Merge (7180:7265] from bleeding_edge to the experimental/gc branch....

src/bootstrapper.cc

 // Copyright 2006-2008 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 189 matching lines @@
   // triggered during environment creation there may be weak handle
   // processing callbacks which may create new environments.
   Genesis* previous_;
 
   Handle<Context> global_context() { return global_context_; }
 
   // Creates some basic objects. Used for creating a context from scratch.
   void CreateRoots();
   // Creates the empty function.  Used for creating a context from scratch.
   Handle<JSFunction> CreateEmptyFunction();
+  // Creates the ThrowTypeError function. ECMA 5th Ed. 13.2.3
+  Handle<JSFunction> CreateThrowTypeErrorFunction(Builtins::Name builtin);
+
+  void CreateStrictModeFunctionMaps(Handle<JSFunction> empty);
   // Creates the global objects using the global and the template passed in
   // through the API.  We call this regardless of whether we are building a
   // context from scratch or using a deserialized one from the partial snapshot
   // but in the latter case we don't use the objects it produces directly, as
   // we have to used the deserialized ones that are linked together with the
   // rest of the context snapshot.
   Handle<JSGlobalProxy> CreateNewGlobals(
       v8::Handle<v8::ObjectTemplate> global_template,
       Handle<Object> global_object,
       Handle<GlobalObject>* global_proxy_out);
@@ skipping 33 matching lines @@
   // 'from'.
   void TransferObject(Handle<JSObject> from, Handle<JSObject> to);
   void TransferNamedProperties(Handle<JSObject> from, Handle<JSObject> to);
   void TransferIndexedProperties(Handle<JSObject> from, Handle<JSObject> to);
 
   enum PrototypePropertyMode {
     DONT_ADD_PROTOTYPE,
     ADD_READONLY_PROTOTYPE,
     ADD_WRITEABLE_PROTOTYPE
   };
+
+  Handle<Map> CreateFunctionMap(PrototypePropertyMode prototype_mode);
+
   Handle<DescriptorArray> ComputeFunctionInstanceDescriptor(
       PrototypePropertyMode prototypeMode);
   void MakeFunctionInstancePrototypeWritable();
 
+  Handle<Map> CreateStrictModeFunctionMap(
+      PrototypePropertyMode prototype_mode,
+      Handle<JSFunction> empty_function,
+      Handle<FixedArray> arguments_callbacks,
+      Handle<FixedArray> caller_callbacks);
+
+  Handle<DescriptorArray> ComputeStrictFunctionInstanceDescriptor(
+      PrototypePropertyMode propertyMode,
+      Handle<FixedArray> arguments,
+      Handle<FixedArray> caller);
+
   static bool CompileBuiltin(int index);
   static bool CompileNative(Vector<const char> name, Handle<String> source);
   static bool CompileScriptCached(Vector<const char> name,
                                   Handle<String> source,
                                   SourceCodeCache* cache,
                                   v8::Extension* extension,
                                   Handle<Context> top_context,
                                   bool use_runtime_context);
 
   Handle<Context> result_;
-  Handle<JSFunction> empty_function_;
+
+  // Function instance maps. Function literal maps are created initially with
+  // a read only prototype for the processing of JS builtins. Later the function
+  // instance maps are replaced in order to make prototype writable.
+  // These are the final, writable prototype, maps.
+  Handle<Map> function_instance_map_writable_prototype_;
+  Handle<Map> strict_mode_function_instance_map_writable_prototype_;
+
   BootstrapperActive active_;
   friend class Bootstrapper;
 };
 
 
 void Bootstrapper::Iterate(ObjectVisitor* v) {
   extensions_cache.Iterate(v);
   v->Synchronize("Extensions");
 }
 
@@ skipping 64 matching lines @@
   SetLocalPropertyNoThrow(target, symbol, function, DONT_ENUM);
   if (is_ecma_native) {
     function->shared()->set_instance_class_name(*symbol);
   }
   return function;
 }
 
