handle(this);
   Handle<String> name_handle(name);
   Handle<Object> value_handle(value);
   Handle<InterceptorInfo> interceptor(GetNamedInterceptor());
   if (!interceptor->setter()->IsUndefined()) {
     LOG(ApiNamedPropertyAccess("interceptor-named-set", this, name));
     CustomArguments args(interceptor->data(), this, this);
     v8::AccessorInfo info(args.end());
     v8::NamedPropertySetter setter =
         v8::ToCData<v8::NamedPropertySetter>(interceptor->setter());
     v8::Handle<v8::Value> result;
     {
       // Leaving JavaScript.
       VMState state(EXTERNAL);
       Handle<Object> value_unhole(value->IsTheHole() ?
                                   Heap::undefined_value() :
                                   value);
       result = setter(v8::Utils::ToLocal(name_handle),
                       v8::Utils::ToLocal(value_unhole),
                       info);
     }
     RETURN_IF_SCHEDULED_EXCEPTION();
     if (!result.IsEmpty()) return *value_handle;
   }
-  Object* raw_result = this_handle->SetPropertyPostInterceptor(*name_handle,
-                                                               *value_handle,
-                                                               attributes);
+  MaybeObject* raw_result =
+      this_handle->SetPropertyPostInterceptor(*name_handle,
+                                              *value_handle,
+                                              attributes);
   RETURN_IF_SCHEDULED_EXCEPTION();
   return raw_result;
 }
 
 
-Object* JSObject::SetProperty(String* name,
-                              Object* value,
-                              PropertyAttributes attributes) {
+MaybeObject* JSObject::SetProperty(String* name,
+                                   Object* value,
+                                   PropertyAttributes attributes) {
   LookupResult result;
   LocalLookup(name, &result);
   return SetProperty(&result, name, value, attributes);
 }
 
 
-Object* JSObject::SetPropertyWithCallback(Object* structure,
-                                          String* name,
-                                          Object* value,
-                                          JSObject* holder) {
+MaybeObject* JSObject::SetPropertyWithCallback(Object* structure,
+                                               String* name,
+                                               Object* value,
+                                               JSObject* holder) {
   HandleScope scope;
 
   // We should never get here to initialize a const with the hole
   // value since a const declaration would conflict with the setter.
   ASSERT(!value->IsTheHole());
   Handle<Object> value_handle(value);
 
   // To accommodate both the old and the new api we switch on the
   // data structure used to store the callbacks.  Eventually proxy
   // callbacks should be phased out.
   if (structure->IsProxy()) {
     AccessorDescriptor* callback =
         reinterpret_cast<AccessorDescriptor*>(Proxy::cast(structure)->proxy());
-    Object* obj = (callback->setter)(this,  value, callback->data);
+    MaybeObject* obj = (callback->setter)(this,  value, callback->data);
     RETURN_IF_SCHEDULED_EXCEPTION();
     if (obj->IsFailure()) return obj;
     return *value_handle;
   }
 
   if (structure->IsAccessorInfo()) {
     // api style callbacks
     AccessorInfo* data = AccessorInfo::cast(structure);
     Object* call_obj = data->setter();
     v8::AccessorSetter call_fun = v8::ToCData<v8::AccessorSetter>(call_obj);
@@ skipping 24 matching lines @@
       return Top::Throw(*Factory::NewTypeError("no_setter_in_callback",
                                                HandleVector(args, 2)));
     }
   }
 
   UNREACHABLE();
   return NULL;
 }
 
 
-Object* JSObject::SetPropertyWithDefinedSetter(JSFunction* setter,
-                                               Object* value) {
+MaybeObject* JSObject::SetPropertyWithDefinedSetter(JSFunction* setter,
+                                                    Object* value) {
   Handle<Object> value_handle(value);
   Handle<JSFunction> fun(JSFunction::cast(setter));
   Handle<JSObject> self(this);
 #ifdef ENABLE_DEBUGGER_SUPPORT
   // Handle stepping into a setter if step into is active.
   if (Debug::StepInActive()) {
     Debug::HandleStepIn(fun, Handle<Object>::null(), 0, false);
   }
 #endif
   bool has_pending_exception;
@@ skipping 121 matching lines @@
        pt != Heap::null_value();
        pt = JSObject::cast(pt)->GetPrototype()) {
     JSObject::cast(pt)->LocalLookupRealNamedProperty(name, result);
     if (result->IsProperty() && (result->type() != INTERCEPTOR)) return;
   }
   result->NotFound();
 }
 
 
 // We only need to deal with CALLBACKS and INTERCEPTORS
-Object* JSObject::SetPropertyWithFailedAccessCheck(LookupResult* result,
-                                                   String* name,
-                                                   Object* value) {
+MaybeObject* JSObject::SetPropertyWithFailedAccessCheck(LookupResult* result,
+                                                        String* name,
+                                                        Object* value) {
   if (!result->IsProperty()) {
     LookupCallbackSetterInPrototypes(name, result);
   }
 
   if (result->IsProperty()) {
     if (!result->IsReadOnly()) {
       switch (result->type()) {
         case CALLBACKS: {
           Object* obj = result->GetCallbackObject();
           if (obj->IsAccessorInfo()) {
@@ skipping 24 matching lines @@
     }
   }
 
   HandleScope scope;
   Handle<Object> value_handle(value);
   Top::ReportFailedAccessCheck(this, v8::ACCESS_SET);
   return *value_handle;
 }
 
 
-Object* JSObject::SetProperty(LookupResult* result,
-                              String* name,
-                              Object* value,
-                              PropertyAttributes attributes) {
+MaybeObject* JSObject::SetProperty(LookupResult* result,
+                                   String* name,
+                                   Object* value,
+                                   PropertyAttributes attributes) {
   // Make sure that the top context does not change when doing callbacks or
   // interceptor calls.
   AssertNoContextChange ncc;
 
   // Optimization for 2-byte strings often used as keys in a decompression
   // dictionary.  We make these short keys into symbols to avoid constantly
   // reallocating them.
   if (!name->IsSymbol() && name->length() <= 2) {
-    Object* symbol_version = Heap::LookupSymbol(name);
-    if (!symbol_version->IsFailure()) name = String::cast(symbol_version);
+    Object* symbol_version;
+    { MaybeObject* maybe_symbol_version = Heap::LookupSymbol(name);
+      if (maybe_symbol_version->ToObject(&symbol_version)) {
+        name = String::cast(symbol_version);
+      }
+    }
   }
 
   // Check access rights if needed.
   if (IsAccessCheckNeeded()
       && !Top::MayNamedAccess(this, name, v8::ACCESS_SET)) {
     return SetPropertyWithFailedAccessCheck(result, name, value);
   }
 
   if (IsJSGlobalProxy()) {
     Object* proto = GetPrototype();
@@ skipping 75 matching lines @@
   return value;
 }
 
 
 // Set a real local property, even if it is READ_ONLY.  If the property is not
 // present, add it with attributes NONE.  This code is an exact clone of
 // SetProperty, with the check for IsReadOnly and the check for a
 // callback setter removed.  The two lines looking up the LookupResult
 // result are also added.  If one of the functions is changed, the other
 // should be.
-Object* JSObject::IgnoreAttributesAndSetLocalProperty(
+MaybeObject* JSObject::IgnoreAttributesAndSetLocalProperty(
     String* name,
     Object* value,
     PropertyAttributes attributes) {
   // Make sure that the top context does not change when doing callbacks or
   // interceptor calls.
   AssertNoContextChange ncc;
   LookupResult result;
   LocalLookup(name, &result);
   // Check access rights if needed.
   if (IsAccessCheckNeeded()
@@ skipping 177 matching lines @@
     if (HasLocalElement(index)) return NONE;
     return ABSENT;
   }
   // Named property.
   LookupResult result;
   LocalLookup(name, &result);
   return GetPropertyAttribute(this, &result, name, false);
 }
 
 
-Object* NormalizedMapCache::Get(JSObject* obj, PropertyNormalizationMode mode) {
+MaybeObject* NormalizedMapCache::Get(JSObject* obj,
+                                     PropertyNormalizationMode mode) {
   Map* fast = obj->map();
   int index = Hash(fast) % kEntries;
   Object* result = get(index);
   if (result->IsMap() && CheckHit(Map::cast(result), fast, mode)) {
 #ifdef DEBUG
     if (FLAG_enable_slow_asserts) {
       // The cached map should match newly created normalized map bit-by-bit.
-      Object* fresh = fast->CopyNormalized(mode, SHARED_NORMALIZED_MAP);
-      if (!fresh->IsFailure()) {
-        ASSERT(memcmp(Map::cast(fresh)->address(),
-                      Map::cast(result)->address(),
-                      Map::kSize) == 0);
+      Object* fresh;
+      { MaybeObject* maybe_fresh =
+            fast->CopyNormalized(mode, SHARED_NORMALIZED_MAP);
+        if (maybe_fresh->ToObject(&fresh)) {
+          ASSERT(memcmp(Map::cast(fresh)->address(),
+                        Map::cast(result)->address(),
+                        Map::kSize) == 0);
+        }
       }
     }
 #endif
     return result;
   }
 
-  result = fast->CopyNormalized(mode, SHARED_NORMALIZED_MAP);
-  if (result->IsFailure()) return result;
+  { MaybeObject* maybe_result =
+        fast->CopyNormalized(mode, SHARED_NORMALIZED_MAP);
+    if (!maybe_result->ToObject(&result)) return maybe_result;
+  }
   set(index, result);
   Counters::normalized_maps.Increment();
 
   return result;
 }
 
 
 void NormalizedMapCache::Clear() {
   int entries = length();
   for (int i = 0; i != entries; i++) {
@@ skipping 31 matching lines @@
     slow->prototype() == fast->prototype() &&
     slow->inobject_properties() == ((mode == CLEAR_INOBJECT_PROPERTIES) ?
                                     0 :
                                     fast->inobject_properties()) &&
     slow->instance_type() == fast->instance_type() &&
     slow->bit_field() == fast->bit_field() &&
     (slow->bit_field2() & ~(1<<Map::kIsShared)) == fast->bit_field2();
 }
 
 
-Object* JSObject::UpdateMapCodeCache(String* name, Code* code) {
+MaybeObject* JSObject::UpdateMapCodeCache(String* name, Code* code) {
   if (map()->is_shared()) {
     // Fast case maps are never marked as shared.
     ASSERT(!HasFastProperties());
     // Replace the map with an identical copy that can be safely modified.
-    Object* obj = map()->CopyNormalized(KEEP_INOBJECT_PROPERTIES,
-                                        UNIQUE_NORMALIZED_MAP);
-    if (obj->IsFailure()) return obj;
+    Object* obj;
+    { MaybeObject* maybe_obj = map()->CopyNormalized(KEEP_INOBJECT_PROPERTIES,
+                                                     UNIQUE_NORMALIZED_MAP);
+      if (!maybe_obj->ToObject(&obj)) return maybe_obj;
+    }
     Counters::normalized_maps.Increment();
 
     set_map(Map::cast(obj));
   }
   return map()->UpdateCodeCache(name, code);
 }
 
 
-Object* JSObject::NormalizeProperties(PropertyNormalizationMode mode,
-                                      int expected_additional_properties) {
+MaybeObject* JSObject::NormalizeProperties(PropertyNormalizationMode mode,
+                                           int expected_additional_properties) {
   if (!HasFastProperties()) return this;
 
   // The global object is always normalized.
   ASSERT(!IsGlobalObject());
 
   // Allocate new content.
   int property_count = map()->NumberOfDescribedProperties();
   if (expected_additional_properties > 0) {
     property_count += expected_additional_properties;
   } else {
     property_count += 2;  // Make space for two more properties.
   }
-  Object* obj =
-      StringDictionary::Allocate(property_count);
-  if (obj->IsFailure()) return obj;
+  Object* obj;
+  { MaybeObject* maybe_obj =
+        StringDictionary::Allocate(property_count);
+    if (!maybe_obj->ToObject(&obj)) return maybe_obj;
+  }
   StringDictionary* dictionary = StringDictionary::cast(obj);
 
   DescriptorArray* descs = map()->instance_descriptors();
   for (int i = 0; i < descs->number_of_descriptors(); i++) {
     PropertyDetails details = descs->GetDetails(i);
     switch (details.type()) {
       case CONSTANT_FUNCTION: {
         PropertyDetails d =
             PropertyDetails(details.attributes(), NORMAL, details.index());
         Object* value = descs->GetConstantFunction(i);
-        Object* result = dictionary->Add(descs->GetKey(i), value, d);
-        if (result->IsFailure()) return result;
+        Object* result;
+        { MaybeObject* maybe_result =
+              dictionary->Add(descs->GetKey(i), value, d);
+          if (!maybe_result->ToObject(&result)) return maybe_result;
+        }
         dictionary = StringDictionary::cast(result);
         break;
       }
       case FIELD: {
         PropertyDetails d =
             PropertyDetails(details.attributes(), NORMAL, details.index());
         Object* value = FastPropertyAt(descs->GetFieldIndex(i));
-        Object* result = dictionary->Add(descs->GetKey(i), value, d);
-        if (result->IsFailure()) return result;
+        Object* result;
+        { MaybeObject* maybe_result =
+              dictionary->Add(descs->GetKey(i), value, d);
+          if (!maybe_result->ToObject(&result)) return maybe_result;
+        }
         dictionary = StringDictionary::cast(result);
         break;
       }
       case CALLBACKS: {
         PropertyDetails d =
             PropertyDetails(details.attributes(), CALLBACKS, details.index());
         Object* value = descs->GetCallbacksObject(i);
-        Object* result = dictionary->Add(descs->GetKey(i), value, d);
-        if (result->IsFailure()) return result;
+        Object* result;
+        { MaybeObject* maybe_result =
+              dictionary->Add(descs->GetKey(i), value, d);
+          if (!maybe_result->ToObject(&result)) return maybe_result;
+        }
         dictionary = StringDictionary::cast(result);
         break;
       }
       case MAP_TRANSITION:
       case CONSTANT_TRANSITION:
       case NULL_DESCRIPTOR:
       case INTERCEPTOR:
         break;
       default:
         UNREACHABLE();
     }
   }
 
   // Copy the next enumeration index from instance descriptor.
   int index = map()->instance_descriptors()->NextEnumerationIndex();
   dictionary->SetNextEnumerationIndex(index);
 
-  obj = Top::context()->global_context()->
-      normalized_map_cache()->Get(this, mode);
-  if (obj->IsFailure()) return obj;
+  { MaybeObject* maybe_obj = Top::context()->global_context()->
+                normalized_map_cache()->Get(this, mode);
+    if (!maybe_obj->ToObject(&obj)) return maybe_obj;
+  }
   Map* new_map = Map::cast(obj);
 
   // We have now successfully allocated all the necessary objects.
   // Changes can now be made with the guarantee that all of them take effect.
 
