Bug 890784 (part 1) - Create a new vm/Runtime module and put JSRuntime in it. r=wmccloskey.
authorNicholas Nethercote <nnethercote@mozilla.com>
Sun, 07 Jul 2013 23:18:48 -0700
changeset 137816 740cea2dbf4596548e85c2725ec4cfbb7e603b65
parent 137815 09a18d4a9c0e2bdfc35ca431de0b7b2d93fde5ed
child 137817 a8929e61d50a96daf7b08bab4d3f8de0158d3e7e
push idunknown
push userunknown
push dateunknown
reviewerswmccloskey
bugs890784
milestone25.0a1
Bug 890784 (part 1) - Create a new vm/Runtime module and put JSRuntime in it. r=wmccloskey.
js/src/jsarray.cpp
js/src/jscntxt.cpp
js/src/jscntxt.h
js/src/jscntxtinlines.h
js/src/jscompartment.h
js/src/jsobj.cpp
js/src/jsweakcache.h
js/src/jsweakmap.h
js/src/moz.build
js/src/vm/Debugger.cpp
js/src/vm/Debugger.h
js/src/vm/Runtime-inl.h
js/src/vm/Runtime.cpp
js/src/vm/Runtime.h
js/src/vm/ScopeObject.cpp
js/src/vm/Shape.cpp
--- a/js/src/jsarray.cpp
+++ b/js/src/jsarray.cpp
@@ -32,16 +32,17 @@
 #include "jsatominlines.h"
 #include "jscntxtinlines.h"
 #include "jsstrinlines.h"
 
 #include "vm/ArrayObject-inl.h"
 #include "vm/ArgumentsObject-inl.h"
 #include "vm/Interpreter-inl.h"
 #include "vm/ObjectImpl-inl.h"
+#include "vm/Runtime-inl.h"
 
 using namespace js;
 using namespace js::gc;
 using namespace js::types;
 
 using mozilla::Abs;
 using mozilla::ArrayLength;
 using mozilla::DebugOnly;
--- a/js/src/jscntxt.cpp
+++ b/js/src/jscntxt.cpp
@@ -95,138 +95,16 @@ js::TraceCycleDetectionSet(JSTracer *trc
         JSObject *prior = e.front();
         MarkObjectRoot(trc, const_cast<JSObject **>(&e.front()), "cycle detector table entry");
         if (prior != e.front())
             e.rekeyFront(e.front());
     }
 }
 
 void
-NewObjectCache::clearNurseryObjects(JSRuntime *rt)
-{
-    for (unsigned i = 0; i < mozilla::ArrayLength(entries); ++i) {
-        Entry &e = entries[i];
-        JSObject *obj = reinterpret_cast<JSObject *>(&e.templateObject);
-        if (IsInsideNursery(rt, e.key) ||
-            IsInsideNursery(rt, obj->slots) ||
-            IsInsideNursery(rt, obj->elements))
-        {
-            mozilla::PodZero(&e);
-        }
-    }
-}
-
-void
-JSRuntime::sizeOfIncludingThis(mozilla::MallocSizeOf mallocSizeOf, JS::RuntimeSizes *rtSizes)
-{
-    rtSizes->object = mallocSizeOf(this);
-
-    rtSizes->atomsTable = atoms.sizeOfExcludingThis(mallocSizeOf);
-
-    rtSizes->contexts = 0;
-    for (ContextIter acx(this); !acx.done(); acx.next())
-        rtSizes->contexts += acx->sizeOfIncludingThis(mallocSizeOf);
-
-    rtSizes->dtoa = mallocSizeOf(mainThread.dtoaState);
-
-    rtSizes->temporary = tempLifoAlloc.sizeOfExcludingThis(mallocSizeOf);
-
-    rtSizes->code = JS::CodeSizes();
-    if (execAlloc_)
-        execAlloc_->sizeOfCode(&rtSizes->code);
-
-    rtSizes->regexpData = bumpAlloc_ ? bumpAlloc_->sizeOfNonHeapData() : 0;
-
-    rtSizes->interpreterStack = interpreterStack_.sizeOfExcludingThis(mallocSizeOf);
-
-    rtSizes->gcMarker = gcMarker.sizeOfExcludingThis(mallocSizeOf);
-
-    rtSizes->mathCache = mathCache_ ? mathCache_->sizeOfIncludingThis(mallocSizeOf) : 0;
-
-    rtSizes->scriptData = scriptDataTable.sizeOfExcludingThis(mallocSizeOf);
-    for (ScriptDataTable::Range r = scriptDataTable.all(); !r.empty(); r.popFront())
-        rtSizes->scriptData += mallocSizeOf(r.front());
-}
-
-void
-JSRuntime::triggerOperationCallback()
-{
-    AutoLockForOperationCallback lock(this);
-
-    /*
-     * Invalidate ionTop to trigger its over-recursion check. Note this must be
-     * set before interrupt, to avoid racing with js_InvokeOperationCallback,
-     * into a weird state where interrupt is stuck at 0 but ionStackLimit is
-     * MAXADDR.
-     */
-    mainThread.setIonStackLimit(-1);
-
-    /*
-     * Use JS_ATOMIC_SET in the hope that it ensures the write will become
-     * immediately visible to other processors polling the flag.
-     */
-    JS_ATOMIC_SET(&interrupt, 1);
-
-#ifdef JS_ION
-    /* asm.js code uses a separate mechanism to halt running code. */
-    TriggerOperationCallbackForAsmJSCode(this);
-#endif
-}
-
-void
-JSRuntime::setJitHardening(bool enabled)
-{
-    jitHardening = enabled;
-    if (execAlloc_)
-        execAlloc_->setRandomize(enabled);
-}
-
-JSC::ExecutableAllocator *
-JSRuntime::createExecutableAllocator(JSContext *cx)
-{
-    JS_ASSERT(!execAlloc_);
-    JS_ASSERT(cx->runtime() == this);
-
-    JSC::AllocationBehavior randomize =
-        jitHardening ? JSC::AllocationCanRandomize : JSC::AllocationDeterministic;
-    execAlloc_ = js_new<JSC::ExecutableAllocator>(randomize);
-    if (!execAlloc_)
-        js_ReportOutOfMemory(cx);
-    return execAlloc_;
-}
-
-WTF::BumpPointerAllocator *
-JSRuntime::createBumpPointerAllocator(JSContext *cx)
-{
-    JS_ASSERT(!bumpAlloc_);
-    JS_ASSERT(cx->runtime() == this);
-
-    bumpAlloc_ = js_new<WTF::BumpPointerAllocator>();
-    if (!bumpAlloc_)
-        js_ReportOutOfMemory(cx);
-    return bumpAlloc_;
-}
-
-MathCache *
-JSRuntime::createMathCache(JSContext *cx)
-{
-    JS_ASSERT(!mathCache_);
-    JS_ASSERT(cx->runtime() == this);
-
-    MathCache *newMathCache = js_new<MathCache>();
-    if (!newMathCache) {
-        js_ReportOutOfMemory(cx);
-        return NULL;
-    }
-
-    mathCache_ = newMathCache;
-    return mathCache_;
-}
-
-void
 JSCompartment::sweepCallsiteClones()
 {
     if (callsiteClones.initialized()) {
         for (CallsiteCloneTable::Enum e(callsiteClones); !e.empty(); e.popFront()) {
             CallsiteCloneKey key = e.front().key;
             JSFunction *fun = e.front().value;
             if (!IsScriptMarked(&key.script) || !IsObjectMarked(&fun))
                 e.removeFront();
@@ -1216,60 +1094,16 @@ JSContext::JSContext(JSRuntime *rt)
 }
 
 JSContext::~JSContext()
 {
     /* Free the stuff hanging off of cx. */
     JS_ASSERT(!resolvingList);
 }
 
-bool
-JSRuntime::setDefaultLocale(const char *locale)
-{
-    if (!locale)
-        return false;
-    resetDefaultLocale();
-    defaultLocale = JS_strdup(this, locale);
-    return defaultLocale != NULL;
-}
-
-void
-JSRuntime::resetDefaultLocale()
-{
-    js_free(defaultLocale);
-    defaultLocale = NULL;
-}
-
-const char *
-JSRuntime::getDefaultLocale()
-{
-    if (defaultLocale)
-        return defaultLocale;
-
-    char *locale, *lang, *p;
-#ifdef HAVE_SETLOCALE
-    locale = setlocale(LC_ALL, NULL);
-#else
-    locale = getenv("LANG");
-#endif
-    // convert to a well-formed BCP 47 language tag
-    if (!locale || !strcmp(locale, "C"))
-        locale = const_cast<char*>("und");
-    lang = JS_strdup(this, locale);
-    if (!lang)
-        return NULL;
-    if ((p = strchr(lang, '.')))
-        *p = '\0';
-    while ((p = strchr(lang, '_')))
-        *p = '-';
-
-    defaultLocale = lang;
-    return defaultLocale;
-}
-
 /*
  * Since this function is only called in the context of a pending exception,
  * the caller must subsequently take an error path. If wrapping fails, it will
  * set a new (uncatchable) exception to be used in place of the original.
  */
 void
 JSContext::wrapPendingException()
 {
@@ -1346,84 +1180,16 @@ JSContext::currentlyRunning() const
                 return false;
             return true;
         }
     }
 
     return false;
 }
 
-void
-JSRuntime::setGCMaxMallocBytes(size_t value)
-{
-    /*
-     * For compatibility treat any value that exceeds PTRDIFF_T_MAX to
-     * mean that value.
-     */
-    gcMaxMallocBytes = (ptrdiff_t(value) >= 0) ? value : size_t(-1) >> 1;
-    for (ZonesIter zone(this); !zone.done(); zone.next())
-        zone->setGCMaxMallocBytes(value);
-}
-
-void
-JSRuntime::updateMallocCounter(size_t nbytes)
-{
-    updateMallocCounter(NULL, nbytes);
-}
-
-void
-JSRuntime::updateMallocCounter(JS::Zone *zone, size_t nbytes)
-{
-    /* We tolerate any thread races when updating gcMallocBytes. */
-    ptrdiff_t oldCount = gcMallocBytes;
-    ptrdiff_t newCount = oldCount - ptrdiff_t(nbytes);
-    gcMallocBytes = newCount;
-    if (JS_UNLIKELY(newCount <= 0 && oldCount > 0))
-        onTooMuchMalloc();
-    else if (zone)
-        zone->updateMallocCounter(nbytes);
-}
-
-JS_FRIEND_API(void)
-JSRuntime::onTooMuchMalloc()
-{
-    TriggerGC(this, JS::gcreason::TOO_MUCH_MALLOC);
-}
-
-JS_FRIEND_API(void *)
-JSRuntime::onOutOfMemory(void *p, size_t nbytes)
-{
-    return onOutOfMemory(p, nbytes, NULL);
-}
-
-JS_FRIEND_API(void *)
-JSRuntime::onOutOfMemory(void *p, size_t nbytes, JSContext *cx)
-{
-    if (isHeapBusy())
-        return NULL;
-
-    /*
-     * Retry when we are done with the background sweeping and have stopped
-     * all the allocations and released the empty GC chunks.
-     */
-    JS::ShrinkGCBuffers(this);
-    gcHelperThread.waitBackgroundSweepOrAllocEnd();
-    if (!p)
-        p = js_malloc(nbytes);
-    else if (p == reinterpret_cast<void *>(1))
-        p = js_calloc(nbytes);
-    else
-      p = js_realloc(p, nbytes);
-    if (p)
-        return p;
-    if (cx)
-        js_ReportOutOfMemory(cx);
-    return NULL;
-}
-
 static bool
 ComputeIsJITBroken()
 {
 #if !defined(ANDROID) || defined(GONK)
     return false;
 #else  // ANDROID
     if (getenv("JS_IGNORE_JIT_BROKENNESS")) {
         return false;
--- a/js/src/jscntxt.h
+++ b/js/src/jscntxt.h
@@ -27,39 +27,30 @@
 #include "ds/LifoAlloc.h"
 #include "frontend/ParseMaps.h"
 #include "gc/Nursery.h"
 #include "gc/Statistics.h"
 #include "gc/StoreBuffer.h"
 #include "js/HashTable.h"
 #include "js/Vector.h"
 #include "vm/DateTime.h"
+#include "vm/Runtime.h"
 #include "vm/SPSProfiler.h"
 #include "vm/Stack.h"
 #include "vm/ThreadPool.h"
 
 #ifdef _MSC_VER
 #pragma warning(push)
 #pragma warning(disable:4100) /* Silence unreferenced formal parameter warnings */
 #pragma warning(push)
 #pragma warning(disable:4355) /* Silence warning about "this" used in base member initializer list */
 #endif
 
-struct DtoaState;
-
-extern void
-js_ReportOutOfMemory(JSContext *cx);
-
-extern void
-js_ReportAllocationOverflow(JSContext *cx);
-
 namespace js {
 
-typedef Rooted<JSLinearString*> RootedLinearString;
-
 struct CallsiteCloneKey {
     /* The original function that we are cloning. */
     JSFunction *original;
 
     /* The script of the call. */
     JSScript *script;
 
     /* The offset of the call. */
@@ -113,1500 +104,18 @@ class AutoCycleDetector
 
     bool foundCycle() { return cyclic; }
 };
 
