[Isolates] Merge crankshaft (r5922 from bleeding_edge).

src/objects.h

 // Copyright 2010 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 567 matching lines @@
   InstanceType type;
   Object* ptr;
   const char* str;
   double number;
 };
 
 
 // A template-ized version of the IsXXX functions.
 template <class C> static inline bool Is(Object* obj);
 
+
 class MaybeObject BASE_EMBEDDED {
  public:
   inline bool IsFailure();
   inline bool IsRetryAfterGC();
   inline bool IsOutOfMemory();
   inline bool IsException();
   INLINE(bool IsTheHole());
   inline bool ToObject(Object** obj) {
     if (IsFailure()) return false;
     *obj = reinterpret_cast<Object*>(this);
@@ skipping 49 matching lines @@
   inline bool IsExternalShortArray();
   inline bool IsExternalUnsignedShortArray();
   inline bool IsExternalIntArray();
   inline bool IsExternalUnsignedIntArray();
   inline bool IsExternalFloatArray();
   inline bool IsJSObject();
   inline bool IsJSContextExtensionObject();
   inline bool IsMap();
   inline bool IsFixedArray();
   inline bool IsDescriptorArray();
+  inline bool IsDeoptimizationInputData();
+  inline bool IsDeoptimizationOutputData();
   inline bool IsContext();
   inline bool IsCatchContext();
   inline bool IsGlobalContext();
   inline bool IsJSFunction();
   inline bool IsCode();
   inline bool IsOddball();
   inline bool IsSharedFunctionInfo();
   inline bool IsJSValue();
   inline bool IsStringWrapper();
   inline bool IsProxy();
@@ skipping 2229 matching lines @@
 #ifdef DEBUG
   void ExternalFloatArrayPrint();
   void ExternalFloatArrayVerify();
 #endif  // DEBUG
 
  private:
   DISALLOW_IMPLICIT_CONSTRUCTORS(ExternalFloatArray);
 };
 
 
+// DeoptimizationInputData is a fixed array used to hold the deoptimization
+// data for code generated by the Hydrogen/Lithium compiler.  It also
+// contains information about functions that were inlined.  If N different
+// functions were inlined then first N elements of the literal array will
+// contain these functions.
+//
+// It can be empty.
+class DeoptimizationInputData: public FixedArray {
+ public:
+  // Layout description.  Indices in the array.
+  static const int kTranslationByteArrayIndex = 0;
+  static const int kInlinedFunctionCountIndex = 1;
+  static const int kLiteralArrayIndex = 2;
+  static const int kOsrAstIdIndex = 3;
+  static const int kOsrPcOffsetIndex = 4;
+  static const int kFirstDeoptEntryIndex = 5;
+
+  // Offsets of deopt entry elements relative to the start of the entry.
+  static const int kAstIdOffset = 0;
+  static const int kTranslationIndexOffset = 1;
+  static const int kArgumentsStackHeightOffset = 2;
+  static const int kDeoptEntrySize = 3;
+
+  // Simple element accessors.
+#define DEFINE_ELEMENT_ACCESSORS(name, type)      \
+  type* name() {                                  \
+    return type::cast(get(k##name##Index));       \
+  }                                               \
+  void Set##name(type* value) {                   \
+    set(k##name##Index, value);                   \
+  }
+
+  DEFINE_ELEMENT_ACCESSORS(TranslationByteArray, ByteArray)
+  DEFINE_ELEMENT_ACCESSORS(InlinedFunctionCount, Smi)
+  DEFINE_ELEMENT_ACCESSORS(LiteralArray, FixedArray)
+  DEFINE_ELEMENT_ACCESSORS(OsrAstId, Smi)
+  DEFINE_ELEMENT_ACCESSORS(OsrPcOffset, Smi)
+
+  // Unchecked accessor to be used during GC.
+  FixedArray* UncheckedLiteralArray() {
+    return reinterpret_cast<FixedArray*>(get(kLiteralArrayIndex));
+  }
+
+#undef DEFINE_ELEMENT_ACCESSORS
+
+  // Accessors for elements of the ith deoptimization entry.
+#define DEFINE_ENTRY_ACCESSORS(name, type)                       \
+  type* name(int i) {                                            \
+    return type::cast(get(IndexForEntry(i) + k##name##Offset));  \
+  }                                                              \
+  void Set##name(int i, type* value) {                           \
+    set(IndexForEntry(i) + k##name##Offset, value);              \
+  }
+
+  DEFINE_ENTRY_ACCESSORS(AstId, Smi)
+  DEFINE_ENTRY_ACCESSORS(TranslationIndex, Smi)
+  DEFINE_ENTRY_ACCESSORS(ArgumentsStackHeight, Smi)
+
+#undef DEFINE_ENTRY_ACCESSORS
+
+  int DeoptCount() {
+    return (length() - kFirstDeoptEntryIndex) / kDeoptEntrySize;
+  }
+
+  // Allocates a DeoptimizationInputData.
+  MUST_USE_RESULT static MaybeObject* Allocate(int deopt_entry_count,
+                                               PretenureFlag pretenure);
+
+  // Casting.
+  static inline DeoptimizationInputData* cast(Object* obj);
+
+#ifdef DEBUG
+  void DeoptimizationInputDataPrint();
+#endif
+
+ private:
+  static int IndexForEntry(int i) {
+    return kFirstDeoptEntryIndex + (i * kDeoptEntrySize);
+  }
+
+  static int LengthFor(int entry_count) {
+    return IndexForEntry(entry_count);
+  }
+};
+
+
+// DeoptimizationOutputData is a fixed array used to hold the deoptimization
+// data for code generated by the full compiler.
+// The format of the these objects is
+//   [i * 2]: Ast ID for ith deoptimization.
+//   [i * 2 + 1]: PC and state of ith deoptimization
+class DeoptimizationOutputData: public FixedArray {
+ public:
+  int DeoptPoints() { return length() / 2; }
+  Smi* AstId(int index) { return Smi::cast(get(index * 2)); }
+  void SetAstId(int index, Smi* id) { set(index * 2, id); }
+  Smi* PcAndState(int index) { return Smi::cast(get(1 + index * 2)); }
+  void SetPcAndState(int index, Smi* offset) { set(1 + index * 2, offset); }
+
+  static int LengthOfFixedArray(int deopt_points) {
+    return deopt_points * 2;
+  }
+
+  // Allocates a DeoptimizationOutputData.
+  MUST_USE_RESULT static MaybeObject* Allocate(int number_of_deopt_points,
+                                               PretenureFlag pretenure);
+
+  // Casting.
+  static inline DeoptimizationOutputData* cast(Object* obj);
+
+#ifdef DEBUG
+  void DeoptimizationOutputDataPrint();
+#endif
+};
+
+
 // Code describes objects with on-the-fly generated machine code.
 class Code: public HeapObject {
  public:
   // Opaque data type for encapsulating code flags like kind, inline
   // cache state, and arguments count.
   // FLAGS_MIN_VALUE and FLAGS_MAX_VALUE are specified to ensure that
   // enumeration type has correct value range (see Issue 830 for more details).
   enum Flags {
     FLAGS_MIN_VALUE = kMinInt,
     FLAGS_MAX_VALUE = kMaxInt
   };
 