   // Resize the object in the heap if necessary.
   int new_instance_size = new_map->instance_size();
   int instance_size_delta = map()->instance_size() - new_instance_size;
   ASSERT(instance_size_delta >= 0);
   Heap::CreateFillerObjectAt(this->address() + new_instance_size,
                              instance_size_delta);
 
   set_map(new_map);
 
   set_properties(dictionary);
 
   Counters::props_to_dictionary.Increment();
 
 #ifdef DEBUG
   if (FLAG_trace_normalization) {
     PrintF("Object properties have been normalized:\n");
     Print();
   }
 #endif
   return this;
 }
 
 
-Object* JSObject::TransformToFastProperties(int unused_property_fields) {
+MaybeObject* JSObject::TransformToFastProperties(int unused_property_fields) {
   if (HasFastProperties()) return this;
   ASSERT(!IsGlobalObject());
   return property_dictionary()->
       TransformPropertiesToFastFor(this, unused_property_fields);
 }
 
 
-Object* JSObject::NormalizeElements() {
+MaybeObject* JSObject::NormalizeElements() {
   ASSERT(!HasPixelElements() && !HasExternalArrayElements());
   if (HasDictionaryElements()) return this;
   ASSERT(map()->has_fast_elements());
 
-  Object* obj = map()->GetSlowElementsMap();
-  if (obj->IsFailure()) return obj;
+  Object* obj;
+  { MaybeObject* maybe_obj = map()->GetSlowElementsMap();
+    if (!maybe_obj->ToObject(&obj)) return maybe_obj;
+  }
   Map* new_map = Map::cast(obj);
 
   // Get number of entries.
   FixedArray* array = FixedArray::cast(elements());
 
   // Compute the effective length.
   int length = IsJSArray() ?
                Smi::cast(JSArray::cast(this)->length())->value() :
                array->length();
-  obj = NumberDictionary::Allocate(length);
-  if (obj->IsFailure()) return obj;
+  { MaybeObject* maybe_obj = NumberDictionary::Allocate(length);
+    if (!maybe_obj->ToObject(&obj)) return maybe_obj;
+  }
   NumberDictionary* dictionary = NumberDictionary::cast(obj);
   // Copy entries.
   for (int i = 0; i < length; i++) {
     Object* value = array->get(i);
     if (!value->IsTheHole()) {
       PropertyDetails details = PropertyDetails(NONE, NORMAL);
-      Object* result = dictionary->AddNumberEntry(i, array->get(i), details);
-      if (result->IsFailure()) return result;
+      Object* result;
+      { MaybeObject* maybe_result =
+            dictionary->AddNumberEntry(i, array->get(i), details);
+        if (!maybe_result->ToObject(&result)) return maybe_result;
+      }
       dictionary = NumberDictionary::cast(result);
     }
   }
   // Switch to using the dictionary as the backing storage for
   // elements. Set the new map first to satify the elements type
   // assert in set_elements().
   set_map(new_map);
   set_elements(dictionary);
 
   Counters::elements_to_dictionary.Increment();
 
 #ifdef DEBUG
   if (FLAG_trace_normalization) {
     PrintF("Object elements have been normalized:\n");
     Print();
   }
 #endif
 
   return this;
 }
 
 
-Object* JSObject::DeletePropertyPostInterceptor(String* name, DeleteMode mode) {
+MaybeObject* JSObject::DeletePropertyPostInterceptor(String* name,
+                                                     DeleteMode mode) {
   // Check local property, ignore interceptor.
   LookupResult result;
   LocalLookupRealNamedProperty(name, &result);
   if (!result.IsProperty()) return Heap::true_value();
 
   // Normalize object if needed.
-  Object* obj = NormalizeProperties(CLEAR_INOBJECT_PROPERTIES, 0);
-  if (obj->IsFailure()) return obj;
+  Object* obj;
+  { MaybeObject* maybe_obj = NormalizeProperties(CLEAR_INOBJECT_PROPERTIES, 0);
+    if (!maybe_obj->ToObject(&obj)) return maybe_obj;
+  }
 
   return DeleteNormalizedProperty(name, mode);
 }
 
 
-Object* JSObject::DeletePropertyWithInterceptor(String* name) {
+MaybeObject* JSObject::DeletePropertyWithInterceptor(String* name) {
   HandleScope scope;
   Handle<InterceptorInfo> interceptor(GetNamedInterceptor());
   Handle<String> name_handle(name);
   Handle<JSObject> this_handle(this);
   if (!interceptor->deleter()->IsUndefined()) {
     v8::NamedPropertyDeleter deleter =
         v8::ToCData<v8::NamedPropertyDeleter>(interceptor->deleter());
     LOG(ApiNamedPropertyAccess("interceptor-named-delete", *this_handle, name));
     CustomArguments args(interceptor->data(), this, this);
     v8::AccessorInfo info(args.end());
     v8::Handle<v8::Boolean> result;
     {
       // Leaving JavaScript.
       VMState state(EXTERNAL);
       result = deleter(v8::Utils::ToLocal(name_handle), info);
     }
     RETURN_IF_SCHEDULED_EXCEPTION();
     if (!result.IsEmpty()) {
       ASSERT(result->IsBoolean());
       return *v8::Utils::OpenHandle(*result);
     }
   }
-  Object* raw_result =
+  MaybeObject* raw_result =
       this_handle->DeletePropertyPostInterceptor(*name_handle, NORMAL_DELETION);
   RETURN_IF_SCHEDULED_EXCEPTION();
   return raw_result;
 }
 
 
-Object* JSObject::DeleteElementPostInterceptor(uint32_t index,
-                                               DeleteMode mode) {
+MaybeObject* JSObject::DeleteElementPostInterceptor(uint32_t index,
+                                                    DeleteMode mode) {
   ASSERT(!HasPixelElements() && !HasExternalArrayElements());
   switch (GetElementsKind()) {
     case FAST_ELEMENTS: {
-      Object* obj = EnsureWritableFastElements();
-      if (obj->IsFailure()) return obj;
+      Object* obj;
+      { MaybeObject* maybe_obj = EnsureWritableFastElements();
+        if (!maybe_obj->ToObject(&obj)) return maybe_obj;
+      }
       uint32_t length = IsJSArray() ?
       static_cast<uint32_t>(Smi::cast(JSArray::cast(this)->length())->value()) :
       static_cast<uint32_t>(FixedArray::cast(elements())->length());
       if (index < length) {
         FixedArray::cast(elements())->set_the_hole(index);
       }
       break;
     }
     case DICTIONARY_ELEMENTS: {
       NumberDictionary* dictionary = element_dictionary();
       int entry = dictionary->FindEntry(index);
       if (entry != NumberDictionary::kNotFound) {
         return dictionary->DeleteProperty(entry, mode);
       }
       break;
     }
     default:
       UNREACHABLE();
       break;
   }
   return Heap::true_value();
 }
 
 
-Object* JSObject::DeleteElementWithInterceptor(uint32_t index) {
+MaybeObject* JSObject::DeleteElementWithInterceptor(uint32_t index) {
   // Make sure that the top context does not change when doing
   // callbacks or interceptor calls.
   AssertNoContextChange ncc;
   HandleScope scope;
   Handle<InterceptorInfo> interceptor(GetIndexedInterceptor());
   if (interceptor->deleter()->IsUndefined()) return Heap::false_value();
   v8::IndexedPropertyDeleter deleter =
       v8::ToCData<v8::IndexedPropertyDeleter>(interceptor->deleter());
   Handle<JSObject> this_handle(this);
   LOG(ApiIndexedPropertyAccess("interceptor-indexed-delete", this, index));
   CustomArguments args(interceptor->data(), this, this);
   v8::AccessorInfo info(args.end());
   v8::Handle<v8::Boolean> result;
   {
     // Leaving JavaScript.
     VMState state(EXTERNAL);
     result = deleter(index, info);
   }
   RETURN_IF_SCHEDULED_EXCEPTION();
   if (!result.IsEmpty()) {
     ASSERT(result->IsBoolean());
     return *v8::Utils::OpenHandle(*result);
   }
-  Object* raw_result =
+  MaybeObject* raw_result =
       this_handle->DeleteElementPostInterceptor(index, NORMAL_DELETION);
   RETURN_IF_SCHEDULED_EXCEPTION();
   return raw_result;
 }
 
 
-Object* JSObject::DeleteElement(uint32_t index, DeleteMode mode) {
+MaybeObject* JSObject::DeleteElement(uint32_t index, DeleteMode mode) {
   // Check access rights if needed.
   if (IsAccessCheckNeeded() &&
       !Top::MayIndexedAccess(this, index, v8::ACCESS_DELETE)) {
     Top::ReportFailedAccessCheck(this, v8::ACCESS_DELETE);
     return Heap::false_value();
   }
 
   if (IsJSGlobalProxy()) {
     Object* proto = GetPrototype();
     if (proto->IsNull()) return Heap::false_value();
     ASSERT(proto->IsJSGlobalObject());
     return JSGlobalObject::cast(proto)->DeleteElement(index, mode);
   }
 
   if (HasIndexedInterceptor()) {
     // Skip interceptor if forcing deletion.
     if (mode == FORCE_DELETION) {
       return DeleteElementPostInterceptor(index, mode);
     }
     return DeleteElementWithInterceptor(index);
   }
 
   switch (GetElementsKind()) {
     case FAST_ELEMENTS: {
-      Object* obj = EnsureWritableFastElements();
-      if (obj->IsFailure()) return obj;
+      Object* obj;
+      { MaybeObject* maybe_obj = EnsureWritableFastElements();
+        if (!maybe_obj->ToObject(&obj)) return maybe_obj;
+      }
       uint32_t length = IsJSArray() ?
       static_cast<uint32_t>(Smi::cast(JSArray::cast(this)->length())->value()) :
       static_cast<uint32_t>(FixedArray::cast(elements())->length());
       if (index < length) {
         FixedArray::cast(elements())->set_the_hole(index);
       }
       break;
     }
     case PIXEL_ELEMENTS:
     case EXTERNAL_BYTE_ELEMENTS:
@@ skipping 15 matching lines @@
       break;
     }
     default:
       UNREACHABLE();
       break;
   }
   return Heap::true_value();
 }
 
 
-Object* JSObject::DeleteProperty(String* name, DeleteMode mode) {
+MaybeObject* JSObject::DeleteProperty(String* name, DeleteMode mode) {
   // ECMA-262, 3rd, 8.6.2.5
   ASSERT(name->IsString());
 
   // Check access rights if needed.
   if (IsAccessCheckNeeded() &&
       !Top::MayNamedAccess(this, name, v8::ACCESS_DELETE)) {
     Top::ReportFailedAccessCheck(this, v8::ACCESS_DELETE);
     return Heap::false_value();
   }
 
@@ skipping 17 matching lines @@
     }
     // Check for interceptor.
     if (result.type() == INTERCEPTOR) {
       // Skip interceptor if forcing a deletion.
       if (mode == FORCE_DELETION) {
         return DeletePropertyPostInterceptor(name, mode);
       }
       return DeletePropertyWithInterceptor(name);
     }
     // Normalize object if needed.
-    Object* obj = NormalizeProperties(CLEAR_INOBJECT_PROPERTIES, 0);
-    if (obj->IsFailure()) return obj;
+    Object* obj;
+    { MaybeObject* maybe_obj =
+          NormalizeProperties(CLEAR_INOBJECT_PROPERTIES, 0);
+      if (!maybe_obj->ToObject(&obj)) return maybe_obj;
+    }
     // Make sure the properties are normalized before removing the entry.
     return DeleteNormalizedProperty(name, mode);
   }
 }
 
 
 // Check whether this object references another object.
 bool JSObject::ReferencesObject(Object* obj) {
   AssertNoAllocation no_alloc;
 
@@ skipping 85 matching lines @@
     if (context->has_extension()) {
       return context->extension()->ReferencesObject(obj);
     }
   }
 
   // No references to object.
   return false;
 }
 
 
-Object* JSObject::PreventExtensions() {
+MaybeObject* JSObject::PreventExtensions() {
   // If there are fast elements we normalize.
   if (HasFastElements()) {
-    Object* ok = NormalizeElements();
-    if (ok->IsFailure()) return ok;
+    Object* ok;
+    { MaybeObject* maybe_ok = NormalizeElements();
+      if (!maybe_ok->ToObject(&ok)) return maybe_ok;
+    }
   }
   // Make sure that we never go back to fast case.
   element_dictionary()->set_requires_slow_elements();
 
   // Do a map transition, other objects with this map may still
   // be extensible.
-  Object* new_map = map()->CopyDropTransitions();
-  if (new_map->IsFailure()) return new_map;
+  Object* new_map;
+  { MaybeObject* maybe_new_map = map()->CopyDropTransitions();
+    if (!maybe_new_map->ToObject(&new_map)) return maybe_new_map;
+  }
   Map::cast(new_map)->set_is_extensible(false);
   set_map(Map::cast(new_map));
   ASSERT(!map()->is_extensible());
   return new_map;
 }
 
 
 // Tests for the fast common case for property enumeration:
 // - This object and all prototypes has an enum cache (which means that it has
 //   no interceptors and needs no access checks).
@@ skipping 113 matching lines @@
   for (Object* current = this;
        current != Heap::null_value();
        current = JSObject::cast(current)->GetPrototype()) {
     JSObject::cast(current)->LocalLookupRealNamedProperty(name, result);
     if (result->IsProperty() && result->type() == CALLBACKS) return;
   }
   result->NotFound();
 }
 
 
-Object* JSObject::DefineGetterSetter(String* name,
-                                     PropertyAttributes attributes) {
+MaybeObject* JSObject::DefineGetterSetter(String* name,
+                                          PropertyAttributes attributes) {
   // Make sure that the top context does not change when doing callbacks or
   // interceptor calls.
   AssertNoContextChange ncc;
 
   // Try to flatten before operating on the string.
   name->TryFlatten();
 
   if (!CanSetCallback(name)) {
     return Heap::undefined_value();
   }
@@ skipping 49 matching lines @@
         // Need to preserve old getters/setters.
         if (obj->IsFixedArray()) {
           // Use set to update attributes.
           return SetPropertyCallback(name, obj, attributes);
         }
       }
     }
   }
 
   // Allocate the fixed array to hold getter and setter.
-  Object* structure = Heap::AllocateFixedArray(2, TENURED);
-  if (structure->IsFailure()) return structure;
+  Object* structure;
+  { MaybeObject* maybe_structure = Heap::AllocateFixedArray(2, TENURED);
+    if (!maybe_structure->ToObject(&structure)) return maybe_structure;
+  }
 
   if (is_element) {
     return SetElementCallback(index, structure, attributes);
   } else {
     return SetPropertyCallback(name, structure, attributes);
   }
 }
 
 
 bool JSObject::CanSetCallback(String* name) {
@@ skipping 13 matching lines @@
     if (obj->IsAccessorInfo() &&
         AccessorInfo::cast(obj)->prohibits_overwriting()) {
       return false;
     }
   }
 
   return true;
 }
 
 
-Object* JSObject::SetElementCallback(uint32_t index,
-                                     Object* structure,
-                                     PropertyAttributes attributes) {
+MaybeObject* JSObject::SetElementCallback(uint32_t index,
+                                          Object* structure,
+                                          PropertyAttributes attributes) {
   PropertyDetails details = PropertyDetails(attributes, CALLBACKS);
 
   // Normalize elements to make this operation simple.
-  Object* ok = NormalizeElements();
-  if (ok->IsFailure()) return ok;
+  Object* ok;
+  { MaybeObject* maybe_ok = NormalizeElements();
+    if (!maybe_ok->ToObject(&ok)) return maybe_ok;
+  }
 
   // Update the dictionary with the new CALLBACKS property.
-  Object* dict =
-      element_dictionary()->Set(index, structure, details);
-  if (dict->IsFailure()) return dict;
+  Object* dict;
+  { MaybeObject* maybe_dict =
+        element_dictionary()->Set(index, structure, details);
+    if (!maybe_dict->ToObject(&dict)) return maybe_dict;
+  }
 
   NumberDictionary* elements = NumberDictionary::cast(dict);
   elements->set_requires_slow_elements();
   // Set the potential new dictionary on the object.
   set_elements(elements);
 
   return structure;
 }
 
 
-Object* JSObject::SetPropertyCallback(String* name,
-                                      Object* structure,
-                                      PropertyAttributes attributes) {
+MaybeObject* JSObject::SetPropertyCallback(String* name,
+                                           Object* structure,
+                                           PropertyAttributes attributes) {
   PropertyDetails details = PropertyDetails(attributes, CALLBACKS);
 
   bool convert_back_to_fast = HasFastProperties() &&
       (map()->instance_descriptors()->number_of_descriptors()
           < DescriptorArray::kMaxNumberOfDescriptors);
 
   // Normalize object to make this operation simple.
-  Object* ok = NormalizeProperties(CLEAR_INOBJECT_PROPERTIES, 0);
-  if (ok->IsFailure()) return ok;
+  Object* ok;
+  { MaybeObject* maybe_ok = NormalizeProperties(CLEAR_INOBJECT_PROPERTIES, 0);
+    if (!maybe_ok->ToObject(&ok)) return maybe_ok;
+  }
 
   // For the global object allocate a new map to invalidate the global inline
   // caches which have a global property cell reference directly in the code.
   if (IsGlobalObject()) {
-    Object* new_map = map()->CopyDropDescriptors();
-    if (new_map->IsFailure()) return new_map;
+    Object* new_map;
+    { MaybeObject* maybe_new_map = map()->CopyDropDescriptors();
+      if (!maybe_new_map->ToObject(&new_map)) return maybe_new_map;
+    }
     set_map(Map::cast(new_map));
   }
 
   // Update the dictionary with the new CALLBACKS property.
-  Object* result = SetNormalizedProperty(name, structure, details);
-  if (result->IsFailure()) return result;
+  Object* result;
+  { MaybeObject* maybe_result = SetNormalizedProperty(name, structure, details);
+    if (!maybe_result->ToObject(&result)) return maybe_result;
+  }
 
   if (convert_back_to_fast) {
-    ok = TransformToFastProperties(0);
-    if (ok->IsFailure()) return ok;
+    { MaybeObject* maybe_ok = TransformToFastProperties(0);
+      if (!maybe_ok->ToObject(&ok)) return maybe_ok;
+    }
   }
   return result;
 }
 
-Object* JSObject::DefineAccessor(String* name, bool is_getter, JSFunction* fun,
-                                 PropertyAttributes attributes) {
+MaybeObject* JSObject::DefineAccessor(String* name,
+                                      bool is_getter,
+                                      JSFunction* fun,
+                                      PropertyAttributes attributes) {
   // Check access rights if needed.
   if (IsAccessCheckNeeded() &&
       !Top::MayNamedAccess(this, name, v8::ACCESS_SET)) {
     Top::ReportFailedAccessCheck(this, v8::ACCESS_SET);
     return Heap::undefined_value();
   }
 
   if (IsJSGlobalProxy()) {
     Object* proto = GetPrototype();
     if (proto->IsNull()) return this;
     ASSERT(proto->IsJSGlobalObject());
     return JSObject::cast(proto)->DefineAccessor(name, is_getter,
                                                  fun, attributes);
   }
 
