Bug 890784 (part 1) - Create a new vm/Runtime module and put JSRuntime in it. r=wmccloskey.
authorNicholas Nethercote <nnethercote@mozilla.com>
Sun, 07 Jul 2013 23:18:48 -0700
changeset 137715 740cea2dbf4596548e85c2725ec4cfbb7e603b65
parent 137714 09a18d4a9c0e2bdfc35ca431de0b7b2d93fde5ed
child 137716 a8929e61d50a96daf7b08bab4d3f8de0158d3e7e
push id30665
push usernnethercote@mozilla.com
push dateTue, 09 Jul 2013 06:15:33 +0000
treeherdermozilla-inbound@a8929e61d50a [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerswmccloskey
bugs890784
milestone25.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 890784 (part 1) - Create a new vm/Runtime module and put JSRuntime in it. r=wmccloskey.
js/src/jsarray.cpp
js/src/jscntxt.cpp
js/src/jscntxt.h
js/src/jscntxtinlines.h
js/src/jscompartment.h
js/src/jsobj.cpp
js/src/jsweakcache.h
js/src/jsweakmap.h
js/src/moz.build
js/src/vm/Debugger.cpp
js/src/vm/Debugger.h
js/src/vm/Runtime-inl.h
js/src/vm/Runtime.cpp
js/src/vm/Runtime.h
js/src/vm/ScopeObject.cpp
js/src/vm/Shape.cpp
--- a/js/src/jsarray.cpp
+++ b/js/src/jsarray.cpp
@@ -32,16 +32,17 @@
 #include "jsatominlines.h"
 #include "jscntxtinlines.h"
 #include "jsstrinlines.h"
 
 #include "vm/ArrayObject-inl.h"
 #include "vm/ArgumentsObject-inl.h"
 #include "vm/Interpreter-inl.h"
 #include "vm/ObjectImpl-inl.h"
+#include "vm/Runtime-inl.h"
 
 using namespace js;
 using namespace js::gc;
 using namespace js::types;
 
 using mozilla::Abs;
 using mozilla::ArrayLength;
 using mozilla::DebugOnly;
--- a/js/src/jscntxt.cpp
+++ b/js/src/jscntxt.cpp
@@ -95,138 +95,16 @@ js::TraceCycleDetectionSet(JSTracer *trc
         JSObject *prior = e.front();
         MarkObjectRoot(trc, const_cast<JSObject **>(&e.front()), "cycle detector table entry");
         if (prior != e.front())
             e.rekeyFront(e.front());
     }
 }
 
 void
-NewObjectCache::clearNurseryObjects(JSRuntime *rt)
-{
-    for (unsigned i = 0; i < mozilla::ArrayLength(entries); ++i) {
-        Entry &e = entries[i];
-        JSObject *obj = reinterpret_cast<JSObject *>(&e.templateObject);
-        if (IsInsideNursery(rt, e.key) ||
-            IsInsideNursery(rt, obj->slots) ||
-            IsInsideNursery(rt, obj->elements))
-        {
-            mozilla::PodZero(&e);
-        }
-    }
-}
-
-void
-JSRuntime::sizeOfIncludingThis(mozilla::MallocSizeOf mallocSizeOf, JS::RuntimeSizes *rtSizes)
-{
-    rtSizes->object = mallocSizeOf(this);
-
-    rtSizes->atomsTable = atoms.sizeOfExcludingThis(mallocSizeOf);
-
-    rtSizes->contexts = 0;
-    for (ContextIter acx(this); !acx.done(); acx.next())
-        rtSizes->contexts += acx->sizeOfIncludingThis(mallocSizeOf);
-
-    rtSizes->dtoa = mallocSizeOf(mainThread.dtoaState);
-
-    rtSizes->temporary = tempLifoAlloc.sizeOfExcludingThis(mallocSizeOf);
-
-    rtSizes->code = JS::CodeSizes();
-    if (execAlloc_)
-        execAlloc_->sizeOfCode(&rtSizes->code);
-
-    rtSizes->regexpData = bumpAlloc_ ? bumpAlloc_->sizeOfNonHeapData() : 0;
-
-    rtSizes->interpreterStack = interpreterStack_.sizeOfExcludingThis(mallocSizeOf);
-
-    rtSizes->gcMarker = gcMarker.sizeOfExcludingThis(mallocSizeOf);
-
-    rtSizes->mathCache = mathCache_ ? mathCache_->sizeOfIncludingThis(mallocSizeOf) : 0;
-
-    rtSizes->scriptData = scriptDataTable.sizeOfExcludingThis(mallocSizeOf);
-    for (ScriptDataTable::Range r = scriptDataTable.all(); !r.empty(); r.popFront())
-        rtSizes->scriptData += mallocSizeOf(r.front());
-}
-
-void
-JSRuntime::triggerOperationCallback()
-{
-    AutoLockForOperationCallback lock(this);
-
-    /*
-     * Invalidate ionTop to trigger its over-recursion check. Note this must be
-     * set before interrupt, to avoid racing with js_InvokeOperationCallback,
-     * into a weird state where interrupt is stuck at 0 but ionStackLimit is
-     * MAXADDR.
-     */
-    mainThread.setIonStackLimit(-1);
-
-    /*
-     * Use JS_ATOMIC_SET in the hope that it ensures the write will become
-     * immediately visible to other processors polling the flag.
-     */
-    JS_ATOMIC_SET(&interrupt, 1);
-
-#ifdef JS_ION
-    /* asm.js code uses a separate mechanism to halt running code. */
-    TriggerOperationCallbackForAsmJSCode(this);
-#endif
-}
-
-void
-JSRuntime::setJitHardening(bool enabled)
-{
-    jitHardening = enabled;
-    if (execAlloc_)
-        execAlloc_->setRandomize(enabled);
-}
-
-JSC::ExecutableAllocator *
-JSRuntime::createExecutableAllocator(JSContext *cx)
-{
-    JS_ASSERT(!execAlloc_);
-    JS_ASSERT(cx->runtime() == this);
-
-    JSC::AllocationBehavior randomize =
-        jitHardening ? JSC::AllocationCanRandomize : JSC::AllocationDeterministic;
-    execAlloc_ = js_new<JSC::ExecutableAllocator>(randomize);
-    if (!execAlloc_)
-        js_ReportOutOfMemory(cx);
-    return execAlloc_;
-}
-
-WTF::BumpPointerAllocator *
-JSRuntime::createBumpPointerAllocator(JSContext *cx)
-{
-    JS_ASSERT(!bumpAlloc_);
-    JS_ASSERT(cx->runtime() == this);
-
-    bumpAlloc_ = js_new<WTF::BumpPointerAllocator>();
-    if (!bumpAlloc_)
-        js_ReportOutOfMemory(cx);
-    return bumpAlloc_;
-}
-
-MathCache *
-JSRuntime::createMathCache(JSContext *cx)
-{
-    JS_ASSERT(!mathCache_);
-    JS_ASSERT(cx->runtime() == this);
-
-    MathCache *newMathCache = js_new<MathCache>();
-    if (!newMathCache) {
-        js_ReportOutOfMemory(cx);
-        return NULL;
-    }
-
-    mathCache_ = newMathCache;
-    return mathCache_;
-}
-
-void
 JSCompartment::sweepCallsiteClones()
 {
     if (callsiteClones.initialized()) {
         for (CallsiteCloneTable::Enum e(callsiteClones); !e.empty(); e.popFront()) {
             CallsiteCloneKey key = e.front().key;
             JSFunction *fun = e.front().value;
             if (!IsScriptMarked(&key.script) || !IsObjectMarked(&fun))
                 e.removeFront();
@@ -1216,60 +1094,16 @@ JSContext::JSContext(JSRuntime *rt)
 }
 
 JSContext::~JSContext()
 {
     /* Free the stuff hanging off of cx. */
     JS_ASSERT(!resolvingList);
 }
 
-bool
-JSRuntime::setDefaultLocale(const char *locale)
-{
-    if (!locale)
-        return false;
-    resetDefaultLocale();
-    defaultLocale = JS_strdup(this, locale);
-    return defaultLocale != NULL;
-}
-
-void
-JSRuntime::resetDefaultLocale()
-{
-    js_free(defaultLocale);
-    defaultLocale = NULL;
-}
-
-const char *
-JSRuntime::getDefaultLocale()
-{
-    if (defaultLocale)
-        return defaultLocale;
-
-    char *locale, *lang, *p;
-#ifdef HAVE_SETLOCALE
-    locale = setlocale(LC_ALL, NULL);
-#else
-    locale = getenv("LANG");
-#endif
-    // convert to a well-formed BCP 47 language tag
-    if (!locale || !strcmp(locale, "C"))
-        locale = const_cast<char*>("und");
-    lang = JS_strdup(this, locale);
-    if (!lang)
-        return NULL;
-    if ((p = strchr(lang, '.')))
-        *p = '\0';
-    while ((p = strchr(lang, '_')))
-        *p = '-';
-
-    defaultLocale = lang;
-    return defaultLocale;
-}
-
 /*
  * Since this function is only called in the context of a pending exception,
  * the caller must subsequently take an error path. If wrapping fails, it will
  * set a new (uncatchable) exception to be used in place of the original.
  */
 void
 JSContext::wrapPendingException()
 {
@@ -1346,84 +1180,16 @@ JSContext::currentlyRunning() const
                 return false;
             return true;
         }
     }
 
     return false;
 }
 
-void
-JSRuntime::setGCMaxMallocBytes(size_t value)
-{
-    /*
-     * For compatibility treat any value that exceeds PTRDIFF_T_MAX to
-     * mean that value.
-     */
-    gcMaxMallocBytes = (ptrdiff_t(value) >= 0) ? value : size_t(-1) >> 1;
-    for (ZonesIter zone(this); !zone.done(); zone.next())
-        zone->setGCMaxMallocBytes(value);
-}
-
-void
-JSRuntime::updateMallocCounter(size_t nbytes)
-{
-    updateMallocCounter(NULL, nbytes);
-}
-
-void
-JSRuntime::updateMallocCounter(JS::Zone *zone, size_t nbytes)
-{
-    /* We tolerate any thread races when updating gcMallocBytes. */
-    ptrdiff_t oldCount = gcMallocBytes;
-    ptrdiff_t newCount = oldCount - ptrdiff_t(nbytes);
-    gcMallocBytes = newCount;
-    if (JS_UNLIKELY(newCount <= 0 && oldCount > 0))
-        onTooMuchMalloc();
-    else if (zone)
-        zone->updateMallocCounter(nbytes);
-}
-
-JS_FRIEND_API(void)
-JSRuntime::onTooMuchMalloc()
-{
-    TriggerGC(this, JS::gcreason::TOO_MUCH_MALLOC);
-}
-
-JS_FRIEND_API(void *)
-JSRuntime::onOutOfMemory(void *p, size_t nbytes)
-{
-    return onOutOfMemory(p, nbytes, NULL);
-}
-
-JS_FRIEND_API(void *)
-JSRuntime::onOutOfMemory(void *p, size_t nbytes, JSContext *cx)
-{
-    if (isHeapBusy())
-        return NULL;
-
-    /*
-     * Retry when we are done with the background sweeping and have stopped
-     * all the allocations and released the empty GC chunks.
-     */
-    JS::ShrinkGCBuffers(this);
-    gcHelperThread.waitBackgroundSweepOrAllocEnd();
-    if (!p)
-        p = js_malloc(nbytes);
-    else if (p == reinterpret_cast<void *>(1))
-        p = js_calloc(nbytes);
-    else
-      p = js_realloc(p, nbytes);
-    if (p)
-        return p;
-    if (cx)
-        js_ReportOutOfMemory(cx);
-    return NULL;
-}
-
 static bool
 ComputeIsJITBroken()
 {
 #if !defined(ANDROID) || defined(GONK)
     return false;
 #else  // ANDROID
     if (getenv("JS_IGNORE_JIT_BROKENNESS")) {
         return false;
--- a/js/src/jscntxt.h
+++ b/js/src/jscntxt.h
@@ -27,39 +27,30 @@
 #include "ds/LifoAlloc.h"
 #include "frontend/ParseMaps.h"
 #include "gc/Nursery.h"
 #include "gc/Statistics.h"
 #include "gc/StoreBuffer.h"
 #include "js/HashTable.h"
 #include "js/Vector.h"
 #include "vm/DateTime.h"
+#include "vm/Runtime.h"
 #include "vm/SPSProfiler.h"
 #include "vm/Stack.h"
 #include "vm/ThreadPool.h"
 
 #ifdef _MSC_VER
 #pragma warning(push)
 #pragma warning(disable:4100) /* Silence unreferenced formal parameter warnings */
 #pragma warning(push)
 #pragma warning(disable:4355) /* Silence warning about "this" used in base member initializer list */
 #endif
 
-struct DtoaState;
-
-extern void
-js_ReportOutOfMemory(JSContext *cx);
-
-extern void
-js_ReportAllocationOverflow(JSContext *cx);
-
 namespace js {
 
-typedef Rooted<JSLinearString*> RootedLinearString;
-
 struct CallsiteCloneKey {
     /* The original function that we are cloning. */
     JSFunction *original;
 
     /* The script of the call. */
     JSScript *script;
 
     /* The offset of the call. */
@@ -113,1500 +104,18 @@ class AutoCycleDetector
 
     bool foundCycle() { return cyclic; }
 };
 
 /* Updates references in the cycle detection set if the GC moves them. */
 extern void
 TraceCycleDetectionSet(JSTracer *trc, ObjectSet &set);
 
