[INFER] Cleanup for review, bug 657412.
authorBrian Hackett <bhackett1024@gmail.com>
Mon, 16 May 2011 22:59:40 -0700
changeset 75068 8aa5d9272628034ab1132ace847af61a9596c7e4
parent 75067 f18e992f6ec82ab8385af0d27ec59c01ec6d6f1f
child 75069 807a6cc25c34abd63a657a0394cc6e876b087378
push id2
push userbsmedberg@mozilla.com
push dateFri, 19 Aug 2011 14:38:13 +0000
bugs657412
milestone6.0a1
[INFER] Cleanup for review, bug 657412.
js/src/jsapi.cpp
js/src/jsapi.h
js/src/jsarray.cpp
js/src/jscompartment.cpp
js/src/jsdate.cpp
js/src/jsfun.cpp
js/src/jsgc.cpp
js/src/jsgcinlines.h
js/src/jshashtable.h
js/src/jsinterp.cpp
js/src/jsiter.cpp
js/src/jsnum.cpp
js/src/jsobj.cpp
js/src/json.cpp
js/src/jsprf.cpp
js/src/jsprobes.cpp
js/src/jsproxy.cpp
js/src/jsregexpinlines.h
js/src/jsstr.cpp
js/src/jstypedarray.cpp
js/src/jsvalue.h
js/src/jsxml.cpp
--- a/js/src/jsapi.cpp
+++ b/js/src/jsapi.cpp
@@ -3460,20 +3460,18 @@ JS_DefinePropertyWithTinyId(JSContext *c
 }
 
 static JSBool
 DefineUCProperty(JSContext *cx, JSObject *obj, const jschar *name, size_t namelen,
                  const Value &value, PropertyOp getter, StrictPropertyOp setter, uintN attrs,
                  uintN flags, intN tinyid)
 {
     JSAtom *atom = js_AtomizeChars(cx, name, AUTO_NAMELEN(name, namelen), 0);
-    if (!atom)
-        return false;
-    return DefinePropertyById(cx, obj, ATOM_TO_JSID(atom), value, getter, setter, attrs,
-                              flags, tinyid);
+    return atom && DefinePropertyById(cx, obj, ATOM_TO_JSID(atom), value, getter, setter, attrs,
+                                      flags, tinyid);
 }
 
 JS_PUBLIC_API(JSBool)
 JS_DefineUCProperty(JSContext *cx, JSObject *obj, const jschar *name, size_t namelen,
                     jsval value, JSPropertyOp getter, JSStrictPropertyOp setter, uintN attrs)
 {
     return DefineUCProperty(cx, obj, name, namelen, Valueify(value),
                             Valueify(getter), Valueify(setter), attrs, 0, 0);
@@ -3852,17 +3850,16 @@ JS_GetMethod(JSContext *cx, JSObject *ob
 }
 
 JS_PUBLIC_API(JSBool)
 JS_SetPropertyById(JSContext *cx, JSObject *obj, jsid id, jsval *vp)
 {
     CHECK_REQUEST(cx);
     assertSameCompartment(cx, obj, id);
     JSAutoResolveFlags rf(cx, JSRESOLVE_QUALIFIED | JSRESOLVE_ASSIGNING);
-
     return obj->setProperty(cx, id, Valueify(vp), false);
 }
 
 JS_PUBLIC_API(JSBool)
 JS_SetElement(JSContext *cx, JSObject *obj, jsint index, jsval *vp)
 {
     return JS_SetPropertyById(cx, obj, INT_TO_JSID(index), vp);
 }
@@ -4123,24 +4120,16 @@ JS_SetReservedSlot(JSContext *cx, JSObje
 
 JS_PUBLIC_API(JSObject *)
 JS_NewArrayObject(JSContext *cx, jsint length, jsval *vector)
 {
     JS_THREADSAFE_ASSERT(cx->compartment != cx->runtime->atomsCompartment);
     CHECK_REQUEST(cx);
     /* NB: jsuint cast does ToUint32. */
     assertSameCompartment(cx, JSValueArray(vector, vector ? (jsuint)length : 0));
-
-#ifdef DEBUG
-    if (vector) {
-        for (int i = 0; i < length; i++)
-            JS_ASSERT(!Valueify(vector[i]).isMagic(JS_ARRAY_HOLE));
-    }
-#endif
-
     return NewDenseCopiedArray(cx, (jsuint)length, Valueify(vector));
 }
 
 JS_PUBLIC_API(JSBool)
 JS_IsArrayObject(JSContext *cx, JSObject *obj)
 {
     assertSameCompartment(cx, obj);
     return obj->isArray() ||
@@ -4229,38 +4218,32 @@ JS_GetSecurityCallbacks(JSContext *cx)
   return cx->securityCallbacks
          ? cx->securityCallbacks
          : cx->runtime->securityCallbacks;
 }
 
 JS_PUBLIC_API(JSFunction *)
 JS_NewFunctionWithType(JSContext *cx, JSNative native, uintN nargs, uintN flags,
                        JSObject *parent, const char *name,
-                       JSTypeHandler handler, const char *fullName)
+                       JSTypeHandler handler)
 {
     JS_THREADSAFE_ASSERT(cx->compartment != cx->runtime->atomsCompartment);
     JSAtom *atom;
 
     CHECK_REQUEST(cx);
     assertSameCompartment(cx, parent);
 
     if (!name) {
         atom = NULL;
     } else {
         atom = js_Atomize(cx, name, strlen(name), 0);
         if (!atom)
             return NULL;
     }
-    if (!handler) {
-        handler = JS_TypeHandlerDynamic;
-        if (!fullName)
-            fullName = "Unknown";
-    }
-    return js_NewFunction(cx, NULL, Valueify(native), nargs, flags, parent, atom,
-                          handler, fullName);
+    return js_NewFunction(cx, NULL, Valueify(native), nargs, flags, parent, atom, handler, name);
 }
 