   enum Kind {
     FUNCTION,
+    OPTIMIZED_FUNCTION,
     STUB,
     BUILTIN,
     LOAD_IC,
     KEYED_LOAD_IC,
     CALL_IC,
     KEYED_CALL_IC,
     STORE_IC,
     KEYED_STORE_IC,
     BINARY_OP_IC,
+    TYPE_RECORDING_BINARY_OP_IC,
+    COMPARE_IC,
     // No more than 16 kinds. The value currently encoded in four bits in
     // Flags.
 
     // Pseudo-kinds.
     REGEXP = BUILTIN,
     FIRST_IC_KIND = LOAD_IC,
-    LAST_IC_KIND = BINARY_OP_IC
+    LAST_IC_KIND = COMPARE_IC
   };
 
   enum {
     NUMBER_OF_KINDS = LAST_IC_KIND + 1
   };
 
 #ifdef ENABLE_DISASSEMBLER
   // Printing
   static const char* Kind2String(Kind kind);
   static const char* ICState2String(InlineCacheState state);
   static const char* PropertyType2String(PropertyType type);
   void Disassemble(const char* name);
 #endif  // ENABLE_DISASSEMBLER
 
   // [instruction_size]: Size of the native instructions
   inline int instruction_size();
   inline void set_instruction_size(int value);
 
   // [relocation_info]: Code relocation information
   DECL_ACCESSORS(relocation_info, ByteArray)
+  void InvalidateRelocation();
 
-  // Unchecked accessor to be used during GC.
+  // [deoptimization_data]: Array containing data for deopt.
+  DECL_ACCESSORS(deoptimization_data, FixedArray)
+
+  // Unchecked accessors to be used during GC.
   inline ByteArray* unchecked_relocation_info();
+  inline FixedArray* unchecked_deoptimization_data();
 
   inline int relocation_size();
 
   // [flags]: Various code flags.
   inline Flags flags();
   inline void set_flags(Flags flags);
 
   // [flags]: Access to specific code flags.
   inline Kind kind();
   inline InlineCacheState ic_state();  // Only valid for IC stubs.
   inline InLoopFlag ic_in_loop();  // Only valid for IC stubs.
   inline PropertyType type();  // Only valid for monomorphic IC stubs.
   inline int arguments_count();  // Only valid for call IC stubs.
 