 /* Updates references in the cycle detection set if the GC moves them. */
 extern void
 TraceCycleDetectionSet(JSTracer *trc, ObjectSet &set);
 
-class MathCache;
-
-namespace ion {
-class IonActivation;
-class IonRuntime;
-struct PcScriptCache;
-}
-
-class AsmJSActivation;
-class InterpreterFrames;
-class WeakMapBase;
-class WorkerThreadState;
-
-/*
- * GetSrcNote cache to avoid O(n^2) growth in finding a source note for a
- * given pc in a script. We use the script->code pointer to tag the cache,
- * instead of the script address itself, so that source notes are always found
- * by offset from the bytecode with which they were generated.
- */
-struct GSNCache {
-    typedef HashMap<jsbytecode *,
-                    jssrcnote *,
-                    PointerHasher<jsbytecode *, 0>,
-                    SystemAllocPolicy> Map;
-
-    jsbytecode      *code;
-    Map             map;
-
-    GSNCache() : code(NULL) { }
-
-    void purge();
-};
-
-typedef Vector<ScriptAndCounts, 0, SystemAllocPolicy> ScriptAndCountsVector;
-
-struct ConservativeGCData
-{
-    /*
-     * The GC scans conservatively between ThreadData::nativeStackBase and
-     * nativeStackTop unless the latter is NULL.
-     */
-    uintptr_t           *nativeStackTop;
-
-#if defined(JSGC_ROOT_ANALYSIS) && (JS_STACK_GROWTH_DIRECTION < 0)
-    /*
-     * Record old contents of the native stack from the last time there was a
-     * scan, to reduce the overhead involved in repeatedly rescanning the
-     * native stack during root analysis. oldStackData stores words in reverse
-     * order starting at oldStackEnd.
-     */
-    uintptr_t           *oldStackMin, *oldStackEnd;
-    uintptr_t           *oldStackData;
-    size_t              oldStackCapacity; // in sizeof(uintptr_t)
-#endif
-
-    union {
-        jmp_buf         jmpbuf;
-        uintptr_t       words[JS_HOWMANY(sizeof(jmp_buf), sizeof(uintptr_t))];
-    } registerSnapshot;
-
-    ConservativeGCData() {
-        mozilla::PodZero(this);
-    }
-
-    ~ConservativeGCData() {
-#ifdef JS_THREADSAFE
-        /*
-         * The conservative GC scanner should be disabled when the thread leaves
-         * the last request.
-         */
-        JS_ASSERT(!hasStackToScan());
-#endif
-    }
-
-    JS_NEVER_INLINE void recordStackTop();
-
-#ifdef JS_THREADSAFE
-    void updateForRequestEnd() {
-        nativeStackTop = NULL;
-    }
-#endif
-
-    bool hasStackToScan() const {
-        return !!nativeStackTop;
-    }
-};
-
-class SourceDataCache
-{
-    typedef HashMap<ScriptSource *,
-                    JSStableString *,
-                    DefaultHasher<ScriptSource *>,
-                    SystemAllocPolicy> Map;
-    Map *map_;
-
-  public:
-    SourceDataCache() : map_(NULL) {}
-    JSStableString *lookup(ScriptSource *ss);
-    void put(ScriptSource *ss, JSStableString *);
-    void purge();
-};
-
-struct EvalCacheEntry
-{
-    JSScript *script;
-    JSScript *callerScript;
-    jsbytecode *pc;
-};
-
-struct EvalCacheLookup
-{
-    EvalCacheLookup(JSContext *cx) : str(cx), callerScript(cx) {}
-    RootedLinearString str;
-    RootedScript callerScript;
-    JSVersion version;
-    jsbytecode *pc;
-};
-
-struct EvalCacheHashPolicy
-{
-    typedef EvalCacheLookup Lookup;
-
-    static HashNumber hash(const Lookup &l);
-    static bool match(const EvalCacheEntry &entry, const EvalCacheLookup &l);
-};
-
-typedef HashSet<EvalCacheEntry, EvalCacheHashPolicy, SystemAllocPolicy> EvalCache;
-
-struct LazyScriptHashPolicy
-{
-    struct Lookup {
-        JSContext *cx;
-        LazyScript *lazy;
-
-        Lookup(JSContext *cx, LazyScript *lazy)
-          : cx(cx), lazy(lazy)
-        {}
-    };
-
-    static const size_t NumHashes = 3;
-
-    static void hash(const Lookup &lookup, HashNumber hashes[NumHashes]);
-    static bool match(JSScript *script, const Lookup &lookup);
-
-    // Alternate methods for use when removing scripts from the hash without an
-    // explicit LazyScript lookup.
-    static void hash(JSScript *script, HashNumber hashes[NumHashes]);
-    static bool match(JSScript *script, JSScript *lookup) { return script == lookup; }
-
-    static void clear(JSScript **pscript) { *pscript = NULL; }
-    static bool isCleared(JSScript *script) { return !script; }
-};
-
-typedef FixedSizeHashSet<JSScript *, LazyScriptHashPolicy, 769> LazyScriptCache;
-
-class PropertyIteratorObject;
-
-class NativeIterCache
-{
-    static const size_t SIZE = size_t(1) << 8;
-
-    /* Cached native iterators. */
-    PropertyIteratorObject *data[SIZE];
-
-    static size_t getIndex(uint32_t key) {
-        return size_t(key) % SIZE;
-    }
-
-  public:
-    /* Native iterator most recently started. */
-    PropertyIteratorObject *last;
-
-    NativeIterCache()
-      : last(NULL)
-    {
-        mozilla::PodArrayZero(data);
-    }
-
-    void purge() {
-        last = NULL;
-        mozilla::PodArrayZero(data);
-    }
-
-    PropertyIteratorObject *get(uint32_t key) const {
-        return data[getIndex(key)];
-    }
-
-    void set(uint32_t key, PropertyIteratorObject *iterobj) {
-        data[getIndex(key)] = iterobj;
-    }
-};
-
-/*
- * Cache for speeding up repetitive creation of objects in the VM.
- * When an object is created which matches the criteria in the 'key' section
- * below, an entry is filled with the resulting object.
- */
-class NewObjectCache
-{
-    /* Statically asserted to be equal to sizeof(JSObject_Slots16) */
-    static const unsigned MAX_OBJ_SIZE = 4 * sizeof(void*) + 16 * sizeof(Value);
-
-    static void staticAsserts() {
-        JS_STATIC_ASSERT(NewObjectCache::MAX_OBJ_SIZE == sizeof(JSObject_Slots16));
-        JS_STATIC_ASSERT(gc::FINALIZE_OBJECT_LAST == gc::FINALIZE_OBJECT16_BACKGROUND);
-    }
-
-    struct Entry
-    {
-        /* Class of the constructed object. */
-        Class *clasp;
-
-        /*
-         * Key with one of three possible values:
-         *
-         * - Global for the object. The object must have a standard class for
-         *   which the global's prototype can be determined, and the object's
-         *   parent will be the global.
-         *
-         * - Prototype for the object (cannot be global). The object's parent
-         *   will be the prototype's parent.
-         *
-         * - Type for the object. The object's parent will be the type's
-         *   prototype's parent.
-         */
-        gc::Cell *key;
-
-        /* Allocation kind for the constructed object. */
-        gc::AllocKind kind;
-
-        /* Number of bytes to copy from the template object. */
-        uint32_t nbytes;
-
-        /*
-         * Template object to copy from, with the initial values of fields,
-         * fixed slots (undefined) and private data (NULL).
-         */
-        char templateObject[MAX_OBJ_SIZE];
-    };
-
-    Entry entries[41];  // TODO: reconsider size
-
-  public:
-
-    typedef int EntryIndex;
-
-    NewObjectCache() { mozilla::PodZero(this); }
-    void purge() { mozilla::PodZero(this); }
-
-    /* Remove any cached items keyed on moved objects. */
-    void clearNurseryObjects(JSRuntime *rt);
-
-    /*
-     * Get the entry index for the given lookup, return whether there was a hit
-     * on an existing entry.
-     */
-    inline bool lookupProto(Class *clasp, JSObject *proto, gc::AllocKind kind, EntryIndex *pentry);
-    inline bool lookupGlobal(Class *clasp, js::GlobalObject *global, gc::AllocKind kind,
-                             EntryIndex *pentry);
-
-    bool lookupType(Class *clasp, js::types::TypeObject *type, gc::AllocKind kind,
-                    EntryIndex *pentry)
-    {
-        return lookup(clasp, type, kind, pentry);
-    }
-
-    /*
-     * Return a new object from a cache hit produced by a lookup method, or
-     * NULL if returning the object could possibly trigger GC (does not
-     * indicate failure).
-     */
-    inline JSObject *newObjectFromHit(JSContext *cx, EntryIndex entry, js::gc::InitialHeap heap);
-
-    /* Fill an entry after a cache miss. */
-    void fillProto(EntryIndex entry, Class *clasp, js::TaggedProto proto, gc::AllocKind kind, JSObject *obj);
-
-    inline void fillGlobal(EntryIndex entry, Class *clasp, js::GlobalObject *global,
-                           gc::AllocKind kind, JSObject *obj);
-
-    void fillType(EntryIndex entry, Class *clasp, js::types::TypeObject *type, gc::AllocKind kind,
-                  JSObject *obj)
-    {
-        JS_ASSERT(obj->type() == type);
-        return fill(entry, clasp, type, kind, obj);
-    }
-
-    /* Invalidate any entries which might produce an object with shape/proto. */
-    void invalidateEntriesForShape(JSContext *cx, HandleShape shape, HandleObject proto);
-
-  private:
-    bool lookup(Class *clasp, gc::Cell *key, gc::AllocKind kind, EntryIndex *pentry) {
-        uintptr_t hash = (uintptr_t(clasp) ^ uintptr_t(key)) + kind;
-        *pentry = hash % mozilla::ArrayLength(entries);
-
-        Entry *entry = &entries[*pentry];
-
-        /* N.B. Lookups with the same clasp/key but different kinds map to different entries. */
-        return (entry->clasp == clasp && entry->key == key);
-    }
-
-    void fill(EntryIndex entry_, Class *clasp, gc::Cell *key, gc::AllocKind kind, JSObject *obj) {
-        JS_ASSERT(unsigned(entry_) < mozilla::ArrayLength(entries));
-        Entry *entry = &entries[entry_];
-
-        JS_ASSERT(!obj->hasDynamicSlots() && !obj->hasDynamicElements());
-
-        entry->clasp = clasp;
-        entry->key = key;
-        entry->kind = kind;
-
-        entry->nbytes = gc::Arena::thingSize(kind);
-        js_memcpy(&entry->templateObject, obj, entry->nbytes);
-    }
-
-    static inline void copyCachedToObject(JSObject *dst, JSObject *src, gc::AllocKind kind);
-};
-
-/*
- * A FreeOp can do one thing: free memory. For convenience, it has delete_
- * convenience methods that also call destructors.
- *
- * FreeOp is passed to finalizers and other sweep-phase hooks so that we do not
- * need to pass a JSContext to those hooks.
- */
-class FreeOp : public JSFreeOp {
-    bool        shouldFreeLater_;
-
-  public:
-    static FreeOp *get(JSFreeOp *fop) {
-        return static_cast<FreeOp *>(fop);
-    }
-
-    FreeOp(JSRuntime *rt, bool shouldFreeLater)
-      : JSFreeOp(rt),
-        shouldFreeLater_(shouldFreeLater)
-    {
-    }
-
-    bool shouldFreeLater() const {
-        return shouldFreeLater_;
-    }
-
-    inline void free_(void *p);
-
-    template <class T>
-    inline void delete_(T *p) {
-        if (p) {
-            p->~T();
-            free_(p);
-        }
-    }
-
-    static void staticAsserts() {
-        /*
-         * Check that JSFreeOp is the first base class for FreeOp and we can
-         * reinterpret a pointer to JSFreeOp as a pointer to FreeOp without
-         * any offset adjustments. JSClass::finalize <-> Class::finalize depends
-         * on this.
-         */
-        JS_STATIC_ASSERT(offsetof(FreeOp, shouldFreeLater_) == sizeof(JSFreeOp));
-    }
-};
-
-} /* namespace js */
-
-namespace JS {
-struct RuntimeSizes;
-}
-
-/* Various built-in or commonly-used names pinned on first context. */
-struct JSAtomState
-{
-#define PROPERTYNAME_FIELD(idpart, id, text) js::FixedHeapPtr<js::PropertyName> id;
-    FOR_EACH_COMMON_PROPERTYNAME(PROPERTYNAME_FIELD)
-#undef PROPERTYNAME_FIELD
-#define PROPERTYNAME_FIELD(name, code, init) js::FixedHeapPtr<js::PropertyName> name;
-    JS_FOR_EACH_PROTOTYPE(PROPERTYNAME_FIELD)
-#undef PROPERTYNAME_FIELD
-};
-
-#define NAME_OFFSET(name)       offsetof(JSAtomState, name)
-#define OFFSET_TO_NAME(rt,off)  (*(js::FixedHeapPtr<js::PropertyName>*)((char*)&(rt)->atomState + (off)))
-
-namespace js {
-
-/*
- * Encapsulates portions of the runtime/context that are tied to a
- * single active thread.  Normally, as most JS is single-threaded,
- * there is only one instance of this struct, embedded in the
- * JSRuntime as the field |mainThread|.  During Parallel JS sections,
- * however, there will be one instance per worker thread.
- */
-class PerThreadData : public js::PerThreadDataFriendFields
-{
-    /*
-     * Backpointer to the full shared JSRuntime* with which this
-     * thread is associated.  This is private because accessing the
-     * fields of this runtime can provoke race conditions, so the
-     * intention is that access will be mediated through safe
-     * functions like |associatedWith()| below.
-     */
-    JSRuntime *runtime_;
-
-  public:
-    /*
-     * We save all conservative scanned roots in this vector so that
-     * conservative scanning can be "replayed" deterministically. In DEBUG mode,
-     * this allows us to run a non-incremental GC after every incremental GC to
-     * ensure that no objects were missed.
-     */
-#ifdef DEBUG
-    struct SavedGCRoot {
-        void *thing;
-        JSGCTraceKind kind;
-
-        SavedGCRoot(void *thing, JSGCTraceKind kind) : thing(thing), kind(kind) {}
-    };
-    js::Vector<SavedGCRoot, 0, js::SystemAllocPolicy> gcSavedRoots;
-#endif
-
-    /*
-     * If Ion code is on the stack, and has called into C++, this will be
-     * aligned to an Ion exit frame.
-     */
-    uint8_t             *ionTop;
-    JSContext           *ionJSContext;
-    uintptr_t            ionStackLimit;
-
-    inline void setIonStackLimit(uintptr_t limit);
-
-    /*
-     * asm.js maintains a stack of AsmJSModule activations (see AsmJS.h). This
-     * stack is used by JSRuntime::triggerOperationCallback to stop long-
-     * running asm.js without requiring dynamic polling operations in the
-     * generated code. Since triggerOperationCallback may run on a separate
-     * thread than the JSRuntime's owner thread all reads/writes must be
-     * synchronized (by rt->operationCallbackLock).
-     */
-  private:
-    friend class js::Activation;
-    friend class js::ActivationIterator;
-    friend class js::ion::JitActivation;
-    friend class js::AsmJSActivation;
-
-    /*
-     * Points to the most recent activation running on the thread.
-     * See Activation comment in vm/Stack.h.
-     */
-    js::Activation *activation_;
-
-    /* See AsmJSActivation comment. Protected by rt->operationCallbackLock. */
-    js::AsmJSActivation *asmJSActivationStack_;
-
-  public:
-    static unsigned offsetOfActivation() {
-        return offsetof(PerThreadData, activation_);
-    }
-    static unsigned offsetOfAsmJSActivationStackReadOnly() {
-        return offsetof(PerThreadData, asmJSActivationStack_);
-    }
-
-    js::AsmJSActivation *asmJSActivationStackFromAnyThread() const {
-        return asmJSActivationStack_;
-    }
-    js::AsmJSActivation *asmJSActivationStackFromOwnerThread() const {
-        return asmJSActivationStack_;
-    }
-
-    js::Activation *activation() const {
-        return activation_;
-    }
-
-    /* State used by jsdtoa.cpp. */
-    DtoaState           *dtoaState;
-
-    /*
-     * When this flag is non-zero, any attempt to GC will be skipped. It is used
-     * to suppress GC when reporting an OOM (see js_ReportOutOfMemory) and in
-     * debugging facilities that cannot tolerate a GC and would rather OOM
-     * immediately, such as utilities exposed to GDB. Setting this flag is
-     * extremely dangerous and should only be used when in an OOM situation or
-     * in non-exposed debugging facilities.
-     */
-    int32_t             suppressGC;
-
-    PerThreadData(JSRuntime *runtime);
-    ~PerThreadData();
-
-    bool init();
-
-    bool associatedWith(const JSRuntime *rt) { return runtime_ == rt; }
-};
-
-template<class Client>
-struct MallocProvider
-{
-    void *malloc_(size_t bytes) {
-        Client *client = static_cast<Client *>(this);