 JS_PUBLIC_API(JSFunction *)
 JS_NewFunctionById(JSContext *cx, JSNative native, uintN nargs, uintN flags, JSObject *parent,
                    jsid id)
 {
     JS_ASSERT(JSID_IS_STRING(id));
     JS_THREADSAFE_ASSERT(cx->compartment != cx->runtime->atomsCompartment);
@@ -4551,20 +4534,18 @@ JS_DefineFunctions(JSContext *cx, JSObje
             fun = JS_DefineFunctionWithType(cx, ctor, fs->name,
                                             Jsvalify(js_generic_native_method_dispatcher),
                                             fs->nargs + 1,
                                             flags & ~JSFUN_TRCINFO,
                                             fs->handler);
             if (!fun)
                 return JS_FALSE;
 
-            if (cx->typeInferenceEnabled()) {
-                /* Mark the type handler for this function as generic. */
+            if (cx->typeInferenceEnabled())
                 fun->getType()->asFunction()->isGeneric = true;
-            }
 
             /*
              * As jsapi.h notes, fs must point to storage that lives as long
              * as fun->object lives.
              */
             Value priv = PrivateValue(fs);
             if (!js_SetReservedSlot(cx, FUN_OBJECT(fun), 0, priv))
                 return JS_FALSE;
@@ -5146,19 +5127,19 @@ EvaluateUCScriptForPrincipalsCommon(JSCo
         LAST_FRAME_CHECKS(cx, script);
         return false;
     }
     script->isUncachedEval = true;
 
     JS_ASSERT(script->getVersion() == compileVersion);
     bool ok = Execute(cx, *obj, script, NULL, 0, Valueify(rval));
     LAST_FRAME_CHECKS(cx, ok);
-
     js_DestroyScript(cx, script);
     return ok;
+
 }
 
 JS_PUBLIC_API(JSBool)
 JS_EvaluateUCScriptForPrincipalsVersion(JSContext *cx, JSObject *obj,
                                         JSPrincipals *principals,
                                         const jschar *chars, uintN length,
                                         const char *filename, uintN lineno,
                                         jsval *rval, JSVersion version)
--- a/js/src/jsapi.h
+++ b/js/src/jsapi.h
@@ -2622,24 +2622,23 @@ JS_GetSecurityCallbacks(JSContext *cx);
 /************************************************************************/
 
 /*
  * Functions and scripts.
  */
 extern JS_PUBLIC_API(JSFunction *)
 JS_NewFunctionWithType(JSContext *cx, JSNative call, uintN nargs, uintN flags,
                        JSObject *parent, const char *name,
-                       JSTypeHandler handler, const char *fullName);
+                       JSTypeHandler handler);
 
 static JS_ALWAYS_INLINE JSFunction*
 JS_NewFunction(JSContext *cx, JSNative call, uintN nargs, uintN flags,
                JSObject *parent, const char *name)
 {
-    return JS_NewFunctionWithType(cx, call, nargs, flags, parent, name,
-                                  NULL, NULL);
+    return JS_NewFunctionWithType(cx, call, nargs, flags, parent, name, NULL);
 }
 
 /*
  * Create the function with the name given by the id. JSID_IS_STRING(id) must
  * be true.
  */
 extern JS_PUBLIC_API(JSFunction *)
 JS_NewFunctionById(JSContext *cx, JSNative call, uintN nargs, uintN flags,
--- a/js/src/jsarray.cpp
+++ b/js/src/jsarray.cpp
@@ -600,17 +600,16 @@ SetOrDeleteArrayElement(JSContext *cx, J
 JSBool
 js_SetLengthProperty(JSContext *cx, JSObject *obj, jsdouble length)
 {
     Value v;
     jsid id;
 
     v.setNumber(length);
     id = ATOM_TO_JSID(cx->runtime->atomState.lengthAtom);
-
     /* We don't support read-only array length yet. */
     return obj->setProperty(cx, id, &v, false);
 }
 
 JSBool
 js_HasLengthProperty(JSContext *cx, JSObject *obj, jsuint *lengthp)
 {
     JSErrorReporter older = JS_SetErrorReporter(cx, NULL);
@@ -2524,21 +2523,16 @@ array_splice(JSContext *cx, uintN argc, 
         return false;
 
     jsuint length, begin, end, count, delta, last;
     JSBool hole;
 
     /* Get the type of the result object. */
     TypeObject *type;
     if (obj->isArray()) {
-        /*
-         * :FIXME: This is getting a type whose prototype is that of the
-         * argument, even if it is the Array.prototype on a different
-         * global than the current frame.
-         */
         type = obj->getType();
     } else {
         /*
          * Make a new type object for the return value.  This is an unexpected
          * result of the call so mark it at the callsite.
          */
         type = cx->getTypeNewObject(JSProto_Array);
         if (!type)
@@ -2834,17 +2828,16 @@ array_slice(JSContext *cx, uintN argc, V
     }
 
     if (begin > end)
         begin = end;
 
     /* Get the type object for the returned array. */
     TypeObject *type;
     if (obj->isArray()) {
-        /* :FIXME: Same issue as array_splice. */
         type = obj->getType();
     } else {
         /*
          * Make a new type object for the return value.  This is an unexpected
          * result of the call so mark it at the callsite.
          */
         type = cx->getTypeNewObject(JSProto_Array);
         if (!type)
--- a/js/src/jscompartment.cpp
+++ b/js/src/jscompartment.cpp
@@ -328,16 +328,19 @@ JSCompartment::wrap(JSContext *cx, Value
      * to the object.
      */
     JSObject *wrapper = cx->runtime->wrapObjectCallback(cx, obj, proto, global, flags);
     if (!wrapper)
         return false;
 
     vp->setObject(*wrapper);
 