   // Testers for IC stub kinds.
   inline bool is_inline_cache_stub();
   inline bool is_load_stub() { return kind() == LOAD_IC; }
   inline bool is_keyed_load_stub() { return kind() == KEYED_LOAD_IC; }
   inline bool is_store_stub() { return kind() == STORE_IC; }
   inline bool is_keyed_store_stub() { return kind() == KEYED_STORE_IC; }
   inline bool is_call_stub() { return kind() == CALL_IC; }
   inline bool is_keyed_call_stub() { return kind() == KEYED_CALL_IC; }
+  inline bool is_binary_op_stub() { return kind() == BINARY_OP_IC; }
+  inline bool is_type_recording_binary_op_stub() {
+    return kind() == TYPE_RECORDING_BINARY_OP_IC;
+  }
+  inline bool is_compare_ic_stub() { return kind() == COMPARE_IC; }
 
   // [major_key]: For kind STUB or BINARY_OP_IC, the major key.
   inline int major_key();
-  inline void set_major_key(int major);
+  inline void set_major_key(int value);
+
+  // [optimizable]: For FUNCTION kind, tells if it is optimizable.
+  inline bool optimizable();
+  inline void set_optimizable(bool value);
+
+  // [has_deoptimization_support]: For FUNCTION kind, tells if it has
+  // deoptimization support.
+  inline bool has_deoptimization_support();
+  inline void set_has_deoptimization_support(bool value);
+
+  // [allow_osr_at_loop_nesting_level]: For FUNCTION kind, tells for
+  // how long the function has been marked for OSR and therefore which
+  // level of loop nesting we are willing to do on-stack replacement
+  // for.
+  inline void set_allow_osr_at_loop_nesting_level(int level);
+  inline int allow_osr_at_loop_nesting_level();
+
+  // [stack_slots]: For kind OPTIMIZED_FUNCTION, the number of stack slots
+  // reserved in the code prologue.
+  inline unsigned stack_slots();
+  inline void set_stack_slots(unsigned slots);
+
+  // [safepoint_table_start]: For kind OPTIMIZED_CODE, the offset in
+  // the instruction stream where the safepoint table starts.
+  inline unsigned safepoint_table_start();
+  inline void set_safepoint_table_start(unsigned offset);
+
+  // [stack_check_table_start]: For kind FUNCTION, the offset in the
+  // instruction stream where the stack check table starts.
+  inline unsigned stack_check_table_start();
+  inline void set_stack_check_table_start(unsigned offset);
+
+  // [check type]: For kind CALL_IC, tells how to check if the
+  // receiver is valid for the given call.
+  inline CheckType check_type();
+  inline void set_check_type(CheckType value);
+
+  // [binary op type]: For all BINARY_OP_IC.
+  inline byte binary_op_type();
+  inline void set_binary_op_type(byte value);
+
+  // [type-recording binary op type]: For all TYPE_RECORDING_BINARY_OP_IC.
+  inline byte type_recording_binary_op_type();
+  inline void set_type_recording_binary_op_type(byte value);
+  inline byte type_recording_binary_op_result_type();
+  inline void set_type_recording_binary_op_result_type(byte value);
+
+  // [compare state]: For kind compare IC stubs, tells what state the
+  // stub is in.
+  inline byte compare_state();
+  inline void set_compare_state(byte value);
+
+  // Get the safepoint entry for the given pc. Returns NULL for
+  // non-safepoint pcs.
+  uint8_t* GetSafepointEntry(Address pc);
+
+  // Mark this code object as not having a stack check table.  Assumes kind
+  // is FUNCTION.
+  void SetNoStackCheckTable();
+
+  // Find the first map in an IC stub.
+  Map* FindFirstMap();
 