-        client->updateMallocCounter(bytes);
-        void *p = js_malloc(bytes);
-        return JS_LIKELY(!!p) ? p : client->onOutOfMemory(NULL, bytes);
-    }
-
-    void *calloc_(size_t bytes) {
-        Client *client = static_cast<Client *>(this);
-        client->updateMallocCounter(bytes);
-        void *p = js_calloc(bytes);
-        return JS_LIKELY(!!p) ? p : client->onOutOfMemory(reinterpret_cast<void *>(1), bytes);
-    }
-
-    void *realloc_(void *p, size_t oldBytes, size_t newBytes) {
-        Client *client = static_cast<Client *>(this);
-        /*
-         * For compatibility we do not account for realloc that decreases
-         * previously allocated memory.
-         */
-        if (newBytes > oldBytes)
-            client->updateMallocCounter(newBytes - oldBytes);
-        void *p2 = js_realloc(p, newBytes);
-        return JS_LIKELY(!!p2) ? p2 : client->onOutOfMemory(p, newBytes);
-    }
-
-    void *realloc_(void *p, size_t bytes) {
-        Client *client = static_cast<Client *>(this);
-        /*
-         * For compatibility we do not account for realloc that increases
-         * previously allocated memory.
-         */
-        if (!p)
-            client->updateMallocCounter(bytes);
-        void *p2 = js_realloc(p, bytes);
-        return JS_LIKELY(!!p2) ? p2 : client->onOutOfMemory(p, bytes);
-    }
-
-    template <class T>
-    T *pod_malloc() {
-        return (T *)malloc_(sizeof(T));
-    }
-
-    template <class T>
-    T *pod_calloc() {
-        return (T *)calloc_(sizeof(T));
-    }
-
-    template <class T>
-    T *pod_malloc(size_t numElems) {
-        if (numElems & js::tl::MulOverflowMask<sizeof(T)>::result) {
-            Client *client = static_cast<Client *>(this);
-            client->reportAllocationOverflow();
-            return NULL;
-        }
-        return (T *)malloc_(numElems * sizeof(T));
-    }
-
-    template <class T>
-    T *pod_calloc(size_t numElems, JSCompartment *comp = NULL, JSContext *cx = NULL) {
-        if (numElems & js::tl::MulOverflowMask<sizeof(T)>::result) {
-            Client *client = static_cast<Client *>(this);
-            client->reportAllocationOverflow();
-            return NULL;
-        }
-        return (T *)calloc_(numElems * sizeof(T));
-    }
-
-    JS_DECLARE_NEW_METHODS(new_, malloc_, JS_ALWAYS_INLINE)
-};
-
-namespace gc {
-class MarkingValidator;
-} // namespace gc
-
-typedef Vector<JS::Zone *, 1, SystemAllocPolicy> ZoneVector;
-
-} // namespace js
-
-struct JSRuntime : public JS::shadow::Runtime,
-                   public js::MallocProvider<JSRuntime>
-{
-    /*
-     * Per-thread data for the main thread that is associated with
-     * this JSRuntime, as opposed to any worker threads used in
-     * parallel sections.  See definition of |PerThreadData| struct
-     * above for more details.
-     *
-     * NB: This field is statically asserted to be at offset
-     * sizeof(js::shadow::Runtime). See
-     * PerThreadDataFriendFields::getMainThread.
-     */
-    js::PerThreadData   mainThread;
-
-    /*
-     * If non-zero, we were been asked to call the operation callback as soon
-     * as possible.
-     */
-    volatile int32_t    interrupt;
-
-#ifdef JS_THREADSAFE
-  private:
-    /*
-     * Lock taken when triggering the operation callback from another thread.
-     * Protects all data that is touched in this process.
-     */
-    PRLock *operationCallbackLock;
-#ifdef DEBUG
-    PRThread *operationCallbackOwner;
-#endif
-  public:
-#endif // JS_THREADSAFE
-
-    class AutoLockForOperationCallback {
-#ifdef JS_THREADSAFE
-        JSRuntime *rt;
-      public:
-        AutoLockForOperationCallback(JSRuntime *rt MOZ_GUARD_OBJECT_NOTIFIER_PARAM) : rt(rt) {
-            MOZ_GUARD_OBJECT_NOTIFIER_INIT;
-            PR_Lock(rt->operationCallbackLock);
-#ifdef DEBUG
-            rt->operationCallbackOwner = PR_GetCurrentThread();
-#endif
-        }
-        ~AutoLockForOperationCallback() {
-            JS_ASSERT(rt->operationCallbackOwner == PR_GetCurrentThread());
-#ifdef DEBUG
-            rt->operationCallbackOwner = NULL;
-#endif
-            PR_Unlock(rt->operationCallbackLock);
-        }
-#else // JS_THREADSAFE
-      public:
-        AutoLockForOperationCallback(JSRuntime *rt MOZ_GUARD_OBJECT_NOTIFIER_PARAM) {
-            MOZ_GUARD_OBJECT_NOTIFIER_INIT;
-        }
-#endif // JS_THREADSAFE
-
-        MOZ_DECL_USE_GUARD_OBJECT_NOTIFIER
-    };
-
-    bool currentThreadOwnsOperationCallbackLock() {
-#if defined(JS_THREADSAFE) && defined(DEBUG)
-        return operationCallbackOwner == PR_GetCurrentThread();
-#else
-        return true;
-#endif
-    }
-
-    /* Default compartment. */
-    JSCompartment       *atomsCompartment;
-
-    /* Embedders can use this zone however they wish. */
-    JS::Zone            *systemZone;
-
-    /* List of compartments and zones (protected by the GC lock). */
-    js::ZoneVector      zones;
-
-    /* How many compartments there are across all zones. */
-    size_t              numCompartments;
-
-    /* Locale-specific callbacks for string conversion. */
-    JSLocaleCallbacks *localeCallbacks;
-
-    /* Default locale for Internationalization API */
-    char *defaultLocale;
-
-    /* Default JSVersion. */
-    JSVersion defaultVersion_;
-
-    /* See comment for JS_AbortIfWrongThread in jsapi.h. */
-#ifdef JS_THREADSAFE
-  public:
-    void *ownerThread() const { return ownerThread_; }
-    void clearOwnerThread();
-    void setOwnerThread();
-    JS_FRIEND_API(void) abortIfWrongThread() const;
-#ifdef DEBUG
-    JS_FRIEND_API(void) assertValidThread() const;
-#else
-    void assertValidThread() const {}
-#endif
-  private:
-    void                *ownerThread_;
-  public:
-#else
-  public:
-    void abortIfWrongThread() const {}
-    void assertValidThread() const {}
-#endif
-
-    /* Temporary arena pool used while compiling and decompiling. */
-    static const size_t TEMP_LIFO_ALLOC_PRIMARY_CHUNK_SIZE = 4 * 1024;
-    js::LifoAlloc tempLifoAlloc;
-
-    /*
-     * Free LIFO blocks are transferred to this allocator before being freed on
-     * the background GC thread.
-     */
-    js::LifoAlloc freeLifoAlloc;
-
-  private:
-    /*
-     * Both of these allocators are used for regular expression code which is shared at the
-     * thread-data level.
-     */
-    JSC::ExecutableAllocator *execAlloc_;
-    WTF::BumpPointerAllocator *bumpAlloc_;
-    js::ion::IonRuntime *ionRuntime_;
-
-    JSObject *selfHostingGlobal_;
-
-    /* Space for interpreter frames. */
-    js::InterpreterStack interpreterStack_;
-
-    JSC::ExecutableAllocator *createExecutableAllocator(JSContext *cx);
-    WTF::BumpPointerAllocator *createBumpPointerAllocator(JSContext *cx);
-    js::ion::IonRuntime *createIonRuntime(JSContext *cx);
-
-  public:
-    JSC::ExecutableAllocator *getExecAlloc(JSContext *cx) {
-        return execAlloc_ ? execAlloc_ : createExecutableAllocator(cx);
-    }
-    JSC::ExecutableAllocator &execAlloc() {
-        JS_ASSERT(execAlloc_);
-        return *execAlloc_;
-    }
-    JSC::ExecutableAllocator *maybeExecAlloc() {
-        return execAlloc_;
-    }
-    WTF::BumpPointerAllocator *getBumpPointerAllocator(JSContext *cx) {
-        return bumpAlloc_ ? bumpAlloc_ : createBumpPointerAllocator(cx);
-    }
-    js::ion::IonRuntime *getIonRuntime(JSContext *cx) {
-        return ionRuntime_ ? ionRuntime_ : createIonRuntime(cx);
-    }
-    js::ion::IonRuntime *ionRuntime() {
-        return ionRuntime_;
-    }
-    bool hasIonRuntime() const {
-        return !!ionRuntime_;
-    }
-    js::InterpreterStack &interpreterStack() {
-        return interpreterStack_;
-    }
-
-    //-------------------------------------------------------------------------
-    // Self-hosting support
-    //-------------------------------------------------------------------------
-
-    bool initSelfHosting(JSContext *cx);
-    void finishSelfHosting();
-    void markSelfHostingGlobal(JSTracer *trc);
-    bool isSelfHostingGlobal(js::HandleObject global) {
-        return global == selfHostingGlobal_;
-    }
-    bool cloneSelfHostedFunctionScript(JSContext *cx, js::Handle<js::PropertyName*> name,
-                                       js::Handle<JSFunction*> targetFun);
-    bool cloneSelfHostedValue(JSContext *cx, js::Handle<js::PropertyName*> name,
-                              js::MutableHandleValue vp);
-    bool maybeWrappedSelfHostedFunction(JSContext *cx, js::Handle<js::PropertyName*> name,
-                                        js::MutableHandleValue funVal);
-
-    //-------------------------------------------------------------------------
-    // Locale information
-    //-------------------------------------------------------------------------
-
-    /*
-     * Set the default locale for the ECMAScript Internationalization API
-     * (Intl.Collator, Intl.NumberFormat, Intl.DateTimeFormat).
-     * Note that the Internationalization API encourages clients to
-     * specify their own locales.
-     * The locale string remains owned by the caller.
-     */
-    bool setDefaultLocale(const char *locale);
-
-    /* Reset the default locale to OS defaults. */
-    void resetDefaultLocale();
-
-    /* Gets current default locale. String remains owned by context. */
-    const char *getDefaultLocale();
-
-    JSVersion defaultVersion() { return defaultVersion_; }
-    void setDefaultVersion(JSVersion v) { defaultVersion_ = v; }
-
-    /* Base address of the native stack for the current thread. */
-    uintptr_t           nativeStackBase;
-
-    /* The native stack size limit that runtime should not exceed. */
-    size_t              nativeStackQuota;
-
-    /*
-     * Frames currently running in js::Interpret. See InterpreterFrames for
-     * details.
-     */
-    js::InterpreterFrames *interpreterFrames;
-
-    /* Context create/destroy callback. */
-    JSContextCallback   cxCallback;
-
-    /* Compartment destroy callback. */
-    JSDestroyCompartmentCallback destroyCompartmentCallback;
-
-    /* Call this to get the name of a compartment. */
-    JSCompartmentNameCallback compartmentNameCallback;
-
-    js::ActivityCallback  activityCallback;
-    void                 *activityCallbackArg;
-
-#ifdef JS_THREADSAFE
-    /* The request depth for this thread. */
-    unsigned            requestDepth;
-
-# ifdef DEBUG
-    unsigned            checkRequestDepth;
-# endif
-#endif
-
-    /* Garbage collector state, used by jsgc.c. */
-
-    /*
-     * Set of all GC chunks with at least one allocated thing. The
-     * conservative GC uses it to quickly check if a possible GC thing points
-     * into an allocated chunk.
-     */
-    js::GCChunkSet      gcChunkSet;
-
-    /*
-     * Doubly-linked lists of chunks from user and system compartments. The GC
-     * allocates its arenas from the corresponding list and when all arenas
-     * in the list head are taken, then the chunk is removed from the list.
-     * During the GC when all arenas in a chunk become free, that chunk is
-     * removed from the list and scheduled for release.
-     */
-    js::gc::Chunk       *gcSystemAvailableChunkListHead;
-    js::gc::Chunk       *gcUserAvailableChunkListHead;
-    js::gc::ChunkPool   gcChunkPool;
-
-    js::RootedValueMap  gcRootsHash;
-    unsigned            gcKeepAtoms;
-    volatile size_t     gcBytes;
-    size_t              gcMaxBytes;
-    size_t              gcMaxMallocBytes;
-
-    /*
-     * Number of the committed arenas in all GC chunks including empty chunks.
-     * The counter is volatile as it is read without the GC lock, see comments
-     * in MaybeGC.
-     */
-    volatile uint32_t   gcNumArenasFreeCommitted;
-    js::GCMarker        gcMarker;
-    void                *gcVerifyPreData;
-    void                *gcVerifyPostData;
-    bool                gcChunkAllocationSinceLastGC;
-    int64_t             gcNextFullGCTime;
-    int64_t             gcLastGCTime;
-    int64_t             gcJitReleaseTime;
-    JSGCMode            gcMode;
-    size_t              gcAllocationThreshold;
-    bool                gcHighFrequencyGC;
-    uint64_t            gcHighFrequencyTimeThreshold;
-    uint64_t            gcHighFrequencyLowLimitBytes;
-    uint64_t            gcHighFrequencyHighLimitBytes;
-    double              gcHighFrequencyHeapGrowthMax;
-    double              gcHighFrequencyHeapGrowthMin;
-    double              gcLowFrequencyHeapGrowth;
-    bool                gcDynamicHeapGrowth;
-    bool                gcDynamicMarkSlice;
-    uint64_t            gcDecommitThreshold;
-
-    /* During shutdown, the GC needs to clean up every possible object. */
-    bool                gcShouldCleanUpEverything;
-
-    /*
-     * The gray bits can become invalid if UnmarkGray overflows the stack. A
-     * full GC will reset this bit, since it fills in all the gray bits.
-     */
-    bool                gcGrayBitsValid;
-
-    /*
-     * These flags must be kept separate so that a thread requesting a
-     * compartment GC doesn't cancel another thread's concurrent request for a
-     * full GC.
-     */
-    volatile uintptr_t  gcIsNeeded;
-
-    js::gcstats::Statistics gcStats;
-
-    /* Incremented on every GC slice. */
-    uint64_t            gcNumber;
-
-    /* The gcNumber at the time of the most recent GC's first slice. */
-    uint64_t            gcStartNumber;
-
-    /* Whether the currently running GC can finish in multiple slices. */
-    bool                gcIsIncremental;
-
-    /* Whether all compartments are being collected in first GC slice. */
-    bool                gcIsFull;
-
-    /* The reason that an interrupt-triggered GC should be called. */
-    JS::gcreason::Reason gcTriggerReason;
-
-    /*
-     * If this is true, all marked objects must belong to a compartment being
-     * GCed. This is used to look for compartment bugs.
-     */
-    bool                gcStrictCompartmentChecking;
-
-#ifdef DEBUG
-    /*
-     * If this is 0, all cross-compartment proxies must be registered in the
-     * wrapper map. This checking must be disabled temporarily while creating
-     * new wrappers. When non-zero, this records the recursion depth of wrapper
-     * creation.
-     */
-    uintptr_t           gcDisableStrictProxyCheckingCount;
-#else
-    uintptr_t           unused1;
-#endif
-
-    /*
-     * The current incremental GC phase. This is also used internally in
-     * non-incremental GC.
-     */
-    js::gc::State       gcIncrementalState;
-
-    /* Indicates that the last incremental slice exhausted the mark stack. */
-    bool                gcLastMarkSlice;
-
-    /* Whether any sweeping will take place in the separate GC helper thread. */
-    bool                gcSweepOnBackgroundThread;
-
-    /* Whether any black->gray edges were found during marking. */
-    bool                gcFoundBlackGrayEdges;
-
-    /* List head of zones to be swept in the background. */
-    JS::Zone            *gcSweepingZones;
-
-    /* Index of current zone group (for stats). */
-    unsigned            gcZoneGroupIndex;
-
-    /*
-     * Incremental sweep state.
-     */
-    JS::Zone            *gcZoneGroups;
-    JS::Zone            *gcCurrentZoneGroup;
-    int                 gcSweepPhase;
-    JS::Zone            *gcSweepZone;
-    int                 gcSweepKindIndex;
-    bool                gcAbortSweepAfterCurrentGroup;
-
-    /*
-     * List head of arenas allocated during the sweep phase.
-     */
-    js::gc::ArenaHeader *gcArenasAllocatedDuringSweep;
-
-#ifdef DEBUG
-    js::gc::MarkingValidator *gcMarkingValidator;
-#endif
-
-    /*
-     * Indicates that a GC slice has taken place in the middle of an animation