+    if (wrapper->getProto() != proto && !SetProto(cx, wrapper, proto, false))
+        return false;
+
     if (!crossCompartmentWrappers.put(wrapper->getProxyPrivate(), *vp))
         return false;
 
     wrapper->setParent(global);
     return true;
 }
 
 bool
@@ -410,17 +413,16 @@ JSCompartment::wrap(JSContext *cx, AutoI
     for (size_t n = 0; n < size_t(length); ++n) {
         if (!wrapId(cx, &vector[n]))
             return false;
     }
     return true;
 }
 
 #if defined JS_METHODJIT && defined JS_MONOIC
-
 /*
  * Check if the pool containing the code for jit should be destroyed, per the
  * heuristics in JSCompartment::sweep.
  */
 static inline bool
 ScriptPoolDestroyed(JSContext *cx, mjit::JITScript *jit,
                     uint32 releaseInterval, uint32 &counter)
 {
@@ -440,43 +442,20 @@ ScriptPoolDestroyed(JSContext *cx, mjit:
     }
     return pool->m_destroy;
 }
 
 static inline void
 ScriptTryDestroyCode(JSContext *cx, JSScript *script, bool normal,
                      uint32 releaseInterval, uint32 &counter)
 {
-    /*
-     * Check if the JIT code for script should be destroyed. When JIT code has
-     * inlined frames, destroy the outer script if any of the inner scripts
-     * will need to be destroyed, preserving the invariant that we always have
-     * JIT code for any inlined frame which may need to be expanded.
-     */
-
     mjit::JITScript *jit = normal ? script->jitNormal : script->jitCtor;
-
-    if (!jit)
-        return;
-
-    if (ScriptPoolDestroyed(cx, jit, releaseInterval, counter)) {
+    if (jit && ScriptPoolDestroyed(cx, jit, releaseInterval, counter))
         mjit::ReleaseScriptCode(cx, script, normal);
-        return;
-    }
-
-    for (unsigned i = 0; i < jit->nInlineFrames; i++) {
-        JSScript *inner = jit->inlineFrames()[i].fun->script();
-        if (!inner->jitNormal ||  /* Found inner first in the walk. */
-            ScriptPoolDestroyed(cx, inner->jitNormal, releaseInterval, counter)) {
-            mjit::ReleaseScriptCode(cx, script, true);
-            return;
-        }
-    }
 }
-
 #endif // JS_METHODJIT && JS_MONOIC
 
 /*
  * This method marks pointers that cross compartment boundaries. It should be
  * called only for per-compartment GCs, since full GCs naturally follow pointers
  * across compartments.
  */
 void
@@ -565,17 +544,16 @@ JSCompartment::sweep(JSContext *cx, uint
      * the amount of JIT code in never-used compartments to zero. Don't discard anything
      * for compartments which currently have active stack frames.
      */
     uint32 counter = 1;
     bool discardScripts = !active && releaseInterval != 0;
 
     for (JSCList *cursor = scripts.next; cursor != &scripts; cursor = cursor->next) {
         JSScript *script = reinterpret_cast<JSScript *>(cursor);
-
         if (script->hasJITCode()) {
             mjit::ic::SweepCallICs(cx, script, discardScripts);
             if (discardScripts) {
                 ScriptTryDestroyCode(cx, script, true, releaseInterval, counter);
                 ScriptTryDestroyCode(cx, script, false, releaseInterval, counter);
             }
         }
     }
--- a/js/src/jsdate.cpp
+++ b/js/src/jsdate.cpp
@@ -2653,19 +2653,18 @@ js_InitDateClass(JSContext *cx, JSObject
      *   The Function object that is the initial value of
      *   Date.prototype.toGMTString is the same Function
      *   object that is the initial value of
      *   Date.prototype.toUTCString.
      */
     AutoValueRooter toUTCStringFun(cx);
     jsid toUTCStringId = ATOM_TO_JSID(cx->runtime->atomState.toUTCStringAtom);
     jsid toGMTStringId = ATOM_TO_JSID(cx->runtime->atomState.toGMTStringAtom);
-    if (!js_GetProperty(cx, proto, toUTCStringId, toUTCStringFun.addr()))
-        return NULL;
-    if (!js_DefineProperty(cx, proto, toGMTStringId, toUTCStringFun.addr(),
+    if (!js_GetProperty(cx, proto, toUTCStringId, toUTCStringFun.addr()) ||
+        !js_DefineProperty(cx, proto, toGMTStringId, toUTCStringFun.addr(),
                            PropertyStub, StrictPropertyStub, 0)) {
         return NULL;
     }
 
     return proto;
 }
 
 JS_FRIEND_API(JSObject *)
--- a/js/src/jsfun.cpp
+++ b/js/src/jsfun.cpp
@@ -979,17 +979,17 @@ CalleeGetter(JSContext *cx, JSObject *ob
  * must be null.
  */
 static JSObject *
 NewCallObject(JSContext *cx, JSScript *script, JSObject &scopeChain, JSObject *callee)
 {
     Bindings &bindings = script->bindings;
     size_t argsVars = bindings.countArgsAndVars();
     size_t slots = JSObject::CALL_RESERVED_SLOTS + argsVars;
-    gc::FinalizeKind kind = gc::GetGCObjectKind(slots, gc::FINALIZE_OBJECT2);
+    gc::FinalizeKind kind = gc::GetGCObjectKind(slots);
 