   // Flags operations.
   static inline Flags ComputeFlags(Kind kind,
                                    InLoopFlag in_loop = NOT_IN_LOOP,
                                    InlineCacheState ic_state = UNINITIALIZED,
                                    PropertyType type = NORMAL,
                                    int argc = -1,
                                    InlineCacheHolderFlag holder = OWN_MAP);
 
   static inline Flags ComputeMonomorphicFlags(
@@ skipping 67 matching lines @@
   // Dispatched behavior.
   int CodeSize() { return SizeFor(body_size()); }
   inline void CodeIterateBody(ObjectVisitor* v);
 
   template<typename StaticVisitor>
   inline void CodeIterateBody(Heap* heap);
 #ifdef DEBUG
   void CodePrint();
   void CodeVerify();
 #endif
+
+  // Max loop nesting marker used to postpose OSR. We don't take loop
+  // nesting that is deeper than 5 levels into account.
+  static const int kMaxLoopNestingMarker = 6;
+
   // Layout description.
   static const int kInstructionSizeOffset = HeapObject::kHeaderSize;
   static const int kRelocationInfoOffset = kInstructionSizeOffset + kIntSize;
-  static const int kFlagsOffset = kRelocationInfoOffset + kPointerSize;
+  static const int kDeoptimizationDataOffset =
+      kRelocationInfoOffset + kPointerSize;
+  static const int kFlagsOffset = kDeoptimizationDataOffset + kPointerSize;
   static const int kKindSpecificFlagsOffset  = kFlagsOffset + kIntSize;
+
+  static const int kKindSpecificFlagsSize = 2 * kIntSize;
+
+  static const int kHeaderPaddingStart = kKindSpecificFlagsOffset +
+      kKindSpecificFlagsSize;
+
   // Add padding to align the instruction start following right after
   // the Code object header.
   static const int kHeaderSize =
-      CODE_POINTER_ALIGN(kKindSpecificFlagsOffset + kIntSize);
+      (kHeaderPaddingStart + kCodeAlignmentMask) & ~kCodeAlignmentMask;
 
   // Byte offsets within kKindSpecificFlagsOffset.
-  static const int kStubMajorKeyOffset = kKindSpecificFlagsOffset + 1;
+  static const int kStubMajorKeyOffset = kKindSpecificFlagsOffset;
+  static const int kOptimizableOffset = kKindSpecificFlagsOffset;
+  static const int kStackSlotsOffset = kKindSpecificFlagsOffset;
+  static const int kCheckTypeOffset = kKindSpecificFlagsOffset;
+
+  static const int kCompareStateOffset = kStubMajorKeyOffset + 1;
+  static const int kBinaryOpTypeOffset = kStubMajorKeyOffset + 1;
+  static const int kHasDeoptimizationSupportOffset = kOptimizableOffset + 1;
+
+  static const int kBinaryOpReturnTypeOffset = kBinaryOpTypeOffset + 1;
+  static const int kAllowOSRAtLoopNestingLevelOffset =
+      kHasDeoptimizationSupportOffset + 1;
+
+  static const int kSafepointTableStartOffset = kStackSlotsOffset + kIntSize;
+  static const int kStackCheckTableStartOffset = kStackSlotsOffset + kIntSize;
 
   // Flags layout.
   static const int kFlagsICStateShift        = 0;
   static const int kFlagsICInLoopShift       = 3;
   static const int kFlagsTypeShift           = 4;
   static const int kFlagsKindShift           = 7;
   static const int kFlagsICHolderShift       = 11;
   static const int kFlagsArgumentsCountShift = 12;
 
   static const int kFlagsICStateMask        = 0x00000007;  // 00000000111
@@ skipping 155 matching lines @@
   DECL_ACCESSORS(constructor, Object)
 
   inline JSFunction* unchecked_constructor();
 
   // [instance descriptors]: describes the object.
   DECL_ACCESSORS(instance_descriptors, DescriptorArray)
 
   // [stub cache]: contains stubs compiled for this map.
   DECL_ACCESSORS(code_cache, Object)
 
+  // Lookup in the map's instance descriptors and fill out the result
+  // with the given holder if the name is found. The holder may be
+  // NULL when this function is used from the compiler.
+  void LookupInDescriptors(JSObject* holder,
+                           String* name,
+                           LookupResult* result);
+
   MUST_USE_RESULT MaybeObject* CopyDropDescriptors();
 
   MUST_USE_RESULT MaybeObject* CopyNormalized(PropertyNormalizationMode mode,
                                               NormalizedMapSharingMode sharing);
 
   // Returns a copy of the map, with all transitions dropped from the
   // instance descriptors.
   MUST_USE_RESULT MaybeObject* CopyDropTransitions();
 
   // Returns this map if it has the fast elements bit set, otherwise
@@ skipping 232 matching lines @@
   static const int kEvalFromSharedOffset = kIdOffset + kPointerSize;
   static const int kEvalFrominstructionsOffsetOffset =
       kEvalFromSharedOffset + kPointerSize;
   static const int kSize = kEvalFrominstructionsOffsetOffset + kPointerSize;
 
  private:
   DISALLOW_IMPLICIT_CONSTRUCTORS(Script);
 };
 