-     * frame, rather than at the beginning. In this case, the next slice will be
-     * delayed so that we don't get back-to-back slices.
-     */
-    volatile uintptr_t  gcInterFrameGC;
-
-    /* Default budget for incremental GC slice. See SliceBudget in jsgc.h. */
-    int64_t             gcSliceBudget;
-
-    /*
-     * We disable incremental GC if we encounter a js::Class with a trace hook
-     * that does not implement write barriers.
-     */
-    bool                gcIncrementalEnabled;
-
-    /*
-     * GGC can be enabled from the command line while testing.
-     */
-    bool                gcGenerationalEnabled;
-
-    /*
-     * This is true if we are in the middle of a brain transplant (e.g.,
-     * JS_TransplantObject) or some other operation that can manipulate
-     * dead zones.
-     */
-    bool                gcManipulatingDeadZones;
-
-    /*
-     * This field is incremented each time we mark an object inside a
-     * zone with no incoming cross-compartment pointers. Typically if
-     * this happens it signals that an incremental GC is marking too much
-     * stuff. At various times we check this counter and, if it has changed, we
-     * run an immediate, non-incremental GC to clean up the dead
-     * zones. This should happen very rarely.
-     */
-    unsigned            gcObjectsMarkedInDeadZones;
-
-    bool                gcPoke;
-
-    volatile js::HeapState heapState;
-
-    bool isHeapBusy() { return heapState != js::Idle; }
-    bool isHeapMajorCollecting() { return heapState == js::MajorCollecting; }
-    bool isHeapMinorCollecting() { return heapState == js::MinorCollecting; }
-    bool isHeapCollecting() { return isHeapMajorCollecting() || isHeapMinorCollecting(); }
-
-#ifdef JSGC_GENERATIONAL
-    js::Nursery                  gcNursery;
-    js::gc::StoreBuffer          gcStoreBuffer;
-#endif
-
-    /*
-     * These options control the zealousness of the GC. The fundamental values
-     * are gcNextScheduled and gcDebugCompartmentGC. At every allocation,
-     * gcNextScheduled is decremented. When it reaches zero, we do either a
-     * full or a compartmental GC, based on gcDebugCompartmentGC.
-     *
-     * At this point, if gcZeal_ is one of the types that trigger periodic
-     * collection, then gcNextScheduled is reset to the value of
-     * gcZealFrequency. Otherwise, no additional GCs take place.
-     *
-     * You can control these values in several ways:
-     *   - Pass the -Z flag to the shell (see the usage info for details)
-     *   - Call gczeal() or schedulegc() from inside shell-executed JS code
-     *     (see the help for details)
-     *
-     * If gzZeal_ == 1 then we perform GCs in select places (during MaybeGC and
-     * whenever a GC poke happens). This option is mainly useful to embedders.
-     *
-     * We use gcZeal_ == 4 to enable write barrier verification. See the comment
-     * in jsgc.cpp for more information about this.
-     *
-     * gcZeal_ values from 8 to 10 periodically run different types of
-     * incremental GC.
-     */
-#ifdef JS_GC_ZEAL
-    int                 gcZeal_;
-    int                 gcZealFrequency;
-    int                 gcNextScheduled;
-    bool                gcDeterministicOnly;
-    int                 gcIncrementalLimit;
-
-    js::Vector<JSObject *, 0, js::SystemAllocPolicy> gcSelectedForMarking;
-
-    int gcZeal() { return gcZeal_; }
-
-    bool needZealousGC() {
-        if (gcNextScheduled > 0 && --gcNextScheduled == 0) {
-            if (gcZeal() == js::gc::ZealAllocValue ||
-                gcZeal() == js::gc::ZealPurgeAnalysisValue ||
-                (gcZeal() >= js::gc::ZealIncrementalRootsThenFinish &&
-                 gcZeal() <= js::gc::ZealIncrementalMultipleSlices))
-            {
-                gcNextScheduled = gcZealFrequency;
-            }
-            return true;
-        }
-        return false;
-    }
-#else
-    int gcZeal() { return 0; }
-    bool needZealousGC() { return false; }
-#endif
-
-    bool                gcValidate;
-    bool                gcFullCompartmentChecks;
-
-    JSGCCallback        gcCallback;
-    JS::GCSliceCallback gcSliceCallback;
-    JSFinalizeCallback  gcFinalizeCallback;
-
-    js::AnalysisPurgeCallback analysisPurgeCallback;
-    uint64_t            analysisPurgeTriggerBytes;
-
-  private:
-    /*
-     * Malloc counter to measure memory pressure for GC scheduling. It runs
-     * from gcMaxMallocBytes down to zero.
-     */
-    volatile ptrdiff_t  gcMallocBytes;
-
-  public:
-    void setNeedsBarrier(bool needs) {
-        needsBarrier_ = needs;
-    }
-
-    bool needsBarrier() const {
-        return needsBarrier_;
-    }
-
-    struct ExtraTracer {
-        JSTraceDataOp op;
-        void *data;
-
-        ExtraTracer()
-          : op(NULL), data(NULL)
-        {}
-        ExtraTracer(JSTraceDataOp op, void *data)
-          : op(op), data(data)
-        {}
-    };
-
-    /*
-     * The trace operations to trace embedding-specific GC roots. One is for
-     * tracing through black roots and the other is for tracing through gray
-     * roots. The black/gray distinction is only relevant to the cycle
-     * collector.
-     */
-    typedef js::Vector<ExtraTracer, 4, js::SystemAllocPolicy> ExtraTracerVector;
-    ExtraTracerVector   gcBlackRootTracers;
-    ExtraTracer         gcGrayRootTracer;
-
-    /* Stack of thread-stack-allocated GC roots. */
-    js::AutoGCRooter   *autoGCRooters;
-
-    /*
-     * The GC can only safely decommit memory when the page size of the
-     * running process matches the compiled arena size.
-     */
-    size_t              gcSystemPageSize;
-
-    /* The OS allocation granularity may not match the page size. */
-    size_t              gcSystemAllocGranularity;
-
-    /* Strong references on scripts held for PCCount profiling API. */
-    js::ScriptAndCountsVector *scriptAndCountsVector;
-
-    /* Well-known numbers held for use by this runtime's contexts. */
-    js::Value           NaNValue;
-    js::Value           negativeInfinityValue;
-    js::Value           positiveInfinityValue;
-
-    js::PropertyName    *emptyString;
-
-    /* List of active contexts sharing this runtime. */
-    mozilla::LinkedList<JSContext> contextList;
-
-    bool hasContexts() const {
-        return !contextList.isEmpty();
-    }
-
-    JS_SourceHook       sourceHook;
-
-    /* Per runtime debug hooks -- see jsprvtd.h and jsdbgapi.h. */
-    JSDebugHooks        debugHooks;
-
-    /* If true, new compartments are initially in debug mode. */
-    bool                debugMode;
-
-    /* SPS profiling metadata */
-    js::SPSProfiler     spsProfiler;
-
-    /* If true, new scripts must be created with PC counter information. */
-    bool                profilingScripts;
-
-    /* Always preserve JIT code during GCs, for testing. */
-    bool                alwaysPreserveCode;
-
-    /* Had an out-of-memory error which did not populate an exception. */
-    bool                hadOutOfMemory;
-
-    /* Linked list of all Debugger objects in the runtime. */
-    mozilla::LinkedList<js::Debugger> debuggerList;
-
-    /*
-     * Head of circular list of all enabled Debuggers that have
-     * onNewGlobalObject handler methods established.
-     */
-    JSCList             onNewGlobalObjectWatchers;
-
-    /* Client opaque pointers */
-    void                *data;
-
-    /* Synchronize GC heap access between main thread and GCHelperThread. */
-    PRLock              *gcLock;
-
-    js::GCHelperThread  gcHelperThread;
-
-#ifdef XP_MACOSX
-    js::AsmJSMachExceptionHandler asmJSMachExceptionHandler;
-#endif
-
-#ifdef JS_THREADSAFE
-# ifdef JS_ION
-    js::WorkerThreadState *workerThreadState;
-# endif
-
-    js::SourceCompressorThread sourceCompressorThread;
-#endif
-
-  private:
-    js::FreeOp          defaultFreeOp_;
-
-  public:
-    js::FreeOp *defaultFreeOp() {
-        return &defaultFreeOp_;
-    }
-
-    uint32_t            debuggerMutations;
-
-    const JSSecurityCallbacks *securityCallbacks;
-    const js::DOMCallbacks *DOMcallbacks;
-    JSDestroyPrincipalsOp destroyPrincipals;
-
-    /* Structured data callbacks are runtime-wide. */
-    const JSStructuredCloneCallbacks *structuredCloneCallbacks;
-
-    /* Call this to accumulate telemetry data. */
-    JSAccumulateTelemetryDataCallback telemetryCallback;
-
-    /*
-     * The propertyRemovals counter is incremented for every JSObject::clear,
-     * and for each JSObject::remove method call that frees a slot in the given
-     * object. See js_NativeGet and js_NativeSet in jsobj.cpp.
-     */
-    uint32_t            propertyRemovals;
-
-#if !ENABLE_INTL_API
-    /* Number localization, used by jsnum.cpp. */
-    const char          *thousandsSeparator;
-    const char          *decimalSeparator;
-    const char          *numGrouping;
-#endif
-
-  private:
-    js::MathCache *mathCache_;
-    js::MathCache *createMathCache(JSContext *cx);
-  public:
-    js::MathCache *getMathCache(JSContext *cx) {
-        return mathCache_ ? mathCache_ : createMathCache(cx);
-    }
-
-    js::GSNCache        gsnCache;
-    js::NewObjectCache  newObjectCache;
-    js::NativeIterCache nativeIterCache;
-    js::SourceDataCache sourceDataCache;
-    js::EvalCache       evalCache;
-    js::LazyScriptCache lazyScriptCache;
-
-    js::DateTimeInfo    dateTimeInfo;
-
-    js::ConservativeGCData conservativeGC;
-
-    /* Pool of maps used during parse/emit. */
-    js::frontend::ParseMapPool parseMapPool;
-
-    /*
-     * Count of currently active compilations.
-     * When there are compilations active for the context, the GC must not
-     * purge the ParseMapPool.
-     */
-    unsigned activeCompilations;
-
-  private:
-    JSPrincipals        *trustedPrincipals_;
-  public:
-    void setTrustedPrincipals(JSPrincipals *p) { trustedPrincipals_ = p; }
-    JSPrincipals *trustedPrincipals() const { return trustedPrincipals_; }
-
-    /* Set of all currently-living atoms. */
-    js::AtomSet         atoms;
-
-    union {
-        /*
-         * Cached pointers to various interned property names, initialized in
-         * order from first to last via the other union arm.
-         */
-        JSAtomState atomState;
-
-        js::FixedHeapPtr<js::PropertyName> firstCachedName;
-    };
-
-    /* Tables of strings that are pre-allocated in the atomsCompartment. */
-    js::StaticStrings   staticStrings;
-
-    JSWrapObjectCallback                   wrapObjectCallback;
-    JSSameCompartmentWrapObjectCallback    sameCompartmentWrapObjectCallback;
-    JSPreWrapCallback                      preWrapObjectCallback;
-    js::PreserveWrapperCallback            preserveWrapperCallback;
-
-    js::ScriptDataTable scriptDataTable;
-
-#ifdef DEBUG
-    size_t              noGCOrAllocationCheck;
-#endif
-
-    bool                jitHardening;
-
-    bool                jitSupportsFloatingPoint;
-
-    // Used to reset stack limit after a signaled interrupt (i.e. ionStackLimit_ = -1)
-    // has been noticed by Ion/Baseline.
-    void resetIonStackLimit() {
-        AutoLockForOperationCallback lock(this);
-        mainThread.setIonStackLimit(mainThread.nativeStackLimit);
-    }
-
-    // Cache for ion::GetPcScript().
-    js::ion::PcScriptCache *ionPcScriptCache;
-
-    js::ThreadPool threadPool;
-
-    js::CTypesActivityCallback  ctypesActivityCallback;
-
-    // Non-zero if this is a parallel warmup execution.  See
-    // js::parallel::Do() for more information.
-    uint32_t parallelWarmup;
-
-  private:
-    // In certain cases, we want to optimize certain opcodes to typed instructions,
-    // to avoid carrying an extra register to feed into an unbox. Unfortunately,
-    // that's not always possible. For example, a GetPropertyCacheT could return a
-    // typed double, but if it takes its out-of-line path, it could return an
-    // object, and trigger invalidation. The invalidation bailout will consider the
-    // return value to be a double, and create a garbage Value.
-    //
-    // To allow the GetPropertyCacheT optimization, we allow the ability for
-    // GetPropertyCache to override the return value at the top of the stack - the
-    // value that will be temporarily corrupt. This special override value is set
-    // only in callVM() targets that are about to return *and* have invalidated
-    // their callee.
-    js::Value            ionReturnOverride_;
-
-  public:
-    bool hasIonReturnOverride() const {
-        return !ionReturnOverride_.isMagic();
-    }
-    js::Value takeIonReturnOverride() {
-        js::Value v = ionReturnOverride_;
-        ionReturnOverride_ = js::MagicValue(JS_ARG_POISON);
-        return v;
-    }
-    void setIonReturnOverride(const js::Value &v) {
-        JS_ASSERT(!hasIonReturnOverride());
-        ionReturnOverride_ = v;
-    }
-
-    JSRuntime(JSUseHelperThreads useHelperThreads);
-    ~JSRuntime();
-
-    bool init(uint32_t maxbytes);
-
-    JSRuntime *thisFromCtor() { return this; }
-
-    void setGCMaxMallocBytes(size_t value);
-
-    void resetGCMallocBytes() { gcMallocBytes = ptrdiff_t(gcMaxMallocBytes); }
-
-    /*
-     * Call this after allocating memory held by GC things, to update memory
-     * pressure counters or report the OOM error if necessary. If oomError and
-     * cx is not null the function also reports OOM error.
-     *
-     * The function must be called outside the GC lock and in case of OOM error
-     * the caller must ensure that no deadlock possible during OOM reporting.
-     */
-    void updateMallocCounter(size_t nbytes);
-    void updateMallocCounter(JS::Zone *zone, size_t nbytes);
-
-    void reportAllocationOverflow() { js_ReportAllocationOverflow(NULL); }
-
-    bool isTooMuchMalloc() const {
-        return gcMallocBytes <= 0;
-    }
-
-    /*
-     * The function must be called outside the GC lock.
-     */
-    JS_FRIEND_API(void) onTooMuchMalloc();
-
-    /*
-     * This should be called after system malloc/realloc returns NULL to try
-     * to recove some memory or to report an error. Failures in malloc and
-     * calloc are signaled by p == null and p == reinterpret_cast<void *>(1).
-     * Other values of p mean a realloc failure.
-     *
-     * The function must be called outside the GC lock.
-     */
-    JS_FRIEND_API(void *) onOutOfMemory(void *p, size_t nbytes);
-    JS_FRIEND_API(void *) onOutOfMemory(void *p, size_t nbytes, JSContext *cx);
-
-    void triggerOperationCallback();
-
-    void setJitHardening(bool enabled);
-    bool getJitHardening() const {
-        return jitHardening;
-    }
-
-    void sizeOfIncludingThis(mozilla::MallocSizeOf mallocSizeOf, JS::RuntimeSizes *runtime);
-
-  private:
-
-    JSUseHelperThreads useHelperThreads_;
-    int32_t requestedHelperThreadCount;
-
-  public:
-
-    bool useHelperThreads() const {
-#ifdef JS_THREADSAFE
-        return useHelperThreads_ == JS_USE_HELPER_THREADS;
-#else
-        return false;
-#endif
-    }
-
-    void requestHelperThreadCount(size_t count) {
-        requestedHelperThreadCount = count;
-    }
-
-    /* Number of helper threads which should be created for this runtime. */
-    size_t helperThreadCount() const {
-#ifdef JS_THREADSAFE
-        if (requestedHelperThreadCount < 0)
-            return js::GetCPUCount() - 1;
-        return requestedHelperThreadCount;
-#else
-        return 0;
-#endif
-    }
-
-#ifdef DEBUG
-  public:
-    js::AutoEnterPolicy *enteredPolicy;
-#endif
-};
-
-/* Common macros to access thread-local caches in JSRuntime. */
-#define JS_KEEP_ATOMS(rt)   (rt)->gcKeepAtoms++;
-#define JS_UNKEEP_ATOMS(rt) (rt)->gcKeepAtoms--;
-
-namespace js {
-
 struct AutoResolving;
 