-  Object* array = DefineGetterSetter(name, attributes);
-  if (array->IsFailure() || array->IsUndefined()) return array;
+  Object* array;
+  { MaybeObject* maybe_array = DefineGetterSetter(name, attributes);
+    if (!maybe_array->ToObject(&array)) return maybe_array;
+  }
+  if (array->IsUndefined()) return array;
   FixedArray::cast(array)->set(is_getter ? 0 : 1, fun);
   return this;
 }
 
 
-Object* JSObject::DefineAccessor(AccessorInfo* info) {
+MaybeObject* JSObject::DefineAccessor(AccessorInfo* info) {
   String* name = String::cast(info->name());
   // Check access rights if needed.
   if (IsAccessCheckNeeded() &&
       !Top::MayNamedAccess(this, name, v8::ACCESS_SET)) {
     Top::ReportFailedAccessCheck(this, v8::ACCESS_SET);
     return Heap::undefined_value();
   }
 
   if (IsJSGlobalProxy()) {
     Object* proto = GetPrototype();
@@ skipping 34 matching lines @@
         // Ignore getters and setters on pixel and external array
         // elements.
         return Heap::undefined_value();
       case DICTIONARY_ELEMENTS:
         break;
       default:
         UNREACHABLE();
         break;
     }
 
-    Object* ok = SetElementCallback(index, info, info->property_attributes());
-    if (ok->IsFailure()) return ok;
+    Object* ok;
+    { MaybeObject* maybe_ok =
+          SetElementCallback(index, info, info->property_attributes());
+      if (!maybe_ok->ToObject(&ok)) return maybe_ok;
+    }
   } else {
     // Lookup the name.
     LookupResult result;
     LocalLookup(name, &result);
     // ES5 forbids turning a property into an accessor if it's not
     // configurable (that is IsDontDelete in ES3 and v8), see 8.6.1 (Table 5).
     if (result.IsProperty() && (result.IsReadOnly() || result.IsDontDelete())) {
       return Heap::undefined_value();
     }
-    Object* ok = SetPropertyCallback(name, info, info->property_attributes());
-    if (ok->IsFailure()) return ok;
+    Object* ok;
+    { MaybeObject* maybe_ok =
+          SetPropertyCallback(name, info, info->property_attributes());
+      if (!maybe_ok->ToObject(&ok)) return maybe_ok;
+    }
   }
 
   return this;
 }
 
 
 Object* JSObject::LookupAccessor(String* name, bool is_getter) {
   // Make sure that the top context does not change when doing callbacks or
   // interceptor calls.
   AssertNoContextChange ncc;
@@ skipping 62 matching lines @@
         }
       }
     }
     return Heap::undefined_value();
   } else {
     return property_dictionary()->SlowReverseLookup(value);
   }
 }
 
 
-Object* Map::CopyDropDescriptors() {
-  Object* result = Heap::AllocateMap(instance_type(), instance_size());
-  if (result->IsFailure()) return result;
+MaybeObject* Map::CopyDropDescriptors() {
+  Object* result;
+  { MaybeObject* maybe_result =
+        Heap::AllocateMap(instance_type(), instance_size());
+    if (!maybe_result->ToObject(&result)) return maybe_result;
+  }
   Map::cast(result)->set_prototype(prototype());
   Map::cast(result)->set_constructor(constructor());
   // Don't copy descriptors, so map transitions always remain a forest.
   // If we retained the same descriptors we would have two maps
   // pointing to the same transition which is bad because the garbage
   // collector relies on being able to reverse pointers from transitions
   // to maps.  If properties need to be retained use CopyDropTransitions.
   Map::cast(result)->set_instance_descriptors(Heap::empty_descriptor_array());
   // Please note instance_type and instance_size are set when allocated.
   Map::cast(result)->set_inobject_properties(inobject_properties());
   Map::cast(result)->set_unused_property_fields(unused_property_fields());
 
   // If the map has pre-allocated properties always start out with a descriptor
   // array describing these properties.
   if (pre_allocated_property_fields() > 0) {
     ASSERT(constructor()->IsJSFunction());
     JSFunction* ctor = JSFunction::cast(constructor());
-    Object* descriptors =
-        ctor->initial_map()->instance_descriptors()->RemoveTransitions();
-    if (descriptors->IsFailure()) return descriptors;
+    Object* descriptors;
+    { MaybeObject* maybe_descriptors =
+          ctor->initial_map()->instance_descriptors()->RemoveTransitions();
+      if (!maybe_descriptors->ToObject(&descriptors)) return maybe_descriptors;
+    }
     Map::cast(result)->set_instance_descriptors(
         DescriptorArray::cast(descriptors));
     Map::cast(result)->set_pre_allocated_property_fields(
         pre_allocated_property_fields());
   }
   Map::cast(result)->set_bit_field(bit_field());
   Map::cast(result)->set_bit_field2(bit_field2());
   Map::cast(result)->set_is_shared(false);
   Map::cast(result)->ClearCodeCache();
   return result;
 }
 
 
-Object* Map::CopyNormalized(PropertyNormalizationMode mode,
-                            NormalizedMapSharingMode sharing) {
+MaybeObject* Map::CopyNormalized(PropertyNormalizationMode mode,
+                                 NormalizedMapSharingMode sharing) {
   int new_instance_size = instance_size();
   if (mode == CLEAR_INOBJECT_PROPERTIES) {
     new_instance_size -= inobject_properties() * kPointerSize;
   }
 
-  Object* result = Heap::AllocateMap(instance_type(), new_instance_size);
-  if (result->IsFailure()) return result;
+  Object* result;
+  { MaybeObject* maybe_result =
+        Heap::AllocateMap(instance_type(), new_instance_size);
+    if (!maybe_result->ToObject(&result)) return maybe_result;
+  }
 
   if (mode != CLEAR_INOBJECT_PROPERTIES) {
     Map::cast(result)->set_inobject_properties(inobject_properties());
   }
 
   Map::cast(result)->set_prototype(prototype());
   Map::cast(result)->set_constructor(constructor());
 
   Map::cast(result)->set_bit_field(bit_field());
   Map::cast(result)->set_bit_field2(bit_field2());
 
   Map::cast(result)->set_is_shared(sharing == SHARED_NORMALIZED_MAP);
 
 #ifdef DEBUG
   if (Map::cast(result)->is_shared()) {
     Map::cast(result)->SharedMapVerify();
   }
 #endif
 
   return result;
 }
 
 
-Object* Map::CopyDropTransitions() {
-  Object* new_map = CopyDropDescriptors();
-  if (new_map->IsFailure()) return new_map;
-  Object* descriptors = instance_descriptors()->RemoveTransitions();
-  if (descriptors->IsFailure()) return descriptors;
+MaybeObject* Map::CopyDropTransitions() {
+  Object* new_map;
+  { MaybeObject* maybe_new_map = CopyDropDescriptors();
+    if (!maybe_new_map->ToObject(&new_map)) return maybe_new_map;
+  }
+  Object* descriptors;
+  { MaybeObject* maybe_descriptors =
+        instance_descriptors()->RemoveTransitions();
+    if (!maybe_descriptors->ToObject(&descriptors)) return maybe_descriptors;
+  }
   cast(new_map)->set_instance_descriptors(DescriptorArray::cast(descriptors));
   return new_map;
 }
 
 
-Object* Map::UpdateCodeCache(String* name, Code* code) {
+MaybeObject* Map::UpdateCodeCache(String* name, Code* code) {
   // Allocate the code cache if not present.
   if (code_cache()->IsFixedArray()) {
-    Object* result = Heap::AllocateCodeCache();
-    if (result->IsFailure()) return result;
+    Object* result;
+    { MaybeObject* maybe_result = Heap::AllocateCodeCache();
+      if (!maybe_result->ToObject(&result)) return maybe_result;
+    }
     set_code_cache(result);
   }
 
   // Update the code cache.
   return CodeCache::cast(code_cache())->Update(name, code);
 }
 
 
 Object* Map::FindInCodeCache(String* name, Code::Flags flags) {
   // Do a lookup if a code cache exists.
@@ skipping 56 matching lines @@
     if (!map_done) continue;
     *map_or_index_field = Heap::fixed_array_map();
     Map* prev = current->map();
     current->set_map(Heap::meta_map());
     callback(current, data);
     current = prev;
   }
 }
 
 
-Object* CodeCache::Update(String* name, Code* code) {
+MaybeObject* CodeCache::Update(String* name, Code* code) {
   ASSERT(code->ic_state() == MONOMORPHIC);
 
   // The number of monomorphic stubs for normal load/store/call IC's can grow to
   // a large number and therefore they need to go into a hash table. They are
   // used to load global properties from cells.
   if (code->type() == NORMAL) {
     // Make sure that a hash table is allocated for the normal load code cache.
     if (normal_type_cache()->IsUndefined()) {
-      Object* result =
-          CodeCacheHashTable::Allocate(CodeCacheHashTable::kInitialSize);
-      if (result->IsFailure()) return result;
+      Object* result;
+      { MaybeObject* maybe_result =
+            CodeCacheHashTable::Allocate(CodeCacheHashTable::kInitialSize);
+        if (!maybe_result->ToObject(&result)) return maybe_result;
+      }
       set_normal_type_cache(result);
     }
     return UpdateNormalTypeCache(name, code);
   } else {
     ASSERT(default_cache()->IsFixedArray());
     return UpdateDefaultCache(name, code);
   }
 }
 
 
-Object* CodeCache::UpdateDefaultCache(String* name, Code* code) {
+MaybeObject* CodeCache::UpdateDefaultCache(String* name, Code* code) {
   // When updating the default code cache we disregard the type encoded in the
   // flags. This allows call constant stubs to overwrite call field
   // stubs, etc.
   Code::Flags flags = Code::RemoveTypeFromFlags(code->flags());
 
   // First check whether we can update existing code cache without
   // extending it.
   FixedArray* cache = default_cache();
   int length = cache->length();
   int deleted_index = -1;
@@ skipping 25 matching lines @@
     cache->set(deleted_index + kCodeCacheEntryNameOffset, name);
     cache->set(deleted_index + kCodeCacheEntryCodeOffset, code);
     return this;
   }
 
   // Extend the code cache with some new entries (at least one). Must be a
   // multiple of the entry size.
   int new_length = length + ((length >> 1)) + kCodeCacheEntrySize;
   new_length = new_length - new_length % kCodeCacheEntrySize;
   ASSERT((new_length % kCodeCacheEntrySize) == 0);
-  Object* result = cache->CopySize(new_length);
-  if (result->IsFailure()) return result;
+  Object* result;
+  { MaybeObject* maybe_result = cache->CopySize(new_length);
+    if (!maybe_result->ToObject(&result)) return maybe_result;
+  }
 
   // Add the (name, code) pair to the new cache.
   cache = FixedArray::cast(result);
   cache->set(length + kCodeCacheEntryNameOffset, name);
   cache->set(length + kCodeCacheEntryCodeOffset, code);
   set_default_cache(cache);
   return this;
 }
 
 
-Object* CodeCache::UpdateNormalTypeCache(String* name, Code* code) {
+MaybeObject* CodeCache::UpdateNormalTypeCache(String* name, Code* code) {
   // Adding a new entry can cause a new cache to be allocated.
   CodeCacheHashTable* cache = CodeCacheHashTable::cast(normal_type_cache());
-  Object* new_cache = cache->Put(name, code);
-  if (new_cache->IsFailure()) return new_cache;
+  Object* new_cache;
+  { MaybeObject* maybe_new_cache = cache->Put(name, code);
+    if (!maybe_new_cache->ToObject(&new_cache)) return maybe_new_cache;
+  }
   set_normal_type_cache(new_cache);
   return this;
 }
 
 
 Object* CodeCache::Lookup(String* name, Code::Flags flags) {
   if (Code::ExtractTypeFromFlags(flags) == NORMAL) {
     return LookupNormalTypeCache(name, flags);
   } else {
     return LookupDefaultCache(name, flags);
@@ skipping 97 matching lines @@
 
   uint32_t Hash() { return NameFlagsHashHelper(name_, flags_); }
 
   uint32_t HashForObject(Object* obj) {
     FixedArray* pair = FixedArray::cast(obj);
     String* name = String::cast(pair->get(0));
     Code* code = Code::cast(pair->get(1));
     return NameFlagsHashHelper(name, code->flags());
   }
 
-  Object* AsObject() {
+  MUST_USE_RESULT MaybeObject* AsObject() {
     ASSERT(code_ != NULL);
-    Object* obj = Heap::AllocateFixedArray(2);
-    if (obj->IsFailure()) return obj;
+    Object* obj;
+    { MaybeObject* maybe_obj = Heap::AllocateFixedArray(2);
+      if (!maybe_obj->ToObject(&obj)) return maybe_obj;
+    }
     FixedArray* pair = FixedArray::cast(obj);
     pair->set(0, name_);
     pair->set(1, code_);
     return pair;
   }
 
  private:
   String* name_;
   Code::Flags flags_;
   Code* code_;
 };
 
 
 Object* CodeCacheHashTable::Lookup(String* name, Code::Flags flags) {
   CodeCacheHashTableKey key(name, flags);
   int entry = FindEntry(&key);
   if (entry == kNotFound) return Heap::undefined_value();
   return get(EntryToIndex(entry) + 1);
 }
 
 
-Object* CodeCacheHashTable::Put(String* name, Code* code) {
+MaybeObject* CodeCacheHashTable::Put(String* name, Code* code) {
   CodeCacheHashTableKey key(name, code);
-  Object* obj = EnsureCapacity(1, &key);
-  if (obj->IsFailure()) return obj;
+  Object* obj;
+  { MaybeObject* maybe_obj = EnsureCapacity(1, &key);
+    if (!maybe_obj->ToObject(&obj)) return maybe_obj;
+  }
 
   // Don't use this, as the table might have grown.
   CodeCacheHashTable* cache = reinterpret_cast<CodeCacheHashTable*>(obj);
 
   int entry = cache->FindInsertionEntry(key.Hash());
-  Object* k = key.AsObject();
-  if (k->IsFailure()) return k;
+  Object* k;
+  { MaybeObject* maybe_k = key.AsObject();
+    if (!maybe_k->ToObject(&k)) return maybe_k;
+  }
 
   cache->set(EntryToIndex(entry), k);
   cache->set(EntryToIndex(entry) + 1, code);
   cache->ElementAdded();
   return cache;
 }
 
 
 int CodeCacheHashTable::GetIndex(String* name, Code::Flags flags) {
   CodeCacheHashTableKey key(name, flags);
@@ skipping 17 matching lines @@
     if (element->IsSmi() && key->IsSmi() && (element == key)) return true;
     if (element->IsString() &&
         key->IsString() && String::cast(element)->Equals(String::cast(key))) {
       return true;
     }
   }
   return false;
 }
 
 
-Object* FixedArray::AddKeysFromJSArray(JSArray* array) {
+MaybeObject* FixedArray::AddKeysFromJSArray(JSArray* array) {
   ASSERT(!array->HasPixelElements() && !array->HasExternalArrayElements());
   switch (array->GetElementsKind()) {
     case JSObject::FAST_ELEMENTS:
       return UnionOfKeys(FixedArray::cast(array->elements()));
     case JSObject::DICTIONARY_ELEMENTS: {
       NumberDictionary* dict = array->element_dictionary();
       int size = dict->NumberOfElements();
 
       // Allocate a temporary fixed array.
-      Object* object = Heap::AllocateFixedArray(size);
-      if (object->IsFailure()) return object;
+      Object* object;
+      { MaybeObject* maybe_object = Heap::AllocateFixedArray(size);
+        if (!maybe_object->ToObject(&object)) return maybe_object;
+      }
       FixedArray* key_array = FixedArray::cast(object);
 
       int capacity = dict->Capacity();
       int pos = 0;
       // Copy the elements from the JSArray to the temporary fixed array.
       for (int i = 0; i < capacity; i++) {
         if (dict->IsKey(dict->KeyAt(i))) {
           key_array->set(pos++, dict->ValueAt(i));
         }
       }
       // Compute the union of this and the temporary fixed array.
       return UnionOfKeys(key_array);
     }
     default:
       UNREACHABLE();
   }
   UNREACHABLE();
   return Heap::null_value();  // Failure case needs to "return" a value.
 }
 
 
-Object* FixedArray::UnionOfKeys(FixedArray* other) {
+MaybeObject* FixedArray::UnionOfKeys(FixedArray* other) {
   int len0 = length();
 #ifdef DEBUG
   if (FLAG_enable_slow_asserts) {
     for (int i = 0; i < len0; i++) {
       ASSERT(get(i)->IsString() || get(i)->IsNumber());
     }
   }
 #endif
   int len1 = other->length();
   // Optimize if 'other' is empty.
   // We cannot optimize if 'this' is empty, as other may have holes
   // or non keys.
   if (len1 == 0) return this;
 
   // Compute how many elements are not in this.
   int extra = 0;
   for (int y = 0; y < len1; y++) {
     Object* value = other->get(y);
     if (!value->IsTheHole() && !HasKey(this, value)) extra++;
   }
 
   if (extra == 0) return this;
 