 
 Handle<DescriptorArray> Genesis::ComputeFunctionInstanceDescriptor(
     PrototypePropertyMode prototypeMode) {
-  Handle<DescriptorArray> result = Factory::empty_descriptor_array();
-
-  if (prototypeMode != DONT_ADD_PROTOTYPE) {
-    PropertyAttributes attributes = static_cast<PropertyAttributes>(
-        DONT_ENUM |
-        DONT_DELETE |
-        (prototypeMode == ADD_READONLY_PROTOTYPE ? READ_ONLY : 0));
-    result =
-        Factory::CopyAppendProxyDescriptor(
-            result,
-            Factory::prototype_symbol(),
-            Factory::NewProxy(&Accessors::FunctionPrototype),
-            attributes);
-  }
-
+  Handle<DescriptorArray> descriptors =
+      Factory::NewDescriptorArray(prototypeMode == DONT_ADD_PROTOTYPE ? 4 : 5);
   PropertyAttributes attributes =
       static_cast<PropertyAttributes>(DONT_ENUM | DONT_DELETE | READ_ONLY);
-  // Add length.
-  result =
-      Factory::CopyAppendProxyDescriptor(
-          result,
-          Factory::length_symbol(),
-          Factory::NewProxy(&Accessors::FunctionLength),
-          attributes);
 
-  // Add name.
-  result =
-      Factory::CopyAppendProxyDescriptor(
-          result,
-          Factory::name_symbol(),
-          Factory::NewProxy(&Accessors::FunctionName),
-          attributes);
+  {  // Add length.
+    Handle<Proxy> proxy = Factory::NewProxy(&Accessors::FunctionLength);
+    CallbacksDescriptor d(*Factory::length_symbol(), *proxy, attributes);
+    descriptors->Set(0, &d);
+  }
+  {  // Add name.
+    Handle<Proxy> proxy = Factory::NewProxy(&Accessors::FunctionName);
+    CallbacksDescriptor d(*Factory::name_symbol(), *proxy, attributes);
+    descriptors->Set(1, &d);
+  }
+  {  // Add arguments.
+    Handle<Proxy> proxy = Factory::NewProxy(&Accessors::FunctionArguments);
+    CallbacksDescriptor d(*Factory::arguments_symbol(), *proxy, attributes);
+    descriptors->Set(2, &d);
+  }
+  {  // Add caller.
+    Handle<Proxy> proxy = Factory::NewProxy(&Accessors::FunctionCaller);
+    CallbacksDescriptor d(*Factory::caller_symbol(), *proxy, attributes);
+    descriptors->Set(3, &d);
+  }
+  if (prototypeMode != DONT_ADD_PROTOTYPE) {
+    // Add prototype.
+    if (prototypeMode == ADD_WRITEABLE_PROTOTYPE) {
+      attributes = static_cast<PropertyAttributes>(attributes & ~READ_ONLY);
+    }
+    Handle<Proxy> proxy = Factory::NewProxy(&Accessors::FunctionPrototype);
+    CallbacksDescriptor d(*Factory::prototype_symbol(), *proxy, attributes);
+    descriptors->Set(4, &d);
+  }
+  descriptors->Sort();
+  return descriptors;
+}
 
-  // Add arguments.
-  result =
-      Factory::CopyAppendProxyDescriptor(
-          result,
-          Factory::arguments_symbol(),
-          Factory::NewProxy(&Accessors::FunctionArguments),
-          attributes);
 
-  // Add caller.
-  result =
-      Factory::CopyAppendProxyDescriptor(
-          result,
-          Factory::caller_symbol(),
-          Factory::NewProxy(&Accessors::FunctionCaller),
-          attributes);
-
-  return result;
+Handle<Map> Genesis::CreateFunctionMap(PrototypePropertyMode prototype_mode) {
+  Handle<Map> map = Factory::NewMap(JS_FUNCTION_TYPE, JSFunction::kSize);
+  Handle<DescriptorArray> descriptors =
+      ComputeFunctionInstanceDescriptor(prototype_mode);
+  map->set_instance_descriptors(*descriptors);
+  map->set_function_with_prototype(prototype_mode != DONT_ADD_PROTOTYPE);
+  return map;
 }
 