 
+enum MathFunctionId {
+  kNotSpecialMathFunction = 0,
+  // These numbers must be kept in sync with the ones in math.js.
+  kMathFloor = 1,
+  kMathRound = 2,
+  kMathCeil = 3,
+  kMathAbs = 4,
+  kMathLog = 5,
+  kMathSin = 6,
+  kMathCos = 7,
+  kMathTan = 8,
+  kMathASin = 9,
+  kMathACos = 0xa,
+  kMathATan = 0xb,
+  kMathExp = 0xc,
+  kMathSqrt = 0xd
+};
+
+
 // SharedFunctionInfo describes the JSFunction information that can be
 // shared by multiple instances of the function.
 class SharedFunctionInfo: public HeapObject {
  public:
   // [name]: Function name.
   DECL_ACCESSORS(name, Object)
 
   // [code]: Function code.
   DECL_ACCESSORS(code, Code)
 
@@ skipping 181 matching lines @@
 
   // Is this function a top-level function (scripts, evals).
   inline bool is_toplevel();
   inline void set_is_toplevel(bool value);
 
   // Bit field containing various information collected by the compiler to
   // drive optimization.
   inline int compiler_hints();
   inline void set_compiler_hints(int value);
 
+  // A counter used to determine when to stress the deoptimizer with a
+  // deopt.
+  inline Smi* deopt_counter();
+  inline void set_deopt_counter(Smi* counter);
+
   // Add information on assignments of the form this.x = ...;
   void SetThisPropertyAssignmentsInfo(
       bool has_only_simple_this_property_assignments,
       FixedArray* this_property_assignments);
 
   // Clear information on assignments of the form this.x = ...;
   void ClearThisPropertyAssignmentsInfo();
 
   // Indicate that this function only consists of assignments of the form
   // this.x = y; where y is either a constant or refers to an argument.
   inline bool has_only_simple_this_property_assignments();
 
   inline bool try_full_codegen();
   inline void set_try_full_codegen(bool flag);
 
   // Indicates if this function can be lazy compiled.
   // This is used to determine if we can safely flush code from a function
   // when doing GC if we expect that the function will no longer be used.
   inline bool allows_lazy_compilation();
   inline void set_allows_lazy_compilation(bool flag);
 
   // Indicates how many full GCs this function has survived with assigned
   // code object. Used to determine when it is relatively safe to flush
   // this code object and replace it with lazy compilation stub.
   // Age is reset when GC notices that the code object is referenced
   // from the stack or compilation cache.
   inline int code_age();
   inline void set_code_age(int age);
 
+  // Indicates whether optimizations have been disabled for this
+  // shared function info. If a function is repeatedly optimized or if
+  // we cannot optimize the function we disable optimization to avoid
+  // spending time attempting to optimize it again.
+  inline bool optimization_disabled();
+  inline void set_optimization_disabled(bool value);
+
+  // Indicates whether or not the code in the shared function support
+  // deoptimization.
+  inline bool has_deoptimization_support();
+
+  // Enable deoptimization support through recompiled code.
+  void EnableDeoptimizationSupport(Code* recompiled);
+
+  // Lookup the bailout ID and ASSERT that it exists in the non-optimized
+  // code, returns whether it asserted (i.e., always true if assertions are
+  // disabled).
+  bool VerifyBailoutId(int id);
 
   // Check whether a inlined constructor can be generated with the given
   // prototype.
   bool CanGenerateInlineConstructor(Object* prototype);
 
   // Prevents further attempts to generate inline constructors.
   // To be called if generation failed for any reason.
   void ForbidInlineConstructor();
 
   // For functions which only contains this property assignments this provides
   // access to the names for the properties assigned.
   DECL_ACCESSORS(this_property_assignments, Object)
   inline int this_property_assignments_count();
   inline void set_this_property_assignments_count(int value);
   String* GetThisPropertyAssignmentName(int index);
   bool IsThisPropertyAssignmentArgument(int index);
   int GetThisPropertyAssignmentArgument(int index);
   Object* GetThisPropertyAssignmentConstant(int index);
 
   // [source code]: Source code for the function.
   bool HasSourceCode();
   Object* GetSourceCode();
 
+  inline int opt_count();
+  inline void set_opt_count(int opt_count);
+
+  // Source size of this function.
+  int SourceSize();
+
   // Calculate the instance size.
   int CalculateInstanceSize();
 
   // Calculate the number of in-object properties.
   int CalculateInObjectProperties();
 