     JSObject *callobj = js_NewGCObject(cx, kind);
     if (!callobj)
         return NULL;
 
     /* Init immediately to avoid GC seeing a half-init'ed object. */
     callobj->initCall(cx, bindings, &scopeChain);
 
@@ -1629,51 +1629,42 @@ fun_getProperty(JSContext *cx, JSObject 
         fp->prev()->pc(cx, fp, &inlined);
         if (inlined) {
             JSFunction *fun = fp->prev()->jit()->inlineFrames()[inlined->inlineIndex].fun;
             cx->markTypeObjectFlags(fun->getType(), OBJECT_FLAG_UNINLINEABLE);
         }
     }
 #endif
 
-    JSAtom *atom = NULL;
-
     switch (slot) {
       case FUN_ARGUMENTS:
         /* Warn if strict about f.arguments or equivalent unqualified uses. */
         if (!JS_ReportErrorFlagsAndNumber(cx,
                                           JSREPORT_WARNING | JSREPORT_STRICT,
                                           js_GetErrorMessage, NULL,
                                           JSMSG_DEPRECATED_USAGE,
                                           js_arguments_str)) {
             return false;
         }
         if (fp) {
             if (!js_GetArgsValue(cx, fp, vp))
                 return false;
         } else {
             vp->setNull();
         }
-        atom = cx->runtime->atomState.argumentsAtom;
         break;
 
       case FUN_LENGTH:
-        vp->setInt32(fun->nargs);
-        atom = cx->runtime->atomState.lengthAtom;
-        break;
-
       case FUN_ARITY:
         vp->setInt32(fun->nargs);
-        atom = cx->runtime->atomState.arityAtom;
         break;
 
       case FUN_NAME:
         vp->setString(fun->atom ? fun->atom
                                 : cx->runtime->emptyString);
-        atom = cx->runtime->atomState.nameAtom;
         break;
 
       case FUN_CALLER:
         vp->setNull();
         if (fp && fp->prev() && !fp->prev()->getValidCalleeObject(cx, vp))
             return false;
 
         if (vp->isObject()) {
@@ -1686,17 +1677,16 @@ fun_getProperty(JSContext *cx, JSObject 
                 JSFunction *callerFun = caller.getFunctionPrivate();
                 if (callerFun->isInterpreted() && callerFun->inStrictMode()) {
                     JS_ReportErrorFlagsAndNumber(cx, JSREPORT_ERROR, js_GetErrorMessage, NULL,
                                                  JSMSG_CALLER_IS_STRICT);
                     return false;
                 }
             }
         }
-        atom = cx->runtime->atomState.callerAtom;
         break;
 
       default:
         JS_NOT_REACHED("fun_getProperty");
     }
 
     return true;
 }
@@ -1830,17 +1820,16 @@ fun_resolve(JSContext *cx, JSObject *obj
          * isNative() test covers this case because bound functions are native
          * functions by definition/construction.
          */
         if (fun->isNative() || fun->isFunctionPrototype())
             return true;
 
         if (!ResolveInterpretedFunctionPrototype(cx, obj))
             return false;
-
         *objp = obj;
         return true;
     }
 
     if (JSID_IS_ATOM(id, cx->runtime->atomState.lengthAtom)) {
         JS_ASSERT(!IsInternalFunctionObject(obj));
         if (!DefineNativeProperty(cx, obj, id, Int32Value(fun->nargs),
                                   PropertyStub, StrictPropertyStub,
@@ -2462,36 +2451,23 @@ fun_bind(JSContext *cx, uintN argc, Valu
     /* Steps 17, 19-21 are handled by fun_resolve. */
     /* Step 18 is the default for new functions. */
 
     /* Step 22. */
     vp->setObject(*funobj);
     return true;
 }
 
-static void
-type_HandlerMonitored(JSContext *cx, JSTypeFunction *jsfun, JSTypeCallsite *jssite)
-{
-    /*
-     * Mark all calls to Function.prototype.call and Function.prototype.apply
-     * as monitored, so the compiler knows to keep track of all passed arguments.
-     */
-    TypeCallsite *site = Valueify(jssite);
-    cx->compartment->types.monitorBytecode(cx, site->script, site->pc - site->script->code);
-    if (site->returnTypes)
-        site->returnTypes->addType(cx, TYPE_UNKNOWN);
-}
-
 static JSFunctionSpec function_methods[] = {
 #if JS_HAS_TOSOURCE
     JS_FN_TYPE(js_toSource_str,   fun_toSource,   0,0, JS_TypeHandlerString),
 #endif
     JS_FN_TYPE(js_toString_str,   fun_toString,   0,0, JS_TypeHandlerString),
-    JS_FN_TYPE(js_apply_str,      js_fun_apply,   2,0, type_HandlerMonitored),
-    JS_FN_TYPE(js_call_str,       js_fun_call,    1,0, type_HandlerMonitored),
+    JS_FN_TYPE(js_apply_str,      js_fun_apply,   2,0, JS_TypeHandlerDynamic),
+    JS_FN_TYPE(js_call_str,       js_fun_call,    1,0, JS_TypeHandlerDynamic),
     JS_FN_TYPE("bind",            fun_bind,       1,0, JS_TypeHandlerDynamic),
 #if JS_HAS_GENERATORS
     JS_FN_TYPE("isGenerator",     fun_isGenerator,0,0, JS_TypeHandlerBool),
 #endif
     JS_FS_END
 };
 