-/*
- * Flags accompany script version data so that a) dynamically created scripts
- * can inherit their caller's compile-time properties and b) scripts can be
- * appropriately compared in the eval cache across global option changes. An
- * example of the latter is enabling the top-level-anonymous-function-is-error
- * option: subsequent evals of the same, previously-valid script text may have
- * become invalid.
- */
-namespace VersionFlags {
-static const unsigned MASK      = 0x0FFF; /* see JSVersion in jspubtd.h */
-} /* namespace VersionFlags */
-
-static inline JSVersion
-VersionNumber(JSVersion version)
-{
-    return JSVersion(uint32_t(version) & VersionFlags::MASK);
-}
-
-static inline JSVersion
-VersionExtractFlags(JSVersion version)
-{
-    return JSVersion(uint32_t(version) & ~VersionFlags::MASK);
-}
-
-static inline void
-VersionCopyFlags(JSVersion *version, JSVersion from)
-{
-    *version = JSVersion(VersionNumber(*version) | VersionExtractFlags(from));
-}
-
-static inline bool
-VersionHasFlags(JSVersion version)
-{
-    return !!VersionExtractFlags(version);
-}
-
-static inline bool
-VersionIsKnown(JSVersion version)
-{
-    return VersionNumber(version) != JSVERSION_UNKNOWN;
-}
-
-inline void
-FreeOp::free_(void *p)
-{
-    if (shouldFreeLater()) {
-        runtime()->gcHelperThread.freeLater(p);
-        return;
-    }
-    js_free(p);
-}
-
 class ForkJoinSlice;
 