   // Dispatched behavior.
   // Set max_length to -1 for unlimited length.
   void SourceCodePrint(StringStream* accumulator, int max_length);
 #ifdef DEBUG
@@ skipping 17 matching lines @@
       kConstructStubOffset + kPointerSize;
   static const int kFunctionDataOffset =
       kInstanceClassNameOffset + kPointerSize;
   static const int kScriptOffset = kFunctionDataOffset + kPointerSize;
   static const int kDebugInfoOffset = kScriptOffset + kPointerSize;
   static const int kInferredNameOffset = kDebugInfoOffset + kPointerSize;
   static const int kInitialMapOffset =
       kInferredNameOffset + kPointerSize;
   static const int kThisPropertyAssignmentsOffset =
       kInitialMapOffset + kPointerSize;
+  static const int kDeoptCounterOffset =
+      kThisPropertyAssignmentsOffset + kPointerSize;
 #if V8_HOST_ARCH_32_BIT
   // Smi fields.
   static const int kLengthOffset =
-      kThisPropertyAssignmentsOffset + kPointerSize;
+      kDeoptCounterOffset + kPointerSize;
   static const int kFormalParameterCountOffset = kLengthOffset + kPointerSize;
   static const int kExpectedNofPropertiesOffset =
       kFormalParameterCountOffset + kPointerSize;
   static const int kNumLiteralsOffset =
       kExpectedNofPropertiesOffset + kPointerSize;
   static const int kStartPositionAndTypeOffset =
       kNumLiteralsOffset + kPointerSize;
   static const int kEndPositionOffset =
       kStartPositionAndTypeOffset + kPointerSize;
   static const int kFunctionTokenPositionOffset =
       kEndPositionOffset + kPointerSize;
   static const int kCompilerHintsOffset =
       kFunctionTokenPositionOffset + kPointerSize;
   static const int kThisPropertyAssignmentsCountOffset =
       kCompilerHintsOffset + kPointerSize;
+  static const int kOptCountOffset =
+      kThisPropertyAssignmentsCountOffset + kPointerSize;
   // Total size.
-  static const int kSize = kThisPropertyAssignmentsCountOffset + kPointerSize;
+  static const int kSize = kOptCountOffset + kPointerSize;
 #else
   // The only reason to use smi fields instead of int fields
   // is to allow iteration without maps decoding during
   // garbage collections.
   // To avoid wasting space on 64-bit architectures we use
   // the following trick: we group integer fields into pairs
   // First integer in each pair is shifted left by 1.
   // By doing this we guarantee that LSB of each kPointerSize aligned
   // word is not set and thus this word cannot be treated as pointer
   // to HeapObject during old space traversal.
   static const int kLengthOffset =
-      kThisPropertyAssignmentsOffset + kPointerSize;
+      kDeoptCounterOffset + kPointerSize;
   static const int kFormalParameterCountOffset =
       kLengthOffset + kIntSize;
 
   static const int kExpectedNofPropertiesOffset =
       kFormalParameterCountOffset + kIntSize;
   static const int kNumLiteralsOffset =
       kExpectedNofPropertiesOffset + kIntSize;
 
   static const int kEndPositionOffset =
       kNumLiteralsOffset + kIntSize;
   static const int kStartPositionAndTypeOffset =
       kEndPositionOffset + kIntSize;
 
   static const int kFunctionTokenPositionOffset =
       kStartPositionAndTypeOffset + kIntSize;
   static const int kCompilerHintsOffset =
       kFunctionTokenPositionOffset + kIntSize;
 
   static const int kThisPropertyAssignmentsCountOffset =
       kCompilerHintsOffset + kIntSize;
+  static const int kOptCountOffset =
+      kThisPropertyAssignmentsCountOffset + kIntSize;
 
   // Total size.
-  static const int kSize = kThisPropertyAssignmentsCountOffset + kIntSize;
+  static const int kSize = kOptCountOffset + kIntSize;
 
 #endif
 
   // The construction counter for inobject slack tracking is stored in the
   // most significant byte of compiler_hints which is otherwise unused.
   // Its offset depends on the endian-ness of the architecture.
 #if __BYTE_ORDER == __LITTLE_ENDIAN
   static const int kConstructionCountOffset = kCompilerHintsOffset + 3;
 #elif __BYTE_ORDER == __BIG_ENDIAN
   static const int kConstructionCountOffset = kCompilerHintsOffset + 0;
 #else
 #error Unknown byte ordering
 #endif
 
   static const int kAlignedSize = POINTER_SIZE_ALIGN(kSize);
 