-class MathCache;
-
-namespace ion {
-class IonActivation;
-class IonRuntime;
-struct PcScriptCache;
-}
-
-class AsmJSActivation;
-class InterpreterFrames;
-class WeakMapBase;
-class WorkerThreadState;
-
-/*
- * GetSrcNote cache to avoid O(n^2) growth in finding a source note for a
- * given pc in a script. We use the script->code pointer to tag the cache,
- * instead of the script address itself, so that source notes are always found
- * by offset from the bytecode with which they were generated.
- */
-struct GSNCache {
-    typedef HashMap<jsbytecode *,
-                    jssrcnote *,
-                    PointerHasher<jsbytecode *, 0>,
-                    SystemAllocPolicy> Map;
-
-    jsbytecode      *code;
-    Map             map;
-
-    GSNCache() : code(NULL) { }
-
-    void purge();
-};
-
-typedef Vector<ScriptAndCounts, 0, SystemAllocPolicy> ScriptAndCountsVector;
-
-struct ConservativeGCData
-{
-    /*
-     * The GC scans conservatively between ThreadData::nativeStackBase and
-     * nativeStackTop unless the latter is NULL.
-     */
-    uintptr_t           *nativeStackTop;
-
-#if defined(JSGC_ROOT_ANALYSIS) && (JS_STACK_GROWTH_DIRECTION < 0)
-    /*
-     * Record old contents of the native stack from the last time there was a
-     * scan, to reduce the overhead involved in repeatedly rescanning the
-     * native stack during root analysis. oldStackData stores words in reverse
-     * order starting at oldStackEnd.
-     */
-    uintptr_t           *oldStackMin, *oldStackEnd;
-    uintptr_t           *oldStackData;
-    size_t              oldStackCapacity; // in sizeof(uintptr_t)
-#endif
-
-    union {
-        jmp_buf         jmpbuf;
-        uintptr_t       words[JS_HOWMANY(sizeof(jmp_buf), sizeof(uintptr_t))];
-    } registerSnapshot;
-
-    ConservativeGCData() {
-        mozilla::PodZero(this);
-    }
-
-    ~ConservativeGCData() {
-#ifdef JS_THREADSAFE
-        /*
-         * The conservative GC scanner should be disabled when the thread leaves
-         * the last request.
-         */
-        JS_ASSERT(!hasStackToScan());
-#endif
-    }
-
-    JS_NEVER_INLINE void recordStackTop();
-
-#ifdef JS_THREADSAFE
-    void updateForRequestEnd() {
-        nativeStackTop = NULL;
-    }
-#endif
-
-    bool hasStackToScan() const {
-        return !!nativeStackTop;
-    }
-};
-
-class SourceDataCache
-{
-    typedef HashMap<ScriptSource *,
-                    JSStableString *,
-                    DefaultHasher<ScriptSource *>,
-                    SystemAllocPolicy> Map;
-    Map *map_;
-
-  public:
-    SourceDataCache() : map_(NULL) {}
-    JSStableString *lookup(ScriptSource *ss);
-    void put(ScriptSource *ss, JSStableString *);
-    void purge();
-};
-
-struct EvalCacheEntry
-{
-    JSScript *script;
-    JSScript *callerScript;
-    jsbytecode *pc;
-};
-
-struct EvalCacheLookup
-{
-    EvalCacheLookup(JSContext *cx) : str(cx), callerScript(cx) {}
-    RootedLinearString str;
-    RootedScript callerScript;
-    JSVersion version;
-    jsbytecode *pc;
-};
-
-struct EvalCacheHashPolicy
-{
-    typedef EvalCacheLookup Lookup;
-
-    static HashNumber hash(const Lookup &l);
-    static bool match(const EvalCacheEntry &entry, const EvalCacheLookup &l);
-};
-
-typedef HashSet<EvalCacheEntry, EvalCacheHashPolicy, SystemAllocPolicy> EvalCache;
-
-struct LazyScriptHashPolicy
-{
-    struct Lookup {
-        JSContext *cx;
-        LazyScript *lazy;
-
-        Lookup(JSContext *cx, LazyScript *lazy)
-          : cx(cx), lazy(lazy)
-        {}
-    };
-
-    static const size_t NumHashes = 3;
-
-    static void hash(const Lookup &lookup, HashNumber hashes[NumHashes]);
-    static bool match(JSScript *script, const Lookup &lookup);
-
-    // Alternate methods for use when removing scripts from the hash without an
-    // explicit LazyScript lookup.
-    static void hash(JSScript *script, HashNumber hashes[NumHashes]);
-    static bool match(JSScript *script, JSScript *lookup) { return script == lookup; }
-
-    static void clear(JSScript **pscript) { *pscript = NULL; }
-    static bool isCleared(JSScript *script) { return !script; }
-};
-
-typedef FixedSizeHashSet<JSScript *, LazyScriptHashPolicy, 769> LazyScriptCache;
-
-class PropertyIteratorObject;
-
-class NativeIterCache
-{
-    static const size_t SIZE = size_t(1) << 8;
-
-    /* Cached native iterators. */
-    PropertyIteratorObject *data[SIZE];
-
-    static size_t getIndex(uint32_t key) {
-        return size_t(key) % SIZE;
-    }
-
-  public:
-    /* Native iterator most recently started. */
-    PropertyIteratorObject *last;
-
-    NativeIterCache()
-      : last(NULL)
-    {
-        mozilla::PodArrayZero(data);
-    }
-
-    void purge() {
-        last = NULL;
-        mozilla::PodArrayZero(data);
-    }
-
-    PropertyIteratorObject *get(uint32_t key) const {
-        return data[getIndex(key)];
-    }
-
-    void set(uint32_t key, PropertyIteratorObject *iterobj) {
-        data[getIndex(key)] = iterobj;
-    }
-};
-
-/*
- * Cache for speeding up repetitive creation of objects in the VM.
- * When an object is created which matches the criteria in the 'key' section
- * below, an entry is filled with the resulting object.
- */
-class NewObjectCache
-{
-    /* Statically asserted to be equal to sizeof(JSObject_Slots16) */
-    static const unsigned MAX_OBJ_SIZE = 4 * sizeof(void*) + 16 * sizeof(Value);
-
-    static void staticAsserts() {
-        JS_STATIC_ASSERT(NewObjectCache::MAX_OBJ_SIZE == sizeof(JSObject_Slots16));
-        JS_STATIC_ASSERT(gc::FINALIZE_OBJECT_LAST == gc::FINALIZE_OBJECT16_BACKGROUND);
-    }
-
-    struct Entry
-    {
-        /* Class of the constructed object. */
-        Class *clasp;
-
-        /*
-         * Key with one of three possible values:
-         *
-         * - Global for the object. The object must have a standard class for
-         *   which the global's prototype can be determined, and the object's
-         *   parent will be the global.
-         *
-         * - Prototype for the object (cannot be global). The object's parent
-         *   will be the prototype's parent.
-         *
-         * - Type for the object. The object's parent will be the type's
-         *   prototype's parent.
-         */
-        gc::Cell *key;
-
-        /* Allocation kind for the constructed object. */
-        gc::AllocKind kind;
-
-        /* Number of bytes to copy from the template object. */
-        uint32_t nbytes;
-
-        /*
-         * Template object to copy from, with the initial values of fields,
-         * fixed slots (undefined) and private data (NULL).
-         */
-        char templateObject[MAX_OBJ_SIZE];
-    };
-
-    Entry entries[41];  // TODO: reconsider size
-
-  public:
-
-    typedef int EntryIndex;
-
-    NewObjectCache() { mozilla::PodZero(this); }
-    void purge() { mozilla::PodZero(this); }
-
-    /* Remove any cached items keyed on moved objects. */
-    void clearNurseryObjects(JSRuntime *rt);
-
-    /*
-     * Get the entry index for the given lookup, return whether there was a hit
-     * on an existing entry.
-     */
-    inline bool lookupProto(Class *clasp, JSObject *proto, gc::AllocKind kind, EntryIndex *pentry);
-    inline bool lookupGlobal(Class *clasp, js::GlobalObject *global, gc::AllocKind kind,
-                             EntryIndex *pentry);
-
-    bool lookupType(Class *clasp, js::types::TypeObject *type, gc::AllocKind kind,
-                    EntryIndex *pentry)
-    {
-        return lookup(clasp, type, kind, pentry);
-    }
-
-    /*
-     * Return a new object from a cache hit produced by a lookup method, or
-     * NULL if returning the object could possibly trigger GC (does not
-     * indicate failure).
-     */
-    inline JSObject *newObjectFromHit(JSContext *cx, EntryIndex entry, js::gc::InitialHeap heap);
-
-    /* Fill an entry after a cache miss. */
-    void fillProto(EntryIndex entry, Class *clasp, js::TaggedProto proto, gc::AllocKind kind, JSObject *obj);
-
-    inline void fillGlobal(EntryIndex entry, Class *clasp, js::GlobalObject *global,
-                           gc::AllocKind kind, JSObject *obj);
-
-    void fillType(EntryIndex entry, Class *clasp, js::types::TypeObject *type, gc::AllocKind kind,
-                  JSObject *obj)
-    {
-        JS_ASSERT(obj->type() == type);
-        return fill(entry, clasp, type, kind, obj);
-    }
-
-    /* Invalidate any entries which might produce an object with shape/proto. */
-    void invalidateEntriesForShape(JSContext *cx, HandleShape shape, HandleObject proto);
-
-  private:
-    bool lookup(Class *clasp, gc::Cell *key, gc::AllocKind kind, EntryIndex *pentry) {
-        uintptr_t hash = (uintptr_t(clasp) ^ uintptr_t(key)) + kind;
-        *pentry = hash % mozilla::ArrayLength(entries);
-
-        Entry *entry = &entries[*pentry];
-
-        /* N.B. Lookups with the same clasp/key but different kinds map to different entries. */
-        return (entry->clasp == clasp && entry->key == key);
-    }
-
-    void fill(EntryIndex entry_, Class *clasp, gc::Cell *key, gc::AllocKind kind, JSObject *obj) {
-        JS_ASSERT(unsigned(entry_) < mozilla::ArrayLength(entries));
-        Entry *entry = &entries[entry_];
-
-        JS_ASSERT(!obj->hasDynamicSlots() && !obj->hasDynamicElements());
-
-        entry->clasp = clasp;
-        entry->key = key;
-        entry->kind = kind;
-
-        entry->nbytes = gc::Arena::thingSize(kind);
-        js_memcpy(&entry->templateObject, obj, entry->nbytes);
-    }
-
-    static inline void copyCachedToObject(JSObject *dst, JSObject *src, gc::AllocKind kind);
-};
-
-/*
- * A FreeOp can do one thing: free memory. For convenience, it has delete_
- * convenience methods that also call destructors.
- *
- * FreeOp is passed to finalizers and other sweep-phase hooks so that we do not
- * need to pass a JSContext to those hooks.
- */
-class FreeOp : public JSFreeOp {
-    bool        shouldFreeLater_;
-
-  public:
-    static FreeOp *get(JSFreeOp *fop) {
-        return static_cast<FreeOp *>(fop);
-    }
-
-    FreeOp(JSRuntime *rt, bool shouldFreeLater)
-      : JSFreeOp(rt),
-        shouldFreeLater_(shouldFreeLater)
-    {
-    }
-
-    bool shouldFreeLater() const {
-        return shouldFreeLater_;
-    }
-
-    inline void free_(void *p);
-
-    template <class T>
-    inline void delete_(T *p) {
-        if (p) {
-            p->~T();
-            free_(p);
-        }
-    }
-
-    static void staticAsserts() {
-        /*
-         * Check that JSFreeOp is the first base class for FreeOp and we can
-         * reinterpret a pointer to JSFreeOp as a pointer to FreeOp without
-         * any offset adjustments. JSClass::finalize <-> Class::finalize depends
-         * on this.
-         */
-        JS_STATIC_ASSERT(offsetof(FreeOp, shouldFreeLater_) == sizeof(JSFreeOp));
-    }
-};
-
-} /* namespace js */
-
-namespace JS {
-struct RuntimeSizes;
-}
-
-/* Various built-in or commonly-used names pinned on first context. */
-struct JSAtomState
-{
-#define PROPERTYNAME_FIELD(idpart, id, text) js::FixedHeapPtr<js::PropertyName> id;
-    FOR_EACH_COMMON_PROPERTYNAME(PROPERTYNAME_FIELD)
-#undef PROPERTYNAME_FIELD
-#define PROPERTYNAME_FIELD(name, code, init) js::FixedHeapPtr<js::PropertyName> name;
-    JS_FOR_EACH_PROTOTYPE(PROPERTYNAME_FIELD)
-#undef PROPERTYNAME_FIELD
-};
-
-#define NAME_OFFSET(name)       offsetof(JSAtomState, name)
-#define OFFSET_TO_NAME(rt,off)  (*(js::FixedHeapPtr<js::PropertyName>*)((char*)&(rt)->atomState + (off)))
-
-namespace js {
-
-/*
- * Encapsulates portions of the runtime/context that are tied to a
- * single active thread.  Normally, as most JS is single-threaded,
- * there is only one instance of this struct, embedded in the
- * JSRuntime as the field |mainThread|.  During Parallel JS sections,
- * however, there will be one instance per worker thread.
- */
-class PerThreadData : public js::PerThreadDataFriendFields
-{
-    /*
-     * Backpointer to the full shared JSRuntime* with which this
-     * thread is associated.  This is private because accessing the
-     * fields of this runtime can provoke race conditions, so the
-     * intention is that access will be mediated through safe
-     * functions like |associatedWith()| below.
-     */
-    JSRuntime *runtime_;
-
-  public:
-    /*
-     * We save all conservative scanned roots in this vector so that
-     * conservative scanning can be "replayed" deterministically. In DEBUG mode,
-     * this allows us to run a non-incremental GC after every incremental GC to
-     * ensure that no objects were missed.
-     */
-#ifdef DEBUG
-    struct SavedGCRoot {
-        void *thing;
-        JSGCTraceKind kind;
-
-        SavedGCRoot(void *thing, JSGCTraceKind kind) : thing(thing), kind(kind) {}
-    };
-    js::Vector<SavedGCRoot, 0, js::SystemAllocPolicy> gcSavedRoots;
-#endif
-
-    /*
-     * If Ion code is on the stack, and has called into C++, this will be
-     * aligned to an Ion exit frame.
-     */
-    uint8_t             *ionTop;
-    JSContext           *ionJSContext;
-    uintptr_t            ionStackLimit;
-
-    inline void setIonStackLimit(uintptr_t limit);
-
-    /*
-     * asm.js maintains a stack of AsmJSModule activations (see AsmJS.h). This
-     * stack is used by JSRuntime::triggerOperationCallback to stop long-
-     * running asm.js without requiring dynamic polling operations in the
-     * generated code. Since triggerOperationCallback may run on a separate
-     * thread than the JSRuntime's owner thread all reads/writes must be
-     * synchronized (by rt->operationCallbackLock).
-     */
-  private:
-    friend class js::Activation;
-    friend class js::ActivationIterator;
-    friend class js::ion::JitActivation;
-    friend class js::AsmJSActivation;
-
-    /*
-     * Points to the most recent activation running on the thread.
-     * See Activation comment in vm/Stack.h.
-     */
-    js::Activation *activation_;
-
-    /* See AsmJSActivation comment. Protected by rt->operationCallbackLock. */
-    js::AsmJSActivation *asmJSActivationStack_;
-
-  public:
-    static unsigned offsetOfActivation() {
-        return offsetof(PerThreadData, activation_);
-    }
-    static unsigned offsetOfAsmJSActivationStackReadOnly() {
-        return offsetof(PerThreadData, asmJSActivationStack_);
-    }
-
-    js::AsmJSActivation *asmJSActivationStackFromAnyThread() const {
-        return asmJSActivationStack_;
-    }
-    js::AsmJSActivation *asmJSActivationStackFromOwnerThread() const {
-        return asmJSActivationStack_;
-    }
-
-    js::Activation *activation() const {
-        return activation_;
-    }
-
-    /* State used by jsdtoa.cpp. */
-    DtoaState           *dtoaState;
-
-    /*
-     * When this flag is non-zero, any attempt to GC will be skipped. It is used
-     * to suppress GC when reporting an OOM (see js_ReportOutOfMemory) and in
-     * debugging facilities that cannot tolerate a GC and would rather OOM
-     * immediately, such as utilities exposed to GDB. Setting this flag is
-     * extremely dangerous and should only be used when in an OOM situation or
-     * in non-exposed debugging facilities.
-     */
-    int32_t             suppressGC;
-
-    PerThreadData(JSRuntime *runtime);
-    ~PerThreadData();
-
-    bool init();
-
-    bool associatedWith(const JSRuntime *rt) { return runtime_ == rt; }
-};
-
-template<class Client>
-struct MallocProvider
-{
-    void *malloc_(size_t bytes) {
-        Client *client = static_cast<Client *>(this);
-        client->updateMallocCounter(bytes);
-        void *p = js_malloc(bytes);
-        return JS_LIKELY(!!p) ? p : client->onOutOfMemory(NULL, bytes);
-    }
-
-    void *calloc_(size_t bytes) {
-        Client *client = static_cast<Client *>(this);
-        client->updateMallocCounter(bytes);
-        void *p = js_calloc(bytes);
-        return JS_LIKELY(!!p) ? p : client->onOutOfMemory(reinterpret_cast<void *>(1), bytes);
-    }
-
-    void *realloc_(void *p, size_t oldBytes, size_t newBytes) {
-        Client *client = static_cast<Client *>(this);
-        /*
-         * For compatibility we do not account for realloc that decreases
-         * previously allocated memory.
-         */
-        if (newBytes > oldBytes)
-            client->updateMallocCounter(newBytes - oldBytes);
-        void *p2 = js_realloc(p, newBytes);
-        return JS_LIKELY(!!p2) ? p2 : client->onOutOfMemory(p, newBytes);
-    }
-
-    void *realloc_(void *p, size_t bytes) {
-        Client *client = static_cast<Client *>(this);
-        /*
-         * For compatibility we do not account for realloc that increases
-         * previously allocated memory.
-         */
-        if (!p)
-            client->updateMallocCounter(bytes);
-        void *p2 = js_realloc(p, bytes);
-        return JS_LIKELY(!!p2) ? p2 : client->onOutOfMemory(p, bytes);
-    }
-
-    template <class T>
-    T *pod_malloc() {
-        return (T *)malloc_(sizeof(T));
-    }
-
-    template <class T>
-    T *pod_calloc() {
-        return (T *)calloc_(sizeof(T));
-    }
-
-    template <class T>
-    T *pod_malloc(size_t numElems) {
-        if (numElems & js::tl::MulOverflowMask<sizeof(T)>::result) {
-            Client *client = static_cast<Client *>(this);
-            client->reportAllocationOverflow();
-            return NULL;
-        }
-        return (T *)malloc_(numElems * sizeof(T));
-    }
-
-    template <class T>
-    T *pod_calloc(size_t numElems, JSCompartment *comp = NULL, JSContext *cx = NULL) {
-        if (numElems & js::tl::MulOverflowMask<sizeof(T)>::result) {
-            Client *client = static_cast<Client *>(this);
-            client->reportAllocationOverflow();
-            return NULL;
-        }
-        return (T *)calloc_(numElems * sizeof(T));
-    }
-
-    JS_DECLARE_NEW_METHODS(new_, malloc_, JS_ALWAYS_INLINE)
-};
-
-namespace gc {
-class MarkingValidator;
-} // namespace gc
-
-typedef Vector<JS::Zone *, 1, SystemAllocPolicy> ZoneVector;
-
-} // namespace js
-
-struct JSRuntime : public JS::shadow::Runtime,
-                   public js::MallocProvider<JSRuntime>
-{
-    /*
-     * Per-thread data for the main thread that is associated with
-     * this JSRuntime, as opposed to any worker threads used in
-     * parallel sections.  See definition of |PerThreadData| struct
-     * above for more details.
-     *
-     * NB: This field is statically asserted to be at offset
-     * sizeof(js::shadow::Runtime). See
-     * PerThreadDataFriendFields::getMainThread.
-     */
-    js::PerThreadData   mainThread;
-
-    /*
-     * If non-zero, we were been asked to call the operation callback as soon
-     * as possible.
-     */
-    volatile int32_t    interrupt;
-
-#ifdef JS_THREADSAFE
-  private:
-    /*
-     * Lock taken when triggering the operation callback from another thread.
-     * Protects all data that is touched in this process.
-     */
-    PRLock *operationCallbackLock;
-#ifdef DEBUG
-    PRThread *operationCallbackOwner;
-#endif
-  public:
-#endif // JS_THREADSAFE
-
-    class AutoLockForOperationCallback {
-#ifdef JS_THREADSAFE
-        JSRuntime *rt;
-      public:
-        AutoLockForOperationCallback(JSRuntime *rt MOZ_GUARD_OBJECT_NOTIFIER_PARAM) : rt(rt) {
-            MOZ_GUARD_OBJECT_NOTIFIER_INIT;
-            PR_Lock(rt->operationCallbackLock);
-#ifdef DEBUG
-            rt->operationCallbackOwner = PR_GetCurrentThread();
-#endif
-        }
-        ~AutoLockForOperationCallback() {
-            JS_ASSERT(rt->operationCallbackOwner == PR_GetCurrentThread());
-#ifdef DEBUG
-            rt->operationCallbackOwner = NULL;
-#endif
-            PR_Unlock(rt->operationCallbackLock);
-        }
-#else // JS_THREADSAFE
-      public:
-        AutoLockForOperationCallback(JSRuntime *rt MOZ_GUARD_OBJECT_NOTIFIER_PARAM) {
-            MOZ_GUARD_OBJECT_NOTIFIER_INIT;
-        }
-#endif // JS_THREADSAFE
-
-        MOZ_DECL_USE_GUARD_OBJECT_NOTIFIER
-    };
-
-    bool currentThreadOwnsOperationCallbackLock() {
-#if defined(JS_THREADSAFE) && defined(DEBUG)
-        return operationCallbackOwner == PR_GetCurrentThread();
-#else
-        return true;
-#endif
-    }
-
-    /* Default compartment. */
-    JSCompartment       *atomsCompartment;
-
-    /* Embedders can use this zone however they wish. */
-    JS::Zone            *systemZone;
-
-    /* List of compartments and zones (protected by the GC lock). */
-    js::ZoneVector      zones;
-
-    /* How many compartments there are across all zones. */
-    size_t              numCompartments;
-
-    /* Locale-specific callbacks for string conversion. */
-    JSLocaleCallbacks *localeCallbacks;
-
-    /* Default locale for Internationalization API */
-    char *defaultLocale;
-
-    /* Default JSVersion. */
-    JSVersion defaultVersion_;
-
-    /* See comment for JS_AbortIfWrongThread in jsapi.h. */
-#ifdef JS_THREADSAFE
-  public:
-    void *ownerThread() const { return ownerThread_; }
-    void clearOwnerThread();
-    void setOwnerThread();
-    JS_FRIEND_API(void) abortIfWrongThread() const;
-#ifdef DEBUG
-    JS_FRIEND_API(void) assertValidThread() const;
-#else
-    void assertValidThread() const {}
-#endif
-  private:
-    void                *ownerThread_;
-  public:
-#else
-  public:
-    void abortIfWrongThread() const {}
-    void assertValidThread() const {}
-#endif
-
-    /* Temporary arena pool used while compiling and decompiling. */
-    static const size_t TEMP_LIFO_ALLOC_PRIMARY_CHUNK_SIZE = 4 * 1024;
-    js::LifoAlloc tempLifoAlloc;
-
-    /*
-     * Free LIFO blocks are transferred to this allocator before being freed on
-     * the background GC thread.
-     */
-    js::LifoAlloc freeLifoAlloc;
-
-  private:
-    /*
-     * Both of these allocators are used for regular expression code which is shared at the
-     * thread-data level.
-     */
-    JSC::ExecutableAllocator *execAlloc_;
-    WTF::BumpPointerAllocator *bumpAlloc_;
-    js::ion::IonRuntime *ionRuntime_;
-
-    JSObject *selfHostingGlobal_;
-
-    /* Space for interpreter frames. */
-    js::InterpreterStack interpreterStack_;
-
-    JSC::ExecutableAllocator *createExecutableAllocator(JSContext *cx);
-    WTF::BumpPointerAllocator *createBumpPointerAllocator(JSContext *cx);
-    js::ion::IonRuntime *createIonRuntime(JSContext *cx);
-
-  public:
-    JSC::ExecutableAllocator *getExecAlloc(JSContext *cx) {
-        return execAlloc_ ? execAlloc_ : createExecutableAllocator(cx);
-    }
-    JSC::ExecutableAllocator &execAlloc() {
-        JS_ASSERT(execAlloc_);
-        return *execAlloc_;
-    }
-    JSC::ExecutableAllocator *maybeExecAlloc() {
-        return execAlloc_;
-    }
-    WTF::BumpPointerAllocator *getBumpPointerAllocator(JSContext *cx) {
-        return bumpAlloc_ ? bumpAlloc_ : createBumpPointerAllocator(cx);
-    }
-    js::ion::IonRuntime *getIonRuntime(JSContext *cx) {
-        return ionRuntime_ ? ionRuntime_ : createIonRuntime(cx);
-    }
-    js::ion::IonRuntime *ionRuntime() {
-        return ionRuntime_;
-    }
-    bool hasIonRuntime() const {
-        return !!ionRuntime_;
-    }
-    js::InterpreterStack &interpreterStack() {
-        return interpreterStack_;
-    }
-
-    //-------------------------------------------------------------------------
-    // Self-hosting support
-    //-------------------------------------------------------------------------
-
-    bool initSelfHosting(JSContext *cx);
-    void finishSelfHosting();
-    void markSelfHostingGlobal(JSTracer *trc);
-    bool isSelfHostingGlobal(js::HandleObject global) {
-        return global == selfHostingGlobal_;
-    }
-    bool cloneSelfHostedFunctionScript(JSContext *cx, js::Handle<js::PropertyName*> name,
-                                       js::Handle<JSFunction*> targetFun);
-    bool cloneSelfHostedValue(JSContext *cx, js::Handle<js::PropertyName*> name,
-                              js::MutableHandleValue vp);
-    bool maybeWrappedSelfHostedFunction(JSContext *cx, js::Handle<js::PropertyName*> name,
-                                        js::MutableHandleValue funVal);
-
-    //-------------------------------------------------------------------------
-    // Locale information
-    //-------------------------------------------------------------------------
-
-    /*
-     * Set the default locale for the ECMAScript Internationalization API
-     * (Intl.Collator, Intl.NumberFormat, Intl.DateTimeFormat).
-     * Note that the Internationalization API encourages clients to
-     * specify their own locales.
-     * The locale string remains owned by the caller.
-     */
-    bool setDefaultLocale(const char *locale);
-
-    /* Reset the default locale to OS defaults. */
-    void resetDefaultLocale();
-
-    /* Gets current default locale. String remains owned by context. */
-    const char *getDefaultLocale();
-
-    JSVersion defaultVersion() { return defaultVersion_; }
-    void setDefaultVersion(JSVersion v) { defaultVersion_ = v; }
-
-    /* Base address of the native stack for the current thread. */
-    uintptr_t           nativeStackBase;
-
-    /* The native stack size limit that runtime should not exceed. */
-    size_t              nativeStackQuota;
-
-    /*
-     * Frames currently running in js::Interpret. See InterpreterFrames for
-     * details.
-     */
-    js::InterpreterFrames *interpreterFrames;
-
-    /* Context create/destroy callback. */
-    JSContextCallback   cxCallback;
-
-    /* Compartment destroy callback. */
-    JSDestroyCompartmentCallback destroyCompartmentCallback;
-
-    /* Call this to get the name of a compartment. */
-    JSCompartmentNameCallback compartmentNameCallback;
-
-    js::ActivityCallback  activityCallback;
-    void                 *activityCallbackArg;
-
-#ifdef JS_THREADSAFE
-    /* The request depth for this thread. */
-    unsigned            requestDepth;
-
-# ifdef DEBUG
-    unsigned            checkRequestDepth;
-# endif
-#endif
-
-    /* Garbage collector state, used by jsgc.c. */
-
-    /*
-     * Set of all GC chunks with at least one allocated thing. The
-     * conservative GC uses it to quickly check if a possible GC thing points
-     * into an allocated chunk.
-     */
-    js::GCChunkSet      gcChunkSet;
-
-    /*
-     * Doubly-linked lists of chunks from user and system compartments. The GC
-     * allocates its arenas from the corresponding list and when all arenas
-     * in the list head are taken, then the chunk is removed from the list.
-     * During the GC when all arenas in a chunk become free, that chunk is
-     * removed from the list and scheduled for release.
-     */
-    js::gc::Chunk       *gcSystemAvailableChunkListHead;
-    js::gc::Chunk       *gcUserAvailableChunkListHead;
-    js::gc::ChunkPool   gcChunkPool;
-
-    js::RootedValueMap  gcRootsHash;
-    unsigned            gcKeepAtoms;
-    volatile size_t     gcBytes;
-    size_t              gcMaxBytes;
-    size_t              gcMaxMallocBytes;
-
-    /*
-     * Number of the committed arenas in all GC chunks including empty chunks.
-     * The counter is volatile as it is read without the GC lock, see comments
-     * in MaybeGC.
-     */
-    volatile uint32_t   gcNumArenasFreeCommitted;
-    js::GCMarker        gcMarker;
-    void                *gcVerifyPreData;
-    void                *gcVerifyPostData;
-    bool                gcChunkAllocationSinceLastGC;
-    int64_t             gcNextFullGCTime;
-    int64_t             gcLastGCTime;
-    int64_t             gcJitReleaseTime;
-    JSGCMode            gcMode;
-    size_t              gcAllocationThreshold;
-    bool                gcHighFrequencyGC;
-    uint64_t            gcHighFrequencyTimeThreshold;
-    uint64_t            gcHighFrequencyLowLimitBytes;
-    uint64_t            gcHighFrequencyHighLimitBytes;
-    double              gcHighFrequencyHeapGrowthMax;
-    double              gcHighFrequencyHeapGrowthMin;
-    double              gcLowFrequencyHeapGrowth;
-    bool                gcDynamicHeapGrowth;
-    bool                gcDynamicMarkSlice;
-    uint64_t            gcDecommitThreshold;
-
-    /* During shutdown, the GC needs to clean up every possible object. */
-    bool                gcShouldCleanUpEverything;
-
-    /*
-     * The gray bits can become invalid if UnmarkGray overflows the stack. A
-     * full GC will reset this bit, since it fills in all the gray bits.
-     */
-    bool                gcGrayBitsValid;
-
-    /*
-     * These flags must be kept separate so that a thread requesting a
-     * compartment GC doesn't cancel another thread's concurrent request for a
-     * full GC.
-     */
-    volatile uintptr_t  gcIsNeeded;
-
-    js::gcstats::Statistics gcStats;
-
-    /* Incremented on every GC slice. */
-    uint64_t            gcNumber;
-
-    /* The gcNumber at the time of the most recent GC's first slice. */
-    uint64_t            gcStartNumber;
-
-    /* Whether the currently running GC can finish in multiple slices. */
-    bool                gcIsIncremental;
-
-    /* Whether all compartments are being collected in first GC slice. */
-    bool                gcIsFull;
-
-    /* The reason that an interrupt-triggered GC should be called. */
-    JS::gcreason::Reason gcTriggerReason;
-
-    /*
-     * If this is true, all marked objects must belong to a compartment being
-     * GCed. This is used to look for compartment bugs.
-     */
-    bool                gcStrictCompartmentChecking;
-
-#ifdef DEBUG
-    /*
-     * If this is 0, all cross-compartment proxies must be registered in the
-     * wrapper map. This checking must be disabled temporarily while creating
-     * new wrappers. When non-zero, this records the recursion depth of wrapper
-     * creation.
-     */
-    uintptr_t           gcDisableStrictProxyCheckingCount;
-#else
-    uintptr_t           unused1;
-#endif
-
-    /*
-     * The current incremental GC phase. This is also used internally in
-     * non-incremental GC.
-     */
-    js::gc::State       gcIncrementalState;
-
-    /* Indicates that the last incremental slice exhausted the mark stack. */
-    bool                gcLastMarkSlice;
-
-    /* Whether any sweeping will take place in the separate GC helper thread. */
-    bool                gcSweepOnBackgroundThread;
-
-    /* Whether any black->gray edges were found during marking. */
-    bool                gcFoundBlackGrayEdges;
-
-    /* List head of zones to be swept in the background. */
-    JS::Zone            *gcSweepingZones;
-
-    /* Index of current zone group (for stats). */
-    unsigned            gcZoneGroupIndex;
-
-    /*
-     * Incremental sweep state.
-     */
-    JS::Zone            *gcZoneGroups;
-    JS::Zone            *gcCurrentZoneGroup;
-    int                 gcSweepPhase;
-    JS::Zone            *gcSweepZone;
-    int                 gcSweepKindIndex;
-    bool                gcAbortSweepAfterCurrentGroup;
-
-    /*
-     * List head of arenas allocated during the sweep phase.
-     */
-    js::gc::ArenaHeader *gcArenasAllocatedDuringSweep;
-
-#ifdef DEBUG
-    js::gc::MarkingValidator *gcMarkingValidator;
-#endif
-
-    /*
-     * Indicates that a GC slice has taken place in the middle of an animation
-     * frame, rather than at the beginning. In this case, the next slice will be
-     * delayed so that we don't get back-to-back slices.
-     */
-    volatile uintptr_t  gcInterFrameGC;
-
-    /* Default budget for incremental GC slice. See SliceBudget in jsgc.h. */
-    int64_t             gcSliceBudget;
-
-    /*
-     * We disable incremental GC if we encounter a js::Class with a trace hook
-     * that does not implement write barriers.
-     */
-    bool                gcIncrementalEnabled;
-
-    /*
-     * GGC can be enabled from the command line while testing.
-     */
-    bool                gcGenerationalEnabled;
-
-    /*
-     * This is true if we are in the middle of a brain transplant (e.g.,
-     * JS_TransplantObject) or some other operation that can manipulate
-     * dead zones.
-     */
-    bool                gcManipulatingDeadZones;
-
-    /*
-     * This field is incremented each time we mark an object inside a
-     * zone with no incoming cross-compartment pointers. Typically if
-     * this happens it signals that an incremental GC is marking too much
-     * stuff. At various times we check this counter and, if it has changed, we
-     * run an immediate, non-incremental GC to clean up the dead
-     * zones. This should happen very rarely.
-     */
-    unsigned            gcObjectsMarkedInDeadZones;
-
-    bool                gcPoke;
-
-    volatile js::HeapState heapState;
-
-    bool isHeapBusy() { return heapState != js::Idle; }
-    bool isHeapMajorCollecting() { return heapState == js::MajorCollecting; }
-    bool isHeapMinorCollecting() { return heapState == js::MinorCollecting; }
-    bool isHeapCollecting() { return isHeapMajorCollecting() || isHeapMinorCollecting(); }
-
-#ifdef JSGC_GENERATIONAL
-    js::Nursery                  gcNursery;
-    js::gc::StoreBuffer          gcStoreBuffer;
-#endif
-
-    /*
-     * These options control the zealousness of the GC. The fundamental values
-     * are gcNextScheduled and gcDebugCompartmentGC. At every allocation,
-     * gcNextScheduled is decremented. When it reaches zero, we do either a
-     * full or a compartmental GC, based on gcDebugCompartmentGC.
-     *
-     * At this point, if gcZeal_ is one of the types that trigger periodic
-     * collection, then gcNextScheduled is reset to the value of
-     * gcZealFrequency. Otherwise, no additional GCs take place.
-     *
-     * You can control these values in several ways:
-     *   - Pass the -Z flag to the shell (see the usage info for details)
-     *   - Call gczeal() or schedulegc() from inside shell-executed JS code
-     *     (see the help for details)
-     *
-     * If gzZeal_ == 1 then we perform GCs in select places (during MaybeGC and
-     * whenever a GC poke happens). This option is mainly useful to embedders.
-     *
-     * We use gcZeal_ == 4 to enable write barrier verification. See the comment
-     * in jsgc.cpp for more information about this.
-     *
-     * gcZeal_ values from 8 to 10 periodically run different types of
-     * incremental GC.
-     */
-#ifdef JS_GC_ZEAL
-    int                 gcZeal_;
-    int                 gcZealFrequency;
-    int                 gcNextScheduled;
-    bool                gcDeterministicOnly;
-    int                 gcIncrementalLimit;
-
-    js::Vector<JSObject *, 0, js::SystemAllocPolicy> gcSelectedForMarking;
-
-    int gcZeal() { return gcZeal_; }
-
-    bool needZealousGC() {
-        if (gcNextScheduled > 0 && --gcNextScheduled == 0) {
-            if (gcZeal() == js::gc::ZealAllocValue ||
-                gcZeal() == js::gc::ZealPurgeAnalysisValue ||
-                (gcZeal() >= js::gc::ZealIncrementalRootsThenFinish &&
-                 gcZeal() <= js::gc::ZealIncrementalMultipleSlices))
-            {
-                gcNextScheduled = gcZealFrequency;
-            }
-            return true;
-        }
-        return false;
-    }
-#else
-    int gcZeal() { return 0; }
-    bool needZealousGC() { return false; }
-#endif
-
-    bool                gcValidate;
-    bool                gcFullCompartmentChecks;
-
-    JSGCCallback        gcCallback;
-    JS::GCSliceCallback gcSliceCallback;
-    JSFinalizeCallback  gcFinalizeCallback;
-
-    js::AnalysisPurgeCallback analysisPurgeCallback;
-    uint64_t            analysisPurgeTriggerBytes;
-
-  private:
-    /*
-     * Malloc counter to measure memory pressure for GC scheduling. It runs
-     * from gcMaxMallocBytes down to zero.
-     */
-    volatile ptrdiff_t  gcMallocBytes;
-
-  public:
-    void setNeedsBarrier(bool needs) {
-        needsBarrier_ = needs;
-    }
-
-    bool needsBarrier() const {
-        return needsBarrier_;
-    }
-
-    struct ExtraTracer {
-        JSTraceDataOp op;
-        void *data;
-
-        ExtraTracer()
-          : op(NULL), data(NULL)
-        {}
-        ExtraTracer(JSTraceDataOp op, void *data)
-          : op(op), data(data)
-        {}
-    };
-
-    /*
-     * The trace operations to trace embedding-specific GC roots. One is for
-     * tracing through black roots and the other is for tracing through gray
-     * roots. The black/gray distinction is only relevant to the cycle
-     * collector.
-     */
-    typedef js::Vector<ExtraTracer, 4, js::SystemAllocPolicy> ExtraTracerVector;
-    ExtraTracerVector   gcBlackRootTracers;
-    ExtraTracer         gcGrayRootTracer;
-
-    /* Stack of thread-stack-allocated GC roots. */
-    js::AutoGCRooter   *autoGCRooters;
-
-    /*
-     * The GC can only safely decommit memory when the page size of the
-     * running process matches the compiled arena size.
-     */
-    size_t              gcSystemPageSize;
-
-    /* The OS allocation granularity may not match the page size. */
-    size_t              gcSystemAllocGranularity;
-
-    /* Strong references on scripts held for PCCount profiling API. */
-    js::ScriptAndCountsVector *scriptAndCountsVector;
-
-    /* Well-known numbers held for use by this runtime's contexts. */
-    js::Value           NaNValue;
-    js::Value           negativeInfinityValue;
-    js::Value           positiveInfinityValue;
-
-    js::PropertyName    *emptyString;
-
-    /* List of active contexts sharing this runtime. */
-    mozilla::LinkedList<JSContext> contextList;
-
-    bool hasContexts() const {
-        return !contextList.isEmpty();
-    }
-
-    JS_SourceHook       sourceHook;
-
-    /* Per runtime debug hooks -- see jsprvtd.h and jsdbgapi.h. */
-    JSDebugHooks        debugHooks;
-
-    /* If true, new compartments are initially in debug mode. */
-    bool                debugMode;
-
-    /* SPS profiling metadata */
-    js::SPSProfiler     spsProfiler;
-
-    /* If true, new scripts must be created with PC counter information. */
-    bool                profilingScripts;
-
-    /* Always preserve JIT code during GCs, for testing. */
-    bool                alwaysPreserveCode;
-
-    /* Had an out-of-memory error which did not populate an exception. */
-    bool                hadOutOfMemory;
-
-    /* Linked list of all Debugger objects in the runtime. */
-    mozilla::LinkedList<js::Debugger> debuggerList;
-
-    /*
-     * Head of circular list of all enabled Debuggers that have
-     * onNewGlobalObject handler methods established.
-     */
-    JSCList             onNewGlobalObjectWatchers;
-
-    /* Client opaque pointers */
-    void                *data;
-
-    /* Synchronize GC heap access between main thread and GCHelperThread. */
-    PRLock              *gcLock;
-
-    js::GCHelperThread  gcHelperThread;
-
-#ifdef XP_MACOSX
-    js::AsmJSMachExceptionHandler asmJSMachExceptionHandler;
-#endif
-
-#ifdef JS_THREADSAFE
-# ifdef JS_ION
-    js::WorkerThreadState *workerThreadState;
-# endif
-
-    js::SourceCompressorThread sourceCompressorThread;
-#endif
-
-  private:
-    js::FreeOp          defaultFreeOp_;
-
-  public:
-    js::FreeOp *defaultFreeOp() {
-        return &defaultFreeOp_;
-    }
-
-    uint32_t            debuggerMutations;
-
-    const JSSecurityCallbacks *securityCallbacks;
-    const js::DOMCallbacks *DOMcallbacks;
-    JSDestroyPrincipalsOp destroyPrincipals;
-
-    /* Structured data callbacks are runtime-wide. */
-    const JSStructuredCloneCallbacks *structuredCloneCallbacks;
-
-    /* Call this to accumulate telemetry data. */
-    JSAccumulateTelemetryDataCallback telemetryCallback;
-
-    /*
-     * The propertyRemovals counter is incremented for every JSObject::clear,
-     * and for each JSObject::remove method call that frees a slot in the given
-     * object. See js_NativeGet and js_NativeSet in jsobj.cpp.
-     */
-    uint32_t            propertyRemovals;
-
-#if !ENABLE_INTL_API
-    /* Number localization, used by jsnum.cpp. */
-    const char          *thousandsSeparator;
-    const char          *decimalSeparator;
-    const char          *numGrouping;
-#endif
-
-  private:
-    js::MathCache *mathCache_;
-    js::MathCache *createMathCache(JSContext *cx);
-  public:
-    js::MathCache *getMathCache(JSContext *cx) {
-        return mathCache_ ? mathCache_ : createMathCache(cx);
-    }
-
-    js::GSNCache        gsnCache;
-    js::NewObjectCache  newObjectCache;
-    js::NativeIterCache nativeIterCache;
-    js::SourceDataCache sourceDataCache;
-    js::EvalCache       evalCache;
-    js::LazyScriptCache lazyScriptCache;
-
-    js::DateTimeInfo    dateTimeInfo;
-
-    js::ConservativeGCData conservativeGC;
-
-    /* Pool of maps used during parse/emit. */
-    js::frontend::ParseMapPool parseMapPool;
-
-    /*
-     * Count of currently active compilations.
-     * When there are compilations active for the context, the GC must not
-     * purge the ParseMapPool.
-     */
-    unsigned activeCompilations;
-
-  private:
-    JSPrincipals        *trustedPrincipals_;
-  public:
-    void setTrustedPrincipals(JSPrincipals *p) { trustedPrincipals_ = p; }
-    JSPrincipals *trustedPrincipals() const { return trustedPrincipals_; }
-
-    /* Set of all currently-living atoms. */
-    js::AtomSet         atoms;
-
-    union {
-        /*
-         * Cached pointers to various interned property names, initialized in
-         * order from first to last via the other union arm.
-         */
-        JSAtomState atomState;
-
-        js::FixedHeapPtr<js::PropertyName> firstCachedName;
-    };
-
-    /* Tables of strings that are pre-allocated in the atomsCompartment. */
-    js::StaticStrings   staticStrings;
-
-    JSWrapObjectCallback                   wrapObjectCallback;
-    JSSameCompartmentWrapObjectCallback    sameCompartmentWrapObjectCallback;
-    JSPreWrapCallback                      preWrapObjectCallback;
-    js::PreserveWrapperCallback            preserveWrapperCallback;
-
-    js::ScriptDataTable scriptDataTable;
-
-#ifdef DEBUG
-    size_t              noGCOrAllocationCheck;
-#endif
-
-    bool                jitHardening;
-
-    bool                jitSupportsFloatingPoint;
-
-    // Used to reset stack limit after a signaled interrupt (i.e. ionStackLimit_ = -1)
-    // has been noticed by Ion/Baseline.
-    void resetIonStackLimit() {
-        AutoLockForOperationCallback lock(this);
-        mainThread.setIonStackLimit(mainThread.nativeStackLimit);
-    }
-
-    // Cache for ion::GetPcScript().
-    js::ion::PcScriptCache *ionPcScriptCache;
-
-    js::ThreadPool threadPool;
-
-    js::CTypesActivityCallback  ctypesActivityCallback;
-
-    // Non-zero if this is a parallel warmup execution.  See
-    // js::parallel::Do() for more information.
-    uint32_t parallelWarmup;
-
-  private:
-    // In certain cases, we want to optimize certain opcodes to typed instructions,
-    // to avoid carrying an extra register to feed into an unbox. Unfortunately,
-    // that's not always possible. For example, a GetPropertyCacheT could return a
-    // typed double, but if it takes its out-of-line path, it could return an
-    // object, and trigger invalidation. The invalidation bailout will consider the
-    // return value to be a double, and create a garbage Value.
-    //
-    // To allow the GetPropertyCacheT optimization, we allow the ability for
-    // GetPropertyCache to override the return value at the top of the stack - the
-    // value that will be temporarily corrupt. This special override value is set
-    // only in callVM() targets that are about to return *and* have invalidated
-    // their callee.
-    js::Value            ionReturnOverride_;
-
-  public:
-    bool hasIonReturnOverride() const {
-        return !ionReturnOverride_.isMagic();
-    }
-    js::Value takeIonReturnOverride() {
-        js::Value v = ionReturnOverride_;
-        ionReturnOverride_ = js::MagicValue(JS_ARG_POISON);
-        return v;
-    }
-    void setIonReturnOverride(const js::Value &v) {
-        JS_ASSERT(!hasIonReturnOverride());
-        ionReturnOverride_ = v;
-    }
-
-    JSRuntime(JSUseHelperThreads useHelperThreads);
-    ~JSRuntime();
-
-    bool init(uint32_t maxbytes);
-
-    JSRuntime *thisFromCtor() { return this; }
-
-    void setGCMaxMallocBytes(size_t value);
-
-    void resetGCMallocBytes() { gcMallocBytes = ptrdiff_t(gcMaxMallocBytes); }
-
-    /*
-     * Call this after allocating memory held by GC things, to update memory
-     * pressure counters or report the OOM error if necessary. If oomError and
-     * cx is not null the function also reports OOM error.
-     *
-     * The function must be called outside the GC lock and in case of OOM error
-     * the caller must ensure that no deadlock possible during OOM reporting.
-     */
-    void updateMallocCounter(size_t nbytes);
-    void updateMallocCounter(JS::Zone *zone, size_t nbytes);
-
-    void reportAllocationOverflow() { js_ReportAllocationOverflow(NULL); }
-
-    bool isTooMuchMalloc() const {
-        return gcMallocBytes <= 0;
-    }
-
-    /*
-     * The function must be called outside the GC lock.
-     */
-    JS_FRIEND_API(void) onTooMuchMalloc();
-
-    /*
-     * This should be called after system malloc/realloc returns NULL to try
-     * to recove some memory or to report an error. Failures in malloc and
-     * calloc are signaled by p == null and p == reinterpret_cast<void *>(1).
-     * Other values of p mean a realloc failure.
-     *
-     * The function must be called outside the GC lock.
-     */
-    JS_FRIEND_API(void *) onOutOfMemory(void *p, size_t nbytes);
-    JS_FRIEND_API(void *) onOutOfMemory(void *p, size_t nbytes, JSContext *cx);
-
-    void triggerOperationCallback();
-
-    void setJitHardening(bool enabled);
-    bool getJitHardening() const {
-        return jitHardening;
-    }
-
-    void sizeOfIncludingThis(mozilla::MallocSizeOf mallocSizeOf, JS::RuntimeSizes *runtime);
-
-  private:
-
-    JSUseHelperThreads useHelperThreads_;
-    int32_t requestedHelperThreadCount;
-
-  public:
-
-    bool useHelperThreads() const {
-#ifdef JS_THREADSAFE
-        return useHelperThreads_ == JS_USE_HELPER_THREADS;
-#else
-        return false;
-#endif
-    }
-
-    void requestHelperThreadCount(size_t count) {
-        requestedHelperThreadCount = count;
-    }
-
-    /* Number of helper threads which should be created for this runtime. */
-    size_t helperThreadCount() const {
-#ifdef JS_THREADSAFE
-        if (requestedHelperThreadCount < 0)
-            return js::GetCPUCount() - 1;
-        return requestedHelperThreadCount;
-#else
-        return 0;
-#endif
-    }
-
-#ifdef DEBUG
-  public:
-    js::AutoEnterPolicy *enteredPolicy;
-#endif
-};
-
-/* Common macros to access thread-local caches in JSRuntime. */
-#define JS_KEEP_ATOMS(rt)   (rt)->gcKeepAtoms++;
-#define JS_UNKEEP_ATOMS(rt) (rt)->gcKeepAtoms--;
-
-namespace js {
-
 struct AutoResolving;
 