 /*
  * ThreadSafeContext is the base class for both JSContext, the "normal"
  * sequential context, and ForkJoinSlice, the per-thread parallel context used
  * in PJS.
  *
  * When cast to a ThreadSafeContext, the only usable operations are casting
@@ -2011,102 +520,16 @@ struct AutoResolving {
     JSContext           *const context;
     HandleObject        object;
     HandleId            id;
     Kind                const kind;
     AutoResolving       *const link;
     MOZ_DECL_USE_GUARD_OBJECT_NOTIFIER
 };
 
-#ifdef JS_THREADSAFE
-# define JS_LOCK_GC(rt)    PR_Lock((rt)->gcLock)
-# define JS_UNLOCK_GC(rt)  PR_Unlock((rt)->gcLock)
-#else
-# define JS_LOCK_GC(rt)    do { } while (0)
-# define JS_UNLOCK_GC(rt)  do { } while (0)
-#endif
-
-class AutoLockGC
-{
-  public:
-    explicit AutoLockGC(JSRuntime *rt = NULL
-                        MOZ_GUARD_OBJECT_NOTIFIER_PARAM)
-      : runtime(rt)
-    {
-        MOZ_GUARD_OBJECT_NOTIFIER_INIT;
-        // Avoid MSVC warning C4390 for non-threadsafe builds.
-        if (rt)
-            JS_LOCK_GC(rt);
-    }
-
-    ~AutoLockGC()
-    {
-        if (runtime)
-            JS_UNLOCK_GC(runtime);
-    }
-
-    bool locked() const {
-        return !!runtime;
-    }
-
-    void lock(JSRuntime *rt) {
-        JS_ASSERT(rt);
-        JS_ASSERT(!runtime);
-        runtime = rt;
-        JS_LOCK_GC(rt);
-    }
-
-  private:
-    JSRuntime *runtime;
-    MOZ_DECL_USE_GUARD_OBJECT_NOTIFIER
-};
-
-class AutoUnlockGC
-{
-  private:
-#ifdef JS_THREADSAFE
-    JSRuntime *rt;
-#endif
-    MOZ_DECL_USE_GUARD_OBJECT_NOTIFIER
-
-  public:
-    explicit AutoUnlockGC(JSRuntime *rt
-                          MOZ_GUARD_OBJECT_NOTIFIER_PARAM)
-#ifdef JS_THREADSAFE
-      : rt(rt)
-#endif
-    {
-        MOZ_GUARD_OBJECT_NOTIFIER_INIT;
-        JS_UNLOCK_GC(rt);
-    }
-    ~AutoUnlockGC() { JS_LOCK_GC(rt); }
-};
-
-class MOZ_STACK_CLASS AutoKeepAtoms
-{
-    JSRuntime *rt;
-    MOZ_DECL_USE_GUARD_OBJECT_NOTIFIER
-
-  public:
-    explicit AutoKeepAtoms(JSRuntime *rt
-                           MOZ_GUARD_OBJECT_NOTIFIER_PARAM)
-      : rt(rt)
-    {
-        MOZ_GUARD_OBJECT_NOTIFIER_INIT;
-        JS_KEEP_ATOMS(rt);
-    }
-    ~AutoKeepAtoms() { JS_UNKEEP_ATOMS(rt); }
-};
-
-// Maximum supported value of arguments.length. This bounds the maximum
-// number of arguments that can be supplied to Function.prototype.apply.
-// This value also bounds the number of elements parsed in an array
-// initialiser.
-static const unsigned ARGS_LENGTH_MAX = 500 * 1000;
-
 } /* namespace js */
 
 class JSAutoResolveFlags
 {
   public:
     JSAutoResolveFlags(JSContext *cx, unsigned flags
                        MOZ_GUARD_OBJECT_NOTIFIER_PARAM)
       : mContext(cx), mSaved(cx->resolveFlags)
@@ -2175,23 +598,16 @@ enum DestroyContextMode {
 extern void
 DestroyContext(JSContext *cx, DestroyContextMode mode);
 
 enum ErrorArgumentsType {
     ArgumentsAreUnicode,
     ArgumentsAreASCII
 };
 
-inline void
-PerThreadData::setIonStackLimit(uintptr_t limit)
-{
-    JS_ASSERT(runtime_->currentThreadOwnsOperationCallbackLock());
-    ionStackLimit = limit;
-}
-
 } /* namespace js */
 
 #ifdef va_start
 extern JSBool
 js_ReportErrorVA(JSContext *cx, unsigned flags, const char *format, va_list ap);
 
 extern JSBool
 js_ReportErrorNumberVA(JSContext *cx, unsigned flags, JSErrorCallback callback,
@@ -2298,79 +714,16 @@ JS_CHECK_OPERATION_LIMIT(JSContext *cx)
     JS_ASSERT_REQUEST_DEPTH(cx);
     return !cx->runtime()->interrupt || js_InvokeOperationCallback(cx);
 }
 
 namespace js {
 
 /************************************************************************/
 
-static JS_ALWAYS_INLINE void
-MakeRangeGCSafe(Value *vec, size_t len)
-{
-    mozilla::PodZero(vec, len);
-}
-
-static JS_ALWAYS_INLINE void
-MakeRangeGCSafe(Value *beg, Value *end)
-{
-    mozilla::PodZero(beg, end - beg);
-}
-
-static JS_ALWAYS_INLINE void
-MakeRangeGCSafe(jsid *beg, jsid *end)
-{
-    for (jsid *id = beg; id != end; ++id)
-        *id = INT_TO_JSID(0);
-}
-
-static JS_ALWAYS_INLINE void
-MakeRangeGCSafe(jsid *vec, size_t len)
-{
-    MakeRangeGCSafe(vec, vec + len);
-}
-
-static JS_ALWAYS_INLINE void
-MakeRangeGCSafe(Shape **beg, Shape **end)
-{
-    mozilla::PodZero(beg, end - beg);
-}
-
-static JS_ALWAYS_INLINE void
-MakeRangeGCSafe(Shape **vec, size_t len)
-{
-    mozilla::PodZero(vec, len);
-}
-
-static JS_ALWAYS_INLINE void
-SetValueRangeToUndefined(Value *beg, Value *end)
-{
-    for (Value *v = beg; v != end; ++v)
-        v->setUndefined();
-}
-
-static JS_ALWAYS_INLINE void
-SetValueRangeToUndefined(Value *vec, size_t len)
-{
-    SetValueRangeToUndefined(vec, vec + len);
-}
-
-static JS_ALWAYS_INLINE void
-SetValueRangeToNull(Value *beg, Value *end)
-{
-    for (Value *v = beg; v != end; ++v)
-        v->setNull();
-}
-
-static JS_ALWAYS_INLINE void
-SetValueRangeToNull(Value *vec, size_t len)
-{
-    SetValueRangeToNull(vec, vec + len);
-}
-
 class AutoStringVector : public AutoVectorRooter<JSString *>
 {
   public:
     explicit AutoStringVector(JSContext *cx
                               MOZ_GUARD_OBJECT_NOTIFIER_PARAM)
         : AutoVectorRooter<JSString *>(cx, STRINGVECTOR)
     {
         MOZ_GUARD_OBJECT_NOTIFIER_INIT;
@@ -2480,41 +833,16 @@ class AutoAssertNoException
 
     ~AutoAssertNoException()
     {
         JS_ASSERT_IF(!hadException, !cx->isExceptionPending());
     }
 };
 
 /*
- * Allocation policy that uses JSRuntime::malloc_ and friends, so that
- * memory pressure is properly accounted for. This is suitable for
- * long-lived objects owned by the JSRuntime.
- *
- * Since it doesn't hold a JSContext (those may not live long enough), it
- * can't report out-of-memory conditions itself; the caller must check for
- * OOM and take the appropriate action.
- *
- * FIXME bug 647103 - replace these *AllocPolicy names.
- */
-class RuntimeAllocPolicy
-{
-    JSRuntime *const runtime;
-
-  public:
-    RuntimeAllocPolicy(JSRuntime *rt) : runtime(rt) {}
-    RuntimeAllocPolicy(JSContext *cx) : runtime(cx->runtime()) {}
-    void *malloc_(size_t bytes) { return runtime->malloc_(bytes); }
-    void *calloc_(size_t bytes) { return runtime->calloc_(bytes); }
-    void *realloc_(void *p, size_t bytes) { return runtime->realloc_(p, bytes); }
-    void free_(void *p) { js_free(p); }
-    void reportAllocOverflow() const {}
-};
-
-/*
  * FIXME bug 647103 - replace these *AllocPolicy names.
  */
 class ContextAllocPolicy
 {
     JSContext *const cx_;
 
   public:
     ContextAllocPolicy(JSContext *cx) : cx_(cx) {}
--- a/js/src/jscntxtinlines.h
+++ b/js/src/jscntxtinlines.h
@@ -22,65 +22,16 @@
 #include "vm/RegExpObject.h"
 
 #include "jsgcinlines.h"
 
 #include "vm/ObjectImpl-inl.h"
 
 namespace js {
 
-inline bool
-NewObjectCache::lookupProto(Class *clasp, JSObject *proto, gc::AllocKind kind, EntryIndex *pentry)
-{
-    JS_ASSERT(!proto->is<GlobalObject>());
-    return lookup(clasp, proto, kind, pentry);
-}
-
-inline bool
-NewObjectCache::lookupGlobal(Class *clasp, js::GlobalObject *global, gc::AllocKind kind, EntryIndex *pentry)
-{
-    return lookup(clasp, global, kind, pentry);
-}
-
-inline void
-NewObjectCache::fillGlobal(EntryIndex entry, Class *clasp, js::GlobalObject *global, gc::AllocKind kind, JSObject *obj)
-{
-    //JS_ASSERT(global == obj->getGlobal());
-    return fill(entry, clasp, global, kind, obj);
-}
-
-inline void
-NewObjectCache::copyCachedToObject(JSObject *dst, JSObject *src, gc::AllocKind kind)
-{
-    js_memcpy(dst, src, gc::Arena::thingSize(kind));
-#ifdef JSGC_GENERATIONAL
-    Shape::writeBarrierPost(dst->shape_, &dst->shape_);
-    types::TypeObject::writeBarrierPost(dst->type_, &dst->type_);
-#endif
-}
-
-inline JSObject *
-NewObjectCache::newObjectFromHit(JSContext *cx, EntryIndex entry_, js::gc::InitialHeap heap)
-{
-    // The new object cache does not account for metadata attached via callbacks.
-    JS_ASSERT(!cx->compartment()->objectMetadataCallback);
-
-    JS_ASSERT(unsigned(entry_) < mozilla::ArrayLength(entries));
-    Entry *entry = &entries[entry_];
-
-    JSObject *obj = js_NewGCObject<NoGC>(cx, entry->kind, heap);
-    if (obj) {
-        copyCachedToObject(obj, reinterpret_cast<JSObject *>(&entry->templateObject), entry->kind);
-        Probes::createObject(cx, obj);
-        return obj;
-    }
-
-    return NULL;
-}
-
 #ifdef JS_CRASH_DIAGNOSTICS
 class CompartmentChecker
 {
     JSContext *context;
     JSCompartment *compartment;
 
   public:
     explicit CompartmentChecker(JSContext *cx)
--- a/js/src/jscompartment.h
+++ b/js/src/jscompartment.h
@@ -112,16 +112,17 @@ typedef HashMap<CrossCompartmentKey, Rea
 namespace JS {
 struct TypeInferenceSizes;
 }
 
 namespace js {
 class AutoDebugModeGC;
 class ArrayBufferObject;
 class DebugScopes;
+class WeakMapBase;
 }
 
 struct JSCompartment
 {
     JS::Zone                     *zone_;
     JS::CompartmentOptions       options_;
 
     JSRuntime                    *rt;
--- a/js/src/jsobj.cpp
+++ b/js/src/jsobj.cpp
@@ -45,16 +45,17 @@
 #include "jscntxtinlines.h"
 #include "jscompartmentinlines.h"
 #include "builtin/Iterator-inl.h"
 #include "vm/ArrayObject-inl.h"
 #include "vm/ArgumentsObject-inl.h"
 #include "vm/BooleanObject-inl.h"
 #include "vm/NumberObject-inl.h"
 #include "vm/RegExpStatics-inl.h"
+#include "vm/Runtime-inl.h"
 #include "vm/Shape-inl.h"
 #include "vm/StringObject-inl.h"
 
 using namespace js;
 using namespace js::gc;
 using namespace js::types;
 
 using js::frontend::IsIdentifier;
--- a/js/src/jsweakcache.h
+++ b/js/src/jsweakcache.h
@@ -26,17 +26,17 @@ template <class Key, class Value,
 class WeakCache : public HashMap<Key, Value, HashPolicy, AllocPolicy> {
   private:
     typedef HashMap<Key, Value, HashPolicy, AllocPolicy> Base;
     typedef typename Base::Range Range;
     typedef typename Base::Enum Enum;
 
   public:
     explicit WeakCache(JSRuntime *rt) : Base(rt) { }
-    explicit WeakCache(JSContext *cx) : Base(cx) { }
+    explicit WeakCache(JSContext *cx) : Base(cx->runtime()) { }
 
   public:
     // Sweep all entries which have unmarked key or value.
     void sweep(FreeOp *fop) {
         // Remove all entries whose keys/values remain unmarked.
         for (Enum e(*this); !e.empty(); e.popFront()) {
             // Checking IsMarked() may update the location of the Key (or Value).
             // Pass in a stack local, then manually update the backing heap store.
@@ -77,17 +77,17 @@ template <class Key, class Value,
 class WeakValueCache : public HashMap<Key, Value, HashPolicy, AllocPolicy>
 {
   public:
     typedef HashMap<Key, Value, HashPolicy, AllocPolicy> Base;
     typedef typename Base::Range Range;
     typedef typename Base::Enum Enum;
 
     explicit WeakValueCache(JSRuntime *rt) : Base(rt) { }
-    explicit WeakValueCache(JSContext *cx) : Base(cx) { }
+    explicit WeakValueCache(JSContext *cx) : Base(cx->runtime()) { }
 