+  // Get/set a special tag on the functions from math.js so we can inline
+  // efficient versions of them in the code.
+  inline MathFunctionId math_function_id();
+  inline void set_math_function_id(int id);
+  static inline int max_math_id_number() { return kMathFunctionMask; }
+
   typedef FixedBodyDescriptor<kNameOffset,
                               kThisPropertyAssignmentsOffset + kPointerSize,
                               kSize> BodyDescriptor;
 
  private:
   // Bit positions in start_position_and_type.
   // The source code start position is in the 30 most significant bits of
   // the start_position_and_type field.
   static const int kIsExpressionBit = 0;
   static const int kIsTopLevelBit   = 1;
   static const int kStartPositionShift = 2;
   static const int kStartPositionMask = ~((1 << kStartPositionShift) - 1);
 
   // Bit positions in compiler_hints.
   static const int kHasOnlySimpleThisPropertyAssignments = 0;
   static const int kTryFullCodegen = 1;
   static const int kAllowLazyCompilation = 2;
-  static const int kLiveObjectsMayExist = 3;
-  static const int kCodeAgeShift = 4;
-  static const int kCodeAgeMask = 7;
+  static const int kMathFunctionShift = 3;
+  static const int kMathFunctionMask = 0xf;
+  static const int kLiveObjectsMayExist = 7;
+  static const int kCodeAgeShift = 8;
+  static const int kCodeAgeMask = 0x7;
+  static const int kOptimizationDisabled = 11;
 
   DISALLOW_IMPLICIT_CONSTRUCTORS(SharedFunctionInfo);
 };
 
 
 // JSFunction describes JavaScript functions.
 class JSFunction: public JSObject {
  public:
   // [prototype_or_initial_map]:
   DECL_ACCESSORS(prototype_or_initial_map, Object)
 
   // [shared_function_info]: The information about the function that
   // can be shared by instances.
   DECL_ACCESSORS(shared, SharedFunctionInfo)
 
   inline SharedFunctionInfo* unchecked_shared();
 
   // [context]: The context for this function.
   inline Context* context();
   inline Object* unchecked_context();
   inline void set_context(Object* context);
 
   // [code]: The generated code object for this function.  Executed
   // when the function is invoked, e.g. foo() or new foo(). See
   // [[Call]] and [[Construct]] description in ECMA-262, section
   // 8.6.2, page 27.
   inline Code* code();
-  inline void set_code(Code* value);
+  inline void set_code(Code* code);
+  inline void ReplaceCode(Code* code);
 
   inline Code* unchecked_code();
 
   // Tells whether this function is builtin.
   inline bool IsBuiltin();
 
+  // Tells whether or not the function needs arguments adaption.
+  inline bool NeedsArgumentsAdaption();
+
+  // Tells whether or not this function has been optimized.
+  inline bool IsOptimized();
+
+  // Mark this function for lazy recompilation. The function will be
+  // recompiled the next time it is executed.
+  void MarkForLazyRecompilation();
+
+  // Tells whether or not the function is already marked for lazy
+  // recompilation.
+  inline bool IsMarkedForLazyRecompilation();
+
+  // Compute a hash code for the source code of this function.
+  uint32_t SourceHash();
+
+  // Check whether or not this function is inlineable.
+  bool IsInlineable();
+
   // [literals]: Fixed array holding the materialized literals.
   //
   // If the function contains object, regexp or array literals, the
   // literals array prefix contains the object, regexp, and array
   // function to be used when creating these literals.  This is
   // necessary so that we do not dynamically lookup the object, regexp
   // or array functions.  Performing a dynamic lookup, we might end up
   // using the functions from a new context that we should not have
   // access to.
   DECL_ACCESSORS(literals, FixedArray)
@@ skipping 26 matching lines @@
   // not have one. Note that this method does not copy the initial map
   // if it has one already, but simply replaces it with the new value.
   // Instances created afterwards will have a map whose [[class]] is
   // set to 'value', but there is no guarantees on instances created
   // before.
   Object* SetInstanceClassName(String* name);
 
   // Returns if this function has been compiled to native code yet.
   inline bool is_compiled();
 
+  // [next_function_link]: Field for linking functions. This list is treated as
+  // a weak list by the GC.
+  DECL_ACCESSORS(next_function_link, Object)
+
+  // Prints the name of the function using PrintF.
+  void PrintName();
+
   // Casting.
   static inline JSFunction* cast(Object* obj);
 
   // Iterates the objects, including code objects indirectly referenced
   // through pointers to the first instruction in the code object.
   void JSFunctionIterateBody(int object_size, ObjectVisitor* v);
 
   // Dispatched behavior.
 #ifdef DEBUG
   void JSFunctionPrint();
   void JSFunctionVerify();
 #endif
 
   // Returns the number of allocated literals.
   inline int NumberOfLiterals();
 
   // Retrieve the global context from a function's literal array.
   static Context* GlobalContextFromLiterals(FixedArray* literals);
 