-/*
- * Flags accompany script version data so that a) dynamically created scripts
- * can inherit their caller's compile-time properties and b) scripts can be
- * appropriately compared in the eval cache across global option changes. An
- * example of the latter is enabling the top-level-anonymous-function-is-error
- * option: subsequent evals of the same, previously-valid script text may have
- * become invalid.
- */
-namespace VersionFlags {
-static const unsigned MASK      = 0x0FFF; /* see JSVersion in jspubtd.h */
-} /* namespace VersionFlags */
-
-static inline JSVersion
-VersionNumber(JSVersion version)
-{
-    return JSVersion(uint32_t(version) & VersionFlags::MASK);
-}
-
-static inline JSVersion
-VersionExtractFlags(JSVersion version)
-{
-    return JSVersion(uint32_t(version) & ~VersionFlags::MASK);
-}
-
-static inline void
-VersionCopyFlags(JSVersion *version, JSVersion from)
-{
-    *version = JSVersion(VersionNumber(*version) | VersionExtractFlags(from));
-}
-
-static inline bool
-VersionHasFlags(JSVersion version)
-{
-    return !!VersionExtractFlags(version);
-}
-
-static inline bool
-VersionIsKnown(JSVersion version)
-{
-    return VersionNumber(version) != JSVERSION_UNKNOWN;
-}
-
-inline void
-FreeOp::free_(void *p)
-{
-    if (shouldFreeLater()) {
-        runtime()->gcHelperThread.freeLater(p);
-        return;
-    }
-    js_free(p);
-}
-
 class ForkJoinSlice;
 
 /*
  * ThreadSafeContext is the base class for both JSContext, the "normal"
  * sequential context, and ForkJoinSlice, the per-thread parallel context used
  * in PJS.
  *
  * When cast to a ThreadSafeContext, the only usable operations are casting
@@ -2011,102 +520,16 @@ struct AutoResolving {
     JSContext           *const context;
     HandleObject        object;
     HandleId            id;
     Kind                const kind;
     AutoResolving       *const link;
     MOZ_DECL_USE_GUARD_OBJECT_NOTIFIER
 };
 
-#ifdef JS_THREADSAFE
-# define JS_LOCK_GC(rt)    PR_Lock((rt)->gcLock)
-# define JS_UNLOCK_GC(rt)  PR_Unlock((rt)->gcLock)
-#else
-# define JS_LOCK_GC(rt)    do { } while (0)
-# define JS_UNLOCK_GC(rt)  do { } while (0)
-#endif
-
-class AutoLockGC
-{
-  public:
-    explicit AutoLockGC(JSRuntime *rt = NULL
-                        MOZ_GUARD_OBJECT_NOTIFIER_PARAM)
-      : runtime(rt)
-    {
-        MOZ_GUARD_OBJECT_NOTIFIER_INIT;
-        // Avoid MSVC warning C4390 for non-threadsafe builds.
-        if (rt)
-            JS_LOCK_GC(rt);
-    }
-
-    ~AutoLockGC()
-    {
-        if (runtime)
-            JS_UNLOCK_GC(runtime);
-    }
-
-    bool locked() const {
-        return !!runtime;
-    }
-
-    void lock(JSRuntime *rt) {
-        JS_ASSERT(rt);
-        JS_ASSERT(!runtime);
-        runtime = rt;
-        JS_LOCK_GC(rt);
-    }
-
-  private:
-    JSRuntime *runtime;
-    MOZ_DECL_USE_GUARD_OBJECT_NOTIFIER
-};
-
-class AutoUnlockGC
-{
-  private:
-#ifdef JS_THREADSAFE
-    JSRuntime *rt;
-#endif
-    MOZ_DECL_USE_GUARD_OBJECT_NOTIFIER
-
-  public:
-    explicit AutoUnlockGC(JSRuntime *rt
-                          MOZ_GUARD_OBJECT_NOTIFIER_PARAM)
-#ifdef JS_THREADSAFE
-      : rt(rt)
-#endif
-    {
-        MOZ_GUARD_OBJECT_NOTIFIER_INIT;
-        JS_UNLOCK_GC(rt);
-    }
-    ~AutoUnlockGC() { JS_LOCK_GC(rt); }
-};
-
-class MOZ_STACK_CLASS AutoKeepAtoms
-{
-    JSRuntime *rt;
-    MOZ_DECL_USE_GUARD_OBJECT_NOTIFIER
-
-  public:
-    explicit AutoKeepAtoms(JSRuntime *rt
-                           MOZ_GUARD_OBJECT_NOTIFIER_PARAM)
-      : rt(rt)
-    {
-        MOZ_GUARD_OBJECT_NOTIFIER_INIT;
-        JS_KEEP_ATOMS(rt);
-    }
-    ~AutoKeepAtoms() { JS_UNKEEP_ATOMS(rt); }
-};
-
-// Maximum supported value of arguments.length. This bounds the maximum
-// number of arguments that can be supplied to Function.prototype.apply.
-// This value also bounds the number of elements parsed in an array
-// initialiser.
-static const unsigned ARGS_LENGTH_MAX = 500 * 1000;
-
 } /* namespace js */
 
 class JSAutoResolveFlags
 {
   public:
     JSAutoResolveFlags(JSContext *cx, unsigned flags
                        MOZ_GUARD_OBJECT_NOTIFIER_PARAM)
       : mContext(cx), mSaved(cx->resolveFlags)
@@ -2175,23 +598,16 @@ enum DestroyContextMode {
 extern void
 DestroyContext(JSContext *cx, DestroyContextMode mode);
 
 enum ErrorArgumentsType {
     ArgumentsAreUnicode,
     ArgumentsAreASCII
 };
 