 /*
--- a/js/src/jsgc.cpp
+++ b/js/src/jsgc.cpp
@@ -1989,17 +1989,16 @@ js_DestroyScriptsToGC(JSContext *cx, JSC
 {
     JSScript **listp, *script;
 
     for (size_t i = 0; i != JS_ARRAY_LENGTH(comp->scriptsToGC); ++i) {
         listp = &comp->scriptsToGC[i];
         while ((script = *listp) != NULL) {
             *listp = script->u.nextToGC;
             script->u.nextToGC = NULL;
-
             js_DestroyCachedScript(cx, script);
         }
     }
 }
 
 void
 JSCompartment::finalizeObjectArenaLists(JSContext *cx)
 {
--- a/js/src/jsgcinlines.h
+++ b/js/src/jsgcinlines.h
@@ -115,23 +115,19 @@ GetGCThingTraceKind(const void *thing)
         return JSTRACE_STRING;
     const Cell *cell = reinterpret_cast<const Cell *>(thing);
     return GetFinalizableTraceKind(cell->arenaHeader()->getThingKind());
 }
 
 /* Capacity for slotsToThingKind */
 const size_t SLOTS_TO_THING_KIND_LIMIT = 17;
 
-/*
- * Get the best kind to use when making an object with the given slot count.
- * fallback is the kind to use if the number of slots exceeds the maximum
- * number of fixed slots for an object.
- */
+/* Get the best kind to use when making an object with the given slot count. */
 static inline FinalizeKind
-GetGCObjectKind(size_t numSlots, FinalizeKind fallback = FINALIZE_OBJECT0)
+GetGCObjectKind(size_t numSlots)
 {
     extern FinalizeKind slotsToThingKind[];
 
     if (numSlots >= SLOTS_TO_THING_KIND_LIMIT)
         return FINALIZE_OBJECT16;
     return slotsToThingKind[numSlots];
 }
 
@@ -248,9 +244,10 @@ js_NewGCShape(JSContext *cx)
 #if JS_HAS_XML_SUPPORT
 inline JSXML *
 js_NewGCXML(JSContext *cx)
 {
     return NewFinalizableGCThing<JSXML>(cx, js::gc::FINALIZE_XML);
 }
 #endif
 
+
 #endif /* jsgcinlines_h___ */
--- a/js/src/jshashtable.h
+++ b/js/src/jshashtable.h
@@ -41,22 +41,16 @@
  * ***** END LICENSE BLOCK ***** */
 
 #ifndef jshashtable_h_
 #define jshashtable_h_
 
 #include "jsalloc.h"
 #include "jstl.h"
 
-/* Gross special case for Gecko, which defines malloc/calloc/free. */
-#ifdef mozilla_mozalloc_macro_wrappers_h
-#  define JSHASHTABLE_UNDEFD_MOZALLOC_WRAPPERS
-#  include "mozilla/mozalloc_undef_macro_wrappers.h"
-#endif
-
 namespace js {
 
 /* Integral types for all hash functions. */
 typedef uint32 HashNumber;
 
 /*****************************************************************************/
 
 namespace detail {
@@ -1218,13 +1212,9 @@ class HashSet
     void remove(const Lookup &l) {
         if (Ptr p = lookup(l))
             remove(p);
     }
 };
 
 }  /* namespace js */
 
-#ifdef JSHASHTABLE_UNDEFD_MOZALLOC_WRAPPERS
-#  include "mozilla/mozalloc_macro_wrappers.h"
 #endif
-
-#endif
--- a/js/src/jsinterp.cpp
+++ b/js/src/jsinterp.cpp
@@ -1895,18 +1895,16 @@ namespace reprmeter {
 #define PUSH_INT32(i)            regs.sp++->setInt32(i)
 #define PUSH_STRING(s)           do { regs.sp++->setString(s); assertSameCompartment(cx, regs.sp[-1]); } while (0)
 #define PUSH_OBJECT(obj)         do { regs.sp++->setObject(obj); assertSameCompartment(cx, regs.sp[-1]); } while (0)
 #define PUSH_OBJECT_OR_NULL(obj) do { regs.sp++->setObjectOrNull(obj); assertSameCompartment(cx, regs.sp[-1]); } while (0)
 #define PUSH_HOLE()              regs.sp++->setMagic(JS_ARRAY_HOLE)
 #define POP_COPY_TO(v)           v = *--regs.sp
 #define POP_RETURN_VALUE()       regs.fp()->setReturnValue(*--regs.sp)
 
-/* Definitions for performing runtime checks required by type inference. */
-
 #define POP_BOOLEAN(cx, vp, b)                                                \
     JS_BEGIN_MACRO                                                            \
         vp = &regs.sp[-1];                                                    \
         if (vp->isNull()) {                                                   \
             b = false;                                                        \
         } else if (vp->isBoolean()) {                                         \
             b = vp->toBoolean();                                              \
         } else {                                                              \
@@ -2625,16 +2623,17 @@ Interpret(JSContext *cx, StackFrame *ent
 #else /* !JS_THREADED_INTERP */
     for (;;) {
       advance_pc_by_one:
         JS_ASSERT(js_CodeSpec[op].length == 1);
         len = 1;
       advance_pc:
         regs.pc += len;
         op = (JSOp) *regs.pc;
+
       do_op:
         CHECK_RECORDER();
         LOG_OPCODE(op);
         switchOp = intN(op) | switchMask;
       do_switch:
         switch (switchOp) {
 #endif
 
@@ -3297,17 +3296,16 @@ END_CASE(JSOP_PICK)
           END_CASE(OP)
 
 BEGIN_CASE(JSOP_SETCONST)
 {
     JSAtom *atom;
     LOAD_ATOM(0, atom);
     JSObject &obj = cx->stack.currentVarObj();
     const Value &ref = regs.sp[-1];
-
     if (!obj.defineProperty(cx, ATOM_TO_JSID(atom), ref,
                             PropertyStub, StrictPropertyStub,
                             JSPROP_ENUMERATE | JSPROP_PERMANENT | JSPROP_READONLY)) {
         goto error;
     }
 }
 END_SET_CASE(JSOP_SETCONST);
 