 
 Handle<JSFunction> Genesis::CreateEmptyFunction() {
-  // Allocate the map for function instances.
-  Handle<Map> fm = Factory::NewMap(JS_FUNCTION_TYPE, JSFunction::kSize);
-  global_context()->set_function_instance_map(*fm);
+  // Allocate the map for function instances. Maps are allocated first and their
+  // prototypes patched later, once empty function is created.
+
   // Please note that the prototype property for function instances must be
   // writable.
-  Handle<DescriptorArray> function_map_descriptors =
-      ComputeFunctionInstanceDescriptor(ADD_WRITEABLE_PROTOTYPE);
-  fm->set_instance_descriptors(*function_map_descriptors);
-  fm->set_function_with_prototype(true);
+  global_context()->set_function_instance_map(
+      *CreateFunctionMap(ADD_WRITEABLE_PROTOTYPE));
 
   // Functions with this map will not have a 'prototype' property, and
   // can not be used as constructors.
-  Handle<Map> function_without_prototype_map =
-      Factory::NewMap(JS_FUNCTION_TYPE, JSFunction::kSize);
   global_context()->set_function_without_prototype_map(
-      *function_without_prototype_map);
-  Handle<DescriptorArray> function_without_prototype_map_descriptors =
-      ComputeFunctionInstanceDescriptor(DONT_ADD_PROTOTYPE);
-  function_without_prototype_map->set_instance_descriptors(
-      *function_without_prototype_map_descriptors);
-  function_without_prototype_map->set_function_with_prototype(false);
+      *CreateFunctionMap(DONT_ADD_PROTOTYPE));
 
-  // Allocate the function map first and then patch the prototype later
-  fm = Factory::NewMap(JS_FUNCTION_TYPE, JSFunction::kSize);
-  global_context()->set_function_map(*fm);
-  function_map_descriptors =
-      ComputeFunctionInstanceDescriptor(ADD_READONLY_PROTOTYPE);
-  fm->set_instance_descriptors(*function_map_descriptors);
-  fm->set_function_with_prototype(true);
+  // Allocate the function map. This map is temporary, used only for processing
+  // of builtins.
+  // Later the map is replaced with writable prototype map, allocated below.
+  global_context()->set_function_map(
+      *CreateFunctionMap(ADD_READONLY_PROTOTYPE));
+
+  // The final map for functions. Writeable prototype.
+  // This map is installed in MakeFunctionInstancePrototypeWritable.
+  function_instance_map_writable_prototype_ =
+      CreateFunctionMap(ADD_WRITEABLE_PROTOTYPE);
 
   Handle<String> object_name = Handle<String>(Heap::Object_symbol());
 
   {  // --- O b j e c t ---
     Handle<JSFunction> object_fun =
         Factory::NewFunction(object_name, Factory::null_value());
     Handle<Map> object_function_map =
         Factory::NewMap(JS_OBJECT_TYPE, JSObject::kHeaderSize);
     object_fun->set_initial_map(*object_function_map);
     object_function_map->set_constructor(*object_fun);
 
     global_context()->set_object_function(*object_fun);
 
     // Allocate a new prototype for the object function.
     Handle<JSObject> prototype = Factory::NewJSObject(Top::object_function(),
                                                       TENURED);
 
     global_context()->set_initial_object_prototype(*prototype);
     SetPrototype(object_fun, prototype);
     object_function_map->
       set_instance_descriptors(Heap::empty_descriptor_array());
   }
 
   // Allocate the empty function as the prototype for function ECMAScript
   // 262 15.3.4.
   Handle<String> symbol = Factory::LookupAsciiSymbol("Empty");
   Handle<JSFunction> empty_function =
-      Factory::NewFunctionWithoutPrototype(symbol);
+      Factory::NewFunctionWithoutPrototype(symbol, kNonStrictMode);
 
   // --- E m p t y ---
   Handle<Code> code =
       Handle<Code>(Builtins::builtin(Builtins::EmptyFunction));
   empty_function->set_code(*code);
   empty_function->shared()->set_code(*code);
   Handle<String> source = Factory::NewStringFromAscii(CStrVector("() {}"));
   Handle<Script> script = Factory::NewScript(source);
   script->set_type(Smi::FromInt(Script::TYPE_NATIVE));
   empty_function->shared()->set_script(*script);
   empty_function->shared()->set_start_position(0);
   empty_function->shared()->set_end_position(source->length());
   empty_function->shared()->DontAdaptArguments();
+
+  // Set prototypes for the function maps.
   global_context()->function_map()->set_prototype(*empty_function);
   global_context()->function_instance_map()->set_prototype(*empty_function);
   global_context()->function_without_prototype_map()->
       set_prototype(*empty_function);
+  function_instance_map_writable_prototype_->set_prototype(*empty_function);
 