   // Allocate the result
-  Object* obj = Heap::AllocateFixedArray(len0 + extra);
-  if (obj->IsFailure()) return obj;
+  Object* obj;
+  { MaybeObject* maybe_obj = Heap::AllocateFixedArray(len0 + extra);
+    if (!maybe_obj->ToObject(&obj)) return maybe_obj;
+  }
   // Fill in the content
   AssertNoAllocation no_gc;
   FixedArray* result = FixedArray::cast(obj);
   WriteBarrierMode mode = result->GetWriteBarrierMode(no_gc);
   for (int i = 0; i < len0; i++) {
     Object* e = get(i);
     ASSERT(e->IsString() || e->IsNumber());
     result->set(i, e, mode);
   }
   // Fill in the extra keys.
   int index = 0;
   for (int y = 0; y < len1; y++) {
     Object* value = other->get(y);
     if (!value->IsTheHole() && !HasKey(this, value)) {
       Object* e = other->get(y);
       ASSERT(e->IsString() || e->IsNumber());
       result->set(len0 + index, e, mode);
       index++;
     }
   }
   ASSERT(extra == index);
   return result;
 }
 
 
-Object* FixedArray::CopySize(int new_length) {
+MaybeObject* FixedArray::CopySize(int new_length) {
   if (new_length == 0) return Heap::empty_fixed_array();
-  Object* obj = Heap::AllocateFixedArray(new_length);
-  if (obj->IsFailure()) return obj;
+  Object* obj;
+  { MaybeObject* maybe_obj = Heap::AllocateFixedArray(new_length);
+    if (!maybe_obj->ToObject(&obj)) return maybe_obj;
+  }
   FixedArray* result = FixedArray::cast(obj);
   // Copy the content
   AssertNoAllocation no_gc;
   int len = length();
   if (new_length < len) len = new_length;
   result->set_map(map());
   WriteBarrierMode mode = result->GetWriteBarrierMode(no_gc);
   for (int i = 0; i < len; i++) {
     result->set(i, get(i), mode);
   }
@@ skipping 14 matching lines @@
 bool FixedArray::IsEqualTo(FixedArray* other) {
   if (length() != other->length()) return false;
   for (int i = 0 ; i < length(); ++i) {
     if (get(i) != other->get(i)) return false;
   }
   return true;
 }
 #endif
 
 
-Object* DescriptorArray::Allocate(int number_of_descriptors) {
+MaybeObject* DescriptorArray::Allocate(int number_of_descriptors) {
   if (number_of_descriptors == 0) {
     return Heap::empty_descriptor_array();
   }
   // Allocate the array of keys.
-  Object* array =
-      Heap::AllocateFixedArray(ToKeyIndex(number_of_descriptors));
-  if (array->IsFailure()) return array;
+  Object* array;
+  { MaybeObject* maybe_array =
+        Heap::AllocateFixedArray(ToKeyIndex(number_of_descriptors));
+    if (!maybe_array->ToObject(&array)) return maybe_array;
+  }
   // Do not use DescriptorArray::cast on incomplete object.
   FixedArray* result = FixedArray::cast(array);
 
   // Allocate the content array and set it in the descriptor array.
-  array = Heap::AllocateFixedArray(number_of_descriptors << 1);
-  if (array->IsFailure()) return array;
+  { MaybeObject* maybe_array =
+        Heap::AllocateFixedArray(number_of_descriptors << 1);
+    if (!maybe_array->ToObject(&array)) return maybe_array;
+  }
   result->set(kContentArrayIndex, array);
   result->set(kEnumerationIndexIndex,
               Smi::FromInt(PropertyDetails::kInitialIndex));
   return result;
 }
 
 
 void DescriptorArray::SetEnumCache(FixedArray* bridge_storage,
                                    FixedArray* new_cache) {
   ASSERT(bridge_storage->length() >= kEnumCacheBridgeLength);
   if (HasEnumCache()) {
     FixedArray::cast(get(kEnumerationIndexIndex))->
       set(kEnumCacheBridgeCacheIndex, new_cache);
   } else {
     if (IsEmpty()) return;  // Do nothing for empty descriptor array.
     FixedArray::cast(bridge_storage)->
       set(kEnumCacheBridgeCacheIndex, new_cache);
     fast_set(FixedArray::cast(bridge_storage),
              kEnumCacheBridgeEnumIndex,
              get(kEnumerationIndexIndex));
     set(kEnumerationIndexIndex, bridge_storage);
   }
 }
 
 
-Object* DescriptorArray::CopyInsert(Descriptor* descriptor,
-                                    TransitionFlag transition_flag) {
+MaybeObject* DescriptorArray::CopyInsert(Descriptor* descriptor,
+                                         TransitionFlag transition_flag) {
   // Transitions are only kept when inserting another transition.
   // This precondition is not required by this function's implementation, but
   // is currently required by the semantics of maps, so we check it.
   // Conversely, we filter after replacing, so replacing a transition and
   // removing all other transitions is not supported.
   bool remove_transitions = transition_flag == REMOVE_TRANSITIONS;
   ASSERT(remove_transitions == !descriptor->GetDetails().IsTransition());
   ASSERT(descriptor->GetDetails().type() != NULL_DESCRIPTOR);
 
   // Ensure the key is a symbol.
-  Object* result = descriptor->KeyToSymbol();
-  if (result->IsFailure()) return result;
+  Object* result;
+  { MaybeObject* maybe_result = descriptor->KeyToSymbol();
+    if (!maybe_result->ToObject(&result)) return maybe_result;
+  }
 
   int transitions = 0;
   int null_descriptors = 0;
   if (remove_transitions) {
     for (int i = 0; i < number_of_descriptors(); i++) {
       if (IsTransition(i)) transitions++;
       if (IsNullDescriptor(i)) null_descriptors++;
     }
   } else {
     for (int i = 0; i < number_of_descriptors(); i++) {
@@ skipping 19 matching lines @@
         t == FIELD ||
         t == CALLBACKS ||
         t == INTERCEPTOR) {
       keep_enumeration_index = true;
     } else if (remove_transitions) {
      // Replaced descriptor has been counted as removed if it is
      // a transition that will be replaced.  Adjust count in this case.
       ++new_size;
     }
   }
-  result = Allocate(new_size);
-  if (result->IsFailure()) return result;
+  { MaybeObject* maybe_result = Allocate(new_size);
+    if (!maybe_result->ToObject(&result)) return maybe_result;
+  }
   DescriptorArray* new_descriptors = DescriptorArray::cast(result);
   // Set the enumeration index in the descriptors and set the enumeration index
   // in the result.
   int enumeration_index = NextEnumerationIndex();
   if (!descriptor->GetDetails().IsTransition()) {
     if (keep_enumeration_index) {
       descriptor->SetEnumerationIndex(
           PropertyDetails(GetDetails(index)).index());
     } else {
       descriptor->SetEnumerationIndex(enumeration_index);
@@ skipping 27 matching lines @@
     new_descriptors->CopyFrom(to_index++, this, from_index);
   }
 
   ASSERT(to_index == new_descriptors->number_of_descriptors());
   SLOW_ASSERT(new_descriptors->IsSortedNoDuplicates());
 
   return new_descriptors;
 }
 
 
-Object* DescriptorArray::RemoveTransitions() {
+MaybeObject* DescriptorArray::RemoveTransitions() {
   // Remove all transitions and null descriptors. Return a copy of the array
   // with all transitions removed, or a Failure object if the new array could
   // not be allocated.
 
   // Compute the size of the map transition entries to be removed.
   int num_removed = 0;
   for (int i = 0; i < number_of_descriptors(); i++) {
     if (!IsProperty(i)) num_removed++;
   }
 
   // Allocate the new descriptor array.
-  Object* result = Allocate(number_of_descriptors() - num_removed);
-  if (result->IsFailure()) return result;
+  Object* result;
+  { MaybeObject* maybe_result = Allocate(number_of_descriptors() - num_removed);
+    if (!maybe_result->ToObject(&result)) return maybe_result;
+  }
   DescriptorArray* new_descriptors = DescriptorArray::cast(result);
 
   // Copy the content.
   int next_descriptor = 0;
   for (int i = 0; i < number_of_descriptors(); i++) {
     if (IsProperty(i)) new_descriptors->CopyFrom(next_descriptor++, this, i);
   }
   ASSERT(next_descriptor == new_descriptors->number_of_descriptors());
 
   return new_descriptors;
@@ skipping 1217 matching lines @@
   // Process the remaining characters without updating the array
   // index.
   while (buffer->has_more()) {
     hasher.AddCharacterNoIndex(buffer->GetNext());
   }
 
   return hasher.GetHashField();
 }
 
 
-Object* String::SubString(int start, int end, PretenureFlag pretenure) {
+MaybeObject* String::SubString(int start, int end, PretenureFlag pretenure) {
   if (start == 0 && end == length()) return this;
-  Object* result = Heap::AllocateSubString(this, start, end, pretenure);
+  MaybeObject* result = Heap::AllocateSubString(this, start, end, pretenure);
   return result;
 }
 
 
 void String::PrintOn(FILE* file) {
   int length = this->length();
   for (int i = 0; i < length; i++) {
     fprintf(file, "%c", Get(i));
   }
 }
@@ skipping 80 matching lines @@
     // Put the value in the initial map field until an initial map is
     // needed.  At that point, a new initial map is created and the
     // prototype is put into the initial map where it belongs.
     set_prototype_or_initial_map(value);
   }
   Heap::ClearInstanceofCache();
   return value;
 }
 
 
-Object* JSFunction::SetPrototype(Object* value) {
+MaybeObject* JSFunction::SetPrototype(Object* value) {
   ASSERT(should_have_prototype());
   Object* construct_prototype = value;
 
   // If the value is not a JSObject, store the value in the map's
   // constructor field so it can be accessed.  Also, set the prototype
   // used for constructing objects to the original object prototype.
   // See ECMA-262 13.2.2.
   if (!value->IsJSObject()) {
     // Copy the map so this does not affect unrelated functions.
     // Remove map transitions because they point to maps with a
     // different prototype.
-    Object* new_map = map()->CopyDropTransitions();
-    if (new_map->IsFailure()) return new_map;
+    Object* new_map;
+    { MaybeObject* maybe_new_map = map()->CopyDropTransitions();
+      if (!maybe_new_map->ToObject(&new_map)) return maybe_new_map;
+    }
     set_map(Map::cast(new_map));
     map()->set_constructor(value);
     map()->set_non_instance_prototype(true);
     construct_prototype =
         Top::context()->global_context()->initial_object_prototype();
   } else {
     map()->set_non_instance_prototype(false);
   }
 
   return SetInstancePrototype(construct_prototype);
@@ skipping 12 matching lines @@
   shared()->set_instance_class_name(name);
   return this;
 }
 
 
 Context* JSFunction::GlobalContextFromLiterals(FixedArray* literals) {
   return Context::cast(literals->get(JSFunction::kLiteralGlobalContextIndex));
 }
 
 
-Object* Oddball::Initialize(const char* to_string, Object* to_number) {
-  Object* symbol = Heap::LookupAsciiSymbol(to_string);
-  if (symbol->IsFailure()) return symbol;
+MaybeObject* Oddball::Initialize(const char* to_string, Object* to_number) {
+  Object* symbol;
+  { MaybeObject* maybe_symbol = Heap::LookupAsciiSymbol(to_string);
+    if (!maybe_symbol->ToObject(&symbol)) return maybe_symbol;
+  }
   set_to_string(String::cast(symbol));
   set_to_number(to_number);
   return this;
 }
 
 
 String* SharedFunctionInfo::DebugName() {
   Object* n = name();
   if (!n->IsString() || String::cast(n)->length() == 0) return inferred_name();
   return String::cast(n);
@@ skipping 468 matching lines @@
   PrintF("\n");
 
   PrintF("RelocInfo (size = %d)\n", relocation_size());
   for (RelocIterator it(this); !it.done(); it.next())
     it.rinfo()->Print();
   PrintF("\n");
 }
 #endif  // ENABLE_DISASSEMBLER
 
 
-Object* JSObject::SetFastElementsCapacityAndLength(int capacity, int length) {
+MaybeObject* JSObject::SetFastElementsCapacityAndLength(int capacity,
+                                                        int length) {
   // We should never end in here with a pixel or external array.
   ASSERT(!HasPixelElements() && !HasExternalArrayElements());
 
-  Object* obj = Heap::AllocateFixedArrayWithHoles(capacity);
-  if (obj->IsFailure()) return obj;
+  Object* obj;
+  { MaybeObject* maybe_obj = Heap::AllocateFixedArrayWithHoles(capacity);
+    if (!maybe_obj->ToObject(&obj)) return maybe_obj;
+  }
   FixedArray* elems = FixedArray::cast(obj);
 
-  obj = map()->GetFastElementsMap();
-  if (obj->IsFailure()) return obj;
+  { MaybeObject* maybe_obj = map()->GetFastElementsMap();
+    if (!maybe_obj->ToObject(&obj)) return maybe_obj;
+  }
   Map* new_map = Map::cast(obj);
 
   AssertNoAllocation no_gc;
   WriteBarrierMode mode = elems->GetWriteBarrierMode(no_gc);
   switch (GetElementsKind()) {
     case FAST_ELEMENTS: {
       FixedArray* old_elements = FixedArray::cast(elements());
       uint32_t old_length = static_cast<uint32_t>(old_elements->length());
       // Fill out the new array with this content and array holes.
       for (uint32_t i = 0; i < old_length; i++) {
@@ skipping 21 matching lines @@
   set_elements(elems);
 
   if (IsJSArray()) {
     JSArray::cast(this)->set_length(Smi::FromInt(length));
   }
 
   return this;
 }
 
 
-Object* JSObject::SetSlowElements(Object* len) {
+MaybeObject* JSObject::SetSlowElements(Object* len) {
   // We should never end in here with a pixel or external array.
   ASSERT(!HasPixelElements() && !HasExternalArrayElements());
 
   uint32_t new_length = static_cast<uint32_t>(len->Number());
 
   switch (GetElementsKind()) {
     case FAST_ELEMENTS: {
       // Make sure we never try to shrink dense arrays into sparse arrays.
       ASSERT(static_cast<uint32_t>(FixedArray::cast(elements())->length()) <=
                                    new_length);
-      Object* obj = NormalizeElements();
-      if (obj->IsFailure()) return obj;
+      Object* obj;
+      { MaybeObject* maybe_obj = NormalizeElements();
+        if (!maybe_obj->ToObject(&obj)) return maybe_obj;
+      }
 
       // Update length for JSArrays.
       if (IsJSArray()) JSArray::cast(this)->set_length(len);
       break;
     }
     case DICTIONARY_ELEMENTS: {
       if (IsJSArray()) {
         uint32_t old_length =
             static_cast<uint32_t>(JSArray::cast(this)->length()->Number());
         element_dictionary()->RemoveNumberEntries(new_length, old_length),
         JSArray::cast(this)->set_length(len);
       }
       break;
     }
     default:
       UNREACHABLE();
       break;
   }
   return this;
 }
 
 
-Object* JSArray::Initialize(int capacity) {
+MaybeObject* JSArray::Initialize(int capacity) {
   ASSERT(capacity >= 0);
   set_length(Smi::FromInt(0));
   FixedArray* new_elements;
   if (capacity == 0) {
     new_elements = Heap::empty_fixed_array();
   } else {
-    Object* obj = Heap::AllocateFixedArrayWithHoles(capacity);
-    if (obj->IsFailure()) return obj;
+    Object* obj;
+    { MaybeObject* maybe_obj = Heap::AllocateFixedArrayWithHoles(capacity);
+      if (!maybe_obj->ToObject(&obj)) return maybe_obj;
+    }
     new_elements = FixedArray::cast(obj);
   }
   set_elements(new_elements);
   return this;
 }
 
 
 void JSArray::Expand(int required_size) {
   Handle<JSArray> self(this);
   Handle<FixedArray> old_backing(FixedArray::cast(elements()));
   int old_size = old_backing->length();
   int new_size = required_size > old_size ? required_size : old_size;
   Handle<FixedArray> new_backing = Factory::NewFixedArray(new_size);
   // Can't use this any more now because we may have had a GC!
   for (int i = 0; i < old_size; i++) new_backing->set(i, old_backing->get(i));
   self->SetContent(*new_backing);
 }
 
 
 // Computes the new capacity when expanding the elements of a JSObject.
 static int NewElementsCapacity(int old_capacity) {
   // (old_capacity + 50%) + 16
   return old_capacity + (old_capacity >> 1) + 16;
 }
 
 
-static Object* ArrayLengthRangeError() {
+static Failure* ArrayLengthRangeError() {
   HandleScope scope;
   return Top::Throw(*Factory::NewRangeError("invalid_array_length",
                                             HandleVector<Object>(NULL, 0)));
 }
 
 
-Object* JSObject::SetElementsLength(Object* len) {
+MaybeObject* JSObject::SetElementsLength(Object* len) {
   // We should never end in here with a pixel or external array.
   ASSERT(AllowsSetElementsLength());
 