--- a/js/src/jsiter.cpp
+++ b/js/src/jsiter.cpp
@@ -397,17 +397,16 @@ GetCustomIterator(JSContext *cx, JSObjec
          */
         JSAutoByteString bytes;
         if (!js_AtomToPrintableString(cx, atom, &bytes))
             return false;
         js_ReportValueError2(cx, JSMSG_BAD_TRAP_RETURN_VALUE,
                              -1, ObjectValue(*obj), NULL, bytes.ptr());
         return false;
     }
-
     return true;
 }
 
 template <typename T>
 static inline bool
 Compare(T *a, T *b, size_t c)
 {
     size_t n = (c + size_t(7)) / size_t(8);
--- a/js/src/jsnum.cpp
+++ b/js/src/jsnum.cpp
@@ -1124,17 +1124,16 @@ js_InitNumberClass(JSContext *cx, JSObje
     }
 
     /* ECMA 15.1.1.2 */
     if (!JS_DefineProperty(cx, obj, js_Infinity_str, Jsvalify(rt->positiveInfinityValue),
                            JS_PropertyStub, JS_StrictPropertyStub,
                            JSPROP_PERMANENT | JSPROP_READONLY)) {
         return NULL;
     }
-
     return proto;
 }
 
 namespace v8 {
 namespace internal {
 extern char* DoubleToCString(double v, char* buffer, int buflen);
 }
 }
--- a/js/src/jsobj.cpp
+++ b/js/src/jsobj.cpp
@@ -1644,17 +1644,16 @@ js_obj_defineGetter(JSContext *cx, uintN
     /*
      * Getters and setters are just like watchpoints from an access
      * control point of view.
      */
     Value junk;
     uintN attrs;
     if (!CheckAccess(cx, obj, id, JSACC_WATCH, &junk, &attrs))
         return JS_FALSE;
-
     call.rval().setUndefined();
     return obj->defineProperty(cx, id, UndefinedValue(), getter, StrictPropertyStub,
                                JSPROP_ENUMERATE | JSPROP_GETTER | JSPROP_SHARED);
 }
 
 JS_FRIEND_API(JSBool)
 js_obj_defineSetter(JSContext *cx, uintN argc, Value *vp)
 {
@@ -1679,17 +1678,16 @@ js_obj_defineSetter(JSContext *cx, uintN
     /*
      * Getters and setters are just like watchpoints from an access
      * control point of view.
      */
     Value junk;
     uintN attrs;
     if (!CheckAccess(cx, obj, id, JSACC_WATCH, &junk, &attrs))
         return JS_FALSE;
-
     call.rval().setUndefined();
     return obj->defineProperty(cx, id, UndefinedValue(), PropertyStub, setter,
                                JSPROP_ENUMERATE | JSPROP_SETTER | JSPROP_SHARED);
 }
 
 static JSBool
 obj_lookupGetter(JSContext *cx, uintN argc, Value *vp)
 {
@@ -2514,20 +2512,17 @@ obj_defineProperty(JSContext* cx, uintN 
     if (!ValueToId(cx, argc >= 2 ? vp[3] : UndefinedValue(), nameidr.addr()))
         return JS_FALSE;
 
     /* 15.2.3.6 step 3. */
     const Value &descval = argc >= 3 ? vp[4] : UndefinedValue();
 
     /* 15.2.3.6 step 4 */
     JSBool junk;
-    if (!js_DefineOwnProperty(cx, obj, nameidr.id(), descval, &junk))
-        return JS_FALSE;
-
-    return JS_TRUE;
+    return js_DefineOwnProperty(cx, obj, nameidr.id(), descval, &junk);
 }
 
 static bool
 DefineProperties(JSContext *cx, JSObject *obj, JSObject *props)
 {
     AutoIdVector ids(cx);
     if (!GetPropertyNames(cx, props, JSITER_OWNONLY, &ids))
         return false;
@@ -3368,17 +3363,17 @@ js_NewBlockObject(JSContext *cx)
 }
 
 JSObject *
 js_CloneBlockObject(JSContext *cx, JSObject *proto, StackFrame *fp)
 {
     JS_ASSERT(proto->isStaticBlock());
 
     size_t count = OBJ_BLOCK_COUNT(cx, proto);
-    gc::FinalizeKind kind = gc::GetGCObjectKind(count + 1, gc::FINALIZE_OBJECT2);
+    gc::FinalizeKind kind = gc::GetGCObjectKind(count + 1);
 
     js::types::TypeObject *type = proto->getNewType(cx);
     if (!type)
         return false;
 
     JSObject *clone = js_NewGCObject(cx, kind);
     if (!clone)
         return NULL;
--- a/js/src/json.cpp
+++ b/js/src/json.cpp
@@ -919,16 +919,17 @@ JSONParseError(JSONParser *jp, JSContext
     if (!jp->suppressErrors)
         JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL, JSMSG_JSON_BAD_PARSE, "syntax error");
     return JS_FALSE;
 }
 
 static bool
 Revive(JSContext *cx, const Value &reviver, Value *vp)
 {
+
     JSObject *obj = NewBuiltinClassInstance(cx, &js_ObjectClass);
     if (!obj)
         return false;
 