   // Allocate the function map first and then patch the prototype later
+  Handle<Map> function_without_prototype_map(
+      global_context()->function_without_prototype_map());
   Handle<Map> empty_fm = Factory::CopyMapDropDescriptors(
       function_without_prototype_map);
   empty_fm->set_instance_descriptors(
-      *function_without_prototype_map_descriptors);
+      function_without_prototype_map->instance_descriptors());
   empty_fm->set_prototype(global_context()->object_function()->prototype());
   empty_function->set_map(*empty_fm);
   return empty_function;
 }
 
 
+Handle<DescriptorArray> Genesis::ComputeStrictFunctionInstanceDescriptor(
+    PrototypePropertyMode prototypeMode,
+    Handle<FixedArray> arguments,
+    Handle<FixedArray> caller) {
+  Handle<DescriptorArray> descriptors =
+      Factory::NewDescriptorArray(prototypeMode == DONT_ADD_PROTOTYPE ? 4 : 5);
+  PropertyAttributes attributes = static_cast<PropertyAttributes>(
+      DONT_ENUM | DONT_DELETE | READ_ONLY);
+
+  {  // length
+    Handle<Proxy> proxy = Factory::NewProxy(&Accessors::FunctionLength);
+    CallbacksDescriptor d(*Factory::length_symbol(), *proxy, attributes);
+    descriptors->Set(0, &d);
+  }
+  {  // name
+    Handle<Proxy> proxy = Factory::NewProxy(&Accessors::FunctionName);
+    CallbacksDescriptor d(*Factory::name_symbol(), *proxy, attributes);
+    descriptors->Set(1, &d);
+  }
+  {  // arguments
+    CallbacksDescriptor d(*Factory::arguments_symbol(), *arguments, attributes);
+    descriptors->Set(2, &d);
+  }
+  {  // caller
+    CallbacksDescriptor d(*Factory::caller_symbol(), *caller, attributes);
+    descriptors->Set(3, &d);
+  }
+
+  // prototype
+  if (prototypeMode != DONT_ADD_PROTOTYPE) {
+    if (prototypeMode == ADD_WRITEABLE_PROTOTYPE) {
+      attributes = static_cast<PropertyAttributes>(attributes & ~READ_ONLY);
+    }
+    Handle<Proxy> proxy = Factory::NewProxy(&Accessors::FunctionPrototype);
+    CallbacksDescriptor d(*Factory::prototype_symbol(), *proxy, attributes);
+    descriptors->Set(4, &d);
+  }
+
+  descriptors->Sort();
+  return descriptors;
+}
+
+
+// ECMAScript 5th Edition, 13.2.3
+Handle<JSFunction> Genesis::CreateThrowTypeErrorFunction(
+    Builtins::Name builtin) {
+  Handle<String> name = Factory::LookupAsciiSymbol("ThrowTypeError");
+  Handle<JSFunction> throw_type_error =
+      Factory::NewFunctionWithoutPrototype(name, kStrictMode);
+  Handle<Code> code = Handle<Code>(Builtins::builtin(builtin));
+
+  throw_type_error->set_map(global_context()->strict_mode_function_map());
+  throw_type_error->set_code(*code);
+  throw_type_error->shared()->set_code(*code);
+  throw_type_error->shared()->DontAdaptArguments();
+
+  PreventExtensions(throw_type_error);
+
+  return throw_type_error;
+}
+
+
+Handle<Map> Genesis::CreateStrictModeFunctionMap(
+    PrototypePropertyMode prototype_mode,
+    Handle<JSFunction> empty_function,
+    Handle<FixedArray> arguments_callbacks,
+    Handle<FixedArray> caller_callbacks) {
+  Handle<Map> map = Factory::NewMap(JS_FUNCTION_TYPE, JSFunction::kSize);
+  Handle<DescriptorArray> descriptors =
+      ComputeStrictFunctionInstanceDescriptor(prototype_mode,