-  Object* smi_length = len->ToSmi();
-  if (smi_length->IsSmi()) {
+  MaybeObject* maybe_smi_length = len->ToSmi();
+  Object* smi_length = Smi::FromInt(0);
+  if (maybe_smi_length->ToObject(&smi_length) && smi_length->IsSmi()) {
     const int value = Smi::cast(smi_length)->value();
     if (value < 0) return ArrayLengthRangeError();
     switch (GetElementsKind()) {
       case FAST_ELEMENTS: {
         int old_capacity = FixedArray::cast(elements())->length();
         if (value <= old_capacity) {
           if (IsJSArray()) {
-            Object* obj = EnsureWritableFastElements();
-            if (obj->IsFailure()) return obj;
+            Object* obj;
+            { MaybeObject* maybe_obj = EnsureWritableFastElements();
+              if (!maybe_obj->ToObject(&obj)) return maybe_obj;
+            }
             int old_length = FastD2I(JSArray::cast(this)->length()->Number());
             // NOTE: We may be able to optimize this by removing the
             // last part of the elements backing storage array and
             // setting the capacity to the new size.
             for (int i = value; i < old_length; i++) {
               FixedArray::cast(elements())->set_the_hole(i);
             }
             JSArray::cast(this)->set_length(Smi::cast(smi_length));
           }
           return this;
         }
         int min = NewElementsCapacity(old_capacity);
         int new_capacity = value > min ? value : min;
         if (new_capacity <= kMaxFastElementsLength ||
             !ShouldConvertToSlowElements(new_capacity)) {
-          Object* obj = SetFastElementsCapacityAndLength(new_capacity, value);
-          if (obj->IsFailure()) return obj;
+          Object* obj;
+          { MaybeObject* maybe_obj =
+                SetFastElementsCapacityAndLength(new_capacity, value);
+            if (!maybe_obj->ToObject(&obj)) return maybe_obj;
+          }
           return this;
         }
         break;
       }
       case DICTIONARY_ELEMENTS: {
         if (IsJSArray()) {
           if (value == 0) {
             // If the length of a slow array is reset to zero, we clear
             // the array and flush backing storage. This has the added
             // benefit that the array returns to fast mode.
-            Object* obj = ResetElements();
-            if (obj->IsFailure()) return obj;
+            Object* obj;
+            { MaybeObject* maybe_obj = ResetElements();
+              if (!maybe_obj->ToObject(&obj)) return maybe_obj;
+            }
           } else {
             // Remove deleted elements.
             uint32_t old_length =
             static_cast<uint32_t>(JSArray::cast(this)->length()->Number());
             element_dictionary()->RemoveNumberEntries(value, old_length);
           }
           JSArray::cast(this)->set_length(Smi::cast(smi_length));
         }
         return this;
       }
       default:
         UNREACHABLE();
         break;
     }
   }
 
   // General slow case.
   if (len->IsNumber()) {
     uint32_t length;
     if (len->ToArrayIndex(&length)) {
       return SetSlowElements(len);
     } else {
       return ArrayLengthRangeError();
     }
   }
 
   // len is not a number so make the array size one and
   // set only element to len.
-  Object* obj = Heap::AllocateFixedArray(1);
-  if (obj->IsFailure()) return obj;
+  Object* obj;
+  { MaybeObject* maybe_obj = Heap::AllocateFixedArray(1);
+    if (!maybe_obj->ToObject(&obj)) return maybe_obj;
+  }
   FixedArray::cast(obj)->set(0, len);
   if (IsJSArray()) JSArray::cast(this)->set_length(Smi::FromInt(1));
   set_elements(FixedArray::cast(obj));
   return this;
 }
 
 
-Object* JSObject::SetPrototype(Object* value,
-                               bool skip_hidden_prototypes) {
+MaybeObject* JSObject::SetPrototype(Object* value,
+                                    bool skip_hidden_prototypes) {
   // Silently ignore the change if value is not a JSObject or null.
   // SpiderMonkey behaves this way.
   if (!value->IsJSObject() && !value->IsNull()) return value;
 
   // Before we can set the prototype we need to be sure
   // prototype cycles are prevented.
   // It is sufficient to validate that the receiver is not in the new prototype
   // chain.
   for (Object* pt = value; pt != Heap::null_value(); pt = pt->GetPrototype()) {
     if (JSObject::cast(pt) == this) {
@@ skipping 11 matching lines @@
     // hidden and set the new prototype on that object.
     Object* current_proto = real_receiver->GetPrototype();
     while (current_proto->IsJSObject() &&
           JSObject::cast(current_proto)->map()->is_hidden_prototype()) {
       real_receiver = JSObject::cast(current_proto);
       current_proto = current_proto->GetPrototype();
     }
   }
 
   // Set the new prototype of the object.
-  Object* new_map = real_receiver->map()->CopyDropTransitions();
-  if (new_map->IsFailure()) return new_map;
+  Object* new_map;
+  { MaybeObject* maybe_new_map = real_receiver->map()->CopyDropTransitions();
+    if (!maybe_new_map->ToObject(&new_map)) return maybe_new_map;
+  }
   Map::cast(new_map)->set_prototype(value);
   real_receiver->set_map(Map::cast(new_map));
 
   Heap::ClearInstanceofCache();
 
   return value;
 }
 
 
 bool JSObject::HasElementPostInterceptor(JSObject* receiver, uint32_t index) {
@@ skipping 212 matching lines @@
 
   // Handle [] on String objects.
   if (this->IsStringObjectWithCharacterAt(index)) return true;
 
   Object* pt = GetPrototype();
   if (pt == Heap::null_value()) return false;
   return JSObject::cast(pt)->HasElementWithReceiver(receiver, index);
 }
 
 
-Object* JSObject::SetElementWithInterceptor(uint32_t index, Object* value) {
+MaybeObject* JSObject::SetElementWithInterceptor(uint32_t index,
+                                                 Object* value) {
   // Make sure that the top context does not change when doing
   // callbacks or interceptor calls.
   AssertNoContextChange ncc;
   HandleScope scope;
   Handle<InterceptorInfo> interceptor(GetIndexedInterceptor());
   Handle<JSObject> this_handle(this);
   Handle<Object> value_handle(value);
   if (!interceptor->setter()->IsUndefined()) {
     v8::IndexedPropertySetter setter =
         v8::ToCData<v8::IndexedPropertySetter>(interceptor->setter());
     LOG(ApiIndexedPropertyAccess("interceptor-indexed-set", this, index));
     CustomArguments args(interceptor->data(), this, this);
     v8::AccessorInfo info(args.end());
     v8::Handle<v8::Value> result;
     {
       // Leaving JavaScript.
       VMState state(EXTERNAL);
       result = setter(index, v8::Utils::ToLocal(value_handle), info);
     }
     RETURN_IF_SCHEDULED_EXCEPTION();
     if (!result.IsEmpty()) return *value_handle;
   }
-  Object* raw_result =
+  MaybeObject* raw_result =
       this_handle->SetElementWithoutInterceptor(index, *value_handle);
   RETURN_IF_SCHEDULED_EXCEPTION();
   return raw_result;
 }
 
 
-Object* JSObject::GetElementWithCallback(Object* receiver,
-                                         Object* structure,
-                                         uint32_t index,
-                                         Object* holder) {
+MaybeObject* JSObject::GetElementWithCallback(Object* receiver,
+                                              Object* structure,
+                                              uint32_t index,
+                                              Object* holder) {
   ASSERT(!structure->IsProxy());
 
   // api style callbacks.
   if (structure->IsAccessorInfo()) {
     AccessorInfo* data = AccessorInfo::cast(structure);
     Object* fun_obj = data->getter();
     v8::AccessorGetter call_fun = v8::ToCData<v8::AccessorGetter>(fun_obj);
     HandleScope scope;
     Handle<JSObject> self(JSObject::cast(receiver));
     Handle<JSObject> holder_handle(JSObject::cast(holder));
@@ skipping 22 matching lines @@
     }
     // Getter is not a function.
     return Heap::undefined_value();
   }
 
   UNREACHABLE();
   return NULL;
 }
 
 
-Object* JSObject::SetElementWithCallback(Object* structure,
-                                         uint32_t index,
-                                         Object* value,
-                                         JSObject* holder) {
+MaybeObject* JSObject::SetElementWithCallback(Object* structure,
+                                              uint32_t index,
+                                              Object* value,
+                                              JSObject* holder) {
   HandleScope scope;
 
   // We should never get here to initialize a const with the hole
   // value since a const declaration would conflict with the setter.
   ASSERT(!value->IsTheHole());
   Handle<Object> value_handle(value);
 
   // To accommodate both the old and the new api we switch on the
   // data structure used to store the callbacks.  Eventually proxy
   // callbacks should be phased out.
@@ skipping 35 matching lines @@
   }
 
   UNREACHABLE();
   return NULL;
 }
 
 
 // Adding n elements in fast case is O(n*n).
 // Note: revisit design to have dual undefined values to capture absent
 // elements.
-Object* JSObject::SetFastElement(uint32_t index, Object* value) {
+MaybeObject* JSObject::SetFastElement(uint32_t index, Object* value) {
   ASSERT(HasFastElements());
 
-  Object* elms_obj = EnsureWritableFastElements();
-  if (elms_obj->IsFailure()) return elms_obj;
+  Object* elms_obj;
+  { MaybeObject* maybe_elms_obj = EnsureWritableFastElements();
+    if (!maybe_elms_obj->ToObject(&elms_obj)) return maybe_elms_obj;
+  }
   FixedArray* elms = FixedArray::cast(elms_obj);
   uint32_t elms_length = static_cast<uint32_t>(elms->length());
 
   if (!IsJSArray() && (index >= elms_length || elms->get(index)->IsTheHole())) {
     if (SetElementWithCallbackSetterInPrototypes(index, value)) {
       return value;
     }
   }
 
   // Check whether there is extra space in fixed array..
@@ skipping 10 matching lines @@
     return value;
   }
 
   // Allow gap in fast case.
   if ((index - elms_length) < kMaxGap) {
     // Try allocating extra space.
     int new_capacity = NewElementsCapacity(index+1);
     if (new_capacity <= kMaxFastElementsLength ||
         !ShouldConvertToSlowElements(new_capacity)) {
       ASSERT(static_cast<uint32_t>(new_capacity) > index);
-      Object* obj = SetFastElementsCapacityAndLength(new_capacity, index + 1);
-      if (obj->IsFailure()) return obj;
+      Object* obj;
+      { MaybeObject* maybe_obj =
+            SetFastElementsCapacityAndLength(new_capacity, index + 1);
+        if (!maybe_obj->ToObject(&obj)) return maybe_obj;
+      }
       FixedArray::cast(elements())->set(index, value);
       return value;
     }
   }
 
   // Otherwise default to slow case.
-  Object* obj = NormalizeElements();
-  if (obj->IsFailure()) return obj;
+  Object* obj;
+  { MaybeObject* maybe_obj = NormalizeElements();
+    if (!maybe_obj->ToObject(&obj)) return maybe_obj;
+  }
   ASSERT(HasDictionaryElements());
   return SetElement(index, value);
 }
 
 
-Object* JSObject::SetElement(uint32_t index, Object* value) {
+MaybeObject* JSObject::SetElement(uint32_t index, Object* value) {
   // Check access rights if needed.
   if (IsAccessCheckNeeded() &&
       !Top::MayIndexedAccess(this, index, v8::ACCESS_SET)) {
     HandleScope scope;
     Handle<Object> value_handle(value);
     Top::ReportFailedAccessCheck(this, v8::ACCESS_SET);
     return *value_handle;
   }
 
   if (IsJSGlobalProxy()) {
     Object* proto = GetPrototype();
     if (proto->IsNull()) return value;
     ASSERT(proto->IsJSGlobalObject());
     return JSObject::cast(proto)->SetElement(index, value);
   }
 
   // Check for lookup interceptor
   if (HasIndexedInterceptor()) {
     return SetElementWithInterceptor(index, value);
   }
 
   return SetElementWithoutInterceptor(index, value);
 }
 
 
-Object* JSObject::SetElementWithoutInterceptor(uint32_t index, Object* value) {
+MaybeObject* JSObject::SetElementWithoutInterceptor(uint32_t index,
+                                                    Object* value) {
   switch (GetElementsKind()) {
     case FAST_ELEMENTS:
       // Fast case.
       return SetFastElement(index, value);
     case PIXEL_ELEMENTS: {
       PixelArray* pixels = PixelArray::cast(elements());
       return pixels->SetValue(index, value);
     }
     case EXTERNAL_BYTE_ELEMENTS: {
       ExternalByteArray* array = ExternalByteArray::cast(elements());
@@ skipping 50 matching lines @@
         }
         // When we set the is_extensible flag to false we always force
         // the element into dictionary mode (and force them to stay there).
         if (!map()->is_extensible()) {
           Handle<Object> number(Factory::NewNumberFromUint(index));
           Handle<String> index_string(Factory::NumberToString(number));
           Handle<Object> args[1] = { index_string };
           return Top::Throw(*Factory::NewTypeError("object_not_extensible",
                                                    HandleVector(args, 1)));
         }
-        Object* result = dictionary->AtNumberPut(index, value);
-        if (result->IsFailure()) return result;
+        Object* result;
+        { MaybeObject* maybe_result = dictionary->AtNumberPut(index, value);
+          if (!maybe_result->ToObject(&result)) return maybe_result;
+        }
         if (elms != FixedArray::cast(result)) {
           set_elements(FixedArray::cast(result));
         }
       }
 
       // Update the array length if this JSObject is an array.
       if (IsJSArray()) {
         JSArray* array = JSArray::cast(this);
-        Object* return_value = array->JSArrayUpdateLengthFromIndex(index,
-                                                                   value);
-        if (return_value->IsFailure()) return return_value;
+        Object* return_value;
+        { MaybeObject* maybe_return_value =
+              array->JSArrayUpdateLengthFromIndex(index, value);
+          if (!maybe_return_value->ToObject(&return_value)) {
+            return maybe_return_value;
+          }
+        }
       }
 
       // Attempt to put this object back in fast case.
       if (ShouldConvertToFastElements()) {
         uint32_t new_length = 0;
         if (IsJSArray()) {
           CHECK(JSArray::cast(this)->length()->ToArrayIndex(&new_length));
         } else {
           new_length = NumberDictionary::cast(elements())->max_number_key() + 1;
         }
-        Object* obj = SetFastElementsCapacityAndLength(new_length, new_length);
-        if (obj->IsFailure()) return obj;
+        Object* obj;
+        { MaybeObject* maybe_obj =
+              SetFastElementsCapacityAndLength(new_length, new_length);
+          if (!maybe_obj->ToObject(&obj)) return maybe_obj;
+        }
 #ifdef DEBUG
         if (FLAG_trace_normalization) {
           PrintF("Object elements are fast case again:\n");
           Print();
         }
 #endif
       }
 
       return value;
     }
     default:
       UNREACHABLE();
       break;
   }
   // All possible cases have been handled above. Add a return to avoid the
   // complaints from the compiler.
   UNREACHABLE();
   return Heap::null_value();
 }
 
 
-Object* JSArray::JSArrayUpdateLengthFromIndex(uint32_t index, Object* value) {
+MaybeObject* JSArray::JSArrayUpdateLengthFromIndex(uint32_t index,
+                                                   Object* value) {
   uint32_t old_len = 0;
   CHECK(length()->ToArrayIndex(&old_len));
   // Check to see if we need to update the length. For now, we make
   // sure that the length stays within 32-bits (unsigned).
   if (index >= old_len && index != 0xffffffff) {
-    Object* len =
-        Heap::NumberFromDouble(static_cast<double>(index) + 1);
-    if (len->IsFailure()) return len;
+    Object* len;
+    { MaybeObject* maybe_len =
+          Heap::NumberFromDouble(static_cast<double>(index) + 1);
+      if (!maybe_len->ToObject(&len)) return maybe_len;
+    }
     set_length(len);
   }
   return value;
 }
 
 
-Object* JSObject::GetElementPostInterceptor(JSObject* receiver,
-                                            uint32_t index) {
+MaybeObject* JSObject::GetElementPostInterceptor(JSObject* receiver,
+                                                 uint32_t index) {
   // Get element works for both JSObject and JSArray since
   // JSArray::length cannot change.
   switch (GetElementsKind()) {
     case FAST_ELEMENTS: {
       FixedArray* elms = FixedArray::cast(elements());
       if (index < static_cast<uint32_t>(elms->length())) {
         Object* value = elms->get(index);
         if (!value->IsTheHole()) return value;
       }
       break;
@@ skipping 35 matching lines @@
       break;
   }
 
   // Continue searching via the prototype chain.
   Object* pt = GetPrototype();
   if (pt == Heap::null_value()) return Heap::undefined_value();
   return pt->GetElementWithReceiver(receiver, index);
 }
 