     AutoObjectRooter tvr(cx, obj);
     if (!obj->defineProperty(cx, ATOM_TO_JSID(cx->runtime->atomState.emptyAtom),
                              *vp, NULL, NULL, JSPROP_ENUMERATE)) {
         return false;
--- a/js/src/jsprf.cpp
+++ b/js/src/jsprf.cpp
@@ -46,17 +46,16 @@
 #include <string.h>
 #include <stdlib.h>
 #include "jsprf.h"
 #include "jsstdint.h"
 #include "jslong.h"
 #include "jsutil.h"
 #include "jspubtd.h"
 #include "jsstr.h"
-#include "jsobjinlines.h"
 
 using namespace js;
 
 /*
 ** Note: on some platforms va_list is defined as an array,
 ** and requires array notation.
 */
 #ifdef HAVE_VA_COPY
--- a/js/src/jsprobes.cpp
+++ b/js/src/jsprobes.cpp
@@ -38,17 +38,16 @@
 #include "jsatom.h"
 #include "jscntxt.h"
 #include "jsdbgapi.h"
 #include "jsfun.h"
 #include "jsinterp.h"
 #include "jsobj.h"
 #include "jsscript.h"
 #include "jsstr.h"
-#include "jsobjinlines.h"
 
 #ifdef __APPLE__
 #include "sharkctl.h"
 #endif
 
 #include "jsprobes.h"
 #include <sys/types.h>
 
--- a/js/src/jsproxy.cpp
+++ b/js/src/jsproxy.cpp
@@ -51,17 +51,16 @@
 #include "jsscope.h"
 
 #include "jsatominlines.h"
 #include "jsinferinlines.h"
 #include "jsobjinlines.h"
 
 using namespace js;
 using namespace js::gc;
-using namespace js::types;
 
 namespace js {
 
 static inline const Value &
 GetCall(JSObject *proxy) {
     JS_ASSERT(proxy->isFunctionProxy());
     return proxy->getSlot(JSSLOT_PROXY_CALL);
 }
@@ -1093,18 +1092,16 @@ JS_FRIEND_API(Class) OuterWindowProxyCla
         NULL,             /* enumerate       */
         NULL,             /* typeof          */
         NULL,             /* fix             */
         NULL,             /* thisObject      */
         NULL,             /* clear           */
     }
 };
 
-static const char proxy_type_str[] = "Proxy:new";
-
 JSBool
 proxy_Call(JSContext *cx, uintN argc, Value *vp)
 {
     JSObject *proxy = &JS_CALLEE(cx, vp).toObject();
     JS_ASSERT(proxy->isProxy());
     return JSProxy::call(cx, proxy, argc, vp);
 }
 
@@ -1458,17 +1455,17 @@ Class js_ProxyClass = {
 
 JS_FRIEND_API(JSObject *)
 js_InitProxyClass(JSContext *cx, JSObject *obj)
 {
     JSObject *module = NewNonFunction<WithProto::Class>(cx, &js_ProxyClass, NULL, obj);
     if (!module)
         return NULL;
 
-    TypeObject *type = cx->newTypeObject(js_ProxyClass.name, module->getProto());
+    types::TypeObject *type = cx->newTypeObject(js_ProxyClass.name, module->getProto());
     if (!type || !module->setTypeAndUniqueShape(cx, type))
         return NULL;
 
     if (!JS_DefineProperty(cx, obj, "Proxy", OBJECT_TO_JSVAL(module),
                            JS_PropertyStub, JS_StrictPropertyStub, 0)) {
         return NULL;
     }
     if (!JS_DefineFunctions(cx, module, static_methods))
--- a/js/src/jsregexpinlines.h
+++ b/js/src/jsregexpinlines.h
@@ -62,17 +62,17 @@ namespace js {
  * res = RegExp statics.
  */
 
 extern Class regexp_statics_class;
 
 static inline JSObject *
 regexp_statics_construct(JSContext *cx, GlobalObject *parent)
 {
-    JSObject *obj = NewObject<WithProto::Given>(cx, &regexp_statics_class, parent, NULL);
+    JSObject *obj = NewObject<WithProto::Given>(cx, &regexp_statics_class, NULL, parent);
     if (!obj)
         return NULL;
     RegExpStatics *res = cx->new_<RegExpStatics>();
     if (!res)
         return NULL;
     obj->setPrivate(static_cast<void *>(res));
     return obj;
 }
--- a/js/src/jsstr.cpp
+++ b/js/src/jsstr.cpp
@@ -1859,17 +1859,16 @@ BuildFlatMatchArray(JSContext *cx, JSStr
         vp->setNull();
         return true;
     }
 
     /* For this non-global match, produce a RegExp.exec-style array. */
     JSObject *obj = NewSlowEmptyArray(cx);
     if (!obj)
         return false;
-
     vp->setObject(*obj);
 
     return obj->defineProperty(cx, INT_TO_JSID(0), StringValue(fm.pattern())) &&
            obj->defineProperty(cx, ATOM_TO_JSID(cx->runtime->atomState.indexAtom),
                                Int32Value(fm.match())) &&
            obj->defineProperty(cx, ATOM_TO_JSID(cx->runtime->atomState.inputAtom),
                                StringValue(textstr));
 }
--- a/js/src/jstypedarray.cpp
+++ b/js/src/jstypedarray.cpp
@@ -125,18 +125,16 @@ ArrayBuffer::class_finalize(JSContext *c
 {
     ArrayBuffer *abuf = ArrayBuffer::fromJSObject(obj);
     if (abuf) {
         abuf->freeStorage(cx);
         cx->delete_(abuf);
     }
 }
 