-inline void
-PerThreadData::setIonStackLimit(uintptr_t limit)
-{
-    JS_ASSERT(runtime_->currentThreadOwnsOperationCallbackLock());
-    ionStackLimit = limit;
-}
-
 } /* namespace js */
 
 #ifdef va_start
 extern JSBool
 js_ReportErrorVA(JSContext *cx, unsigned flags, const char *format, va_list ap);
 
 extern JSBool
 js_ReportErrorNumberVA(JSContext *cx, unsigned flags, JSErrorCallback callback,
@@ -2298,79 +714,16 @@ JS_CHECK_OPERATION_LIMIT(JSContext *cx)
     JS_ASSERT_REQUEST_DEPTH(cx);
     return !cx->runtime()->interrupt || js_InvokeOperationCallback(cx);
 }
 
 namespace js {
 
 /************************************************************************/
 
-static JS_ALWAYS_INLINE void
-MakeRangeGCSafe(Value *vec, size_t len)
-{
-    mozilla::PodZero(vec, len);
-}
-
-static JS_ALWAYS_INLINE void
-MakeRangeGCSafe(Value *beg, Value *end)
-{
-    mozilla::PodZero(beg, end - beg);
-}
-
-static JS_ALWAYS_INLINE void
-MakeRangeGCSafe(jsid *beg, jsid *end)
-{
-    for (jsid *id = beg; id != end; ++id)
-        *id = INT_TO_JSID(0);
-}
-
-static JS_ALWAYS_INLINE void
-MakeRangeGCSafe(jsid *vec, size_t len)
-{
-    MakeRangeGCSafe(vec, vec + len);
-}
-
-static JS_ALWAYS_INLINE void
-MakeRangeGCSafe(Shape **beg, Shape **end)
-{
-    mozilla::PodZero(beg, end - beg);
-}
-
-static JS_ALWAYS_INLINE void
-MakeRangeGCSafe(Shape **vec, size_t len)
-{
-    mozilla::PodZero(vec, len);
-}
-
-static JS_ALWAYS_INLINE void
-SetValueRangeToUndefined(Value *beg, Value *end)
-{
-    for (Value *v = beg; v != end; ++v)
-        v->setUndefined();
-}
-
-static JS_ALWAYS_INLINE void
-SetValueRangeToUndefined(Value *vec, size_t len)
-{
-    SetValueRangeToUndefined(vec, vec + len);
-}
-
-static JS_ALWAYS_INLINE void
-SetValueRangeToNull(Value *beg, Value *end)
-{
-    for (Value *v = beg; v != end; ++v)
-        v->setNull();
-}
-
-static JS_ALWAYS_INLINE void
-SetValueRangeToNull(Value *vec, size_t len)
-{
-    SetValueRangeToNull(vec, vec + len);
-}
-
 class AutoStringVector : public AutoVectorRooter<JSString *>
 {
   public:
     explicit AutoStringVector(JSContext *cx
                               MOZ_GUARD_OBJECT_NOTIFIER_PARAM)
         : AutoVectorRooter<JSString *>(cx, STRINGVECTOR)
     {
         MOZ_GUARD_OBJECT_NOTIFIER_INIT;
@@ -2480,41 +833,16 @@ class AutoAssertNoException
 
     ~AutoAssertNoException()
     {
         JS_ASSERT_IF(!hadException, !cx->isExceptionPending());
     }
 };
 
 /*
- * Allocation policy that uses JSRuntime::malloc_ and friends, so that
- * memory pressure is properly accounted for. This is suitable for
- * long-lived objects owned by the JSRuntime.
- *
- * Since it doesn't hold a JSContext (those may not live long enough), it
- * can't report out-of-memory conditions itself; the caller must check for
- * OOM and take the appropriate action.
- *
- * FIXME bug 647103 - replace these *AllocPolicy names.
- */
-class RuntimeAllocPolicy
-{
-    JSRuntime *const runtime;
-
-  public:
-    RuntimeAllocPolicy(JSRuntime *rt) : runtime(rt) {}
-    RuntimeAllocPolicy(JSContext *cx) : runtime(cx->runtime()) {}
-    void *malloc_(size_t bytes) { return runtime->malloc_(bytes); }
-    void *calloc_(size_t bytes) { return runtime->calloc_(bytes); }
-    void *realloc_(void *p, size_t bytes) { return runtime->realloc_(p, bytes); }
-    void free_(void *p) { js_free(p); }
-    void reportAllocOverflow() const {}
-};
-
-/*
  * FIXME bug 647103 - replace these *AllocPolicy names.
  */
 class ContextAllocPolicy
 {
     JSContext *const cx_;
 
   public:
     ContextAllocPolicy(JSContext *cx) : cx_(cx) {}
--- a/js/src/jscntxtinlines.h
+++ b/js/src/jscntxtinlines.h
@@ -22,65 +22,16 @@
 #include "vm/RegExpObject.h"
 
 #include "jsgcinlines.h"
 
 #include "vm/ObjectImpl-inl.h"
 
 namespace js {
 
-inline bool
-NewObjectCache::lookupProto(Class *clasp, JSObject *proto, gc::AllocKind kind, EntryIndex *pentry)
-{
-    JS_ASSERT(!proto->is<GlobalObject>());
-    return lookup(clasp, proto, kind, pentry);
-}
-
-inline bool
-NewObjectCache::lookupGlobal(Class *clasp, js::GlobalObject *global, gc::AllocKind kind, EntryIndex *pentry)
-{
-    return lookup(clasp, global, kind, pentry);
-}
-
-inline void
-NewObjectCache::fillGlobal(EntryIndex entry, Class *clasp, js::GlobalObject *global, gc::AllocKind kind, JSObject *obj)
-{
-    //JS_ASSERT(global == obj->getGlobal());
-    return fill(entry, clasp, global, kind, obj);
-}
-
-inline void
-NewObjectCache::copyCachedToObject(JSObject *dst, JSObject *src, gc::AllocKind kind)
-{
-    js_memcpy(dst, src, gc::Arena::thingSize(kind));
-#ifdef JSGC_GENERATIONAL
-    Shape::writeBarrierPost(dst->shape_, &dst->shape_);
-    types::TypeObject::writeBarrierPost(dst->type_, &dst->type_);
-#endif
-}
-
-inline JSObject *
-NewObjectCache::newObjectFromHit(JSContext *cx, EntryIndex entry_, js::gc::InitialHeap heap)
-{
-    // The new object cache does not account for metadata attached via callbacks.
-    JS_ASSERT(!cx->compartment()->objectMetadataCallback);
-
-    JS_ASSERT(unsigned(entry_) < mozilla::ArrayLength(entries));
-    Entry *entry = &entries[entry_];
-
-    JSObject *obj = js_NewGCObject<NoGC>(cx, entry->kind, heap);
-    if (obj) {
-        copyCachedToObject(obj, reinterpret_cast<JSObject *>(&entry->templateObject), entry->kind);
-        Probes::createObject(cx, obj);
-        return obj;
-    }
-
-    return NULL;
-}
-
 #ifdef JS_CRASH_DIAGNOSTICS
 class CompartmentChecker
 {
     JSContext *context;
     JSCompartment *compartment;
 
   public:
     explicit CompartmentChecker(JSContext *cx)
--- a/js/src/jscompartment.h
+++ b/js/src/jscompartment.h
@@ -112,16 +112,17 @@ typedef HashMap<CrossCompartmentKey, Rea
 namespace JS {
 struct TypeInferenceSizes;
 }
 
 namespace js {
 class AutoDebugModeGC;
 class ArrayBufferObject;
 class DebugScopes;
+class WeakMapBase;
 }
 
 struct JSCompartment
 {
     JS::Zone                     *zone_;
     JS::CompartmentOptions       options_;
 
     JSRuntime                    *rt;
--- a/js/src/jsobj.cpp
+++ b/js/src/jsobj.cpp
@@ -45,16 +45,17 @@
 #include "jscntxtinlines.h"
 #include "jscompartmentinlines.h"
 #include "builtin/Iterator-inl.h"
 #include "vm/ArrayObject-inl.h"
 #include "vm/ArgumentsObject-inl.h"
 #include "vm/BooleanObject-inl.h"
 #include "vm/NumberObject-inl.h"
 #include "vm/RegExpStatics-inl.h"
+#include "vm/Runtime-inl.h"
 #include "vm/Shape-inl.h"
 #include "vm/StringObject-inl.h"
 
 using namespace js;
 using namespace js::gc;
 using namespace js::types;
 
 using js::frontend::IsIdentifier;
--- a/js/src/jsweakcache.h
+++ b/js/src/jsweakcache.h
@@ -26,17 +26,17 @@ template <class Key, class Value,
 class WeakCache : public HashMap<Key, Value, HashPolicy, AllocPolicy> {
   private:
     typedef HashMap<Key, Value, HashPolicy, AllocPolicy> Base;
     typedef typename Base::Range Range;
     typedef typename Base::Enum Enum;
 
   public:
     explicit WeakCache(JSRuntime *rt) : Base(rt) { }
-    explicit WeakCache(JSContext *cx) : Base(cx) { }
+    explicit WeakCache(JSContext *cx) : Base(cx->runtime()) { }
 
   public:
     // Sweep all entries which have unmarked key or value.
     void sweep(FreeOp *fop) {
         // Remove all entries whose keys/values remain unmarked.
         for (Enum e(*this); !e.empty(); e.popFront()) {
             // Checking IsMarked() may update the location of the Key (or Value).
             // Pass in a stack local, then manually update the backing heap store.
@@ -77,17 +77,17 @@ template <class Key, class Value,
 class WeakValueCache : public HashMap<Key, Value, HashPolicy, AllocPolicy>
 {
   public:
     typedef HashMap<Key, Value, HashPolicy, AllocPolicy> Base;
     typedef typename Base::Range Range;
     typedef typename Base::Enum Enum;
 
     explicit WeakValueCache(JSRuntime *rt) : Base(rt) { }
-    explicit WeakValueCache(JSContext *cx) : Base(cx) { }
+    explicit WeakValueCache(JSContext *cx) : Base(cx->runtime()) { }
 
   public:
     // Sweep all entries which have unmarked key or value.
     void sweep(FreeOp *fop) {
         // Remove all entries whose values remain unmarked.
         for (Enum e(*this); !e.empty(); e.popFront()) {
             if (gc::IsAboutToBeFinalized(e.front().value))
                 e.removeFront();
--- a/js/src/jsweakmap.h
+++ b/js/src/jsweakmap.h
@@ -129,17 +129,17 @@ template <class Key, class Value,
 class WeakMap : public HashMap<Key, Value, HashPolicy, RuntimeAllocPolicy>, public WeakMapBase
 {
   public:
     typedef HashMap<Key, Value, HashPolicy, RuntimeAllocPolicy> Base;
     typedef typename Base::Enum Enum;
     typedef typename Base::Range Range;
 
     explicit WeakMap(JSContext *cx, JSObject *memOf=NULL)
-        : Base(cx), WeakMapBase(memOf, cx->compartment()) { }
+        : Base(cx->runtime()), WeakMapBase(memOf, cx->compartment()) { }
 
   private:
     bool markValue(JSTracer *trc, Value *x) {
         if (gc::IsMarked(x))
             return false;
         gc::Mark(trc, x, "WeakMap entry");
         JS_ASSERT(gc::IsMarked(x));
         return true;
--- a/js/src/moz.build
+++ b/js/src/moz.build
@@ -111,16 +111,17 @@ CPP_SOURCES += [
     'Parser.cpp',
     'Probes.cpp',
     'Profilers.cpp',
     'PropertyKey.cpp',
     'RegExp.cpp',
     'RegExpObject.cpp',
     'RegExpStatics.cpp',
     'RootMarking.cpp',
+    'Runtime.cpp',
     'SPSProfiler.cpp',
     'ScopeObject.cpp',
     'SelfHosting.cpp',
     'Shape.cpp',
     'Stack.cpp',
     'Statistics.cpp',
     'StoreBuffer.cpp',
     'String.cpp',
--- a/js/src/vm/Debugger.cpp
+++ b/js/src/vm/Debugger.cpp
@@ -359,17 +359,17 @@ Breakpoint::nextInSite()
     JSCList *link = JS_NEXT_LINK(&siteLinks);
     return (link == &site->breakpoints) ? NULL : fromSiteLinks(link);
 }
 
 /*** Debugger hook dispatch **********************************************************************/
 
 Debugger::Debugger(JSContext *cx, JSObject *dbg)
   : object(dbg), uncaughtExceptionHook(NULL), enabled(true),
-    frames(cx), scripts(cx), sources(cx), objects(cx), environments(cx)
+    frames(cx->runtime()), scripts(cx), sources(cx), objects(cx), environments(cx)
 {
     assertSameCompartment(cx, dbg);
 
     cx->runtime()->debuggerList.insertBack(this);
     JS_INIT_CLIST(&breakpoints);
     JS_INIT_CLIST(&onNewGlobalObjectWatchersLink);
 }
 
@@ -2261,17 +2261,19 @@ Debugger::removeDebuggeeGlobal(FreeOp *f
 /*
  * A class for parsing 'findScripts' query arguments and searching for
  * scripts that match the criteria they represent.
  */
 class Debugger::ScriptQuery {
   public:
     /* Construct a ScriptQuery to use matching scripts for |dbg|. */
     ScriptQuery(JSContext *cx, Debugger *dbg):
-        cx(cx), debugger(dbg), compartments(cx), url(cx), innermostForCompartment(cx) {}
+        cx(cx), debugger(dbg), compartments(cx->runtime()), url(cx),
+        innermostForCompartment(cx->runtime())
+    {}
 
     /*
      * Initialize this ScriptQuery. Raise an error and return false if we
      * haven't enough memory.
      */
     bool init() {
         if (!compartments.init() ||
             !innermostForCompartment.init())
--- a/js/src/vm/Debugger.h
+++ b/js/src/vm/Debugger.h
@@ -46,17 +46,17 @@ class DebuggerWeakMap : private WeakMap<
                     DefaultHasher<JS::Zone *>,
                     RuntimeAllocPolicy> CountMap;
 
     CountMap zoneCounts;
 
   public:
     typedef WeakMap<Key, Value, DefaultHasher<Key> > Base;
     explicit DebuggerWeakMap(JSContext *cx)
-        : Base(cx), zoneCounts(cx) { }
+        : Base(cx), zoneCounts(cx->runtime()) { }
 
   public:
     /* Expose those parts of HashMap public interface that are used by Debugger methods. */
 
     typedef typename Base::Ptr Ptr;
     typedef typename Base::AddPtr AddPtr;
     typedef typename Base::Range Range;
     typedef typename Base::Enum Enum;
copy from js/src/jscntxtinlines.h
copy to js/src/vm/Runtime-inl.h
--- a/js/src/jscntxtinlines.h
+++ b/js/src/vm/Runtime-inl.h
@@ -1,18 +1,18 @@
 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
  * vim: set ts=8 sts=4 et sw=4 tw=99:
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-#ifndef jscntxtinlines_h
-#define jscntxtinlines_h
+#ifndef vm_Runtime_inl_h
+#define vm_Runtime_inl_h
 
-#include "jscntxt.h"
+#include "vm/Runtime.h"
 
 #include "jscompartment.h"
 #include "jsfriendapi.h"
 #include "jsgc.h"
 #include "jsiter.h"
 
 #include "builtin/Object.h" // For js::obj_construct
 #include "frontend/ParseMaps.h"
@@ -71,459 +71,11 @@ NewObjectCache::newObjectFromHit(JSConte
         copyCachedToObject(obj, reinterpret_cast<JSObject *>(&entry->templateObject), entry->kind);
         Probes::createObject(cx, obj);
         return obj;
     }
 
     return NULL;
 }
 
-#ifdef JS_CRASH_DIAGNOSTICS
-class CompartmentChecker
-{
-    JSContext *context;
-    JSCompartment *compartment;
-
-  public:
-    explicit CompartmentChecker(JSContext *cx)
-      : context(cx), compartment(cx->compartment())
-    {}
-
-    /*
-     * Set a breakpoint here (break js::CompartmentChecker::fail) to debug
-     * compartment mismatches.
-     */
-    static void fail(JSCompartment *c1, JSCompartment *c2) {
-        printf("*** Compartment mismatch %p vs. %p\n", (void *) c1, (void *) c2);
-        MOZ_CRASH();
-    }
-
-    static void fail(JS::Zone *z1, JS::Zone *z2) {
-        printf("*** Zone mismatch %p vs. %p\n", (void *) z1, (void *) z2);
-        MOZ_CRASH();
-    }
-
-    /* Note: should only be used when neither c1 nor c2 may be the default compartment. */
-    static void check(JSCompartment *c1, JSCompartment *c2) {
-        JS_ASSERT(c1 != c1->rt->atomsCompartment);
-        JS_ASSERT(c2 != c2->rt->atomsCompartment);
-        if (c1 != c2)
-            fail(c1, c2);
-    }
-
-    void check(JSCompartment *c) {
-        if (c && c != context->runtime()->atomsCompartment) {
-            if (!compartment)
-                compartment = c;
-            else if (c != compartment)
-                fail(compartment, c);
-        }
-    }
-
-    void checkZone(JS::Zone *z) {
-        if (compartment && z != compartment->zone())
-            fail(compartment->zone(), z);
-    }
-
-    void check(JSObject *obj) {
-        if (obj)
-            check(obj->compartment());
-    }
-
-    template<typename T>
-    void check(Handle<T> handle) {
-        check(handle.get());
-    }
-
-    void check(JSString *str) {
-        if (!str->isAtom())
-            checkZone(str->zone());
-    }
-
-    void check(const js::Value &v) {
-        if (v.isObject())
-            check(&v.toObject());
-        else if (v.isString())
-            check(v.toString());
-    }
-
-    void check(const ValueArray &arr) {
-        for (size_t i = 0; i < arr.length; i++)
-            check(arr.array[i]);
-    }
-
-    void check(const JSValueArray &arr) {
-        for (size_t i = 0; i < arr.length; i++)
-            check(arr.array[i]);
-    }
-
-    void check(const CallArgs &args) {
-        for (Value *p = args.base(); p != args.end(); ++p)
-            check(*p);
-    }
-
-    void check(jsid id) {
-        if (JSID_IS_OBJECT(id))
-            check(JSID_TO_OBJECT(id));
-    }
-
-    void check(JSIdArray *ida) {
-        if (ida) {
-            for (int i = 0; i < ida->length; i++) {
-                if (JSID_IS_OBJECT(ida->vector[i]))
-                    check(ida->vector[i]);
-            }
-        }
-    }
-
-    void check(JSScript *script) {
-        if (script)
-            check(script->compartment());
-    }
-
-    void check(StackFrame *fp);
-    void check(AbstractFramePtr frame);
-};
-#endif /* JS_CRASH_DIAGNOSTICS */
-
-/*
- * Don't perform these checks when called from a finalizer. The checking
- * depends on other objects not having been swept yet.
- */
-#define START_ASSERT_SAME_COMPARTMENT()                                       \
-    JS_ASSERT(cx->compartment()->zone() == cx->zone());                       \
-    if (cx->runtime()->isHeapBusy())                                          \
-        return;                                                               \
-    CompartmentChecker c(cx)
-
-template <class T1> inline void
-assertSameCompartment(JSContext *cx, const T1 &t1)
-{
-#ifdef JS_CRASH_DIAGNOSTICS
-    START_ASSERT_SAME_COMPARTMENT();
-    c.check(t1);
-#endif
-}
-
-template <class T1> inline void
-assertSameCompartmentDebugOnly(JSContext *cx, const T1 &t1)
-{
-#ifdef DEBUG
-    START_ASSERT_SAME_COMPARTMENT();
-    c.check(t1);
-#endif
-}
-
-template <class T1, class T2> inline void
-assertSameCompartment(JSContext *cx, const T1 &t1, const T2 &t2)
-{
-#ifdef JS_CRASH_DIAGNOSTICS
-    START_ASSERT_SAME_COMPARTMENT();
-    c.check(t1);
-    c.check(t2);
-#endif
-}
-
-template <class T1, class T2, class T3> inline void
-assertSameCompartment(JSContext *cx, const T1 &t1, const T2 &t2, const T3 &t3)
-{
-#ifdef JS_CRASH_DIAGNOSTICS
-    START_ASSERT_SAME_COMPARTMENT();
-    c.check(t1);
-    c.check(t2);
-    c.check(t3);
-#endif
-}
-
-template <class T1, class T2, class T3, class T4> inline void
-assertSameCompartment(JSContext *cx, const T1 &t1, const T2 &t2, const T3 &t3, const T4 &t4)
-{
-#ifdef JS_CRASH_DIAGNOSTICS
-    START_ASSERT_SAME_COMPARTMENT();
-    c.check(t1);
-    c.check(t2);
-    c.check(t3);
-    c.check(t4);
-#endif
-}
-
-template <class T1, class T2, class T3, class T4, class T5> inline void
-assertSameCompartment(JSContext *cx, const T1 &t1, const T2 &t2, const T3 &t3, const T4 &t4, const T5 &t5)
-{
-#ifdef JS_CRASH_DIAGNOSTICS
-    START_ASSERT_SAME_COMPARTMENT();
-    c.check(t1);
-    c.check(t2);
-    c.check(t3);
-    c.check(t4);
-    c.check(t5);
-#endif
-}
-
-#undef START_ASSERT_SAME_COMPARTMENT
-
-STATIC_PRECONDITION_ASSUME(ubound(args.argv_) >= argc)
-JS_ALWAYS_INLINE bool
-CallJSNative(JSContext *cx, Native native, const CallArgs &args)
-{
-    JS_CHECK_RECURSION(cx, return false);
-
-#ifdef DEBUG
-    bool alreadyThrowing = cx->isExceptionPending();
-#endif
-    assertSameCompartment(cx, args);
-    bool ok = native(cx, args.length(), args.base());
-    if (ok) {
-        assertSameCompartment(cx, args.rval());
-        JS_ASSERT_IF(!alreadyThrowing, !cx->isExceptionPending());
-    }
-    return ok;
-}
-
-STATIC_PRECONDITION_ASSUME(ubound(args.argv_) >= argc)
-JS_ALWAYS_INLINE bool
-CallNativeImpl(JSContext *cx, NativeImpl impl, const CallArgs &args)
-{
-#ifdef DEBUG
-    bool alreadyThrowing = cx->isExceptionPending();
-#endif
-    assertSameCompartment(cx, args);
-    bool ok = impl(cx, args);
-    if (ok) {
-        assertSameCompartment(cx, args.rval());
-        JS_ASSERT_IF(!alreadyThrowing, !cx->isExceptionPending());
-    }
-    return ok;
-}
-
-STATIC_PRECONDITION(ubound(args.argv_) >= argc)
-JS_ALWAYS_INLINE bool
-CallJSNativeConstructor(JSContext *cx, Native native, const CallArgs &args)
-{
-#ifdef DEBUG
-    RootedObject callee(cx, &args.callee());
-#endif
-
-    JS_ASSERT(args.thisv().isMagic());
-    if (!CallJSNative(cx, native, args))
-        return false;
-
-    /*
-     * Native constructors must return non-primitive values on success.
-     * Although it is legal, if a constructor returns the callee, there is a
-     * 99.9999% chance it is a bug. If any valid code actually wants the
-     * constructor to return the callee, the assertion can be removed or
-     * (another) conjunct can be added to the antecedent.
-     *
-     * Exceptions:
-     *
-     * - Proxies are exceptions to both rules: they can return primitives and
-     *   they allow content to return the callee.
-     *
-     * - CallOrConstructBoundFunction is an exception as well because we might
-     *   have used bind on a proxy function.
-     *
-     * - new Iterator(x) is user-hookable; it returns x.__iterator__() which
-     *   could be any object.
-     *
-     * - (new Object(Object)) returns the callee.
-     */
-    JS_ASSERT_IF(native != FunctionProxyClass.construct &&
-                 native != js::CallOrConstructBoundFunction &&
-                 native != js::IteratorConstructor &&
-                 (!callee->is<JSFunction>() || callee->as<JSFunction>().native() != obj_construct),
-                 !args.rval().isPrimitive() && callee != &args.rval().toObject());
-
-    return true;
-}
-
-JS_ALWAYS_INLINE bool
-CallJSPropertyOp(JSContext *cx, PropertyOp op, HandleObject receiver, HandleId id, MutableHandleValue vp)
-{
-    JS_CHECK_RECURSION(cx, return false);
-
-    assertSameCompartment(cx, receiver, id, vp);
-    JSBool ok = op(cx, receiver, id, vp);
-    if (ok)
-        assertSameCompartment(cx, vp);
-    return ok;
-}
-
-JS_ALWAYS_INLINE bool
-CallJSPropertyOpSetter(JSContext *cx, StrictPropertyOp op, HandleObject obj, HandleId id,
-                       JSBool strict, MutableHandleValue vp)
-{
-    JS_CHECK_RECURSION(cx, return false);
-
-    assertSameCompartment(cx, obj, id, vp);
-    return op(cx, obj, id, strict, vp);
-}
-
-static inline bool
-CallJSDeletePropertyOp(JSContext *cx, JSDeletePropertyOp op, HandleObject receiver, HandleId id,
-                       JSBool *succeeded)
-{
-    JS_CHECK_RECURSION(cx, return false);
-
-    assertSameCompartment(cx, receiver, id);
-    return op(cx, receiver, id, succeeded);
-}
-
-inline bool
-CallSetter(JSContext *cx, HandleObject obj, HandleId id, StrictPropertyOp op, unsigned attrs,
-           unsigned shortid, JSBool strict, MutableHandleValue vp)
-{
-    if (attrs & JSPROP_SETTER) {
-        RootedValue opv(cx, CastAsObjectJsval(op));
-        return InvokeGetterOrSetter(cx, obj, opv, 1, vp.address(), vp);
-    }
-
-    if (attrs & JSPROP_GETTER)
-        return js_ReportGetterOnlyAssignment(cx);
-
-    if (!(attrs & JSPROP_SHORTID))
-        return CallJSPropertyOpSetter(cx, op, obj, id, strict, vp);
-
-    RootedId nid(cx, INT_TO_JSID(shortid));
-
-    return CallJSPropertyOpSetter(cx, op, obj, nid, strict, vp);
-}
-
 }  /* namespace js */
 