 
-Object* JSObject::GetElementWithInterceptor(JSObject* receiver,
-                                            uint32_t index) {
+MaybeObject* JSObject::GetElementWithInterceptor(JSObject* receiver,
+                                                 uint32_t index) {
   // Make sure that the top context does not change when doing
   // callbacks or interceptor calls.
   AssertNoContextChange ncc;
   HandleScope scope;
   Handle<InterceptorInfo> interceptor(GetIndexedInterceptor());
   Handle<JSObject> this_handle(receiver);
   Handle<JSObject> holder_handle(this);
 
   if (!interceptor->getter()->IsUndefined()) {
     v8::IndexedPropertyGetter getter =
         v8::ToCData<v8::IndexedPropertyGetter>(interceptor->getter());
     LOG(ApiIndexedPropertyAccess("interceptor-indexed-get", this, index));
     CustomArguments args(interceptor->data(), receiver, this);
     v8::AccessorInfo info(args.end());
     v8::Handle<v8::Value> result;
     {
       // Leaving JavaScript.
       VMState state(EXTERNAL);
       result = getter(index, info);
     }
     RETURN_IF_SCHEDULED_EXCEPTION();
     if (!result.IsEmpty()) return *v8::Utils::OpenHandle(*result);
   }
 
-  Object* raw_result =
+  MaybeObject* raw_result =
       holder_handle->GetElementPostInterceptor(*this_handle, index);
   RETURN_IF_SCHEDULED_EXCEPTION();
   return raw_result;
 }
 
 
-Object* JSObject::GetElementWithReceiver(JSObject* receiver, uint32_t index) {
+MaybeObject* JSObject::GetElementWithReceiver(JSObject* receiver,
+                                              uint32_t index) {
   // Check access rights if needed.
   if (IsAccessCheckNeeded() &&
       !Top::MayIndexedAccess(this, index, v8::ACCESS_GET)) {
     Top::ReportFailedAccessCheck(this, v8::ACCESS_GET);
     return Heap::undefined_value();
   }
 
   if (HasIndexedInterceptor()) {
     return GetElementWithInterceptor(receiver, index);
   }
@@ skipping 230 matching lines @@
 InterceptorInfo* JSObject::GetIndexedInterceptor() {
   ASSERT(map()->has_indexed_interceptor());
   JSFunction* constructor = JSFunction::cast(map()->constructor());
   ASSERT(constructor->shared()->IsApiFunction());
   Object* result =
       constructor->shared()->get_api_func_data()->indexed_property_handler();
   return InterceptorInfo::cast(result);
 }
 
 
-Object* JSObject::GetPropertyPostInterceptor(JSObject* receiver,
-                                             String* name,
-                                             PropertyAttributes* attributes) {
+MaybeObject* JSObject::GetPropertyPostInterceptor(
+    JSObject* receiver,
+    String* name,
+    PropertyAttributes* attributes) {
   // Check local property in holder, ignore interceptor.
   LookupResult result;
   LocalLookupRealNamedProperty(name, &result);
   if (result.IsProperty()) {
     return GetProperty(receiver, &result, name, attributes);
   }
   // Continue searching via the prototype chain.
   Object* pt = GetPrototype();
   *attributes = ABSENT;
   if (pt == Heap::null_value()) return Heap::undefined_value();
   return pt->GetPropertyWithReceiver(receiver, name, attributes);
 }
 
 
-Object* JSObject::GetLocalPropertyPostInterceptor(
+MaybeObject* JSObject::GetLocalPropertyPostInterceptor(
     JSObject* receiver,
     String* name,
     PropertyAttributes* attributes) {
   // Check local property in holder, ignore interceptor.
   LookupResult result;
   LocalLookupRealNamedProperty(name, &result);
   if (result.IsProperty()) {
     return GetProperty(receiver, &result, name, attributes);
   }
   return Heap::undefined_value();
 }
 
 
-Object* JSObject::GetPropertyWithInterceptor(
+MaybeObject* JSObject::GetPropertyWithInterceptor(
     JSObject* receiver,
     String* name,
     PropertyAttributes* attributes) {
   InterceptorInfo* interceptor = GetNamedInterceptor();
   HandleScope scope;
   Handle<JSObject> receiver_handle(receiver);
   Handle<JSObject> holder_handle(this);
   Handle<String> name_handle(name);
 
   if (!interceptor->getter()->IsUndefined()) {
     v8::NamedPropertyGetter getter =
         v8::ToCData<v8::NamedPropertyGetter>(interceptor->getter());
     LOG(ApiNamedPropertyAccess("interceptor-named-get", *holder_handle, name));
     CustomArguments args(interceptor->data(), receiver, this);
     v8::AccessorInfo info(args.end());
     v8::Handle<v8::Value> result;
     {
       // Leaving JavaScript.
       VMState state(EXTERNAL);
       result = getter(v8::Utils::ToLocal(name_handle), info);
     }
     RETURN_IF_SCHEDULED_EXCEPTION();
     if (!result.IsEmpty()) {
       *attributes = NONE;
       return *v8::Utils::OpenHandle(*result);
     }
   }
 
-  Object* result = holder_handle->GetPropertyPostInterceptor(
+  MaybeObject* result = holder_handle->GetPropertyPostInterceptor(
       *receiver_handle,
       *name_handle,
       attributes);
   RETURN_IF_SCHEDULED_EXCEPTION();
   return result;
 }
 
 
 bool JSObject::HasRealNamedProperty(String* key) {
   // Check access rights if needed.
@@ skipping 334 matching lines @@
   return ComputeIntegerHash(key);
 }
 
 
 uint32_t NumberDictionaryShape::HashForObject(uint32_t key, Object* other) {
   ASSERT(other->IsNumber());
   return ComputeIntegerHash(static_cast<uint32_t>(other->Number()));
 }
 
 
-Object* NumberDictionaryShape::AsObject(uint32_t key) {
+MaybeObject* NumberDictionaryShape::AsObject(uint32_t key) {
   return Heap::NumberFromUint32(key);
 }
 
 
 bool StringDictionaryShape::IsMatch(String* key, Object* other) {
   // We know that all entries in a hash table had their hash keys created.
   // Use that knowledge to have fast failure.
   if (key->Hash() != String::cast(other)->Hash()) return false;
   return key->Equals(String::cast(other));
 }
 
 
 uint32_t StringDictionaryShape::Hash(String* key) {
   return key->Hash();
 }
 
 
 uint32_t StringDictionaryShape::HashForObject(String* key, Object* other) {
   return String::cast(other)->Hash();
 }
 
 
-Object* StringDictionaryShape::AsObject(String* key) {
+MaybeObject* StringDictionaryShape::AsObject(String* key) {
   return key;
 }
 
 
 // StringKey simply carries a string object as key.
 class StringKey : public HashTableKey {
  public:
   explicit StringKey(String* string) :
       string_(string),
       hash_(HashForObject(string)) { }
@@ skipping 53 matching lines @@
     return StringSharedHashHelper(source_, shared_);
   }
 
   uint32_t HashForObject(Object* obj) {
     FixedArray* pair = FixedArray::cast(obj);
     SharedFunctionInfo* shared = SharedFunctionInfo::cast(pair->get(0));
     String* source = String::cast(pair->get(1));
     return StringSharedHashHelper(source, shared);
   }
 
-  Object* AsObject() {
-    Object* obj = Heap::AllocateFixedArray(2);
-    if (obj->IsFailure()) return obj;
+  MUST_USE_RESULT MaybeObject* AsObject() {
+    Object* obj;
+    { MaybeObject* maybe_obj = Heap::AllocateFixedArray(2);
+      if (!maybe_obj->ToObject(&obj)) return maybe_obj;
+    }
     FixedArray* pair = FixedArray::cast(obj);
     pair->set(0, shared_);
     pair->set(1, source_);
     return pair;
   }
 
  private:
   String* source_;
   SharedFunctionInfo* shared_;
 };
@@ skipping 57 matching lines @@
     hash_field_ = String::ComputeHashField(&buffer, chars_);
     uint32_t result = hash_field_ >> String::kHashShift;
     ASSERT(result != 0);  // Ensure that the hash value of 0 is never computed.
     return result;
   }
 
   uint32_t HashForObject(Object* other) {
     return String::cast(other)->Hash();
   }
 
-  Object* AsObject() {
+  MaybeObject* AsObject() {
     if (hash_field_ == 0) Hash();
     return Heap::AllocateSymbol(string_, chars_, hash_field_);
   }
 
   Vector<const char> string_;
   uint32_t hash_field_;
   int chars_;  // Caches the number of characters when computing the hash code.
 };
 
 
 // SymbolKey carries a string/symbol object as key.
 class SymbolKey : public HashTableKey {
  public:
   explicit SymbolKey(String* string) : string_(string) { }
 
   bool IsMatch(Object* string) {
     return String::cast(string)->Equals(string_);
   }
 
   uint32_t Hash() { return string_->Hash(); }
 
   uint32_t HashForObject(Object* other) {
     return String::cast(other)->Hash();
   }
 
-  Object* AsObject() {
+  MaybeObject* AsObject() {
     // Attempt to flatten the string, so that symbols will most often
     // be flat strings.
     string_ = string_->TryFlattenGetString();
     // Transform string to symbol if possible.
     Map* map = Heap::SymbolMapForString(string_);
     if (map != NULL) {
       string_->set_map(map);
       ASSERT(string_->IsSymbol());
       return string_;
     }
@@ skipping 20 matching lines @@
 
 template<typename Shape, typename Key>
 void HashTable<Shape, Key>::IterateElements(ObjectVisitor* v) {
   IteratePointers(v,
                   kElementsStartOffset,
                   kHeaderSize + length() * kPointerSize);
 }
 
 
 template<typename Shape, typename Key>
-Object* HashTable<Shape, Key>::Allocate(int at_least_space_for,
-                                        PretenureFlag pretenure) {
+MaybeObject* HashTable<Shape, Key>::Allocate(int at_least_space_for,
+                                             PretenureFlag pretenure) {
   const int kMinCapacity = 32;
   int capacity = RoundUpToPowerOf2(at_least_space_for * 2);
   if (capacity < kMinCapacity) {
     capacity = kMinCapacity;  // Guarantee min capacity.
   } else if (capacity > HashTable::kMaxCapacity) {
     return Failure::OutOfMemoryException();
   }
 
-  Object* obj = Heap::AllocateHashTable(EntryToIndex(capacity), pretenure);
-  if (!obj->IsFailure()) {
-    HashTable::cast(obj)->SetNumberOfElements(0);
-    HashTable::cast(obj)->SetNumberOfDeletedElements(0);
-    HashTable::cast(obj)->SetCapacity(capacity);
+  Object* obj;
+  { MaybeObject* maybe_obj =
+        Heap::AllocateHashTable(EntryToIndex(capacity), pretenure);
+    if (!maybe_obj->ToObject(&obj)) return maybe_obj;
   }
+  HashTable::cast(obj)->SetNumberOfElements(0);
+  HashTable::cast(obj)->SetNumberOfDeletedElements(0);
+  HashTable::cast(obj)->SetCapacity(capacity);
   return obj;
 }
 
 
 // Find entry for key otherwise return kNotFound.
 template<typename Shape, typename Key>
 int HashTable<Shape, Key>::FindEntry(Key key) {
   uint32_t capacity = Capacity();
   uint32_t entry = FirstProbe(Shape::Hash(key), capacity);
   uint32_t count = 1;
@@ skipping 42 matching lines @@
       return entry;
     }
     ASSERT(element->IsNull() || !String::cast(element)->Equals(key));
     entry = NextProbe(entry, count++, capacity);
   }
   return kNotFound;
 }
 
 
 template<typename Shape, typename Key>
-Object* HashTable<Shape, Key>::EnsureCapacity(int n, Key key) {
+MaybeObject* HashTable<Shape, Key>::EnsureCapacity(int n, Key key) {
   int capacity = Capacity();
   int nof = NumberOfElements() + n;
   int nod = NumberOfDeletedElements();
   // Return if:
   //   50% is still free after adding n elements and
   //   at most 50% of the free elements are deleted elements.
   if (nod <= (capacity - nof) >> 1) {
     int needed_free = nof >> 1;
     if (nof + needed_free <= capacity) return this;
   }
 
   const int kMinCapacityForPretenure = 256;
   bool pretenure =
       (capacity > kMinCapacityForPretenure) && !Heap::InNewSpace(this);
-  Object* obj = Allocate(nof * 2, pretenure ? TENURED : NOT_TENURED);
-  if (obj->IsFailure()) return obj;
+  Object* obj;
+  { MaybeObject* maybe_obj =
+        Allocate(nof * 2, pretenure ? TENURED : NOT_TENURED);
+    if (!maybe_obj->ToObject(&obj)) return maybe_obj;
+  }
 
   AssertNoAllocation no_gc;
   HashTable* table = HashTable::cast(obj);
   WriteBarrierMode mode = table->GetWriteBarrierMode(no_gc);
 
   // Copy prefix to new array.
   for (int i = kPrefixStartIndex;
        i < kPrefixStartIndex + Shape::kPrefixSize;
        i++) {
     table->set(i, get(i), mode);
@@ skipping 37 matching lines @@
 template class HashTable<SymbolTableShape, HashTableKey*>;
 
 template class HashTable<CompilationCacheShape, HashTableKey*>;
 
 template class HashTable<MapCacheShape, HashTableKey*>;
 
 template class Dictionary<StringDictionaryShape, String*>;
 
 template class Dictionary<NumberDictionaryShape, uint32_t>;
 
-template Object* Dictionary<NumberDictionaryShape, uint32_t>::Allocate(
+template MaybeObject* Dictionary<NumberDictionaryShape, uint32_t>::Allocate(
     int);
 
-template Object* Dictionary<StringDictionaryShape, String*>::Allocate(
+template MaybeObject* Dictionary<StringDictionaryShape, String*>::Allocate(
     int);
 
-template Object* Dictionary<NumberDictionaryShape, uint32_t>::AtPut(
+template MaybeObject* Dictionary<NumberDictionaryShape, uint32_t>::AtPut(
     uint32_t, Object*);
 
 template Object* Dictionary<NumberDictionaryShape, uint32_t>::SlowReverseLookup(
     Object*);
 
 template Object* Dictionary<StringDictionaryShape, String*>::SlowReverseLookup(
     Object*);
 
 template void Dictionary<NumberDictionaryShape, uint32_t>::CopyKeysTo(
     FixedArray*, PropertyAttributes);
 
 template Object* Dictionary<StringDictionaryShape, String*>::DeleteProperty(
     int, JSObject::DeleteMode);
 
 template Object* Dictionary<NumberDictionaryShape, uint32_t>::DeleteProperty(
     int, JSObject::DeleteMode);
 
 template void Dictionary<StringDictionaryShape, String*>::CopyKeysTo(
     FixedArray*);
 
 template int
 Dictionary<StringDictionaryShape, String*>::NumberOfElementsFilterAttributes(
     PropertyAttributes);
 
-template Object* Dictionary<StringDictionaryShape, String*>::Add(
+template MaybeObject* Dictionary<StringDictionaryShape, String*>::Add(
     String*, Object*, PropertyDetails);
 
-template Object*
+template MaybeObject*
 Dictionary<StringDictionaryShape, String*>::GenerateNewEnumerationIndices();
 
 template int
 Dictionary<NumberDictionaryShape, uint32_t>::NumberOfElementsFilterAttributes(
     PropertyAttributes);
 
-template Object* Dictionary<NumberDictionaryShape, uint32_t>::Add(
+template MaybeObject* Dictionary<NumberDictionaryShape, uint32_t>::Add(
     uint32_t, Object*, PropertyDetails);
 
-template Object* Dictionary<NumberDictionaryShape, uint32_t>::EnsureCapacity(
-    int, uint32_t);
+template MaybeObject* Dictionary<NumberDictionaryShape, uint32_t>::
+    EnsureCapacity(int, uint32_t);
 
-template Object* Dictionary<StringDictionaryShape, String*>::EnsureCapacity(
-    int, String*);
+template MaybeObject* Dictionary<StringDictionaryShape, String*>::
+    EnsureCapacity(int, String*);
 
-template Object* Dictionary<NumberDictionaryShape, uint32_t>::AddEntry(
+template MaybeObject* Dictionary<NumberDictionaryShape, uint32_t>::AddEntry(
     uint32_t, Object*, PropertyDetails, uint32_t);
 
-template Object* Dictionary<StringDictionaryShape, String*>::AddEntry(
+template MaybeObject* Dictionary<StringDictionaryShape, String*>::AddEntry(
     String*, Object*, PropertyDetails, uint32_t);
 
 template
 int Dictionary<NumberDictionaryShape, uint32_t>::NumberOfEnumElements();
 
 template
 int Dictionary<StringDictionaryShape, String*>::NumberOfEnumElements();
 
 template
 int HashTable<NumberDictionaryShape, uint32_t>::FindEntry(uint32_t);
 
 
 // Collates undefined and unexisting elements below limit from position
 // zero of the elements. The object stays in Dictionary mode.
-Object* JSObject::PrepareSlowElementsForSort(uint32_t limit) {
+MaybeObject* JSObject::PrepareSlowElementsForSort(uint32_t limit) {
   ASSERT(HasDictionaryElements());
   // Must stay in dictionary mode, either because of requires_slow_elements,
   // or because we are not going to sort (and therefore compact) all of the
   // elements.
   NumberDictionary* dict = element_dictionary();
   HeapNumber* result_double = NULL;
   if (limit > static_cast<uint32_t>(Smi::kMaxValue)) {
     // Allocate space for result before we start mutating the object.
-    Object* new_double = Heap::AllocateHeapNumber(0.0);
-    if (new_double->IsFailure()) return new_double;
+    Object* new_double;
+    { MaybeObject* maybe_new_double = Heap::AllocateHeapNumber(0.0);
+      if (!maybe_new_double->ToObject(&new_double)) return maybe_new_double;
+    }
     result_double = HeapNumber::cast(new_double);
   }
 