+                                              arguments_callbacks,
+                                              caller_callbacks);
+  map->set_instance_descriptors(*descriptors);
+  map->set_function_with_prototype(prototype_mode != DONT_ADD_PROTOTYPE);
+  map->set_prototype(*empty_function);
+  return map;
+}
+
+
+void Genesis::CreateStrictModeFunctionMaps(Handle<JSFunction> empty) {
+  // Create the callbacks arrays for ThrowTypeError functions.
+  // The get/set callacks are filled in after the maps are created below.
+  Handle<FixedArray> arguments = Factory::NewFixedArray(2, TENURED);
+  Handle<FixedArray> caller = Factory::NewFixedArray(2, TENURED);
+
+  // Allocate map for the strict mode function instances.
+  global_context()->set_strict_mode_function_instance_map(
+      *CreateStrictModeFunctionMap(
+          ADD_WRITEABLE_PROTOTYPE, empty, arguments, caller));
+
+  // Allocate map for the prototype-less strict mode instances.
+  global_context()->set_strict_mode_function_without_prototype_map(
+      *CreateStrictModeFunctionMap(
+          DONT_ADD_PROTOTYPE, empty, arguments, caller));
+
+  // Allocate map for the strict mode functions. This map is temporary, used
+  // only for processing of builtins.
+  // Later the map is replaced with writable prototype map, allocated below.
+  global_context()->set_strict_mode_function_map(
+      *CreateStrictModeFunctionMap(
+          ADD_READONLY_PROTOTYPE, empty, arguments, caller));
+
+  // The final map for the strict mode functions. Writeable prototype.
+  // This map is installed in MakeFunctionInstancePrototypeWritable.
+  strict_mode_function_instance_map_writable_prototype_ =
+      CreateStrictModeFunctionMap(
+          ADD_WRITEABLE_PROTOTYPE, empty, arguments, caller);
+
+  // Create the ThrowTypeError function instances.
+  Handle<JSFunction> arguments_throw =
+      CreateThrowTypeErrorFunction(Builtins::StrictFunctionArguments);
+  Handle<JSFunction> caller_throw =
+      CreateThrowTypeErrorFunction(Builtins::StrictFunctionCaller);
+
+  // Complete the callback fixed arrays.
+  arguments->set(0, *arguments_throw);
+  arguments->set(1, *arguments_throw);
+  caller->set(0, *caller_throw);
+  caller->set(1, *caller_throw);
+}
+
+
 static void AddToWeakGlobalContextList(Context* context) {
   ASSERT(context->IsGlobalContext());
 #ifdef DEBUG
   { // NOLINT
     ASSERT(context->get(Context::NEXT_CONTEXT_LINK)->IsUndefined());
     // Check that context is not in the list yet.
     for (Object* current = Heap::global_contexts_list();
          !current->IsUndefined();
          current = Context::cast(current)->get(Context::NEXT_CONTEXT_LINK)) {
       ASSERT(current != context);
@@ skipping 360 matching lines @@
                                           JSObject::kHeaderSize,
                                           prototype,
                                           code,
                                           false);
     ASSERT(!function->has_initial_map());
     function->shared()->set_instance_class_name(*symbol);
     function->shared()->set_expected_nof_properties(2);
     Handle<JSObject> result = Factory::NewJSObject(function);
 