-inline js::LifoAlloc &
-JSContext::analysisLifoAlloc()
-{
-    return compartment()->analysisLifoAlloc;
-}
-
-inline js::LifoAlloc &
-JSContext::typeLifoAlloc()
-{
-    return zone()->types.typeLifoAlloc;
-}
-
-inline void
-JSContext::setPendingException(js::Value v) {
-    JS_ASSERT(!IsPoisonedValue(v));
-    this->throwing = true;
-    this->exception = v;
-    js::assertSameCompartment(this, v);
-}
-
-inline js::PropertyTree&
-JSContext::propertyTree()
-{
-    return compartment()->propertyTree;
-}
-
-inline void
-JSContext::setDefaultCompartmentObject(JSObject *obj)
-{
-    defaultCompartmentObject_ = obj;
-
-    if (!hasEnteredCompartment()) {
-        /*
-         * If JSAPI callers want to JS_SetGlobalObject while code is running,
-         * they must have entered a compartment (otherwise there will be no
-         * final leaveCompartment call to set the context's compartment back to
-         * defaultCompartmentObject->compartment()).
-         */
-        JS_ASSERT(!currentlyRunning());
-        setCompartment(obj ? obj->compartment() : NULL);
-        if (throwing)
-            wrapPendingException();
-    }
-}
-
-inline void
-JSContext::setDefaultCompartmentObjectIfUnset(JSObject *obj)
-{
-    if (!defaultCompartmentObject_)
-        setDefaultCompartmentObject(obj);
-}
-
-inline void
-JSContext::enterCompartment(JSCompartment *c)
-{
-    enterCompartmentDepth_++;
-    setCompartment(c);
-    c->enter();
-    if (throwing)
-        wrapPendingException();
-}
-
-inline void
-JSContext::leaveCompartment(JSCompartment *oldCompartment)
-{
-    JS_ASSERT(hasEnteredCompartment());
-    enterCompartmentDepth_--;
-
-    compartment()->leave();
-
-    /*
-     * Before we entered the current compartment, 'compartment' was
-     * 'oldCompartment', so we might want to simply set it back. However, we
-     * currently have this terrible scheme whereby defaultCompartmentObject_ can
-     * be updated while enterCompartmentDepth_ > 0. In this case, oldCompartment
-     * != defaultCompartmentObject_->compartment and we must ignore
-     * oldCompartment.
-     */
-    if (hasEnteredCompartment() || !defaultCompartmentObject_)
-        setCompartment(oldCompartment);
-    else
-        setCompartment(defaultCompartmentObject_->compartment());
-
-    if (throwing)
-        wrapPendingException();
-}
-
-inline void
-JSContext::setCompartment(JSCompartment *comp)
-{
-    compartment_ = comp;
-    zone_ = comp ? comp->zone() : NULL;
-    allocator_ = zone_ ? &zone_->allocator : NULL;
-}
-
-inline JSScript *
-JSContext::currentScript(jsbytecode **ppc,
-                         MaybeAllowCrossCompartment allowCrossCompartment) const
-{
-    if (ppc)
-        *ppc = NULL;
-
-    js::Activation *act = mainThread().activation();
-    while (act && (act->cx() != this || (act->isJit() && !act->asJit()->isActive())))
-        act = act->prev();
-
-    if (!act)
-        return NULL;
-
-    JS_ASSERT(act->cx() == this);
-
-#ifdef JS_ION
-    if (act->isJit()) {
-        JSScript *script = NULL;
-        js::ion::GetPcScript(const_cast<JSContext *>(this), &script, ppc);
-        if (!allowCrossCompartment && script->compartment() != compartment())
-            return NULL;
-        return script;
-    }
-#endif
-
-    JS_ASSERT(act->isInterpreter());
-
-    js::StackFrame *fp = act->asInterpreter()->current();
-    JS_ASSERT(!fp->runningInJit());
-
-    JSScript *script = fp->script();
-    if (!allowCrossCompartment && script->compartment() != compartment())
-        return NULL;
-
-    if (ppc) {
-        *ppc = act->asInterpreter()->regs().pc;
-        JS_ASSERT(*ppc >= script->code && *ppc < script->code + script->length);
-    }
-    return script;
-}
-
-#endif /* jscntxtinlines_h */
+#endif /* vm_Runtime_inl_h */
copy from js/src/jscntxt.cpp
copy to js/src/vm/Runtime.cpp
--- a/js/src/jscntxt.cpp
+++ b/js/src/vm/Runtime.cpp
@@ -1,32 +1,20 @@
 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
  * vim: set ts=8 sts=4 et sw=4 tw=99:
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-/*
- * JS execution context.
- */
-
-#include "jscntxt.h"
+#include "vm/Runtime.h"
 
 #include <locale.h>
 #include <stdarg.h>
 #include <string.h>
 
-#include "mozilla/DebugOnly.h"
-
-#ifdef ANDROID
-# include <android/log.h>
-# include <fstream>
-# include <string>
-#endif  // ANDROID
-
 #include "mozilla/MemoryReporting.h"
 #include "mozilla/Util.h"
 
 #include "jstypes.h"
 #include "jsprf.h"
 #include "jsatom.h"
 #include "jscompartment.h"
 #include "jsdbgapi.h"
@@ -46,75 +34,36 @@
 #endif
 
 #include "gc/Marking.h"
 #include "js/CharacterEncoding.h"
 #include "js/MemoryMetrics.h"
 #include "vm/Shape.h"
 #include "yarr/BumpPointerAllocator.h"
 
-#include "jscntxtinlines.h"
 #include "jsobjinlines.h"
 
 #include "vm/Stack-inl.h"
 
 using namespace js;
 using namespace js::gc;
 
-using mozilla::DebugOnly;
-using mozilla::PodArrayZero;
 using mozilla::PodZero;
-using mozilla::PointerRangeSize;
-
-bool
-js::AutoCycleDetector::init()
-{
-    ObjectSet &set = cx->cycleDetectorSet;
-    hashsetAddPointer = set.lookupForAdd(obj);
-    if (!hashsetAddPointer) {
-        if (!set.add(hashsetAddPointer, obj))
-            return false;
-        cyclic = false;
-        hashsetGenerationAtInit = set.generation();
-    }
-    return true;
-}
-
-js::AutoCycleDetector::~AutoCycleDetector()
-{
-    if (!cyclic) {
-        if (hashsetGenerationAtInit == cx->cycleDetectorSet.generation())
-            cx->cycleDetectorSet.remove(hashsetAddPointer);
-        else
-            cx->cycleDetectorSet.remove(obj);
-    }
-}
-
-void
-js::TraceCycleDetectionSet(JSTracer *trc, js::ObjectSet &set)
-{
-    for (js::ObjectSet::Enum e(set); !e.empty(); e.popFront()) {
-        JSObject *prior = e.front();
-        MarkObjectRoot(trc, const_cast<JSObject **>(&e.front()), "cycle detector table entry");
-        if (prior != e.front())
-            e.rekeyFront(e.front());
-    }
-}
 
 void
 NewObjectCache::clearNurseryObjects(JSRuntime *rt)
 {
     for (unsigned i = 0; i < mozilla::ArrayLength(entries); ++i) {
         Entry &e = entries[i];
         JSObject *obj = reinterpret_cast<JSObject *>(&e.templateObject);
         if (IsInsideNursery(rt, e.key) ||
             IsInsideNursery(rt, obj->slots) ||
             IsInsideNursery(rt, obj->elements))
         {
-            mozilla::PodZero(&e);
+            PodZero(&e);
         }
     }
 }
 
 void
 JSRuntime::sizeOfIncludingThis(mozilla::MallocSizeOf mallocSizeOf, JS::RuntimeSizes *rtSizes)
 {
     rtSizes->object = mallocSizeOf(this);
@@ -216,1016 +165,16 @@ JSRuntime::createMathCache(JSContext *cx
         js_ReportOutOfMemory(cx);
         return NULL;
     }
 