-  Object* obj = NumberDictionary::Allocate(dict->NumberOfElements());
-  if (obj->IsFailure()) return obj;
+  Object* obj;
+  { MaybeObject* maybe_obj =
+        NumberDictionary::Allocate(dict->NumberOfElements());
+    if (!maybe_obj->ToObject(&obj)) return maybe_obj;
+  }
   NumberDictionary* new_dict = NumberDictionary::cast(obj);
 
   AssertNoAllocation no_alloc;
 
   uint32_t pos = 0;
   uint32_t undefs = 0;
   int capacity = dict->Capacity();
   for (int i = 0; i < capacity; i++) {
     Object* k = dict->KeyAt(i);
     if (dict->IsKey(k)) {
       ASSERT(k->IsNumber());
       ASSERT(!k->IsSmi() || Smi::cast(k)->value() >= 0);
       ASSERT(!k->IsHeapNumber() || HeapNumber::cast(k)->value() >= 0);
       ASSERT(!k->IsHeapNumber() || HeapNumber::cast(k)->value() <= kMaxUInt32);
       Object* value = dict->ValueAt(i);
       PropertyDetails details = dict->DetailsAt(i);
       if (details.type() == CALLBACKS) {
         // Bail out and do the sorting of undefineds and array holes in JS.
         return Smi::FromInt(-1);
       }
       uint32_t key = NumberToUint32(k);
+      // In the following we assert that adding the entry to the new dictionary
+      // does not cause GC.  This is the case because we made sure to allocate
+      // the dictionary big enough above, so it need not grow.
       if (key < limit) {
         if (value->IsUndefined()) {
           undefs++;
         } else {
-          new_dict->AddNumberEntry(pos, value, details);
+          new_dict->AddNumberEntry(pos, value, details)->ToObjectUnchecked();
           pos++;
         }
       } else {
-        new_dict->AddNumberEntry(key, value, details);
+        new_dict->AddNumberEntry(key, value, details)->ToObjectUnchecked();
       }
     }
   }
 
   uint32_t result = pos;
   PropertyDetails no_details = PropertyDetails(NONE, NORMAL);
   while (undefs > 0) {
-    new_dict->AddNumberEntry(pos, Heap::undefined_value(), no_details);
+    new_dict->AddNumberEntry(pos, Heap::undefined_value(), no_details)->
+        ToObjectUnchecked();
     pos++;
     undefs--;
   }
 
   set_elements(new_dict);
 
   if (result <= static_cast<uint32_t>(Smi::kMaxValue)) {
     return Smi::FromInt(static_cast<int>(result));
   }
 
   ASSERT_NE(NULL, result_double);
   result_double->set_value(static_cast<double>(result));
   return result_double;
 }
 
 
 // Collects all defined (non-hole) and non-undefined (array) elements at
 // the start of the elements array.
 // If the object is in dictionary mode, it is converted to fast elements
 // mode.
-Object* JSObject::PrepareElementsForSort(uint32_t limit) {
+MaybeObject* JSObject::PrepareElementsForSort(uint32_t limit) {
   ASSERT(!HasPixelElements() && !HasExternalArrayElements());
 
   if (HasDictionaryElements()) {
     // Convert to fast elements containing only the existing properties.
     // Ordering is irrelevant, since we are going to sort anyway.
     NumberDictionary* dict = element_dictionary();
     if (IsJSArray() || dict->requires_slow_elements() ||
         dict->max_number_key() >= limit) {
       return PrepareSlowElementsForSort(limit);
     }
     // Convert to fast elements.
 
-    Object* obj = map()->GetFastElementsMap();
-    if (obj->IsFailure()) return obj;
+    Object* obj;
+    { MaybeObject* maybe_obj = map()->GetFastElementsMap();
+      if (!maybe_obj->ToObject(&obj)) return maybe_obj;
+    }
     Map* new_map = Map::cast(obj);
 
     PretenureFlag tenure = Heap::InNewSpace(this) ? NOT_TENURED: TENURED;
-    Object* new_array =
-        Heap::AllocateFixedArray(dict->NumberOfElements(), tenure);
-    if (new_array->IsFailure()) return new_array;
+    Object* new_array;
+    { MaybeObject* maybe_new_array =
+          Heap::AllocateFixedArray(dict->NumberOfElements(), tenure);
+      if (!maybe_new_array->ToObject(&new_array)) return maybe_new_array;
+    }
     FixedArray* fast_elements = FixedArray::cast(new_array);
     dict->CopyValuesTo(fast_elements);
 
     set_map(new_map);
     set_elements(fast_elements);
   } else {
-    Object* obj = EnsureWritableFastElements();
-    if (obj->IsFailure()) return obj;
+    Object* obj;
+    { MaybeObject* maybe_obj = EnsureWritableFastElements();
+      if (!maybe_obj->ToObject(&obj)) return maybe_obj;
+    }
   }
   ASSERT(HasFastElements());
 
   // Collect holes at the end, undefined before that and the rest at the
   // start, and return the number of non-hole, non-undefined values.
 
   FixedArray* elements = FixedArray::cast(this->elements());
   uint32_t elements_length = static_cast<uint32_t>(elements->length());
   if (limit > elements_length) {
     limit = elements_length ;
   }
   if (limit == 0) {
     return Smi::FromInt(0);
   }
 
   HeapNumber* result_double = NULL;
   if (limit > static_cast<uint32_t>(Smi::kMaxValue)) {
     // Pessimistically allocate space for return value before
     // we start mutating the array.
-    Object* new_double = Heap::AllocateHeapNumber(0.0);
-    if (new_double->IsFailure()) return new_double;
+    Object* new_double;
+    { MaybeObject* maybe_new_double = Heap::AllocateHeapNumber(0.0);
+      if (!maybe_new_double->ToObject(&new_double)) return maybe_new_double;
+    }
     result_double = HeapNumber::cast(new_double);
   }
 
   AssertNoAllocation no_alloc;
 
   // Split elements into defined, undefined and the_hole, in that order.
   // Only count locations for undefined and the hole, and fill them afterwards.
   WriteBarrierMode write_barrier = elements->GetWriteBarrierMode(no_alloc);
   unsigned int undefs = limit;
   unsigned int holes = limit;
@@ skipping 71 matching lines @@
       // converted to a number type further up in the call chain.
       ASSERT(value->IsUndefined());
     }
     set(index, clamped_value);
   }
   return Smi::FromInt(clamped_value);
 }
 
 
 template<typename ExternalArrayClass, typename ValueType>
-static Object* ExternalArrayIntSetter(ExternalArrayClass* receiver,
-                                      uint32_t index,
-                                      Object* value) {
+static MaybeObject* ExternalArrayIntSetter(ExternalArrayClass* receiver,
+                                           uint32_t index,
+                                           Object* value) {
   ValueType cast_value = 0;
   if (index < static_cast<uint32_t>(receiver->length())) {
     if (value->IsSmi()) {
       int int_value = Smi::cast(value)->value();
       cast_value = static_cast<ValueType>(int_value);
     } else if (value->IsHeapNumber()) {
       double double_value = HeapNumber::cast(value)->value();
       cast_value = static_cast<ValueType>(DoubleToInt32(double_value));
     } else {
       // Clamp undefined to zero (default). All other types have been
       // converted to a number type further up in the call chain.
       ASSERT(value->IsUndefined());
     }
     receiver->set(index, cast_value);
   }
   return Heap::NumberFromInt32(cast_value);
 }
 
 
-Object* ExternalByteArray::SetValue(uint32_t index, Object* value) {
+MaybeObject* ExternalByteArray::SetValue(uint32_t index, Object* value) {
   return ExternalArrayIntSetter<ExternalByteArray, int8_t>
       (this, index, value);
 }
 
 
-Object* ExternalUnsignedByteArray::SetValue(uint32_t index, Object* value) {
+MaybeObject* ExternalUnsignedByteArray::SetValue(uint32_t index,
+                                                 Object* value) {
   return ExternalArrayIntSetter<ExternalUnsignedByteArray, uint8_t>
       (this, index, value);
 }
 
 
-Object* ExternalShortArray::SetValue(uint32_t index, Object* value) {
+MaybeObject* ExternalShortArray::SetValue(uint32_t index,
+                                          Object* value) {
   return ExternalArrayIntSetter<ExternalShortArray, int16_t>
       (this, index, value);
 }
 
 
-Object* ExternalUnsignedShortArray::SetValue(uint32_t index, Object* value) {
+MaybeObject* ExternalUnsignedShortArray::SetValue(uint32_t index,
+                                                  Object* value) {
   return ExternalArrayIntSetter<ExternalUnsignedShortArray, uint16_t>
       (this, index, value);
 }
 
 
-Object* ExternalIntArray::SetValue(uint32_t index, Object* value) {
+MaybeObject* ExternalIntArray::SetValue(uint32_t index, Object* value) {
   return ExternalArrayIntSetter<ExternalIntArray, int32_t>
       (this, index, value);
 }
 
 
-Object* ExternalUnsignedIntArray::SetValue(uint32_t index, Object* value) {
+MaybeObject* ExternalUnsignedIntArray::SetValue(uint32_t index, Object* value) {
   uint32_t cast_value = 0;
   if (index < static_cast<uint32_t>(length())) {
     if (value->IsSmi()) {
       int int_value = Smi::cast(value)->value();
       cast_value = static_cast<uint32_t>(int_value);
     } else if (value->IsHeapNumber()) {
       double double_value = HeapNumber::cast(value)->value();
       cast_value = static_cast<uint32_t>(DoubleToUint32(double_value));
     } else {
       // Clamp undefined to zero (default). All other types have been
       // converted to a number type further up in the call chain.
       ASSERT(value->IsUndefined());
     }
     set(index, cast_value);
   }
   return Heap::NumberFromUint32(cast_value);
 }
 
 
-Object* ExternalFloatArray::SetValue(uint32_t index, Object* value) {
+MaybeObject* ExternalFloatArray::SetValue(uint32_t index, Object* value) {
   float cast_value = 0;
   if (index < static_cast<uint32_t>(length())) {
     if (value->IsSmi()) {
       int int_value = Smi::cast(value)->value();
       cast_value = static_cast<float>(int_value);
     } else if (value->IsHeapNumber()) {
       double double_value = HeapNumber::cast(value)->value();
       cast_value = static_cast<float>(double_value);
     } else {
       // Clamp undefined to zero (default). All other types have been
       // converted to a number type further up in the call chain.
       ASSERT(value->IsUndefined());
     }
     set(index, cast_value);
   }
   return Heap::AllocateHeapNumber(cast_value);
 }
 
 
 Object* GlobalObject::GetPropertyCell(LookupResult* result) {
   ASSERT(!HasFastProperties());
   Object* value = property_dictionary()->ValueAt(result->GetDictionaryEntry());
   ASSERT(value->IsJSGlobalPropertyCell());
   return value;
 }
 
 
-Object* GlobalObject::EnsurePropertyCell(String* name) {
+MaybeObject* GlobalObject::EnsurePropertyCell(String* name) {
   ASSERT(!HasFastProperties());
   int entry = property_dictionary()->FindEntry(name);
   if (entry == StringDictionary::kNotFound) {
-    Object* cell = Heap::AllocateJSGlobalPropertyCell(Heap::the_hole_value());
-    if (cell->IsFailure()) return cell;
+    Object* cell;
+    { MaybeObject* maybe_cell =
+          Heap::AllocateJSGlobalPropertyCell(Heap::the_hole_value());
+      if (!maybe_cell->ToObject(&cell)) return maybe_cell;
+    }
     PropertyDetails details(NONE, NORMAL);
     details = details.AsDeleted();
-    Object* dictionary = property_dictionary()->Add(name, cell, details);
-    if (dictionary->IsFailure()) return dictionary;
+    Object* dictionary;
+    { MaybeObject* maybe_dictionary =
+          property_dictionary()->Add(name, cell, details);
+      if (!maybe_dictionary->ToObject(&dictionary)) return maybe_dictionary;
+    }
     set_properties(StringDictionary::cast(dictionary));
     return cell;
   } else {
     Object* value = property_dictionary()->ValueAt(entry);
     ASSERT(value->IsJSGlobalPropertyCell());
     return value;
   }
 }
 
 
-Object* SymbolTable::LookupString(String* string, Object** s) {
+MaybeObject* SymbolTable::LookupString(String* string, Object** s) {
   SymbolKey key(string);
   return LookupKey(&key, s);
 }
 
 
 // This class is used for looking up two character strings in the symbol table.
 // If we don't have a hit we don't want to waste much time so we unroll the
 // string hash calculation loop here for speed.  Doesn't work if the two
 // characters form a decimal integer, since such strings have a different hash
 // algorithm.
@@ skipping 76 matching lines @@
     return false;
   } else {
     String* result = String::cast(KeyAt(entry));
     ASSERT(StringShape(result).IsSymbol());
     *symbol = result;
     return true;
   }
 }
 
 
-Object* SymbolTable::LookupSymbol(Vector<const char> str, Object** s) {
+MaybeObject* SymbolTable::LookupSymbol(Vector<const char> str, Object** s) {
   Utf8SymbolKey key(str);
   return LookupKey(&key, s);
 }
 
 
-Object* SymbolTable::LookupKey(HashTableKey* key, Object** s) {
+MaybeObject* SymbolTable::LookupKey(HashTableKey* key, Object** s) {
   int entry = FindEntry(key);
 
   // Symbol already in table.
   if (entry != kNotFound) {
     *s = KeyAt(entry);
     return this;
   }
 
   // Adding new symbol. Grow table if needed.
-  Object* obj = EnsureCapacity(1, key);
-  if (obj->IsFailure()) return obj;
+  Object* obj;
+  { MaybeObject* maybe_obj = EnsureCapacity(1, key);
+    if (!maybe_obj->ToObject(&obj)) return maybe_obj;
+  }
 
   // Create symbol object.
-  Object* symbol = key->AsObject();
-  if (symbol->IsFailure()) return symbol;
+  Object* symbol;
+  { MaybeObject* maybe_symbol = key->AsObject();
+    if (!maybe_symbol->ToObject(&symbol)) return maybe_symbol;
+  }
 
   // If the symbol table grew as part of EnsureCapacity, obj is not
   // the current symbol table and therefore we cannot use
   // SymbolTable::cast here.
   SymbolTable* table = reinterpret_cast<SymbolTable*>(obj);
 
   // Add the new symbol and return it along with the symbol table.
   entry = table->FindInsertionEntry(key->Hash());
   table->set(EntryToIndex(entry), symbol);
   table->ElementAdded();
@@ skipping 20 matching lines @@
 
 Object* CompilationCacheTable::LookupRegExp(String* src,
                                             JSRegExp::Flags flags) {
   RegExpKey key(src, flags);
   int entry = FindEntry(&key);
   if (entry == kNotFound) return Heap::undefined_value();
   return get(EntryToIndex(entry) + 1);
 }
 
 
-Object* CompilationCacheTable::Put(String* src, Object* value) {
+MaybeObject* CompilationCacheTable::Put(String* src, Object* value) {
   StringKey key(src);
-  Object* obj = EnsureCapacity(1, &key);
-  if (obj->IsFailure()) return obj;
+  Object* obj;
+  { MaybeObject* maybe_obj = EnsureCapacity(1, &key);
+    if (!maybe_obj->ToObject(&obj)) return maybe_obj;
+  }
 
   CompilationCacheTable* cache =
       reinterpret_cast<CompilationCacheTable*>(obj);
   int entry = cache->FindInsertionEntry(key.Hash());
   cache->set(EntryToIndex(entry), src);
   cache->set(EntryToIndex(entry) + 1, value);
   cache->ElementAdded();
   return cache;
 }
 
 
-Object* CompilationCacheTable::PutEval(String* src,
-                                       Context* context,
-                                       Object* value) {
+MaybeObject* CompilationCacheTable::PutEval(String* src,
+                                            Context* context,
+                                            Object* value) {
   StringSharedKey key(src, context->closure()->shared());
-  Object* obj = EnsureCapacity(1, &key);
-  if (obj->IsFailure()) return obj;
+  Object* obj;
+  { MaybeObject* maybe_obj = EnsureCapacity(1, &key);
+    if (!maybe_obj->ToObject(&obj)) return maybe_obj;
+  }
 
   CompilationCacheTable* cache =
       reinterpret_cast<CompilationCacheTable*>(obj);
   int entry = cache->FindInsertionEntry(key.Hash());
 
-  Object* k = key.AsObject();
-  if (k->IsFailure()) return k;
+  Object* k;
+  { MaybeObject* maybe_k = key.AsObject();
+    if (!maybe_k->ToObject(&k)) return maybe_k;
+  }
 
   cache->set(EntryToIndex(entry), k);
   cache->set(EntryToIndex(entry) + 1, value);
   cache->ElementAdded();
   return cache;
 }
 