-  // Layout descriptors.
+  // Layout descriptors. The last property (from kNonWeakFieldsEndOffset to
+  // kSize) is weak and has special handling during garbage collection.
   static const int kCodeEntryOffset = JSObject::kHeaderSize;
   static const int kPrototypeOrInitialMapOffset =
       kCodeEntryOffset + kPointerSize;
   static const int kSharedFunctionInfoOffset =
       kPrototypeOrInitialMapOffset + kPointerSize;
   static const int kContextOffset = kSharedFunctionInfoOffset + kPointerSize;
   static const int kLiteralsOffset = kContextOffset + kPointerSize;
-  static const int kSize = kLiteralsOffset + kPointerSize;
+  static const int kNonWeakFieldsEndOffset = kLiteralsOffset + kPointerSize;
+  static const int kNextFunctionLinkOffset = kNonWeakFieldsEndOffset;
+  static const int kSize = kNextFunctionLinkOffset + kPointerSize;
 
   // Layout of the literals array.
   static const int kLiteralsPrefixSize = 1;
   static const int kLiteralGlobalContextIndex = 0;
  private:
   DISALLOW_IMPLICIT_CONSTRUCTORS(JSFunction);
 };
 
 
 // JSGlobalProxy's prototype must be a JSGlobalObject or null,
@@ skipping 24 matching lines @@
   static const int kSize = kContextOffset + kPointerSize;
 
  private:
 
   DISALLOW_IMPLICIT_CONSTRUCTORS(JSGlobalProxy);
 };
 
 
 // Forward declaration.
 class JSBuiltinsObject;
+class JSGlobalPropertyCell;
 
 // Common super class for JavaScript global objects and the special
 // builtins global objects.
 class GlobalObject: public JSObject {
  public:
   // [builtins]: the object holding the runtime routines written in JS.
   DECL_ACCESSORS(builtins, JSBuiltinsObject)
 
   // [global context]: the global context corresponding to this global object.
   DECL_ACCESSORS(global_context, Context)
 
   // [global receiver]: the global receiver object of the context
   DECL_ACCESSORS(global_receiver, JSObject)
 
   // Retrieve the property cell used to store a property.
-  Object* GetPropertyCell(LookupResult* result);
+  JSGlobalPropertyCell* GetPropertyCell(LookupResult* result);
 
   // This is like GetProperty, but is used when you know the lookup won't fail
   // by throwing an exception.  This is for the debug and builtins global
   // objects, where it is known which properties can be expected to be present
   // on the object.
   Object* GetPropertyNoExceptionThrown(String* key) {
     Object* answer = GetProperty(key)->ToObjectUnchecked();
     return answer;
   }
 
@@ skipping 241 matching lines @@
                                               HashTableKey*> {
  public:
   // Find cached value for a string key, otherwise return null.
   Object* Lookup(String* src);
   Object* LookupEval(String* src, Context* context);
   Object* LookupRegExp(String* source, JSRegExp::Flags flags);
   MaybeObject* Put(String* src, Object* value);
   MaybeObject* PutEval(String* src, Context* context, Object* value);
   MaybeObject* PutRegExp(String* src, JSRegExp::Flags flags, FixedArray* value);
 
+  // Remove given value from cache.
+  void Remove(Object* value);
+
   static inline CompilationCacheTable* cast(Object* obj);
 
  private:
   DISALLOW_IMPLICIT_CONSTRUCTORS(CompilationCacheTable);
 };
 
 
 class CodeCache: public Struct {
  public:
   DECL_ACCESSORS(default_cache, FixedArray)
@@ skipping 1398 matching lines @@
 
   // To allow lazy clearing of inline caches the visitor has
   // a rich interface for iterating over Code objects..
 
   // Visits a code target in the instruction stream.
   virtual void VisitCodeTarget(RelocInfo* rinfo);
 
   // Visits a code entry in a JS function.
   virtual void VisitCodeEntry(Address entry_address);
 
+  // Visits a global property cell reference in the instruction stream.
+  virtual void VisitGlobalPropertyCell(RelocInfo* rinfo);
+
   // Visits a runtime entry in the instruction stream.
   virtual void VisitRuntimeEntry(RelocInfo* rinfo) {}
 
   // Visits the resource of an ASCII or two-byte string.
   virtual void VisitExternalAsciiString(
       v8::String::ExternalAsciiStringResource** resource) {}
   virtual void VisitExternalTwoByteString(
       v8::String::ExternalStringResource** resource) {}
 
   // Visits a debug call target in the instruction stream.
@@ skipping 52 matching lines @@
     } else {
       value &= ~(1 << bit_position);
     }
     return value;
   }
 };
 
 } }  // namespace v8::internal
 
 #endif  // V8_OBJECTS_H_