     global_context()->set_arguments_boilerplate(*result);
-    // Note: callee must be added as the first property and
-    //       length must be added as the second property.
+    // Note: length must be added as the first property and
+    //       callee must be added as the second property.
+    SetLocalPropertyNoThrow(result, Factory::length_symbol(),
+                            Factory::undefined_value(),
+                            DONT_ENUM);
     SetLocalPropertyNoThrow(result, Factory::callee_symbol(),
                             Factory::undefined_value(),
                             DONT_ENUM);
-    SetLocalPropertyNoThrow(result, Factory::length_symbol(),
-                            Factory::undefined_value(),
-                            DONT_ENUM);
 
 #ifdef DEBUG
     LookupResult lookup;
     result->LocalLookup(Heap::callee_symbol(), &lookup);
     ASSERT(lookup.IsProperty() && (lookup.type() == FIELD));
-    ASSERT(lookup.GetFieldIndex() == Heap::arguments_callee_index);
+    ASSERT(lookup.GetFieldIndex() == Heap::kArgumentsCalleeIndex);
 
     result->LocalLookup(Heap::length_symbol(), &lookup);
     ASSERT(lookup.IsProperty() && (lookup.type() == FIELD));
-    ASSERT(lookup.GetFieldIndex() == Heap::arguments_length_index);
+    ASSERT(lookup.GetFieldIndex() == Heap::kArgumentsLengthIndex);
 
-    ASSERT(result->map()->inobject_properties() > Heap::arguments_callee_index);
-    ASSERT(result->map()->inobject_properties() > Heap::arguments_length_index);
+    ASSERT(result->map()->inobject_properties() > Heap::kArgumentsCalleeIndex);
+    ASSERT(result->map()->inobject_properties() > Heap::kArgumentsLengthIndex);
 
     // Check the state of the object.
     ASSERT(result->HasFastProperties());
     ASSERT(result->HasFastElements());
 #endif
   }
 
+  {  // --- strict mode arguments boilerplate
+    const PropertyAttributes attributes =
+      static_cast<PropertyAttributes>(DONT_ENUM | DONT_DELETE | READ_ONLY);
+
+    // Create the ThrowTypeError functions.
+    Handle<FixedArray> callee = Factory::NewFixedArray(2, TENURED);
+    Handle<FixedArray> caller = Factory::NewFixedArray(2, TENURED);
+
+    Handle<JSFunction> callee_throw =
+        CreateThrowTypeErrorFunction(Builtins::StrictArgumentsCallee);
+    Handle<JSFunction> caller_throw =
+        CreateThrowTypeErrorFunction(Builtins::StrictArgumentsCaller);
+
+    // Install the ThrowTypeError functions.
+    callee->set(0, *callee_throw);
+    callee->set(1, *callee_throw);
+    caller->set(0, *caller_throw);
+    caller->set(1, *caller_throw);
+
+    // Create the descriptor array for the arguments object.
+    Handle<DescriptorArray> descriptors = Factory::NewDescriptorArray(3);
+    {  // length
+      FieldDescriptor d(*Factory::length_symbol(), 0, DONT_ENUM);
+      descriptors->Set(0, &d);
+    }
+    {  // callee
+      CallbacksDescriptor d(*Factory::callee_symbol(), *callee, attributes);
+      descriptors->Set(1, &d);
+    }
+    {  // caller
+      CallbacksDescriptor d(*Factory::caller_symbol(), *caller, attributes);
+      descriptors->Set(2, &d);
+    }
+    descriptors->Sort();
+
+    // Create the map. Allocate one in-object field for length.
+    Handle<Map> map = Factory::NewMap(JS_OBJECT_TYPE,
+                                      Heap::kArgumentsObjectSizeStrict);
+    map->set_instance_descriptors(*descriptors);
+    map->set_function_with_prototype(true);
+    map->set_prototype(global_context()->object_function()->prototype());
+    map->set_pre_allocated_property_fields(1);
+    map->set_inobject_properties(1);
+
+    // Copy constructor from the non-strict arguments boilerplate.
+    map->set_constructor(
+      global_context()->arguments_boilerplate()->map()->constructor());
+
+    // Allocate the arguments boilerplate object.
+    Handle<JSObject> result = Factory::NewJSObjectFromMap(map);
+    global_context()->set_strict_mode_arguments_boilerplate(*result);
+
+    // Add length property only for strict mode boilerplate.
+    SetLocalPropertyNoThrow(result, Factory::length_symbol(),
+                            Factory::undefined_value(),
+                            DONT_ENUM);
+
+#ifdef DEBUG
+    LookupResult lookup;
+    result->LocalLookup(Heap::length_symbol(), &lookup);
+    ASSERT(lookup.IsProperty() && (lookup.type() == FIELD));
+    ASSERT(lookup.GetFieldIndex() == Heap::kArgumentsLengthIndex);
+
+    ASSERT(result->map()->inobject_properties() > Heap::kArgumentsLengthIndex);
+
+    // Check the state of the object.
+    ASSERT(result->HasFastProperties());
+    ASSERT(result->HasFastElements());
+#endif
+  }
+
   {  // --- context extension
     // Create a function for the context extension objects.
     Handle<Code> code = Handle<Code>(Builtins::builtin(Builtins::Illegal));
     Handle<JSFunction> context_extension_fun =
         Factory::NewFunction(Factory::empty_symbol(),
                              JS_CONTEXT_EXTENSION_OBJECT_TYPE,
                              JSObject::kHeaderSize,
                              code,
                              true);
 