 
-Object* CompilationCacheTable::PutRegExp(String* src,
-                                         JSRegExp::Flags flags,
-                                         FixedArray* value) {
+MaybeObject* CompilationCacheTable::PutRegExp(String* src,
+                                              JSRegExp::Flags flags,
+                                              FixedArray* value) {
   RegExpKey key(src, flags);
-  Object* obj = EnsureCapacity(1, &key);
-  if (obj->IsFailure()) return obj;
+  Object* obj;
+  { MaybeObject* maybe_obj = EnsureCapacity(1, &key);
+    if (!maybe_obj->ToObject(&obj)) return maybe_obj;
+  }
 
   CompilationCacheTable* cache =
       reinterpret_cast<CompilationCacheTable*>(obj);
   int entry = cache->FindInsertionEntry(key.Hash());
   // We store the value in the key slot, and compare the search key
   // to the stored value with a custon IsMatch function during lookups.
   cache->set(EntryToIndex(entry), value);
   cache->set(EntryToIndex(entry) + 1, value);
   cache->ElementAdded();
   return cache;
@@ skipping 35 matching lines @@
 
 
 Object* MapCache::Lookup(FixedArray* array) {
   SymbolsKey key(array);
   int entry = FindEntry(&key);
   if (entry == kNotFound) return Heap::undefined_value();
   return get(EntryToIndex(entry) + 1);
 }
 
 
-Object* MapCache::Put(FixedArray* array, Map* value) {
+MaybeObject* MapCache::Put(FixedArray* array, Map* value) {
   SymbolsKey key(array);
-  Object* obj = EnsureCapacity(1, &key);
-  if (obj->IsFailure()) return obj;
+  Object* obj;
+  { MaybeObject* maybe_obj = EnsureCapacity(1, &key);
+    if (!maybe_obj->ToObject(&obj)) return maybe_obj;
+  }
 
   MapCache* cache = reinterpret_cast<MapCache*>(obj);
   int entry = cache->FindInsertionEntry(key.Hash());
   cache->set(EntryToIndex(entry), array);
   cache->set(EntryToIndex(entry) + 1, value);
   cache->ElementAdded();
   return cache;
 }
 
 
 template<typename Shape, typename Key>
-Object* Dictionary<Shape, Key>::Allocate(int at_least_space_for) {
-  Object* obj = HashTable<Shape, Key>::Allocate(at_least_space_for);
+MaybeObject* Dictionary<Shape, Key>::Allocate(int at_least_space_for) {
+  Object* obj;
+  { MaybeObject* maybe_obj =
+        HashTable<Shape, Key>::Allocate(at_least_space_for);
+    if (!maybe_obj->ToObject(&obj)) return maybe_obj;
+  }
   // Initialize the next enumeration index.
-  if (!obj->IsFailure()) {
-    Dictionary<Shape, Key>::cast(obj)->
-        SetNextEnumerationIndex(PropertyDetails::kInitialIndex);
-  }
+  Dictionary<Shape, Key>::cast(obj)->
+      SetNextEnumerationIndex(PropertyDetails::kInitialIndex);
   return obj;
 }
 
 
 template<typename Shape, typename Key>
-Object* Dictionary<Shape, Key>::GenerateNewEnumerationIndices() {
+MaybeObject* Dictionary<Shape, Key>::GenerateNewEnumerationIndices() {
   int length = HashTable<Shape, Key>::NumberOfElements();
 
   // Allocate and initialize iteration order array.
-  Object* obj = Heap::AllocateFixedArray(length);
-  if (obj->IsFailure()) return obj;
+  Object* obj;
+  { MaybeObject* maybe_obj = Heap::AllocateFixedArray(length);
+    if (!maybe_obj->ToObject(&obj)) return maybe_obj;
+  }
   FixedArray* iteration_order = FixedArray::cast(obj);
   for (int i = 0; i < length; i++) {
     iteration_order->set(i, Smi::FromInt(i));
   }
 
   // Allocate array with enumeration order.
-  obj = Heap::AllocateFixedArray(length);
-  if (obj->IsFailure()) return obj;
+  { MaybeObject* maybe_obj = Heap::AllocateFixedArray(length);
+    if (!maybe_obj->ToObject(&obj)) return maybe_obj;
+  }
   FixedArray* enumeration_order = FixedArray::cast(obj);
 
   // Fill the enumeration order array with property details.
   int capacity = HashTable<Shape, Key>::Capacity();
   int pos = 0;
   for (int i = 0; i < capacity; i++) {
     if (Dictionary<Shape, Key>::IsKey(Dictionary<Shape, Key>::KeyAt(i))) {
       enumeration_order->set(pos++, Smi::FromInt(DetailsAt(i).index()));
     }
   }
@@ skipping 20 matching lines @@
       DetailsAtPut(i, new_details);
     }
   }
 
   // Set the next enumeration index.
   SetNextEnumerationIndex(PropertyDetails::kInitialIndex+length);
   return this;
 }
 
 template<typename Shape, typename Key>
-Object* Dictionary<Shape, Key>::EnsureCapacity(int n, Key key) {
+MaybeObject* Dictionary<Shape, Key>::EnsureCapacity(int n, Key key) {
   // Check whether there are enough enumeration indices to add n elements.
   if (Shape::kIsEnumerable &&
       !PropertyDetails::IsValidIndex(NextEnumerationIndex() + n)) {
     // If not, we generate new indices for the properties.
-    Object* result = GenerateNewEnumerationIndices();
-    if (result->IsFailure()) return result;
+    Object* result;
+    { MaybeObject* maybe_result = GenerateNewEnumerationIndices();
+      if (!maybe_result->ToObject(&result)) return maybe_result;
+    }
   }
   return HashTable<Shape, Key>::EnsureCapacity(n, key);
 }
 
 
 void NumberDictionary::RemoveNumberEntries(uint32_t from, uint32_t to) {
   // Do nothing if the interval [from, to) is empty.
   if (from >= to) return;
 
   int removed_entries = 0;
@@ skipping 23 matching lines @@
   if (details.IsDontDelete() && mode == JSObject::NORMAL_DELETION) {
     return Heap::false_value();
   }
   SetEntry(entry, Heap::null_value(), Heap::null_value(), Smi::FromInt(0));
   HashTable<Shape, Key>::ElementRemoved();
   return Heap::true_value();
 }
 
 
 template<typename Shape, typename Key>
-Object* Dictionary<Shape, Key>::AtPut(Key key, Object* value) {
+MaybeObject* Dictionary<Shape, Key>::AtPut(Key key, Object* value) {
   int entry = this->FindEntry(key);
 
   // If the entry is present set the value;
   if (entry != Dictionary<Shape, Key>::kNotFound) {
     ValueAtPut(entry, value);
     return this;
   }
 
   // Check whether the dictionary should be extended.
-  Object* obj = EnsureCapacity(1, key);
-  if (obj->IsFailure()) return obj;
+  Object* obj;
+  { MaybeObject* maybe_obj = EnsureCapacity(1, key);
+    if (!maybe_obj->ToObject(&obj)) return maybe_obj;
+  }
 
-  Object* k = Shape::AsObject(key);
-  if (k->IsFailure()) return k;
+  Object* k;
+  { MaybeObject* maybe_k = Shape::AsObject(key);
+    if (!maybe_k->ToObject(&k)) return maybe_k;
+  }
   PropertyDetails details = PropertyDetails(NONE, NORMAL);
   return Dictionary<Shape, Key>::cast(obj)->
       AddEntry(key, value, details, Shape::Hash(key));
 }
 
 
 template<typename Shape, typename Key>
-Object* Dictionary<Shape, Key>::Add(Key key,
-                                    Object* value,
-                                    PropertyDetails details) {
+MaybeObject* Dictionary<Shape, Key>::Add(Key key,
+                                         Object* value,
+                                         PropertyDetails details) {
   // Valdate key is absent.
   SLOW_ASSERT((this->FindEntry(key) == Dictionary<Shape, Key>::kNotFound));
   // Check whether the dictionary should be extended.
-  Object* obj = EnsureCapacity(1, key);
-  if (obj->IsFailure()) return obj;
+  Object* obj;
+  { MaybeObject* maybe_obj = EnsureCapacity(1, key);
+    if (!maybe_obj->ToObject(&obj)) return maybe_obj;
+  }
   return Dictionary<Shape, Key>::cast(obj)->
       AddEntry(key, value, details, Shape::Hash(key));
 }
 
 
 // Add a key, value pair to the dictionary.
 template<typename Shape, typename Key>
-Object* Dictionary<Shape, Key>::AddEntry(Key key,
-                                         Object* value,
-                                         PropertyDetails details,
-                                         uint32_t hash) {
+MaybeObject* Dictionary<Shape, Key>::AddEntry(Key key,
+                                              Object* value,
+                                              PropertyDetails details,
+                                              uint32_t hash) {
   // Compute the key object.
-  Object* k = Shape::AsObject(key);
-  if (k->IsFailure()) return k;
+  Object* k;
+  { MaybeObject* maybe_k = Shape::AsObject(key);
+    if (!maybe_k->ToObject(&k)) return maybe_k;
+  }
 
   uint32_t entry = Dictionary<Shape, Key>::FindInsertionEntry(hash);
   // Insert element at empty or deleted entry
   if (!details.IsDeleted() && details.index() == 0 && Shape::kIsEnumerable) {
     // Assign an enumeration index to the property and update
     // SetNextEnumerationIndex.
     int index = NextEnumerationIndex();
     details = PropertyDetails(details.attributes(), details.type(), index);
     SetNextEnumerationIndex(index + 1);
   }
@@ skipping 17 matching lines @@
   }
   // Update max key value.
   Object* max_index_object = get(kMaxNumberKeyIndex);
   if (!max_index_object->IsSmi() || max_number_key() < key) {
     FixedArray::set(kMaxNumberKeyIndex,
                     Smi::FromInt(key << kRequiresSlowElementsTagSize));
   }
 }
 
 
-Object* NumberDictionary::AddNumberEntry(uint32_t key,
-                                         Object* value,
-                                         PropertyDetails details) {
+MaybeObject* NumberDictionary::AddNumberEntry(uint32_t key,
+                                              Object* value,
+                                              PropertyDetails details) {
   UpdateMaxNumberKey(key);
   SLOW_ASSERT(this->FindEntry(key) == kNotFound);
   return Add(key, value, details);
 }
 
 
-Object* NumberDictionary::AtNumberPut(uint32_t key, Object* value) {
+MaybeObject* NumberDictionary::AtNumberPut(uint32_t key, Object* value) {
   UpdateMaxNumberKey(key);
   return AtPut(key, value);
 }
 
 
-Object* NumberDictionary::Set(uint32_t key,
-                              Object* value,
-                              PropertyDetails details) {
+MaybeObject* NumberDictionary::Set(uint32_t key,
+                                   Object* value,
+                                   PropertyDetails details) {
   int entry = FindEntry(key);
   if (entry == kNotFound) return AddNumberEntry(key, value, details);
   // Preserve enumeration index.
   details = PropertyDetails(details.attributes(),
                             details.type(),
                             DetailsAt(entry).index());
-  Object* object_key = NumberDictionaryShape::AsObject(key);
-  if (object_key->IsFailure()) return object_key;
+  MaybeObject* maybe_object_key = NumberDictionaryShape::AsObject(key);
+  Object* object_key;
+  if (!maybe_object_key->ToObject(&object_key)) return maybe_object_key;
   SetEntry(entry, object_key, value, details);
   return this;
 }
 
 
 
 template<typename Shape, typename Key>
 int Dictionary<Shape, Key>::NumberOfElementsFilterAttributes(
     PropertyAttributes filter) {
   int capacity = HashTable<Shape, Key>::Capacity();
@@ skipping 87 matching lines @@
       if (e->IsJSGlobalPropertyCell()) {
         e = JSGlobalPropertyCell::cast(e)->value();
       }
       if (e == value) return k;
     }
   }
   return Heap::undefined_value();
 }
 
 
-Object* StringDictionary::TransformPropertiesToFastFor(
+MaybeObject* StringDictionary::TransformPropertiesToFastFor(
     JSObject* obj, int unused_property_fields) {
   // Make sure we preserve dictionary representation if there are too many
   // descriptors.
   if (NumberOfElements() > DescriptorArray::kMaxNumberOfDescriptors) return obj;
 
   // Figure out if it is necessary to generate new enumeration indices.
   int max_enumeration_index =
       NextEnumerationIndex() +
           (DescriptorArray::kMaxNumberOfDescriptors -
            NumberOfElements());
   if (!PropertyDetails::IsValidIndex(max_enumeration_index)) {
-    Object* result = GenerateNewEnumerationIndices();
-    if (result->IsFailure()) return result;
+    Object* result;
+    { MaybeObject* maybe_result = GenerateNewEnumerationIndices();
+      if (!maybe_result->ToObject(&result)) return maybe_result;
+    }
   }
 
   int instance_descriptor_length = 0;
   int number_of_fields = 0;
 
   // Compute the length of the instance descriptor.
   int capacity = Capacity();
   for (int i = 0; i < capacity; i++) {
     Object* k = KeyAt(i);
     if (IsKey(k)) {
       Object* value = ValueAt(i);
       PropertyType type = DetailsAt(i).type();
       ASSERT(type != FIELD);
       instance_descriptor_length++;
       if (type == NORMAL &&
           (!value->IsJSFunction() || Heap::InNewSpace(value))) {
         number_of_fields += 1;
       }
     }
   }
 
   // Allocate the instance descriptor.
-  Object* descriptors_unchecked =
-      DescriptorArray::Allocate(instance_descriptor_length);
-  if (descriptors_unchecked->IsFailure()) return descriptors_unchecked;
+  Object* descriptors_unchecked;
+  { MaybeObject* maybe_descriptors_unchecked =
+        DescriptorArray::Allocate(instance_descriptor_length);
+    if (!maybe_descriptors_unchecked->ToObject(&descriptors_unchecked)) {
+      return maybe_descriptors_unchecked;
+    }
+  }
   DescriptorArray* descriptors = DescriptorArray::cast(descriptors_unchecked);
 
   int inobject_props = obj->map()->inobject_properties();
   int number_of_allocated_fields =
       number_of_fields + unused_property_fields - inobject_props;
   if (number_of_allocated_fields < 0) {
     // There is enough inobject space for all fields (including unused).
     number_of_allocated_fields = 0;
     unused_property_fields = inobject_props - number_of_fields;
   }
 
   // Allocate the fixed array for the fields.
-  Object* fields = Heap::AllocateFixedArray(number_of_allocated_fields);
-  if (fields->IsFailure()) return fields;
+  Object* fields;
+  { MaybeObject* maybe_fields =
+        Heap::AllocateFixedArray(number_of_allocated_fields);
+    if (!maybe_fields->ToObject(&fields)) return maybe_fields;
+  }
 
   // Fill in the instance descriptor and the fields.
   int next_descriptor = 0;
   int current_offset = 0;
   for (int i = 0; i < capacity; i++) {
     Object* k = KeyAt(i);
     if (IsKey(k)) {
       Object* value = ValueAt(i);
       // Ensure the key is a symbol before writing into the instance descriptor.
-      Object* key = Heap::LookupSymbol(String::cast(k));
-      if (key->IsFailure()) return key;
+      Object* key;
+      { MaybeObject* maybe_key = Heap::LookupSymbol(String::cast(k));
+        if (!maybe_key->ToObject(&key)) return maybe_key;
+      }
       PropertyDetails details = DetailsAt(i);
       PropertyType type = details.type();
 
       if (value->IsJSFunction() && !Heap::InNewSpace(value)) {
         ConstantFunctionDescriptor d(String::cast(key),
                                      JSFunction::cast(value),
                                      details.attributes(),
                                      details.index());
         descriptors->Set(next_descriptor++, &d);
       } else if (type == NORMAL) {
@@ skipping 18 matching lines @@
         descriptors->Set(next_descriptor++, &d);
       } else {
         UNREACHABLE();
       }
     }
   }
   ASSERT(current_offset == number_of_fields);
 
   descriptors->Sort();
   // Allocate new map.
-  Object* new_map = obj->map()->CopyDropDescriptors();
-  if (new_map->IsFailure()) return new_map;
+  Object* new_map;
+  { MaybeObject* maybe_new_map = obj->map()->CopyDropDescriptors();
+    if (!maybe_new_map->ToObject(&new_map)) return maybe_new_map;
+  }
 
   // Transform the object.
   obj->set_map(Map::cast(new_map));
   obj->map()->set_instance_descriptors(descriptors);
   obj->map()->set_unused_property_fields(unused_property_fields);
 
   obj->set_properties(FixedArray::cast(fields));
   ASSERT(obj->IsJSObject());
 
   descriptors->SetNextEnumerationIndex(NextEnumerationIndex());
@@ skipping 245 matching lines @@
   if (break_point_objects()->IsUndefined()) return 0;
   // Single beak point.
   if (!break_point_objects()->IsFixedArray()) return 1;
   // Multiple break points.
   return FixedArray::cast(break_point_objects())->length();
 }
 #endif
 
 
 } }  // namespace v8::internal