-static const char arraybuffer_type_str[] = "ArrayBuffer:new";
-
 /*
  * new ArrayBuffer(byteLength)
  */
 JSBool
 ArrayBuffer::class_constructor(JSContext *cx, uintN argc, Value *vp)
 {
     int32 nbytes = 0;
     if (argc > 0 && !ValueToECMAInt32(cx, vp[2], &nbytes))
--- a/js/src/jsvalue.h
+++ b/js/src/jsvalue.h
@@ -192,24 +192,21 @@ JS_STATIC_ASSERT((JSVAL_TYPE_NONFUNOBJ &
 JS_STATIC_ASSERT((JSVAL_TYPE_FUNOBJ & 0xF) == JSVAL_TYPE_OBJECT);
 #endif
 
 static JS_ALWAYS_INLINE jsval_layout
 BOX_NON_DOUBLE_JSVAL(JSValueType type, uint64 *slot)
 {
     jsval_layout l;
     JS_ASSERT(type > JSVAL_TYPE_DOUBLE && type <= JSVAL_UPPER_INCL_TYPE_OF_BOXABLE_SET);
-    /*
-    // FIXME overasserting
     JS_ASSERT_IF(type == JSVAL_TYPE_STRING ||
                  type == JSVAL_TYPE_OBJECT ||
                  type == JSVAL_TYPE_NONFUNOBJ ||
                  type == JSVAL_TYPE_FUNOBJ,
                  *(uint32 *)slot != 0);
-    */
     l.s.tag = JSVAL_TYPE_TO_TAG(type & 0xF);
     /* A 32-bit value in a 64-bit slot always occupies the low-addressed end. */
     l.s.payload.u32 = *(uint32 *)slot;
     return l;
 }
 
 static JS_ALWAYS_INLINE void
 UNBOX_NON_DOUBLE_JSVAL(jsval_layout l, uint64 *out)
@@ -299,24 +296,21 @@ BOX_NON_DOUBLE_JSVAL(JSValueType type, u
 {
     /* N.B. for 32-bit payloads, the high 32 bits of the slot are trash. */
     jsval_layout l;
     JS_ASSERT(type > JSVAL_TYPE_DOUBLE && type <= JSVAL_UPPER_INCL_TYPE_OF_BOXABLE_SET);
     uint32 isI32 = (uint32)(type < JSVAL_LOWER_INCL_TYPE_OF_PTR_PAYLOAD_SET);
     uint32 shift = isI32 * 32;
     uint64 mask = ((uint64)-1) >> shift;
     uint64 payload = *slot & mask;
-    /*
-    // FIXME overasserting
     JS_ASSERT_IF(type == JSVAL_TYPE_STRING ||
                  type == JSVAL_TYPE_OBJECT ||
                  type == JSVAL_TYPE_NONFUNOBJ ||
                  type == JSVAL_TYPE_FUNOBJ,
                  payload != 0);
-    */
     l.asBits = payload | JSVAL_TYPE_TO_SHIFTED_TAG(type & 0xF);
     return l;
 }
 
 static JS_ALWAYS_INLINE void
 UNBOX_NON_DOUBLE_JSVAL(jsval_layout l, uint64 *out)
 {
     JS_ASSERT(!JSVAL_IS_DOUBLE_IMPL(l));
--- a/js/src/jsxml.cpp
+++ b/js/src/jsxml.cpp
@@ -218,17 +218,17 @@ namespace_equality(JSContext *cx, JSObje
     obj2 = v->toObjectOrNull();
     *bp = (!obj2 || obj2->getClass() != &js_NamespaceClass)
           ? JS_FALSE
           : EqualStrings(obj->getNameURI(), obj2->getNameURI());
     return JS_TRUE;
 }
 
 JS_FRIEND_DATA(Class) js_NamespaceClass = {
-    js_Namespace_str,
+    "Namespace",
     JSCLASS_CONSTRUCT_PROTOTYPE |
     JSCLASS_HAS_RESERVED_SLOTS(JSObject::NAMESPACE_CLASS_RESERVED_SLOTS) |
     JSCLASS_HAS_CACHED_PROTO(JSProto_Namespace),
     PropertyStub,         /* addProperty */
     PropertyStub,         /* delProperty */
     PropertyStub,         /* getProperty */
     StrictPropertyStub,   /* setProperty */
     EnumerateStub,
@@ -331,17 +331,17 @@ qname_equality(JSContext *cx, JSObject *
     obj2 = v->toObjectOrNull();
     *bp = (!obj2 || obj2->getClass() != &js_QNameClass)
           ? JS_FALSE
           : qname_identity(qn, obj2);
     return JS_TRUE;
 }
 
 JS_FRIEND_DATA(Class) js_QNameClass = {
-    js_QName_str,
+    "QName",
     JSCLASS_CONSTRUCT_PROTOTYPE |
     JSCLASS_HAS_RESERVED_SLOTS(JSObject::QNAME_CLASS_RESERVED_SLOTS) |
     JSCLASS_HAS_CACHED_PROTO(JSProto_QName),
     PropertyStub,         /* addProperty */
     PropertyStub,         /* delProperty */
     PropertyStub,         /* getProperty */
     StrictPropertyStub,   /* setProperty */
     EnumerateStub,
@@ -7313,17 +7313,16 @@ js_SetDefaultXMLNamespace(JSContext *cx,
     Value argv[2];
     argv[0].setString(cx->runtime->emptyString);
     argv[1] = v;
     JSObject *ns = js_ConstructObject(cx, &js_NamespaceClass, NULL, NULL, 2, argv);
     if (!ns)
         return JS_FALSE;
 
     JSObject &varobj = cx->stack.currentVarObj();
-
     if (!varobj.defineProperty(cx, JS_DEFAULT_XML_NAMESPACE_ID, ObjectValue(*ns),
                                PropertyStub, StrictPropertyStub, JSPROP_PERMANENT)) {
         return JS_FALSE;
     }
     return JS_TRUE;
 }
 
 JSBool