     mathCache_ = newMathCache;
     return mathCache_;
 }
 
-void
-JSCompartment::sweepCallsiteClones()
-{
-    if (callsiteClones.initialized()) {
-        for (CallsiteCloneTable::Enum e(callsiteClones); !e.empty(); e.popFront()) {
-            CallsiteCloneKey key = e.front().key;
-            JSFunction *fun = e.front().value;
-            if (!IsScriptMarked(&key.script) || !IsObjectMarked(&fun))
-                e.removeFront();
-        }
-    }
-}
-
-JSFunction *
-js::CloneFunctionAtCallsite(JSContext *cx, HandleFunction fun, HandleScript script, jsbytecode *pc)
-{
-    JS_ASSERT(cx->typeInferenceEnabled());
-    JS_ASSERT(fun->nonLazyScript()->shouldCloneAtCallsite);
-    JS_ASSERT(!fun->nonLazyScript()->enclosingStaticScope());
-    JS_ASSERT(types::UseNewTypeForClone(fun));
-
-    typedef CallsiteCloneKey Key;
-    typedef CallsiteCloneTable Table;
-
-    Table &table = cx->compartment()->callsiteClones;
-    if (!table.initialized() && !table.init())
-        return NULL;
-
-    uint32_t offset = pc - script->code;
-    void* originalScript = script;
-    void* originalFun = fun;
-    SkipRoot skipScript(cx, &originalScript);
-    SkipRoot skipFun(cx, &originalFun);
-
-    Table::AddPtr p = table.lookupForAdd(Key(fun, script, offset));
-    SkipRoot skipHash(cx, &p); /* Prevent the hash from being poisoned. */
-    if (p)
-        return p->value;
-
-    RootedObject parent(cx, fun->environment());
-    RootedFunction clone(cx, CloneFunctionObject(cx, fun, parent));
-    if (!clone)
-        return NULL;
-
-    /*
-     * Store a link back to the original for function.caller and avoid cloning
-     * clones.
-     */
-    clone->nonLazyScript()->shouldCloneAtCallsite = false;
-    clone->nonLazyScript()->isCallsiteClone = true;
-    clone->nonLazyScript()->setOriginalFunctionObject(fun);
-
-    Key key(fun, script, offset);
-
-    /* Recalculate the hash if script or fun have been moved. */
-    if (script != originalScript || fun != originalFun) {
-        p = table.lookupForAdd(key);
-        JS_ASSERT(!p);
-    }
-
-    if (!table.relookupOrAdd(p, key, clone.get()))
-        return NULL;
-
-    return clone;
-}
-
-JSContext *
-js::NewContext(JSRuntime *rt, size_t stackChunkSize)
-{
-    JS_AbortIfWrongThread(rt);
-
-    JSContext *cx = js_new<JSContext>(rt);
-    if (!cx)
-        return NULL;
-
-    if (!cx->cycleDetectorSet.init()) {
-        js_delete(cx);
-        return NULL;
-    }
-
-    /*
-     * Here the GC lock is still held after js_InitContextThreadAndLockGC took it and
-     * the GC is not running on another thread.
-     */
-    bool first = rt->contextList.isEmpty();
-    rt->contextList.insertBack(cx);
-
-    /*
-     * If cx is the first context on this runtime, initialize well-known atoms,
-     * keywords, numbers, strings and self-hosted scripts. If one of these
-     * steps should fail, the runtime will be left in a partially initialized
-     * state, with zeroes and nulls stored in the default-initialized remainder
-     * of the struct. We'll clean the runtime up under DestroyContext, because
-     * cx will be "last" as well as "first".
-     */
-    if (first) {
-#ifdef JS_THREADSAFE
-        JS_BeginRequest(cx);
-#endif
-        bool ok = rt->staticStrings.init(cx);
-        if (ok)
-            ok = InitCommonNames(cx);
-        if (ok)
-            ok = rt->initSelfHosting(cx);
-
-#ifdef JS_THREADSAFE
-        JS_EndRequest(cx);
-#endif
-        if (!ok) {
-            DestroyContext(cx, DCM_NEW_FAILED);
-            return NULL;
-        }
-    }
-
-    JSContextCallback cxCallback = rt->cxCallback;
-    if (cxCallback && !cxCallback(cx, JSCONTEXT_NEW)) {
-        DestroyContext(cx, DCM_NEW_FAILED);
-        return NULL;
-    }
-
-    return cx;
-}
-
-void
-js::DestroyContext(JSContext *cx, DestroyContextMode mode)
-{
-    JSRuntime *rt = cx->runtime();
-    JS_AbortIfWrongThread(rt);
-
-#ifdef JS_THREADSAFE
-    if (cx->outstandingRequests != 0)
-        MOZ_CRASH();
-#endif
-
-#if (defined(JSGC_ROOT_ANALYSIS) || defined(JSGC_USE_EXACT_ROOTING)) && defined(DEBUG)
-    for (int i = 0; i < THING_ROOT_LIMIT; ++i)
-        JS_ASSERT(cx->thingGCRooters[i] == NULL);
-#endif
-
-    if (mode != DCM_NEW_FAILED) {
-        if (JSContextCallback cxCallback = rt->cxCallback) {
-            /*
-             * JSCONTEXT_DESTROY callback is not allowed to fail and must
-             * return true.
-             */
-            JS_ALWAYS_TRUE(cxCallback(cx, JSCONTEXT_DESTROY));
-        }
-    }
-
-    cx->remove();
-    bool last = !rt->hasContexts();
-    if (last) {
-        JS_ASSERT(!rt->isHeapBusy());
-
-        /*
-         * Dump remaining type inference results first. This printing
-         * depends on atoms still existing.
-         */
-        for (CompartmentsIter c(rt); !c.done(); c.next())
-            c->types.print(cx, false);
-
-        /* Off thread ion compilations depend on atoms still existing. */
-        for (CompartmentsIter c(rt); !c.done(); c.next())
-            CancelOffThreadIonCompile(c, NULL);
-
-        /* Unpin all common names before final GC. */
-        FinishCommonNames(rt);
-
-        /* Clear debugging state to remove GC roots. */
-        for (CompartmentsIter c(rt); !c.done(); c.next())
-            c->clearTraps(rt->defaultFreeOp());
-        JS_ClearAllWatchPoints(cx);
-
-        /* Clear the statics table to remove GC roots. */
-        rt->staticStrings.finish();
-
-        JS::PrepareForFullGC(rt);
-        GC(rt, GC_NORMAL, JS::gcreason::LAST_CONTEXT);
-
-        /*
-         * Clear the self-hosted global and delete self-hosted classes *after*
-         * GC, as finalizers for objects check for clasp->finalize during GC.
-         */
-        rt->finishSelfHosting();
-    } else if (mode == DCM_FORCE_GC) {
-        JS_ASSERT(!rt->isHeapBusy());
-        JS::PrepareForFullGC(rt);
-        GC(rt, GC_NORMAL, JS::gcreason::DESTROY_CONTEXT);
-    }
-    js_delete_poison(cx);
-}
-
-bool
-AutoResolving::alreadyStartedSlow() const
-{
-    JS_ASSERT(link);
-    AutoResolving *cursor = link;
-    do {
-        JS_ASSERT(this != cursor);
-        if (object.get() == cursor->object && id.get() == cursor->id && kind == cursor->kind)
-            return true;
-    } while (!!(cursor = cursor->link));
-    return false;
-}
-
-static void
-ReportError(JSContext *cx, const char *message, JSErrorReport *reportp,
-            JSErrorCallback callback, void *userRef)
-{
-    /*
-     * Check the error report, and set a JavaScript-catchable exception
-     * if the error is defined to have an associated exception.  If an
-     * exception is thrown, then the JSREPORT_EXCEPTION flag will be set
-     * on the error report, and exception-aware hosts should ignore it.
-     */
-    JS_ASSERT(reportp);
-    if ((!callback || callback == js_GetErrorMessage) &&
-        reportp->errorNumber == JSMSG_UNCAUGHT_EXCEPTION)
-        reportp->flags |= JSREPORT_EXCEPTION;
-
-    /*
-     * Call the error reporter only if an exception wasn't raised.
-     *
-     * If an exception was raised, then we call the debugErrorHook
-     * (if present) to give it a chance to see the error before it
-     * propagates out of scope.  This is needed for compatibility
-     * with the old scheme.
-     */
-    if (!JS_IsRunning(cx) ||
-        !js_ErrorToException(cx, message, reportp, callback, userRef)) {
-        js_ReportErrorAgain(cx, message, reportp);
-    } else if (JSDebugErrorHook hook = cx->runtime()->debugHooks.debugErrorHook) {
-        /*
-         * If we've already chewed up all the C stack, don't call into the
-         * error reporter since this may trigger an infinite recursion where
-         * the reporter triggers an over-recursion.
-         */
-        int stackDummy;
-        if (!JS_CHECK_STACK_SIZE(cx->mainThread().nativeStackLimit, &stackDummy))
-            return;
-
-        if (cx->errorReporter)
-            hook(cx, message, reportp, cx->runtime()->debugHooks.debugErrorHookData);
-    }
-}
-
-/*
- * The given JSErrorReport object have been zeroed and must not outlive
- * cx->fp() (otherwise report->originPrincipals may become invalid).
- */
-static void
-PopulateReportBlame(JSContext *cx, JSErrorReport *report)
-{
-    /*
-     * Walk stack until we find a frame that is associated with a non-builtin
-     * rather than a builtin frame.
-     */
-    NonBuiltinScriptFrameIter iter(cx);
-    if (iter.done())
-        return;
-
-    report->filename = iter.script()->filename();
-    report->lineno = PCToLineNumber(iter.script(), iter.pc(), &report->column);
-    report->originPrincipals = iter.script()->originPrincipals;
-}
-
-/*
- * Since memory has been exhausted, avoid the normal error-handling path which
- * allocates an error object, report and callstack. If code is running, simply
- * throw the static atom "out of memory". If code is not running, call the
- * error reporter directly.
- *
- * Furthermore, callers of js_ReportOutOfMemory (viz., malloc) assume a GC does
- * not occur, so GC must be avoided or suppressed.
- */
-void
-js_ReportOutOfMemory(JSContext *cx)
-{
-    cx->runtime()->hadOutOfMemory = true;
-
-    if (JS_IsRunning(cx)) {
-        cx->setPendingException(StringValue(cx->names().outOfMemory));
-        return;
-    }
-
-    /* Get the message for this error, but we don't expand any arguments. */
-    const JSErrorFormatString *efs =
-        js_GetLocalizedErrorMessage(cx, NULL, NULL, JSMSG_OUT_OF_MEMORY);
-    const char *msg = efs ? efs->format : "Out of memory";
-
-    /* Fill out the report, but don't do anything that requires allocation. */
-    JSErrorReport report;
-    PodZero(&report);
-    report.flags = JSREPORT_ERROR;
-    report.errorNumber = JSMSG_OUT_OF_MEMORY;
-    PopulateReportBlame(cx, &report);
-
-    /* Report the error. */
-    if (JSErrorReporter onError = cx->errorReporter) {
-        AutoSuppressGC suppressGC(cx);
-        onError(cx, msg, &report);
-    }
-}
-
-JS_FRIEND_API(void)
-js_ReportOverRecursed(JSContext *maybecx)
-{
-#ifdef JS_MORE_DETERMINISTIC
-    /*
-     * We cannot make stack depth deterministic across different
-     * implementations (e.g. JIT vs. interpreter will differ in
-     * their maximum stack depth).
-     * However, we can detect externally when we hit the maximum
-     * stack depth which is useful for external testing programs
-     * like fuzzers.
-     */
-    fprintf(stderr, "js_ReportOverRecursed called\n");
-#endif
-    if (maybecx)
-        JS_ReportErrorNumber(maybecx, js_GetErrorMessage, NULL, JSMSG_OVER_RECURSED);
-}
-
-void
-js_ReportAllocationOverflow(JSContext *maybecx)
-{
-    if (maybecx) {
-        AutoSuppressGC suppressGC(maybecx);
-        JS_ReportErrorNumber(maybecx, js_GetErrorMessage, NULL, JSMSG_ALLOC_OVERFLOW);
-    }
-}
-
-/*
- * Given flags and the state of cx, decide whether we should report an
- * error, a warning, or just continue execution normally.  Return
- * true if we should continue normally, without reporting anything;
- * otherwise, adjust *flags as appropriate and return false.
- */
-static bool
-checkReportFlags(JSContext *cx, unsigned *flags)
-{
-    if (JSREPORT_IS_STRICT_MODE_ERROR(*flags)) {
-        /*
-         * Error in strict code; warning with extra warnings option; okay
-         * otherwise.  We assume that if the top frame is a native, then it is
-         * strict if the nearest scripted frame is strict, see bug 536306.
-         */
-        JSScript *script = cx->currentScript();
-        if (script && script->strict)
-            *flags &= ~JSREPORT_WARNING;
-        else if (cx->hasExtraWarningsOption())
-            *flags |= JSREPORT_WARNING;
-        else
-            return true;
-    } else if (JSREPORT_IS_STRICT(*flags)) {
-        /* Warning/error only when JSOPTION_STRICT is set. */
-        if (!cx->hasExtraWarningsOption())
-            return true;
-    }
-
-    /* Warnings become errors when JSOPTION_WERROR is set. */
-    if (JSREPORT_IS_WARNING(*flags) && cx->hasWErrorOption())
-        *flags &= ~JSREPORT_WARNING;
-
-    return false;
-}
-
-JSBool
-js_ReportErrorVA(JSContext *cx, unsigned flags, const char *format, va_list ap)
-{
-    char *message;
-    jschar *ucmessage;
-    size_t messagelen;
-    JSErrorReport report;
-    JSBool warning;
-
-    if (checkReportFlags(cx, &flags))
-        return JS_TRUE;
-
-    message = JS_vsmprintf(format, ap);
-    if (!message)
-        return JS_FALSE;
-    messagelen = strlen(message);
-
-    PodZero(&report);
-    report.flags = flags;
-    report.errorNumber = JSMSG_USER_DEFINED_ERROR;
-    report.ucmessage = ucmessage = InflateString(cx, message, &messagelen);
-    PopulateReportBlame(cx, &report);
-
-    warning = JSREPORT_IS_WARNING(report.flags);
-
-    ReportError(cx, message, &report, NULL, NULL);
-    js_free(message);
-    js_free(ucmessage);
-    return warning;
-}
-
-/* |callee| requires a usage string provided by JS_DefineFunctionsWithHelp. */
-void
-js::ReportUsageError(JSContext *cx, HandleObject callee, const char *msg)
-{
-    const char *usageStr = "usage";
-    PropertyName *usageAtom = Atomize(cx, usageStr, strlen(usageStr))->asPropertyName();
-    RootedId id(cx, NameToId(usageAtom));
-    DebugOnly<Shape *> shape = static_cast<Shape *>(callee->nativeLookup(cx, id));
-    JS_ASSERT(!shape->configurable());
-    JS_ASSERT(!shape->writable());
-    JS_ASSERT(shape->hasDefaultGetter());
-
-    RootedValue usage(cx);
-    if (!JS_LookupProperty(cx, callee, "usage", usage.address()))
-        return;
-
-    if (JSVAL_IS_VOID(usage)) {
-        JS_ReportError(cx, "%s", msg);
-    } else {
-        JSString *str = JSVAL_TO_STRING(usage);
-        JS::Anchor<JSString *> a_str(str);
-        const jschar *chars = JS_GetStringCharsZ(cx, str);
-        if (!chars)
-            return;
-        JS_ReportError(cx, "%s. Usage: %hs", msg, chars);
-    }
-}
-
-bool
-js::PrintError(JSContext *cx, FILE *file, const char *message, JSErrorReport *report,
-               bool reportWarnings)
-{
-    if (!report) {
-        fprintf(file, "%s\n", message);
-        fflush(file);
-        return false;
-    }
-
-    /* Conditionally ignore reported warnings. */
-    if (JSREPORT_IS_WARNING(report->flags) && !reportWarnings)
-        return false;
-
-    char *prefix = NULL;
-    if (report->filename)
-        prefix = JS_smprintf("%s:", report->filename);
-    if (report->lineno) {
-        char *tmp = prefix;
-        prefix = JS_smprintf("%s%u:%u ", tmp ? tmp : "", report->lineno, report->column);
-        JS_free(cx, tmp);
-    }
-    if (JSREPORT_IS_WARNING(report->flags)) {
-        char *tmp = prefix;
-        prefix = JS_smprintf("%s%swarning: ",
-                             tmp ? tmp : "",
-                             JSREPORT_IS_STRICT(report->flags) ? "strict " : "");
-        JS_free(cx, tmp);
-    }
-
-    /* embedded newlines -- argh! */
-    const char *ctmp;
-    while ((ctmp = strchr(message, '\n')) != 0) {
-        ctmp++;
-        if (prefix)
-            fputs(prefix, file);
-        fwrite(message, 1, ctmp - message, file);
-        message = ctmp;
-    }
-
-    /* If there were no filename or lineno, the prefix might be empty */
-    if (prefix)
-        fputs(prefix, file);
-    fputs(message, file);
-
-    if (report->linebuf) {
-        /* report->linebuf usually ends with a newline. */
-        int n = strlen(report->linebuf);
-        fprintf(file, ":\n%s%s%s%s",
-                prefix,
-                report->linebuf,
-                (n > 0 && report->linebuf[n-1] == '\n') ? "" : "\n",
-                prefix);
-        n = report->tokenptr - report->linebuf;
-        for (int i = 0, j = 0; i < n; i++) {
-            if (report->linebuf[i] == '\t') {
-                for (int k = (j + 8) & ~7; j < k; j++) {
-                    fputc('.', file);
-                }
-                continue;
-            }
-            fputc('.', file);
-            j++;
-        }
-        fputc('^', file);
-    }
-    fputc('\n', file);
-    fflush(file);
-    JS_free(cx, prefix);
-    return true;
-}
-
-/*
- * The arguments from ap need to be packaged up into an array and stored
- * into the report struct.
- *
- * The format string addressed by the error number may contain operands
- * identified by the format {N}, where N is a decimal digit. Each of these
- * is to be replaced by the Nth argument from the va_list. The complete
- * message is placed into reportp->ucmessage converted to a JSString.
- *
- * Returns true if the expansion succeeds (can fail if out of memory).
- */
-JSBool
-js_ExpandErrorArguments(JSContext *cx, JSErrorCallback callback,
-                        void *userRef, const unsigned errorNumber,
-                        char **messagep, JSErrorReport *reportp,
-                        ErrorArgumentsType argumentsType, va_list ap)
-{
-    const JSErrorFormatString *efs;
-    int i;
-    int argCount;
-    bool messageArgsPassed = !!reportp->messageArgs;
-
-    *messagep = NULL;
-
-    /* Most calls supply js_GetErrorMessage; if this is so, assume NULL. */
-    if (!callback || callback == js_GetErrorMessage)
-        efs = js_GetLocalizedErrorMessage(cx, userRef, NULL, errorNumber);
-    else
-        efs = callback(userRef, NULL, errorNumber);
-    if (efs) {
-        reportp->exnType = efs->exnType;
-
-        size_t totalArgsLength = 0;
-        size_t argLengths[10]; /* only {0} thru {9} supported */
-        argCount = efs->argCount;
-        JS_ASSERT(argCount <= 10);
-        if (argCount > 0) {
-            /*
-             * Gather the arguments into an array, and accumulate
-             * their sizes. We allocate 1 more than necessary and
-             * null it out to act as the caboose when we free the
-             * pointers later.
-             */
-            if (messageArgsPassed) {
-                JS_ASSERT(!reportp->messageArgs[argCount]);
-            } else {
-                reportp->messageArgs = cx->pod_malloc<const jschar*>(argCount + 1);
-                if (!reportp->messageArgs)
-                    return JS_FALSE;
-                /* NULL-terminate for easy copying. */
-                reportp->messageArgs[argCount] = NULL;
-            }
-            for (i = 0; i < argCount; i++) {
-                if (messageArgsPassed) {
-                    /* Do nothing. */
-                } else if (argumentsType == ArgumentsAreASCII) {
-                    char *charArg = va_arg(ap, char *);
-                    size_t charArgLength = strlen(charArg);
-                    reportp->messageArgs[i] = InflateString(cx, charArg, &charArgLength);
-                    if (!reportp->messageArgs[i])
-                        goto error;
-                } else {
-                    reportp->messageArgs[i] = va_arg(ap, jschar *);
-                }
-                argLengths[i] = js_strlen(reportp->messageArgs[i]);
-                totalArgsLength += argLengths[i];
-            }
-        }
-        /*
-         * Parse the error format, substituting the argument X
-         * for {X} in the format.
-         */
-        if (argCount > 0) {
-            if (efs->format) {
-                jschar *buffer, *fmt, *out;
-                int expandedArgs = 0;
-                size_t expandedLength;
-                size_t len = strlen(efs->format);
-
-                buffer = fmt = InflateString(cx, efs->format, &len);
-                if (!buffer)
-                    goto error;
-                expandedLength = len
-                                 - (3 * argCount)       /* exclude the {n} */
-                                 + totalArgsLength;
-
-                /*
-                * Note - the above calculation assumes that each argument
-                * is used once and only once in the expansion !!!
-                */
-                reportp->ucmessage = out = cx->pod_malloc<jschar>(expandedLength + 1);
-                if (!out) {
-                    js_free(buffer);
-                    goto error;
-                }
-                while (*fmt) {
-                    if (*fmt == '{') {
-                        if (isdigit(fmt[1])) {
-                            int d = JS7_UNDEC(fmt[1]);
-                            JS_ASSERT(d < argCount);
-                            js_strncpy(out, reportp->messageArgs[d],
-                                       argLengths[d]);
-                            out += argLengths[d];
-                            fmt += 3;
-                            expandedArgs++;
-                            continue;
-                        }
-                    }
-                    *out++ = *fmt++;
-                }
-                JS_ASSERT(expandedArgs == argCount);
-                *out = 0;
-                js_free(buffer);
-                TwoByteChars ucmsg(reportp->ucmessage,
-                                   PointerRangeSize(static_cast<const jschar *>(reportp->ucmessage),
-                                                    static_cast<const jschar *>(out)));
-                *messagep = LossyTwoByteCharsToNewLatin1CharsZ(cx, ucmsg).c_str();
-                if (!*messagep)
-                    goto error;
-            }
-        } else {
-            /* Non-null messageArgs should have at least one non-null arg. */
-            JS_ASSERT(!reportp->messageArgs);
-            /*
-             * Zero arguments: the format string (if it exists) is the
-             * entire message.
-             */
-            if (efs->format) {
-                size_t len;
-                *messagep = JS_strdup(cx, efs->format);
-                if (!*messagep)
-                    goto error;
-                len = strlen(*messagep);
-                reportp->ucmessage = InflateString(cx, *messagep, &len);
-                if (!reportp->ucmessage)
-                    goto error;
-            }
-        }
-    }
-    if (*messagep == NULL) {
-        /* where's the right place for this ??? */
-        const char *defaultErrorMessage
-            = "No error message available for error number %d";
-        size_t nbytes = strlen(defaultErrorMessage) + 16;
-        *messagep = cx->pod_malloc<char>(nbytes);
-        if (!*messagep)
-            goto error;
-        JS_snprintf(*messagep, nbytes, defaultErrorMessage, errorNumber);
-    }
-    return JS_TRUE;
-
-error:
-    if (!messageArgsPassed && reportp->messageArgs) {
-        /* free the arguments only if we allocated them */
-        if (argumentsType == ArgumentsAreASCII) {
-            i = 0;
-            while (reportp->messageArgs[i])
-                js_free((void *)reportp->messageArgs[i++]);
-        }
-        js_free((void *)reportp->messageArgs);
-        reportp->messageArgs = NULL;
-    }
-    if (reportp->ucmessage) {
-        js_free((void *)reportp->ucmessage);
-        reportp->ucmessage = NULL;
-    }
-    if (*messagep) {
-        js_free((void *)*messagep);
-        *messagep = NULL;
-    }
-    return JS_FALSE;
-}
-
-JSBool
-js_ReportErrorNumberVA(JSContext *cx, unsigned flags, JSErrorCallback callback,
-                       void *userRef, const unsigned errorNumber,
-                       ErrorArgumentsType argumentsType, va_list ap)
-{
-    JSErrorReport report;
-    char *message;
-    JSBool warning;
-
-    if (checkReportFlags(cx, &flags))
-        return JS_TRUE;
-    warning = JSREPORT_IS_WARNING(flags);
-
-    PodZero(&report);
-    report.flags = flags;
-    report.errorNumber = errorNumber;
-    PopulateReportBlame(cx, &report);
-
-    if (!js_ExpandErrorArguments(cx, callback, userRef, errorNumber,
-                                 &message, &report, argumentsType, ap)) {
-        return JS_FALSE;
-    }
-
-    ReportError(cx, message, &report, callback, userRef);
-
-    if (message)
-        js_free(message);
-    if (report.messageArgs) {
-        /*
-         * js_ExpandErrorArguments owns its messageArgs only if it had to
-         * inflate the arguments (from regular |char *|s).
-         */
-        if (argumentsType == ArgumentsAreASCII) {
-            int i = 0;
-            while (report.messageArgs[i])
-                js_free((void *)report.messageArgs[i++]);
-        }
-        js_free((void *)report.messageArgs);
-    }
-    if (report.ucmessage)
-        js_free((void *)report.ucmessage);
-
-    return warning;
-}
-
-bool
-js_ReportErrorNumberUCArray(JSContext *cx, unsigned flags, JSErrorCallback callback,
-                            void *userRef, const unsigned errorNumber,
-                            const jschar **args)
-{
-    if (checkReportFlags(cx, &flags))
-        return true;
-    bool warning = JSREPORT_IS_WARNING(flags);
-
-    JSErrorReport report;
-    PodZero(&report);
-    report.flags = flags;
-    report.errorNumber = errorNumber;
-    PopulateReportBlame(cx, &report);
-    report.messageArgs = args;
-
-    char *message;
-    va_list dummy;
-    if (!js_ExpandErrorArguments(cx, callback, userRef, errorNumber,
-                                 &message, &report, ArgumentsAreUnicode, dummy)) {
-        return false;
-    }
-
-    ReportError(cx, message, &report, callback, userRef);
-
-    if (message)
-        js_free(message);
-    if (report.ucmessage)
-        js_free((void *)report.ucmessage);
-
-    return warning;
-}
-
-JS_FRIEND_API(void)
-js_ReportErrorAgain(JSContext *cx, const char *message, JSErrorReport *reportp)
-{
-    JSErrorReporter onError;
-
-    if (!message)
-        return;
-
-    onError = cx->errorReporter;
-
-    /*
-     * If debugErrorHook is present then we give it a chance to veto
-     * sending the error on to the regular ErrorReporter.
-     */
-    if (onError) {
-        JSDebugErrorHook hook = cx->runtime()->debugHooks.debugErrorHook;
-        if (hook && !hook(cx, message, reportp, cx->runtime()->debugHooks.debugErrorHookData))
-            onError = NULL;
-    }
-    if (onError)
-        onError(cx, message, reportp);
-}
-
-void
-js_ReportIsNotDefined(JSContext *cx, const char *name)
-{
-    JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL, JSMSG_NOT_DEFINED, name);
-}
-
-JSBool
-js_ReportIsNullOrUndefined(JSContext *cx, int spindex, HandleValue v,
-                           HandleString fallback)
-{
-    char *bytes;
-    JSBool ok;
-
-    bytes = DecompileValueGenerator(cx, spindex, v, fallback);
-    if (!bytes)
-        return JS_FALSE;
-
-    if (strcmp(bytes, js_undefined_str) == 0 ||
-        strcmp(bytes, js_null_str) == 0) {
-        ok = JS_ReportErrorFlagsAndNumber(cx, JSREPORT_ERROR,
-                                          js_GetErrorMessage, NULL,
-                                          JSMSG_NO_PROPERTIES, bytes,
-                                          NULL, NULL);
-    } else if (v.isUndefined()) {
-        ok = JS_ReportErrorFlagsAndNumber(cx, JSREPORT_ERROR,
-                                          js_GetErrorMessage, NULL,
-                                          JSMSG_UNEXPECTED_TYPE, bytes,
-                                          js_undefined_str, NULL);
-    } else {
-        JS_ASSERT(v.isNull());
-        ok = JS_ReportErrorFlagsAndNumber(cx, JSREPORT_ERROR,
-                                          js_GetErrorMessage, NULL,
-                                          JSMSG_UNEXPECTED_TYPE, bytes,
-                                          js_null_str, NULL);
-    }
-
-    js_free(bytes);
-    return ok;
-}
-
-void
-js_ReportMissingArg(JSContext *cx, HandleValue v, unsigned arg)
-{
-    char argbuf[11];
-    char *bytes;
-    RootedAtom atom(cx);
-
-    JS_snprintf(argbuf, sizeof argbuf, "%u", arg);
-    bytes = NULL;
-    if (IsFunctionObject(v)) {
-        atom = v.toObject().as<JSFunction>().atom();
-        bytes = DecompileValueGenerator(cx, JSDVG_SEARCH_STACK,
-                                        v, atom);
-        if (!bytes)
-            return;
-    }
-    JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
-                         JSMSG_MISSING_FUN_ARG, argbuf,
-                         bytes ? bytes : "");
-    js_free(bytes);
-}
-
-JSBool
-js_ReportValueErrorFlags(JSContext *cx, unsigned flags, const unsigned errorNumber,
-                         int spindex, HandleValue v, HandleString fallback,
-                         const char *arg1, const char *arg2)
-{
-    char *bytes;
-    JSBool ok;
-
-    JS_ASSERT(js_ErrorFormatString[errorNumber].argCount >= 1);
-    JS_ASSERT(js_ErrorFormatString[errorNumber].argCount <= 3);
-    bytes = DecompileValueGenerator(cx, spindex, v, fallback);
-    if (!bytes)
-        return JS_FALSE;
-
-    ok = JS_ReportErrorFlagsAndNumber(cx, flags, js_GetErrorMessage,
-                                      NULL, errorNumber, bytes, arg1, arg2);
-    js_free(bytes);
-    return ok;
-}
-
-const JSErrorFormatString js_ErrorFormatString[JSErr_Limit] = {
-#define MSG_DEF(name, number, count, exception, format) \
-    { format, count, exception } ,
-#include "js.msg"
-#undef MSG_DEF
-};
-
-JS_FRIEND_API(const JSErrorFormatString *)
-js_GetErrorMessage(void *userRef, const char *locale, const unsigned errorNumber)
-{
-    if ((errorNumber > 0) && (errorNumber < JSErr_Limit))
-        return &js_ErrorFormatString[errorNumber];
-    return NULL;
-}
-
-JSBool
-js_InvokeOperationCallback(JSContext *cx)
-{
-    JS_ASSERT_REQUEST_DEPTH(cx);
-
-    JSRuntime *rt = cx->runtime();
-    JS_ASSERT(rt->interrupt != 0);
-
-    /*
-     * Reset the callback counter first, then run GC and yield. If another
-     * thread is racing us here we will accumulate another callback request
-     * which will be serviced at the next opportunity.
-     */
-    JS_ATOMIC_SET(&rt->interrupt, 0);
-
-    /* IonMonkey sets its stack limit to UINTPTR_MAX to trigger operaton callbacks. */
-    rt->resetIonStackLimit();
-
-    if (rt->gcIsNeeded)
-        GCSlice(rt, GC_NORMAL, rt->gcTriggerReason);
-
-#ifdef JSGC_GENERATIONAL
-    if (rt->gcStoreBuffer.isAboutToOverflow())
-        MinorGC(rt, JS::gcreason::FULL_STORE_BUFFER);
-#endif
-
-#ifdef JS_ION
-    /*
-     * A worker thread may have set the callback after finishing an Ion
-     * compilation.
-     */
-    ion::AttachFinishedCompilations(cx);
-#endif
-
-    /*
-     * Important: Additional callbacks can occur inside the callback handler
-     * if it re-enters the JS engine. The embedding must ensure that the
-     * callback is disconnected before attempting such re-entry.
-     */
-    JSOperationCallback cb = cx->operationCallback;
-    return !cb || cb(cx);
-}
-
-JSBool
-js_HandleExecutionInterrupt(JSContext *cx)
-{
-    JSBool result = JS_TRUE;
-    if (cx->runtime()->interrupt)
-        result = js_InvokeOperationCallback(cx) && result;
-    return result;
-}
-
-js::ThreadSafeContext::ThreadSafeContext(JSRuntime *rt, PerThreadData *pt, ContextKind kind)
-  : ContextFriendFields(rt),
-    contextKind_(kind),
-    perThreadData(pt)
-{ }
-
-bool
-ThreadSafeContext::isJSContext() const
-{
-    return contextKind_ == Context_JS;
-}
-
-JSContext *
-ThreadSafeContext::asJSContext()
-{
-    JS_ASSERT(isJSContext());
-    return reinterpret_cast<JSContext *>(this);
-}
-
-bool
-ThreadSafeContext::isForkJoinSlice() const
-{
-    return contextKind_ == Context_ForkJoin;
-}
-
-ForkJoinSlice *
-ThreadSafeContext::asForkJoinSlice()
-{
-    JS_ASSERT(isForkJoinSlice());
-    return reinterpret_cast<ForkJoinSlice *>(this);
-}
-
-JSContext::JSContext(JSRuntime *rt)
-  : ThreadSafeContext(rt, &rt->mainThread, Context_JS),
-    throwing(false),
-    exception(UndefinedValue()),
-    options_(0),
-    reportGranularity(JS_DEFAULT_JITREPORT_GRANULARITY),
-    resolvingList(NULL),
-    generatingError(false),
-    enterCompartmentDepth_(0),
-    savedFrameChains_(),
-    defaultCompartmentObject_(NULL),
-    cycleDetectorSet(MOZ_THIS_IN_INITIALIZER_LIST()),
-    errorReporter(NULL),
-    operationCallback(NULL),
-    data(NULL),
-    data2(NULL),
-#ifdef JS_THREADSAFE
-    outstandingRequests(0),
-#endif
-    resolveFlags(0),
-    iterValue(MagicValue(JS_NO_ITER_VALUE)),
-    jitIsBroken(false),
-#ifdef MOZ_TRACE_JSCALLS
-    functionCallback(NULL),
-#endif
-    innermostGenerator_(NULL)
-{
-#ifdef DEBUG
-    stackIterAssertionEnabled = true;
-#endif
-
-    JS_ASSERT(static_cast<ContextFriendFields*>(this) ==
-              ContextFriendFields::get(this));
-
-#ifdef JSGC_TRACK_EXACT_ROOTS
-    PodArrayZero(thingGCRooters);
-#endif
-#if defined(DEBUG) && defined(JS_GC_ZEAL) && defined(JSGC_ROOT_ANALYSIS) && !defined(JS_THREADSAFE)
-    skipGCRooters = NULL;
-#endif
-}
-
-JSContext::~JSContext()
-{
-    /* Free the stuff hanging off of cx. */
-    JS_ASSERT(!resolvingList);
-}
-
 bool
 JSRuntime::setDefaultLocale(const char *locale)
 {
     if (!locale)
         return false;
     resetDefaultLocale();
     defaultLocale = JS_strdup(this, locale);
     return defaultLocale != NULL;
@@ -1260,102 +209,16 @@ JSRuntime::getDefaultLocale()
         *p = '\0';
     while ((p = strchr(lang, '_')))
         *p = '-';
 