@@ skipping 882 matching lines @@
 
   // Transfer the prototype (new map is needed).
   Handle<Map> old_to_map = Handle<Map>(to->map());
   Handle<Map> new_to_map = Factory::CopyMapDropTransitions(old_to_map);
   new_to_map->set_prototype(from->map()->prototype());
   to->set_map(*new_to_map);
 }
 
 
 void Genesis::MakeFunctionInstancePrototypeWritable() {
-  // Make a new function map so all future functions
-  // will have settable and enumerable prototype properties.
-  HandleScope scope;
+  // The maps with writable prototype are created in CreateEmptyFunction
+  // and CreateStrictModeFunctionMaps respectively. Initially the maps are
+  // created with read-only prototype for JS builtins processing.
+  ASSERT(!function_instance_map_writable_prototype_.is_null());
+  ASSERT(!strict_mode_function_instance_map_writable_prototype_.is_null());
 
-  Handle<DescriptorArray> function_map_descriptors =
-      ComputeFunctionInstanceDescriptor(ADD_WRITEABLE_PROTOTYPE);
-  Handle<Map> fm = Factory::CopyMapDropDescriptors(Top::function_map());
-  fm->set_instance_descriptors(*function_map_descriptors);
-  fm->set_function_with_prototype(true);
-  Top::context()->global_context()->set_function_map(*fm);
+  // Replace function instance maps to make prototype writable.
+  global_context()->set_function_map(
+    *function_instance_map_writable_prototype_);
+  global_context()->set_strict_mode_function_map(
+    *strict_mode_function_instance_map_writable_prototype_);
 }
 
 
 Genesis::Genesis(Handle<Object> global_object,
                  v8::Handle<v8::ObjectTemplate> global_template,
                  v8::ExtensionConfiguration* extensions) {
   result_ = Handle<Context>::null();
   // If V8 isn't running and cannot be initialized, just return.
   if (!V8::IsRunning() && !V8::Initialize(NULL)) return;
 
   // Before creating the roots we must save the context and restore it
   // on all function exits.
   HandleScope scope;
   SaveContext saved_context;
 
   Handle<Context> new_context = Snapshot::NewContextFromSnapshot();
   if (!new_context.is_null()) {
     global_context_ =
       Handle<Context>::cast(GlobalHandles::Create(*new_context));
     AddToWeakGlobalContextList(*global_context_);
     Top::set_context(*global_context_);
     i::Counters::contexts_created_by_snapshot.Increment();
-    JSFunction* empty_function =
-        JSFunction::cast(global_context_->function_map()->prototype());
-    empty_function_ = Handle<JSFunction>(empty_function);
     Handle<GlobalObject> inner_global;
     Handle<JSGlobalProxy> global_proxy =
         CreateNewGlobals(global_template,
                          global_object,
                          &inner_global);
 
     HookUpGlobalProxy(inner_global, global_proxy);
     HookUpInnerGlobal(inner_global);
 
     if (!ConfigureGlobalObjects(global_template)) return;
   } else {
     // We get here if there was no context snapshot.
     CreateRoots();
     Handle<JSFunction> empty_function = CreateEmptyFunction();
+    CreateStrictModeFunctionMaps(empty_function);
     Handle<GlobalObject> inner_global;
     Handle<JSGlobalProxy> global_proxy =
         CreateNewGlobals(global_template, global_object, &inner_global);
     HookUpGlobalProxy(inner_global, global_proxy);
     InitializeGlobal(inner_global, empty_function);
     InstallJSFunctionResultCaches();
     InitializeNormalizedMapCaches();
     if (!InstallNatives()) return;
 
     MakeFunctionInstancePrototypeWritable();
@@ skipping 46 matching lines @@
 }
 
 
 // Restore statics that are thread local.
 char* BootstrapperActive::RestoreState(char* from) {
   nesting_ = *reinterpret_cast<int*>(from);
   return from + sizeof(nesting_);
 }
 
 } }  // namespace v8::internal