   public:
     // Sweep all entries which have unmarked key or value.
     void sweep(FreeOp *fop) {
         // Remove all entries whose values remain unmarked.
         for (Enum e(*this); !e.empty(); e.popFront()) {
             if (gc::IsAboutToBeFinalized(e.front().value))
                 e.removeFront();
--- a/js/src/jsweakmap.h
+++ b/js/src/jsweakmap.h
@@ -129,17 +129,17 @@ template <class Key, class Value,
 class WeakMap : public HashMap<Key, Value, HashPolicy, RuntimeAllocPolicy>, public WeakMapBase
 {
   public:
     typedef HashMap<Key, Value, HashPolicy, RuntimeAllocPolicy> Base;
     typedef typename Base::Enum Enum;
     typedef typename Base::Range Range;
 
     explicit WeakMap(JSContext *cx, JSObject *memOf=NULL)
-        : Base(cx), WeakMapBase(memOf, cx->compartment()) { }
+        : Base(cx->runtime()), WeakMapBase(memOf, cx->compartment()) { }
 
   private:
     bool markValue(JSTracer *trc, Value *x) {
         if (gc::IsMarked(x))
             return false;
         gc::Mark(trc, x, "WeakMap entry");
         JS_ASSERT(gc::IsMarked(x));
         return true;
--- a/js/src/moz.build
+++ b/js/src/moz.build
@@ -111,16 +111,17 @@ CPP_SOURCES += [
     'Parser.cpp',
     'Probes.cpp',
     'Profilers.cpp',
     'PropertyKey.cpp',
     'RegExp.cpp',
     'RegExpObject.cpp',
     'RegExpStatics.cpp',
     'RootMarking.cpp',
+    'Runtime.cpp',
     'SPSProfiler.cpp',
     'ScopeObject.cpp',
     'SelfHosting.cpp',
     'Shape.cpp',
     'Stack.cpp',
     'Statistics.cpp',
     'StoreBuffer.cpp',
     'String.cpp',
--- a/js/src/vm/Debugger.cpp
+++ b/js/src/vm/Debugger.cpp
@@ -359,17 +359,17 @@ Breakpoint::nextInSite()
     JSCList *link = JS_NEXT_LINK(&siteLinks);
     return (link == &site->breakpoints) ? NULL : fromSiteLinks(link);
 }
 
 /*** Debugger hook dispatch **********************************************************************/
 
 Debugger::Debugger(JSContext *cx, JSObject *dbg)
   : object(dbg), uncaughtExceptionHook(NULL), enabled(true),
-    frames(cx), scripts(cx), sources(cx), objects(cx), environments(cx)
+    frames(cx->runtime()), scripts(cx), sources(cx), objects(cx), environments(cx)
 {
     assertSameCompartment(cx, dbg);
 
     cx->runtime()->debuggerList.insertBack(this);
     JS_INIT_CLIST(&breakpoints);
     JS_INIT_CLIST(&onNewGlobalObjectWatchersLink);
 }
 
@@ -2261,17 +2261,19 @@ Debugger::removeDebuggeeGlobal(FreeOp *f
 /*
  * A class for parsing 'findScripts' query arguments and searching for
  * scripts that match the criteria they represent.
  */
 class Debugger::ScriptQuery {
   public:
     /* Construct a ScriptQuery to use matching scripts for |dbg|. */
     ScriptQuery(JSContext *cx, Debugger *dbg):
-        cx(cx), debugger(dbg), compartments(cx), url(cx), innermostForCompartment(cx) {}
+        cx(cx), debugger(dbg), compartments(cx->runtime()), url(cx),
+        innermostForCompartment(cx->runtime())
+    {}
 
     /*
      * Initialize this ScriptQuery. Raise an error and return false if we
      * haven't enough memory.
      */
     bool init() {
         if (!compartments.init() ||
             !innermostForCompartment.init())
--- a/js/src/vm/Debugger.h
+++ b/js/src/vm/Debugger.h
@@ -46,17 +46,17 @@ class DebuggerWeakMap : private WeakMap<
                     DefaultHasher<JS::Zone *>,
                     RuntimeAllocPolicy> CountMap;
 
     CountMap zoneCounts;
 
   public:
     typedef WeakMap<Key, Value, DefaultHasher<Key> > Base;
     explicit DebuggerWeakMap(JSContext *cx)
-        : Base(cx), zoneCounts(cx) { }
+        : Base(cx), zoneCounts(cx->runtime()) { }
 
   public:
     /* Expose those parts of HashMap public interface that are used by Debugger methods. */
 
     typedef typename Base::Ptr Ptr;
     typedef typename Base::AddPtr AddPtr;
     typedef typename Base::Range Range;
     typedef typename Base::Enum Enum;
copy from js/src/jscntxtinlines.h
copy to js/src/vm/Runtime-inl.h
--- a/js/src/jscntxtinlines.h
+++ b/js/src/vm/Runtime-inl.h
@@ -1,18 +1,18 @@
 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
  * vim: set ts=8 sts=4 et sw=4 tw=99:
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-#ifndef jscntxtinlines_h
-#define jscntxtinlines_h
+#ifndef vm_Runtime_inl_h
+#define vm_Runtime_inl_h
 
-#include "jscntxt.h"
+#include "vm/Runtime.h"
 
 #include "jscompartment.h"
 #include "jsfriendapi.h"
 #include "jsgc.h"
 #include "jsiter.h"
 
 #include "builtin/Object.h" // For js::obj_construct
 #include "frontend/ParseMaps.h"
@@ -71,459 +71,11 @@ NewObjectCache::newObjectFromHit(JSConte
         copyCachedToObject(obj, reinterpret_cast<JSObject *>(&entry->templateObject), entry->kind);
         Probes::createObject(cx, obj);
         return obj;
     }
 
     return NULL;
 }
 
-#ifdef JS_CRASH_DIAGNOSTICS
-class CompartmentChecker
-{
-    JSContext *context;
-    JSCompartment *compartment;
-
-  public:
-    explicit CompartmentChecker(JSContext *cx)
-      : context(cx), compartment(cx->compartment())
-    {}
-
-    /*
-     * Set a breakpoint here (break js::CompartmentChecker::fail) to debug
-     * compartment mismatches.
-     */
-    static void fail(JSCompartment *c1, JSCompartment *c2) {
-        printf("*** Compartment mismatch %p vs. %p\n", (void *) c1, (void *) c2);
-        MOZ_CRASH();
-    }
-
-    static void fail(JS::Zone *z1, JS::Zone *z2) {
-        printf("*** Zone mismatch %p vs. %p\n", (void *) z1, (void *) z2);
-        MOZ_CRASH();
-    }
-
-    /* Note: should only be used when neither c1 nor c2 may be the default compartment. */
-    static void check(JSCompartment *c1, JSCompartment *c2) {
-        JS_ASSERT(c1 != c1->rt->atomsCompartment);
-        JS_ASSERT(c2 != c2->rt->atomsCompartment);
-        if (c1 != c2)
-            fail(c1, c2);
-    }
-
-    void check(JSCompartment *c) {
-        if (c && c != context->runtime()->atomsCompartment) {
-            if (!compartment)
-                compartment = c;
-            else if (c != compartment)
-                fail(compartment, c);
-        }
-    }
-
-    void checkZone(JS::Zone *z) {
-        if (compartment && z != compartment->zone())
-            fail(compartment->zone(), z);
-    }
-
-    void check(JSObject *obj) {
-        if (obj)
-            check(obj->compartment());
-    }
-
-    template<typename T>
-    void check(Handle<T> handle) {
-        check(handle.get());
-    }
-
-    void check(JSString *str) {
-        if (!str->isAtom())
-            checkZone(str->zone());
-    }
-
-    void check(const js::Value &v) {
-        if (v.isObject())
-            check(&v.toObject());
-        else if (v.isString())
-            check(v.toString());
-    }
-
-    void check(const ValueArray &arr) {
-        for (size_t i = 0; i < arr.length; i++)
-            check(arr.array[i]);
-    }
-
-    void check(const JSValueArray &arr) {
-        for (size_t i = 0; i < arr.length; i++)
-            check(arr.array[i]);
-    }
-
-    void check(const CallArgs &args) {
-        for (Value *p = args.base(); p != args.end(); ++p)
-            check(*p);
-    }
-
-    void check(jsid id) {
-        if (JSID_IS_OBJECT(id))
-            check(JSID_TO_OBJECT(id));
-    }
-
-    void check(JSIdArray *ida) {
-        if (ida) {
-            for (int i = 0; i < ida->length; i++) {
-                if (JSID_IS_OBJECT(ida->vector[i]))
-                    check(ida->vector[i]);
-            }
-        }
-    }
-
-    void check(JSScript *script) {
-        if (script)
-            check(script->compartment());
-    }
-
-    void check(StackFrame *fp);
-    void check(AbstractFramePtr frame);
-};
-#endif /* JS_CRASH_DIAGNOSTICS */
-
-/*
- * Don't perform these checks when called from a finalizer. The checking
- * depends on other objects not having been swept yet.
- */
-#define START_ASSERT_SAME_COMPARTMENT()                                       \
-    JS_ASSERT(cx->compartment()->zone() == cx->zone());                       \
-    if (cx->runtime()->isHeapBusy())                                          \
-        return;                                                               \
-    CompartmentChecker c(cx)
-
-template <class T1> inline void
-assertSameCompartment(JSContext *cx, const T1 &t1)
-{
-#ifdef JS_CRASH_DIAGNOSTICS
-    START_ASSERT_SAME_COMPARTMENT();
-    c.check(t1);
-#endif
-}
-
-template <class T1> inline void
-assertSameCompartmentDebugOnly(JSContext *cx, const T1 &t1)
-{
-#ifdef DEBUG
-    START_ASSERT_SAME_COMPARTMENT();
-    c.check(t1);
-#endif
-}
-
-template <class T1, class T2> inline void
-assertSameCompartment(JSContext *cx, const T1 &t1, const T2 &t2)
-{
-#ifdef JS_CRASH_DIAGNOSTICS
-    START_ASSERT_SAME_COMPARTMENT();
-    c.check(t1);
-    c.check(t2);
-#endif
-}
-
-template <class T1, class T2, class T3> inline void
-assertSameCompartment(JSContext *cx, const T1 &t1, const T2 &t2, const T3 &t3)
-{
-#ifdef JS_CRASH_DIAGNOSTICS
-    START_ASSERT_SAME_COMPARTMENT();
-    c.check(t1);
-    c.check(t2);
-    c.check(t3);
-#endif
-}
-
-template <class T1, class T2, class T3, class T4> inline void
-assertSameCompartment(JSContext *cx, const T1 &t1, const T2 &t2, const T3 &t3, const T4 &t4)
-{
-#ifdef JS_CRASH_DIAGNOSTICS
-    START_ASSERT_SAME_COMPARTMENT();
-    c.check(t1);
-    c.check(t2);
-    c.check(t3);
-    c.check(t4);
-#endif
-}
-
-template <class T1, class T2, class T3, class T4, class T5> inline void
-assertSameCompartment(JSContext *cx, const T1 &t1, const T2 &t2, const T3 &t3, const T4 &t4, const T5 &t5)
-{
-#ifdef JS_CRASH_DIAGNOSTICS
-    START_ASSERT_SAME_COMPARTMENT();
-    c.check(t1);
-    c.check(t2);
-    c.check(t3);
-    c.check(t4);
-    c.check(t5);
-#endif
-}
-
-#undef START_ASSERT_SAME_COMPARTMENT
-
-STATIC_PRECONDITION_ASSUME(ubound(args.argv_) >= argc)
-JS_ALWAYS_INLINE bool
-CallJSNative(JSContext *cx, Native native, const CallArgs &args)
-{
-    JS_CHECK_RECURSION(cx, return false);
-
-#ifdef DEBUG
-    bool alreadyThrowing = cx->isExceptionPending();
-#endif
-    assertSameCompartment(cx, args);
-    bool ok = native(cx, args.length(), args.base());
-    if (ok) {
-        assertSameCompartment(cx, args.rval());
-        JS_ASSERT_IF(!alreadyThrowing, !cx->isExceptionPending());
-    }
-    return ok;
-}
-
-STATIC_PRECONDITION_ASSUME(ubound(args.argv_) >= argc)
-JS_ALWAYS_INLINE bool
-CallNativeImpl(JSContext *cx, NativeImpl impl, const CallArgs &args)
-{
-#ifdef DEBUG
-    bool alreadyThrowing = cx->isExceptionPending();
-#endif
-    assertSameCompartment(cx, args);
-    bool ok = impl(cx, args);
-    if (ok) {
-        assertSameCompartment(cx, args.rval());
-        JS_ASSERT_IF(!alreadyThrowing, !cx->isExceptionPending());
-    }
-    return ok;
-}
-
-STATIC_PRECONDITION(ubound(args.argv_) >= argc)
-JS_ALWAYS_INLINE bool
-CallJSNativeConstructor(JSContext *cx, Native native, const CallArgs &args)
-{
-#ifdef DEBUG
-    RootedObject callee(cx, &args.callee());
-#endif
-
-    JS_ASSERT(args.thisv().isMagic());
-    if (!CallJSNative(cx, native, args))
-        return false;
-
-    /*
-     * Native constructors must return non-primitive values on success.
-     * Although it is legal, if a constructor returns the callee, there is a
-     * 99.9999% chance it is a bug. If any valid code actually wants the
-     * constructor to return the callee, the assertion can be removed or
-     * (another) conjunct can be added to the antecedent.
-     *
-     * Exceptions:
-     *
-     * - Proxies are exceptions to both rules: they can return primitives and
-     *   they allow content to return the callee.
-     *
-     * - CallOrConstructBoundFunction is an exception as well because we might
-     *   have used bind on a proxy function.
-     *
-     * - new Iterator(x) is user-hookable; it returns x.__iterator__() which
-     *   could be any object.
-     *
-     * - (new Object(Object)) returns the callee.
-     */
-    JS_ASSERT_IF(native != FunctionProxyClass.construct &&
-                 native != js::CallOrConstructBoundFunction &&
-                 native != js::IteratorConstructor &&
-                 (!callee->is<JSFunction>() || callee->as<JSFunction>().native() != obj_construct),
-                 !args.rval().isPrimitive() && callee != &args.rval().toObject());
-
-    return true;
-}
-
-JS_ALWAYS_INLINE bool
-CallJSPropertyOp(JSContext *cx, PropertyOp op, HandleObject receiver, HandleId id, MutableHandleValue vp)
-{
-    JS_CHECK_RECURSION(cx, return false);
-
-    assertSameCompartment(cx, receiver, id, vp);
-    JSBool ok = op(cx, receiver, id, vp);
-    if (ok)
-        assertSameCompartment(cx, vp);
-    return ok;
-}
-
-JS_ALWAYS_INLINE bool
-CallJSPropertyOpSetter(JSContext *cx, StrictPropertyOp op, HandleObject obj, HandleId id,
-                       JSBool strict, MutableHandleValue vp)
-{
-    JS_CHECK_RECURSION(cx, return false);
-
-    assertSameCompartment(cx, obj, id, vp);
-    return op(cx, obj, id, strict, vp);
-}
-
-static inline bool
-CallJSDeletePropertyOp(JSContext *cx, JSDeletePropertyOp op, HandleObject receiver, HandleId id,
-                       JSBool *succeeded)
-{
-    JS_CHECK_RECURSION(cx, return false);
-
-    assertSameCompartment(cx, receiver, id);
-    return op(cx, receiver, id, succeeded);
-}
-
-inline bool
-CallSetter(JSContext *cx, HandleObject obj, HandleId id, StrictPropertyOp op, unsigned attrs,
-           unsigned shortid, JSBool strict, MutableHandleValue vp)
-{
-    if (attrs & JSPROP_SETTER) {
-        RootedValue opv(cx, CastAsObjectJsval(op));
-        return InvokeGetterOrSetter(cx, obj, opv, 1, vp.address(), vp);
-    }
-
-    if (attrs & JSPROP_GETTER)
-        return js_ReportGetterOnlyAssignment(cx);
-
-    if (!(attrs & JSPROP_SHORTID))
-        return CallJSPropertyOpSetter(cx, op, obj, id, strict, vp);
-
-    RootedId nid(cx, INT_TO_JSID(shortid));
-
-    return CallJSPropertyOpSetter(cx, op, obj, nid, strict, vp);
-}
-
 }  /* namespace js */
 