     defaultLocale = lang;
     return defaultLocale;
 }
 
-/*
- * Since this function is only called in the context of a pending exception,
- * the caller must subsequently take an error path. If wrapping fails, it will
- * set a new (uncatchable) exception to be used in place of the original.
- */
-void
-JSContext::wrapPendingException()
-{
-    RootedValue value(this, getPendingException());
-    clearPendingException();
-    if (compartment()->wrap(this, &value))
-        setPendingException(value);
-}
-
-
-void
-JSContext::enterGenerator(JSGenerator *gen)
-{
-    JS_ASSERT(!gen->prevGenerator);
-    gen->prevGenerator = innermostGenerator_;
-    innermostGenerator_ = gen;
-}
-
-void
-JSContext::leaveGenerator(JSGenerator *gen)
-{
-    JS_ASSERT(innermostGenerator_ == gen);
-    innermostGenerator_ = innermostGenerator_->prevGenerator;
-    gen->prevGenerator = NULL;
-}
-
-
-bool
-JSContext::runningWithTrustedPrincipals() const
-{
-    return !compartment() || compartment()->principals == runtime()->trustedPrincipals();
-}
-
-bool
-JSContext::saveFrameChain()
-{
-    if (!savedFrameChains_.append(SavedFrameChain(compartment(), enterCompartmentDepth_)))
-        return false;
-
-    if (Activation *act = mainThread().activation())
-        act->saveFrameChain();
-
-    if (defaultCompartmentObject_)
-        setCompartment(defaultCompartmentObject_->compartment());
-    else
-        setCompartment(NULL);
-    enterCompartmentDepth_ = 0;
-
-    if (isExceptionPending())
-        wrapPendingException();
-    return true;
-}
-
-void
-JSContext::restoreFrameChain()
-{
-    SavedFrameChain sfc = savedFrameChains_.popCopy();
-    setCompartment(sfc.compartment);
-    enterCompartmentDepth_ = sfc.enterCompartmentCount;
-
-    if (Activation *act = mainThread().activation())
-        act->restoreFrameChain();
-
-    if (isExceptionPending())
-        wrapPendingException();
-}
-
-bool
-JSContext::currentlyRunning() const
-{
-    for (ActivationIterator iter(runtime()); !iter.done(); ++iter) {
-        if (iter.activation()->cx() == this) {
-            if (iter.activation()->hasSavedFrameChain())
-                return false;
-            return true;
-        }
-    }
-
-    return false;
-}
-
 void
 JSRuntime::setGCMaxMallocBytes(size_t value)
 {
     /*
      * For compatibility treat any value that exceeds PTRDIFF_T_MAX to
      * mean that value.
      */
     gcMaxMallocBytes = (ptrdiff_t(value) >= 0) ? value : size_t(-1) >> 1;
@@ -1414,156 +277,8 @@ JSRuntime::onOutOfMemory(void *p, size_t
       p = js_realloc(p, nbytes);
     if (p)
         return p;
     if (cx)
         js_ReportOutOfMemory(cx);
     return NULL;
 }
 
-static bool
-ComputeIsJITBroken()
-{
-#if !defined(ANDROID) || defined(GONK)
-    return false;
-#else  // ANDROID
-    if (getenv("JS_IGNORE_JIT_BROKENNESS")) {
-        return false;
-    }
-
-    std::string line;
-
-    // Check for the known-bad kernel version (2.6.29).
-    std::ifstream osrelease("/proc/sys/kernel/osrelease");
-    std::getline(osrelease, line);
-    __android_log_print(ANDROID_LOG_INFO, "Gecko", "Detected osrelease `%s'",
-                        line.c_str());
-
-    if (line.npos == line.find("2.6.29")) {
-        // We're using something other than 2.6.29, so the JITs should work.
-        __android_log_print(ANDROID_LOG_INFO, "Gecko", "JITs are not broken");
-        return false;
-    }
-
-    // We're using 2.6.29, and this causes trouble with the JITs on i9000.
-    line = "";
-    bool broken = false;
-    std::ifstream cpuinfo("/proc/cpuinfo");
-    do {
-        if (0 == line.find("Hardware")) {
-            const char* blacklist[] = {
-                "SCH-I400",     // Samsung Continuum
-                "SGH-T959",     // Samsung i9000, Vibrant device
-                "SGH-I897",     // Samsung i9000, Captivate device
-                "SCH-I500",     // Samsung i9000, Fascinate device
-                "SPH-D700",     // Samsung i9000, Epic device
-                "GT-I9000",     // Samsung i9000, UK/Europe device
-                NULL
-            };
-            for (const char** hw = &blacklist[0]; *hw; ++hw) {
-                if (line.npos != line.find(*hw)) {
-                    __android_log_print(ANDROID_LOG_INFO, "Gecko",
-                                        "Blacklisted device `%s'", *hw);
-                    broken = true;
-                    break;
-                }
-            }
-            break;
-        }
-        std::getline(cpuinfo, line);
-    } while(!cpuinfo.fail() && !cpuinfo.eof());
-
-    __android_log_print(ANDROID_LOG_INFO, "Gecko", "JITs are %sbroken",
-                        broken ? "" : "not ");
-
-    return broken;
-#endif  // ifndef ANDROID
-}
-
-static bool
-IsJITBrokenHere()
-{
-    static bool computedIsBroken = false;
-    static bool isBroken = false;
-    if (!computedIsBroken) {
-        isBroken = ComputeIsJITBroken();
-        computedIsBroken = true;
-    }
-    return isBroken;
-}
-
-void
-JSContext::updateJITEnabled()
-{
-    jitIsBroken = IsJITBrokenHere();
-}
-
-size_t
-JSContext::sizeOfIncludingThis(mozilla::MallocSizeOf mallocSizeOf) const
-{
-    /*
-     * There are other JSContext members that could be measured; the following
-     * ones have been found by DMD to be worth measuring.  More stuff may be
-     * added later.
-     */
-    return mallocSizeOf(this) + cycleDetectorSet.sizeOfExcludingThis(mallocSizeOf);
-}
-
-void
-JSContext::mark(JSTracer *trc)
-{
-    /* Stack frames and slots are traced by StackSpace::mark. */
-
-    /* Mark other roots-by-definition in the JSContext. */
-    if (defaultCompartmentObject_ && !hasOption(JSOPTION_UNROOTED_GLOBAL))
-        MarkObjectRoot(trc, &defaultCompartmentObject_, "default compartment object");
-    if (isExceptionPending())
-        MarkValueRoot(trc, &exception, "exception");
-
-    TraceCycleDetectionSet(trc, cycleDetectorSet);
-
-    MarkValueRoot(trc, &iterValue, "iterValue");
-}
-
-JSVersion
-JSContext::findVersion() const
-{
-    if (JSScript *script = currentScript(NULL, ALLOW_CROSS_COMPARTMENT))
-        return script->getVersion();
-
-    if (compartment() && compartment()->options().version != JSVERSION_UNKNOWN)
-        return compartment()->options().version;
-
-    return runtime()->defaultVersion();
-}
-
-#if defined JS_THREADSAFE && defined DEBUG
-
-JS::AutoCheckRequestDepth::AutoCheckRequestDepth(JSContext *cx)
-    : cx(cx)
-{
-    JS_ASSERT(cx->runtime()->requestDepth || cx->runtime()->isHeapBusy());
-    cx->runtime()->assertValidThread();
-    cx->runtime()->checkRequestDepth++;
-}
-
-JS::AutoCheckRequestDepth::~AutoCheckRequestDepth()
-{
-    JS_ASSERT(cx->runtime()->checkRequestDepth != 0);
-    cx->runtime()->checkRequestDepth--;
-}
-
-#endif
-
-#ifdef JS_CRASH_DIAGNOSTICS
-void CompartmentChecker::check(StackFrame *fp)
-{
-    if (fp)
-        check(fp->scopeChain());
-}
-
-void CompartmentChecker::check(AbstractFramePtr frame)
-{
-    if (frame)
-        check(frame.scopeChain());
-}
-#endif
-
copy from js/src/jscntxt.h
copy to js/src/vm/Runtime.h
--- a/js/src/jscntxt.h
+++ b/js/src/vm/Runtime.h
@@ -1,18 +1,16 @@
 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
  * vim: set ts=8 sts=4 et sw=4 tw=99:
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-/* JS execution context. */
-
-#ifndef jscntxt_h
-#define jscntxt_h
+#ifndef vm_Runtime_h
+#define vm_Runtime_h
 
 #include "mozilla/LinkedList.h"
 #include "mozilla/MemoryReporting.h"
 #include "mozilla/PodOperations.h"
 
 #include <string.h>
 #include <setjmp.h>
 
@@ -50,90 +48,25 @@ js_ReportOutOfMemory(JSContext *cx);
 
 extern void
 js_ReportAllocationOverflow(JSContext *cx);
 
 namespace js {
 
 typedef Rooted<JSLinearString*> RootedLinearString;
 
-struct CallsiteCloneKey {
-    /* The original function that we are cloning. */
-    JSFunction *original;
-
-    /* The script of the call. */
-    JSScript *script;
-
-    /* The offset of the call. */
-    uint32_t offset;
-
-    CallsiteCloneKey(JSFunction *f, JSScript *s, uint32_t o) : original(f), script(s), offset(o) {}
-
-    typedef CallsiteCloneKey Lookup;
-
-    static inline uint32_t hash(CallsiteCloneKey key) {
-        return uint32_t(size_t(key.script->code + key.offset) ^ size_t(key.original));
-    }
-
-    static inline bool match(const CallsiteCloneKey &a, const CallsiteCloneKey &b) {
-        return a.script == b.script && a.offset == b.offset && a.original == b.original;
-    }
-};
-
-typedef HashMap<CallsiteCloneKey,
-                ReadBarriered<JSFunction>,
-                CallsiteCloneKey,
-                SystemAllocPolicy> CallsiteCloneTable;
-
-JSFunction *CloneFunctionAtCallsite(JSContext *cx, HandleFunction fun,
-                                    HandleScript script, jsbytecode *pc);
-
-typedef HashSet<JSObject *> ObjectSet;
-typedef HashSet<Shape *> ShapeSet;
-
-/* Detects cycles when traversing an object graph. */
-class AutoCycleDetector
-{
-    JSContext *cx;
-    RootedObject obj;
-    bool cyclic;
-    uint32_t hashsetGenerationAtInit;
-    ObjectSet::AddPtr hashsetAddPointer;
-    MOZ_DECL_USE_GUARD_OBJECT_NOTIFIER
-
-  public:
-    AutoCycleDetector(JSContext *cx, HandleObject objArg
-                      MOZ_GUARD_OBJECT_NOTIFIER_PARAM)
-      : cx(cx), obj(cx, objArg), cyclic(true)
-    {
-        MOZ_GUARD_OBJECT_NOTIFIER_INIT;
-    }
-
-    ~AutoCycleDetector();
-
-    bool init();
-
-    bool foundCycle() { return cyclic; }
-};
-
-/* Updates references in the cycle detection set if the GC moves them. */
-extern void
-TraceCycleDetectionSet(JSTracer *trc, ObjectSet &set);
-
 class MathCache;
 
 namespace ion {
-class IonActivation;
 class IonRuntime;
 struct PcScriptCache;
 }
 
 class AsmJSActivation;
 class InterpreterFrames;
-class WeakMapBase;
 class WorkerThreadState;
 
 /*
  * GetSrcNote cache to avoid O(n^2) growth in finding a source note for a
  * given pc in a script. We use the script->code pointer to tag the cache,
  * instead of the script address itself, so that source notes are always found
  * by offset from the bytecode with which they were generated.
  */
@@ -1543,18 +1476,16 @@ struct JSRuntime : public JS::shadow::Ru
 };
 
 /* Common macros to access thread-local caches in JSRuntime. */
 #define JS_KEEP_ATOMS(rt)   (rt)->gcKeepAtoms++;
 #define JS_UNKEEP_ATOMS(rt) (rt)->gcKeepAtoms--;
 
 namespace js {
 
-struct AutoResolving;
-
 /*
  * Flags accompany script version data so that a) dynamically created scripts
  * can inherit their caller's compile-time properties and b) scripts can be
  * appropriately compared in the eval cache across global option changes. An
  * example of the latter is enabling the top-level-anonymous-function-is-error
  * option: subsequent evals of the same, previously-valid script text may have
  * become invalid.
  */
@@ -1597,430 +1528,16 @@ FreeOp::free_(void *p)
 {
     if (shouldFreeLater()) {
         runtime()->gcHelperThread.freeLater(p);
         return;
     }
     js_free(p);
 }
 
-class ForkJoinSlice;
-
-/*
- * ThreadSafeContext is the base class for both JSContext, the "normal"
- * sequential context, and ForkJoinSlice, the per-thread parallel context used
- * in PJS.
- *
- * When cast to a ThreadSafeContext, the only usable operations are casting
- * back to the context from which it came, and generic allocation
- * operations. These generic versions branch internally based on whether the
- * underneath context is really a JSContext or a ForkJoinSlice, and are in
- * general more expensive than using the context directly.
- *
- * Thus, ThreadSafeContext should only be used for VM functions that may be
- * called in both sequential and parallel execution. The most likely class of
- * VM functions that do these are those that allocate commonly used data
- * structures, such as concatenating strings and extending elements.
- */
-struct ThreadSafeContext : js::ContextFriendFields,
-                           public MallocProvider<ThreadSafeContext>
-{
-  public:
-    enum ContextKind {
-        Context_JS,
-        Context_ForkJoin
-    };
-
-  private:
-    ContextKind contextKind_;
-
-  public:
-    PerThreadData *perThreadData;
-
-    explicit ThreadSafeContext(JSRuntime *rt, PerThreadData *pt, ContextKind kind);
-
-    bool isJSContext() const;
-    JSContext *asJSContext();
-
-    bool isForkJoinSlice() const;
-    ForkJoinSlice *asForkJoinSlice();
-
-#ifdef JSGC_GENERATIONAL
-    inline bool hasNursery() const {
-        return isJSContext();
-    }
-
-    inline js::Nursery &nursery() {
-        JS_ASSERT(hasNursery());
-        return runtime_->gcNursery;
-    }
-#endif
-
-    /* Cut outs for string operations. */
-    StaticStrings &staticStrings() { return runtime_->staticStrings; }
-    JSAtomState &names() { return runtime_->atomState; }
-
-    /*
-     * Allocator used when allocating GCThings on this context. If we are a
-     * JSContext, this is the Zone allocator of the JSContext's zone. If we
-     * are the per-thread data of a ForkJoinSlice, this is a per-thread
-     * allocator.
-     *
-     * This does not live in PerThreadData because the notion of an allocator
-     * is only per-thread in PJS. The runtime (and the main thread) can have
-     * more than one zone, each with its own allocator, and it's up to the
-     * context to specify what compartment and zone we are operating in.
-     */
-  protected:
-    Allocator *allocator_;
-
-  public:
-    static size_t offsetOfAllocator() { return offsetof(ThreadSafeContext, allocator_); }
-
-    inline Allocator *const allocator();
-
-    /* GC support. */
-    AllowGC allowGC() const {
-        switch (contextKind_) {
-          case Context_JS:
-            return CanGC;
-          case Context_ForkJoin:
-            return NoGC;
-          default:
-            /* Silence warnings. */
-            MOZ_ASSUME_UNREACHABLE("Bad context kind");
-        }
-    }
-
-    template <typename T>
-    bool isInsideCurrentZone(T thing) const {
-        return thing->isInsideZone(zone_);
-    }
-
-    void *onOutOfMemory(void *p, size_t nbytes) {
-        return runtime_->onOutOfMemory(p, nbytes, isJSContext() ? asJSContext() : NULL);
-    }
-    inline void updateMallocCounter(size_t nbytes) {
-        /* Note: this is racy. */
-        runtime_->updateMallocCounter(zone_, nbytes);
-    }
-    void reportAllocationOverflow() {
-        js_ReportAllocationOverflow(isJSContext() ? asJSContext() : NULL);
-    }
-};
-
-} /* namespace js */
-
-struct JSContext : js::ThreadSafeContext,
-                   public mozilla::LinkedListElement<JSContext>
-{
-    explicit JSContext(JSRuntime *rt);
-    ~JSContext();
-
-    JSRuntime *runtime() const { return runtime_; }
-    JSCompartment *compartment() const { return compartment_; }
-
-    inline JS::Zone *zone() const {
-        JS_ASSERT_IF(!compartment(), !zone_);
-        JS_ASSERT_IF(compartment(), js::GetCompartmentZone(compartment()) == zone_);
-        return zone_;
-    }
-    js::PerThreadData &mainThread() const { return runtime()->mainThread; }
-
-  private:
-    /* Exception state -- the exception member is a GC root by definition. */
-    bool                throwing;            /* is there a pending exception? */
-    js::Value           exception;           /* most-recently-thrown exception */
-
-    /* Per-context options. */
-    unsigned            options_;            /* see jsapi.h for JSOPTION_* */
-
-  public:
-    int32_t             reportGranularity;  /* see vm/Probes.h */
-
-    js::AutoResolving   *resolvingList;
-
-    /* True if generating an error, to prevent runaway recursion. */
-    bool                generatingError;
-
-    inline void setCompartment(JSCompartment *comp);
-
-    /*
-     * "Entering" a compartment changes cx->compartment (which changes
-     * cx->global). Note that this does not push any StackFrame which means
-     * that it is possible for cx->fp()->compartment() != cx->compartment.
-     * This is not a problem since, in general, most places in the VM cannot
-     * know that they were called from script (e.g., they may have been called
-     * through the JSAPI via JS_CallFunction) and thus cannot expect fp.
-     *
-     * Compartments should be entered/left in a LIFO fasion. The depth of this
-     * enter/leave stack is maintained by enterCompartmentDepth_ and queried by
-     * hasEnteredCompartment.
-     *
-     * To enter a compartment, code should prefer using AutoCompartment over
-     * manually calling cx->enterCompartment/leaveCompartment.
-     */
-  private:
-    unsigned            enterCompartmentDepth_;
-  public:
-    bool hasEnteredCompartment() const {
-        return enterCompartmentDepth_ > 0;
-    }
-#ifdef DEBUG
-    unsigned getEnterCompartmentDepth() const {
-        return enterCompartmentDepth_;
-    }
-#endif
-
-    inline void enterCompartment(JSCompartment *c);
-    inline void leaveCompartment(JSCompartment *oldCompartment);
-
-    /* See JS_SaveFrameChain/JS_RestoreFrameChain. */
-  private:
-    struct SavedFrameChain {
-        SavedFrameChain(JSCompartment *comp, unsigned count)
-          : compartment(comp), enterCompartmentCount(count) {}
-        JSCompartment *compartment;
-        unsigned enterCompartmentCount;
-    };
-    typedef js::Vector<SavedFrameChain, 1, js::SystemAllocPolicy> SaveStack;
-    SaveStack           savedFrameChains_;
-  public:
-    bool saveFrameChain();
-    void restoreFrameChain();
-
-    /*
-     * When no compartments have been explicitly entered, the context's
-     * compartment will be set to the compartment of the "default compartment
-     * object".
-     */
-  private:
-    JSObject *defaultCompartmentObject_;
-  public:
-    inline void setDefaultCompartmentObject(JSObject *obj);
-    inline void setDefaultCompartmentObjectIfUnset(JSObject *obj);
-    JSObject *maybeDefaultCompartmentObject() const { return defaultCompartmentObject_; }
-
-    /*
-     * Current global. This is only safe to use within the scope of the
-     * AutoCompartment from which it's called.
-     */
-    inline js::Handle<js::GlobalObject*> global() const;
-
-    /* Wrap cx->exception for the current compartment. */
-    void wrapPendingException();
-
-    /* State for object and array toSource conversion. */
-    js::ObjectSet       cycleDetectorSet;
-
-    /* Per-context optional error reporter. */
-    JSErrorReporter     errorReporter;
-
-    /* Branch callback. */
-    JSOperationCallback operationCallback;
-
-    /* Client opaque pointers. */
-    void                *data;
-    void                *data2;
-
-    inline js::RegExpStatics *regExpStatics();
-
-  public:
-
-    /*
-     * Return:
-     * - The newest scripted frame's version, if there is such a frame.
-     * - The version from the compartment.
-     * - The default version.
-     *
-     * Note: if this ever shows up in a profile, just add caching!
-     */
-    JSVersion findVersion() const;
-
-    void setOptions(unsigned opts) {
-        JS_ASSERT((opts & JSOPTION_MASK) == opts);
-        options_ = opts;
-    }
-
-    unsigned options() const { return options_; }
-
-    bool hasOption(unsigned opt) const {
-        JS_ASSERT((opt & JSOPTION_MASK) == opt);
-        return !!(options_ & opt);
-    }
-
-    bool hasExtraWarningsOption() const { return hasOption(JSOPTION_EXTRA_WARNINGS); }
-    bool hasWErrorOption() const { return hasOption(JSOPTION_WERROR); }
-
-    js::LifoAlloc &tempLifoAlloc() { return runtime()->tempLifoAlloc; }
-    inline js::LifoAlloc &analysisLifoAlloc();
-    inline js::LifoAlloc &typeLifoAlloc();
-
-    inline js::PropertyTree &propertyTree();
-
-#ifdef JS_THREADSAFE
-    unsigned            outstandingRequests;/* number of JS_BeginRequest calls
-                                               without the corresponding
-                                               JS_EndRequest. */
-#endif
-
-    /* Stored here to avoid passing it around as a parameter. */
-    unsigned               resolveFlags;
-
-    /* Location to stash the iteration value between JSOP_MOREITER and JSOP_ITERNEXT. */
-    js::Value           iterValue;
-
-    bool jitIsBroken;
-
-    inline bool typeInferenceEnabled() const;
-
-    void updateJITEnabled();
-
-    /* Whether this context has JS frames on the stack. */
-    bool currentlyRunning() const;
-
-    bool currentlyRunningInInterpreter() const {
-        return mainThread().activation()->isInterpreter();
-    }
-    bool currentlyRunningInJit() const {
-        return mainThread().activation()->isJit();
-    }
-    js::StackFrame *interpreterFrame() const {
-        return mainThread().activation()->asInterpreter()->current();
-    }
-    js::FrameRegs &interpreterRegs() const {
-        return mainThread().activation()->asInterpreter()->regs();
-    }
-
-    /*
-     * Get the topmost script and optional pc on the stack. By default, this
-     * function only returns a JSScript in the current compartment, returning
-     * NULL if the current script is in a different compartment. This behavior
-     * can be overridden by passing ALLOW_CROSS_COMPARTMENT.
-     */
-    enum MaybeAllowCrossCompartment {
-        DONT_ALLOW_CROSS_COMPARTMENT = false,
-        ALLOW_CROSS_COMPARTMENT = true
-    };
-    inline JSScript *currentScript(jsbytecode **pc = NULL,
-                                   MaybeAllowCrossCompartment = DONT_ALLOW_CROSS_COMPARTMENT) const;
-
-#ifdef MOZ_TRACE_JSCALLS
-    /* Function entry/exit debugging callback. */
-    JSFunctionCallback    functionCallback;
-
-    void doFunctionCallback(const JSFunction *fun,
-                            const JSScript *scr,
-                            int entering) const
-    {
-        if (functionCallback)
-            functionCallback(fun, scr, this, entering);
-    }
-#endif
-
-  private:
-    /* Innermost-executing generator or null if no generator are executing. */
-    JSGenerator *innermostGenerator_;
-  public:
-    JSGenerator *innermostGenerator() const { return innermostGenerator_; }
-    void enterGenerator(JSGenerator *gen);
-    void leaveGenerator(JSGenerator *gen);
-
-    void *onOutOfMemory(void *p, size_t nbytes) {
-        return runtime()->onOutOfMemory(p, nbytes, this);
-    }
-    void updateMallocCounter(size_t nbytes) {
-        runtime()->updateMallocCounter(zone(), nbytes);
-    }
-    void reportAllocationOverflow() {
-        js_ReportAllocationOverflow(this);
-    }
-
-    bool isExceptionPending() {
-        return throwing;
-    }
-
-    js::Value getPendingException() {
-        JS_ASSERT(throwing);
-        return exception;
-    }
-
-    void setPendingException(js::Value v);
-
-    void clearPendingException() {
-        throwing = false;
-        exception.setUndefined();
-    }
-
-#ifdef DEBUG
-    /*
-     * Controls whether a quadratic-complexity assertion is performed during
-     * stack iteration; defaults to true.
-     */
-    bool stackIterAssertionEnabled;
-#endif
-
-    /*
-     * See JS_SetTrustedPrincipals in jsapi.h.
-     * Note: !cx->compartment is treated as trusted.
-     */
-    bool runningWithTrustedPrincipals() const;
-
-    JS_FRIEND_API(size_t) sizeOfIncludingThis(mozilla::MallocSizeOf mallocSizeOf) const;
-
-    void mark(JSTracer *trc);
-
-  private:
-    /*
-     * The allocation code calls the function to indicate either OOM failure
-     * when p is null or that a memory pressure counter has reached some
-     * threshold when p is not null. The function takes the pointer and not
-     * a boolean flag to minimize the amount of code in its inlined callers.
-     */
-    JS_FRIEND_API(void) checkMallocGCPressure(void *p);
-}; /* struct JSContext */
-
-namespace js {
-
-struct AutoResolving {
-  public:
-    enum Kind {
-        LOOKUP,
-        WATCH
-    };
-
-    AutoResolving(JSContext *cx, HandleObject obj, HandleId id, Kind kind = LOOKUP
-                  MOZ_GUARD_OBJECT_NOTIFIER_PARAM)
-      : context(cx), object(obj), id(id), kind(kind), link(cx->resolvingList)
-    {
-        MOZ_GUARD_OBJECT_NOTIFIER_INIT;
-        JS_ASSERT(obj);
-        cx->resolvingList = this;
-    }
-
-    ~AutoResolving() {
-        JS_ASSERT(context->resolvingList == this);
-        context->resolvingList = link;
-    }
-
-    bool alreadyStarted() const {
-        return link && alreadyStartedSlow();
-    }
-
-  private:
-    bool alreadyStartedSlow() const;
-
-    JSContext           *const context;
-    HandleObject        object;
-    HandleId            id;
-    Kind                const kind;
-    AutoResolving       *const link;
-    MOZ_DECL_USE_GUARD_OBJECT_NOTIFIER
-};
-
 #ifdef JS_THREADSAFE
 # define JS_LOCK_GC(rt)    PR_Lock((rt)->gcLock)
 # define JS_UNLOCK_GC(rt)  PR_Unlock((rt)->gcLock)
 #else
 # define JS_LOCK_GC(rt)    do { } while (0)
 # define JS_UNLOCK_GC(rt)  do { } while (0)
 #endif
 
@@ -2097,215 +1614,23 @@ class MOZ_STACK_CLASS AutoKeepAtoms
 };
 
 // Maximum supported value of arguments.length. This bounds the maximum
 // number of arguments that can be supplied to Function.prototype.apply.
 // This value also bounds the number of elements parsed in an array
 // initialiser.
 static const unsigned ARGS_LENGTH_MAX = 500 * 1000;
 
-} /* namespace js */
-
-class JSAutoResolveFlags
-{
-  public:
-    JSAutoResolveFlags(JSContext *cx, unsigned flags
-                       MOZ_GUARD_OBJECT_NOTIFIER_PARAM)
-      : mContext(cx), mSaved(cx->resolveFlags)
-    {
-        MOZ_GUARD_OBJECT_NOTIFIER_INIT;
-        cx->resolveFlags = flags;
-    }
-
-    ~JSAutoResolveFlags() { mContext->resolveFlags = mSaved; }
-
-  private:
-    JSContext *mContext;
-    unsigned mSaved;
-    MOZ_DECL_USE_GUARD_OBJECT_NOTIFIER
-};
-
-namespace js {
-
-/*
- * Enumerate all contexts in a runtime.
- */
-class ContextIter {
-    JSContext *iter;
-
-public:
-    explicit ContextIter(JSRuntime *rt) {
-        iter = rt->contextList.getFirst();
-    }
-
-    bool done() const {
-        return !iter;
-    }
-
-    void next() {
-        JS_ASSERT(!done());
-        iter = iter->getNext();
-    }
-
-    JSContext *get() const {
-        JS_ASSERT(!done());
-        return iter;
-    }
-
-    operator JSContext *() const {
-        return get();
-    }
-
-    JSContext *operator ->() const {
-        return get();
-    }
-};
-
-/*
- * Create and destroy functions for JSContext, which is manually allocated
- * and exclusively owned.
- */
-extern JSContext *
-NewContext(JSRuntime *rt, size_t stackChunkSize);
-
-enum DestroyContextMode {
-    DCM_NO_GC,
-    DCM_FORCE_GC,
-    DCM_NEW_FAILED
-};
-
-extern void
-DestroyContext(JSContext *cx, DestroyContextMode mode);
-
-enum ErrorArgumentsType {
-    ArgumentsAreUnicode,
-    ArgumentsAreASCII
-};
-
 inline void
 PerThreadData::setIonStackLimit(uintptr_t limit)
 {
     JS_ASSERT(runtime_->currentThreadOwnsOperationCallbackLock());
     ionStackLimit = limit;
 }
 
-} /* namespace js */
-
-#ifdef va_start
-extern JSBool
-js_ReportErrorVA(JSContext *cx, unsigned flags, const char *format, va_list ap);
-
-extern JSBool
-js_ReportErrorNumberVA(JSContext *cx, unsigned flags, JSErrorCallback callback,
-                       void *userRef, const unsigned errorNumber,
-                       js::ErrorArgumentsType argumentsType, va_list ap);
-
-extern bool
-js_ReportErrorNumberUCArray(JSContext *cx, unsigned flags, JSErrorCallback callback,
-                            void *userRef, const unsigned errorNumber,
-                            const jschar **args);
-
-extern JSBool
-js_ExpandErrorArguments(JSContext *cx, JSErrorCallback callback,
-                        void *userRef, const unsigned errorNumber,
-                        char **message, JSErrorReport *reportp,
-                        js::ErrorArgumentsType argumentsType, va_list ap);
-#endif
-
-namespace js {
-
-/* |callee| requires a usage string provided by JS_DefineFunctionsWithHelp. */
-extern void
-ReportUsageError(JSContext *cx, HandleObject callee, const char *msg);
-
-/*
- * Prints a full report and returns true if the given report is non-NULL and
- * the report doesn't have the JSREPORT_WARNING flag set or reportWarnings is
- * true.
- * Returns false otherwise, printing just the message if the report is NULL.
- */
-extern bool
-PrintError(JSContext *cx, FILE *file, const char *message, JSErrorReport *report,
-           bool reportWarnings);
-} /* namespace js */
-
-/*
- * Report an exception using a previously composed JSErrorReport.
- * XXXbe remove from "friend" API
- */
-extern JS_FRIEND_API(void)
-js_ReportErrorAgain(JSContext *cx, const char *message, JSErrorReport *report);
-
-extern void
-js_ReportIsNotDefined(JSContext *cx, const char *name);
-
-/*
- * Report an attempt to access the property of a null or undefined value (v).
- */
-extern JSBool
-js_ReportIsNullOrUndefined(JSContext *cx, int spindex, js::HandleValue v,
-                           js::HandleString fallback);
-
-extern void
-js_ReportMissingArg(JSContext *cx, js::HandleValue v, unsigned arg);
-
-/*
- * Report error using js_DecompileValueGenerator(cx, spindex, v, fallback) as
- * the first argument for the error message. If the error message has less
- * then 3 arguments, use null for arg1 or arg2.
- */
-extern JSBool
-js_ReportValueErrorFlags(JSContext *cx, unsigned flags, const unsigned errorNumber,
-                         int spindex, js::HandleValue v, js::HandleString fallback,
-                         const char *arg1, const char *arg2);
-
-#define js_ReportValueError(cx,errorNumber,spindex,v,fallback)                \
-    ((void)js_ReportValueErrorFlags(cx, JSREPORT_ERROR, errorNumber,          \
-                                    spindex, v, fallback, NULL, NULL))
-
-#define js_ReportValueError2(cx,errorNumber,spindex,v,fallback,arg1)          \
-    ((void)js_ReportValueErrorFlags(cx, JSREPORT_ERROR, errorNumber,          \
-                                    spindex, v, fallback, arg1, NULL))
-
-#define js_ReportValueError3(cx,errorNumber,spindex,v,fallback,arg1,arg2)     \
-    ((void)js_ReportValueErrorFlags(cx, JSREPORT_ERROR, errorNumber,          \
-                                    spindex, v, fallback, arg1, arg2))
-
-extern const JSErrorFormatString js_ErrorFormatString[JSErr_Limit];
-
-#ifdef JS_THREADSAFE
-# define JS_ASSERT_REQUEST_DEPTH(cx)  JS_ASSERT((cx)->runtime()->requestDepth >= 1)
-#else
-# define JS_ASSERT_REQUEST_DEPTH(cx)  ((void) 0)
-#endif
-
-/*
- * Invoke the operation callback and return false if the current execution
- * is to be terminated.
- */
-extern JSBool
-js_InvokeOperationCallback(JSContext *cx);
-
-extern JSBool
-js_HandleExecutionInterrupt(JSContext *cx);
-
-/*
- * If the operation callback flag was set, call the operation callback.
- * This macro can run the full GC. Return true if it is OK to continue and
- * false otherwise.
- */
-static MOZ_ALWAYS_INLINE bool
-JS_CHECK_OPERATION_LIMIT(JSContext *cx)
-{
-    JS_ASSERT_REQUEST_DEPTH(cx);
-    return !cx->runtime()->interrupt || js_InvokeOperationCallback(cx);
-}
-
-namespace js {
-
 /************************************************************************/
 
 static JS_ALWAYS_INLINE void
 MakeRangeGCSafe(Value *vec, size_t len)
 {
     mozilla::PodZero(vec, len);
 }
 
@@ -2361,134 +1686,16 @@ SetValueRangeToNull(Value *beg, Value *e
 }
 
 static JS_ALWAYS_INLINE void
 SetValueRangeToNull(Value *vec, size_t len)
 {
     SetValueRangeToNull(vec, vec + len);
 }
 
-class AutoStringVector : public AutoVectorRooter<JSString *>
-{
-  public:
-    explicit AutoStringVector(JSContext *cx
-                              MOZ_GUARD_OBJECT_NOTIFIER_PARAM)
-        : AutoVectorRooter<JSString *>(cx, STRINGVECTOR)
-    {
-        MOZ_GUARD_OBJECT_NOTIFIER_INIT;
-    }
-
-    MOZ_DECL_USE_GUARD_OBJECT_NOTIFIER
-};
-
-class AutoShapeVector : public AutoVectorRooter<Shape *>
-{
-  public:
-    explicit AutoShapeVector(JSContext *cx
-                             MOZ_GUARD_OBJECT_NOTIFIER_PARAM)
-        : AutoVectorRooter<Shape *>(cx, SHAPEVECTOR)
-    {
-        MOZ_GUARD_OBJECT_NOTIFIER_INIT;
-    }
-
-    MOZ_DECL_USE_GUARD_OBJECT_NOTIFIER
-};
-
-class AutoValueArray : public AutoGCRooter
-{
-    Value *start_;
-    unsigned length_;
-    SkipRoot skip;
-
-  public:
-    AutoValueArray(JSContext *cx, Value *start, unsigned length
-                   MOZ_GUARD_OBJECT_NOTIFIER_PARAM)
-      : AutoGCRooter(cx, VALARRAY), start_(start), length_(length), skip(cx, start, length)
-    {
-        MOZ_GUARD_OBJECT_NOTIFIER_INIT;
-    }
-
-    Value *start() { return start_; }
-    unsigned length() const { return length_; }
-
-    MutableHandleValue handleAt(unsigned i)
-    {
-        JS_ASSERT(i < length_);
-        return MutableHandleValue::fromMarkedLocation(&start_[i]);
-    }
-    HandleValue handleAt(unsigned i) const
-    {
-        JS_ASSERT(i < length_);
-        return HandleValue::fromMarkedLocation(&start_[i]);
-    }
-
-    MOZ_DECL_USE_GUARD_OBJECT_NOTIFIER
-};
-
-class AutoObjectObjectHashMap : public AutoHashMapRooter<JSObject *, JSObject *>
-{
-  public:
-    explicit AutoObjectObjectHashMap(JSContext *cx
-                                     MOZ_GUARD_OBJECT_NOTIFIER_PARAM)
-      : AutoHashMapRooter<JSObject *, JSObject *>(cx, OBJOBJHASHMAP)
-    {
-        MOZ_GUARD_OBJECT_NOTIFIER_INIT;
-    }
-
-    MOZ_DECL_USE_GUARD_OBJECT_NOTIFIER
-};
-
-class AutoObjectUnsigned32HashMap : public AutoHashMapRooter<JSObject *, uint32_t>
-{
-  public:
-    explicit AutoObjectUnsigned32HashMap(JSContext *cx
-                                         MOZ_GUARD_OBJECT_NOTIFIER_PARAM)
-      : AutoHashMapRooter<JSObject *, uint32_t>(cx, OBJU32HASHMAP)
-    {
-        MOZ_GUARD_OBJECT_NOTIFIER_INIT;
-    }
-
-    MOZ_DECL_USE_GUARD_OBJECT_NOTIFIER
-};
-
-class AutoObjectHashSet : public AutoHashSetRooter<JSObject *>
-{
-  public:
-    explicit AutoObjectHashSet(JSContext *cx
-                               MOZ_GUARD_OBJECT_NOTIFIER_PARAM)
-      : AutoHashSetRooter<JSObject *>(cx, OBJHASHSET)
-    {
-        MOZ_GUARD_OBJECT_NOTIFIER_INIT;
-    }
-
-    MOZ_DECL_USE_GUARD_OBJECT_NOTIFIER
-};
-
-class AutoAssertNoException
-{
-#ifdef DEBUG
-    JSContext *cx;
-    bool hadException;
-#endif
-
-  public:
-    AutoAssertNoException(JSContext *cx)
-#ifdef DEBUG
-      : cx(cx),
-        hadException(cx->isExceptionPending())
-#endif
-    {
-    }
-
-    ~AutoAssertNoException()
-    {
-        JS_ASSERT_IF(!hadException, !cx->isExceptionPending());
-    }
-};
-
 /*
  * Allocation policy that uses JSRuntime::malloc_ and friends, so that
  * memory pressure is properly accounted for. This is suitable for
  * long-lived objects owned by the JSRuntime.
  *
  * Since it doesn't hold a JSContext (those may not live long enough), it
  * can't report out-of-memory conditions itself; the caller must check for
  * OOM and take the appropriate action.
@@ -2496,60 +1703,23 @@ class AutoAssertNoException
  * FIXME bug 647103 - replace these *AllocPolicy names.
  */
 class RuntimeAllocPolicy
 {
     JSRuntime *const runtime;
 
   public:
     RuntimeAllocPolicy(JSRuntime *rt) : runtime(rt) {}
-    RuntimeAllocPolicy(JSContext *cx) : runtime(cx->runtime()) {}
     void *malloc_(size_t bytes) { return runtime->malloc_(bytes); }
     void *calloc_(size_t bytes) { return runtime->calloc_(bytes); }
     void *realloc_(void *p, size_t bytes) { return runtime->realloc_(p, bytes); }
     void free_(void *p) { js_free(p); }
     void reportAllocOverflow() const {}
 };
 
-/*
- * FIXME bug 647103 - replace these *AllocPolicy names.
- */
-class ContextAllocPolicy
-{
-    JSContext *const cx_;
-
-  public:
-    ContextAllocPolicy(JSContext *cx) : cx_(cx) {}
-    JSContext *context() const { return cx_; }
-    void *malloc_(size_t bytes) { return cx_->malloc_(bytes); }
-    void *calloc_(size_t bytes) { return cx_->calloc_(bytes); }
-    void *realloc_(void *p, size_t oldBytes, size_t bytes) { return cx_->realloc_(p, oldBytes, bytes); }
-    void free_(void *p) { js_free(p); }
-    void reportAllocOverflow() const { js_ReportAllocationOverflow(cx_); }
-};
-
-/* Exposed intrinsics so that Ion may inline them. */
-JSBool intrinsic_ToObject(JSContext *cx, unsigned argc, Value *vp);
-JSBool intrinsic_IsCallable(JSContext *cx, unsigned argc, Value *vp);
-JSBool intrinsic_ThrowError(JSContext *cx, unsigned argc, Value *vp);
-JSBool intrinsic_NewDenseArray(JSContext *cx, unsigned argc, Value *vp);
-
-JSBool intrinsic_UnsafePutElements(JSContext *cx, unsigned argc, Value *vp);
-JSBool intrinsic_UnsafeSetReservedSlot(JSContext *cx, unsigned argc, Value *vp);
-JSBool intrinsic_UnsafeGetReservedSlot(JSContext *cx, unsigned argc, Value *vp);
-JSBool intrinsic_NewObjectWithClassPrototype(JSContext *cx, unsigned argc, Value *vp);
-JSBool intrinsic_HaveSameClass(JSContext *cx, unsigned argc, Value *vp);
-
-JSBool intrinsic_ShouldForceSequential(JSContext *cx, unsigned argc, Value *vp);
-JSBool intrinsic_NewParallelArray(JSContext *cx, unsigned argc, Value *vp);
-
-#ifdef DEBUG
-JSBool intrinsic_Dump(JSContext *cx, unsigned argc, Value *vp);
-#endif
-
 } /* namespace js */
 
 #ifdef _MSC_VER
 #pragma warning(pop)
 #pragma warning(pop)
 #endif
 
-#endif /* jscntxt_h */
+#endif /* vm_Runtime_h */
--- a/js/src/vm/ScopeObject.cpp
+++ b/js/src/vm/ScopeObject.cpp
@@ -1593,18 +1593,18 @@ js_IsDebugScopeSlow(JSObject *obj)
     return obj->getClass() == &ObjectProxyClass &&
            GetProxyHandler(obj) == &DebugScopeProxy::singleton;
 }
 
 /*****************************************************************************/
 
 DebugScopes::DebugScopes(JSContext *cx)
  : proxiedScopes(cx),
-   missingScopes(cx),
-   liveScopes(cx)
+   missingScopes(cx->runtime()),
+   liveScopes(cx->runtime())
 {}
 
 DebugScopes::~DebugScopes()
 {
     JS_ASSERT(missingScopes.empty());
     WeakMapBase::removeWeakMapFromList(&proxiedScopes);
 }
 
--- a/js/src/vm/Shape.cpp
+++ b/js/src/vm/Shape.cpp
@@ -16,16 +16,17 @@
 
 #include "js/HashTable.h"
 #include "vm/Shape.h"
 
 #include "jscntxtinlines.h"
 #include "jsobjinlines.h"
 
 #include "vm/Shape-inl.h"
+#include "vm/Runtime-inl.h"
 
 using namespace js;
 using namespace js::gc;
 
 using mozilla::DebugOnly;
 using mozilla::PodZero;
 
 bool