-inline js::LifoAlloc &
-JSContext::analysisLifoAlloc()
-{
-    return compartment()->analysisLifoAlloc;
-}
-
-inline js::LifoAlloc &
-JSContext::typeLifoAlloc()
-{
-    return zone()->types.typeLifoAlloc;
-}
-
-inline void
-JSContext::setPendingException(js::Value v) {
-    JS_ASSERT(!IsPoisonedValue(v));
-    this->throwing = true;
-    this->exception = v;
-    js::assertSameCompartment(this, v);
-}
-
-inline js::PropertyTree&
-JSContext::propertyTree()
-{
-    return compartment()->propertyTree;
-}
-
-inline void
-JSContext::setDefaultCompartmentObject(JSObject *obj)
-{
-    defaultCompartmentObject_ = obj;
-
-    if (!hasEnteredCompartment()) {
-        /*
-         * If JSAPI callers want to JS_SetGlobalObject while code is running,
-         * they must have entered a compartment (otherwise there will be no
-         * final leaveCompartment call to set the context's compartment back to
-         * defaultCompartmentObject->compartment()).
-         */
-        JS_ASSERT(!currentlyRunning());
-        setCompartment(obj ? obj->compartment() : NULL);
-        if (throwing)
-            wrapPendingException();
-    }
-}
-
-inline void
-JSContext::setDefaultCompartmentObjectIfUnset(JSObject *obj)
-{
-    if (!defaultCompartmentObject_)
-        setDefaultCompartmentObject(obj);
-}
-
-inline void
-JSContext::enterCompartment(JSCompartment *c)
-{
-    enterCompartmentDepth_++;
-    setCompartment(c);
-    c->enter();
-    if (throwing)
-        wrapPendingException();
-}
-
-inline void
-JSContext::leaveCompartment(JSCompartment *oldCompartment)
-{
-    JS_ASSERT(hasEnteredCompartment());
-    enterCompartmentDepth_--;
-
-    compartment()->leave();
-
-    /*
-     * Before we entered the current compartment, 'compartment' was
-     * 'oldCompartment', so we might want to simply set it back. However, we
-     * currently have this terrible scheme whereby defaultCompartmentObject_ can
-     * be updated while enterCompartmentDepth_ > 0. In this case, oldCompartment
-     * != defaultCompartmentObject_->compartment and we must ignore
-     * oldCompartment.
-     */
-    if (hasEnteredCompartment() || !defaultCompartmentObject_)
-        setCompartment(oldCompartment);
-    else
-        setCompartment(defaultCompartmentObject_->compartment());
-
-    if (throwing)
-        wrapPendingException();
-}
-
-inline void
-JSContext::setCompartment(JSCompartment *comp)
-{
-    compartment_ = comp;
-    zone_ = comp ? comp->zone() : NULL;
-    allocator_ = zone_ ? &zone_->allocator : NULL;
-}
-
-inline JSScript *
-JSContext::currentScript(jsbytecode **ppc,
-                         MaybeAllowCrossCompartment allowCrossCompartment) const
-{
-    if (ppc)
-        *ppc = NULL;
-
-    js::Activation *act = mainThread().activation();
-    while (act && (act->cx() != this || (act->isJit() && !act->asJit()->isActive())))
-        act = act->prev();
-
-    if (!act)
-        return NULL;
-
-    JS_ASSERT(act->cx() == this);
-
-#ifdef JS_ION
-    if (act->isJit()) {
-        JSScript *script = NULL;
-        js::ion::GetPcScript(const_cast<JSContext *>(this), &script, ppc);
-        if (!allowCrossCompartment && script->compartment() != compartment())
-            return NULL;
-        return script;
-    }
-#endif
-
-    JS_ASSERT(act->isInterpreter());
-
-    js::StackFrame *fp = act->asInterpreter()->current();
-    JS_ASSERT(!fp->runningInJit());
-
-    JSScript *script = fp->script();
-    if (!allowCrossCompartment && script->compartment() != compartment())
-        return NULL;
-
-    if (ppc) {
-        *ppc = act->asInterpreter()->regs().pc;
-        JS_ASSERT(*ppc >= script->code && *ppc < script->code + script->length);
-    }
-    return script;
-}
-
-#endif /* jscntxtinlines_h */
+#endif /* vm_Runtime_inl_h */
copy from js/src/jscntxt.cpp
copy to js/src/vm/Runtime.cpp
--- a/js/src/jscntxt.cpp
+++ b/js/src/vm/Runtime.cpp
@@ -1,32 +1,20 @@
 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
  * vim: set ts=8 sts=4 et sw=4 tw=99:
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-/*
- * JS execution context.
- */
-
-#include "jscntxt.h"
+#include "vm/Runtime.h"
 
 #include <locale.h>
 #include <stdarg.h>
 #include <string.h>
 
-#include "mozilla/DebugOnly.h"
-
-#ifdef ANDROID
-# include <android/log.h>
-# include <fstream>
-# include <string>
-#endif  // ANDROID
-
 #include "mozilla/MemoryReporting.h"
 #include "mozilla/Util.h"
 
 #include "jstypes.h"
 #include "jsprf.h"
 #include "jsatom.h"
 #include "jscompartment.h"
 #include "jsdbgapi.h"
@@ -46,75 +34,36 @@
 #endif
 
 #include "gc/Marking.h"
 #include "js/CharacterEncoding.h"
 #include "js/MemoryMetrics.h"
 #include "vm/Shape.h"
 #include "yarr/BumpPointerAllocator.h"
 
-#include "jscntxtinlines.h"
 #include "jsobjinlines.h"
 
 #include "vm/Stack-inl.h"
 
 using namespace js;
 using namespace js::gc;
 
-using mozilla::DebugOnly;
-using mozilla::PodArrayZero;
 using mozilla::PodZero;
-using mozilla::PointerRangeSize;
-
-bool
-js::AutoCycleDetector::init()
-{
-    ObjectSet &set = cx->cycleDetectorSet;
-    hashsetAddPointer = set.lookupForAdd(obj);
-    if (!hashsetAddPointer) {
-        if (!set.add(hashsetAddPointer, obj))
-            return false;
-        cyclic = false;
-        hashsetGenerationAtInit = set.generation();
-    }
-    return true;
-}
-
-js::AutoCycleDetector::~AutoCycleDetector()
-{
-    if (!cyclic) {
-        if (hashsetGenerationAtInit == cx->cycleDetectorSet.generation())
-            cx->cycleDetectorSet.remove(hashsetAddPointer);
-        else
-            cx->cycleDetectorSet.remove(obj);
-    }
-}
-
-void
-js::TraceCycleDetectionSet(JSTracer *trc, js::ObjectSet &set)
-{
-    for (js::ObjectSet::Enum e(set); !e.empty(); e.popFront()) {
-        JSObject *prior = e.front();
-        MarkObjectRoot(trc, const_cast<JSObject **>(&e.front()), "cycle detector table entry");
-        if (prior != e.front())
-            e.rekeyFront(e.front());
-    }
-}
 
 void
 NewObjectCache::clearNurseryObjects(JSRuntime *rt)
 {
     for (unsigned i = 0; i < mozilla::ArrayLength(entries); ++i) {
         Entry &e = entries[i];
         JSObject *obj = reinterpret_cast<JSObject *>(&e.templateObject);
         if (IsInsideNursery(rt, e.key) ||
             IsInsideNursery(rt, obj->slots) ||
             IsInsideNursery(rt, obj->elements))
         {
-            mozilla::PodZero(&e);
+            PodZero(&e);
         }
     }
 }
 
 void
 JSRuntime::sizeOfIncludingThis(mozilla::MallocSizeOf mallocSizeOf, JS::RuntimeSizes *rtSizes)
 {
     rtSizes->object = mallocSizeOf(this);
@@ -216,1016 +165,16 @@ JSRuntime::createMathCache(JSContext *cx
         js_ReportOutOfMemory(cx);
         return NULL;
     }
 
     mathCache_ = newMathCache;
     return mathCache_;
 }
 
-void
-JSCompartment::sweepCallsiteClones()
-{
-    if (callsiteClones.initialized()) {
-        for (CallsiteCloneTable::Enum e(callsiteClones); !e.empty(); e.popFront()) {
-            CallsiteCloneKey key = e.front().key;
-            JSFunction *fun = e.front().value;
-            if (!IsScriptMarked(&key.script) || !IsObjectMarked(&fun))
-                e.removeFront();
-        }
-    }
-}
-
-JSFunction *
-js::CloneFunctionAtCallsite(JSContext *cx, HandleFunction fun, HandleScript script, jsbytecode *pc)
-{
-    JS_ASSERT(cx->typeInferenceEnabled());
-    JS_ASSERT(fun->nonLazyScript()->shouldCloneAtCallsite);
-    JS_ASSERT(!fun->nonLazyScript()->enclosingStaticScope());
-    JS_ASSERT(types::UseNewTypeForClone(fun));
-
-    typedef CallsiteCloneKey Key;
-    typedef CallsiteCloneTable Table;
-
-    Table &table = cx->compartment()->callsiteClones;
-    if (!table.initialized() && !table.init())
-        return NULL;
-
-    uint32_t offset = pc - script->code;
-    void* originalScript = script;
-    void* originalFun = fun;
-    SkipRoot skipScript(cx, &originalScript);
-    SkipRoot skipFun(cx, &originalFun);
-
-    Table::AddPtr p = table.lookupForAdd(Key(fun, script, offset));
-    SkipRoot skipHash(cx, &p); /* Prevent the hash from being poisoned. */
-    if (p)
-        return p->value;
-
-    RootedObject parent(cx, fun->environment());
-    RootedFunction clone(cx, CloneFunctionObject(cx, fun, parent));
-    if (!clone)
-        return NULL;
-
-    /*
-     * Store a link back to the original for function.caller and avoid cloning
-     * clones.
-     */
-    clone->nonLazyScript()->shouldCloneAtCallsite = false;
-    clone->nonLazyScript()->isCallsiteClone = true;
-    clone->nonLazyScript()->setOriginalFunctionObject(fun);
-
-    Key key(fun, script, offset);
-
-    /* Recalculate the hash if script or fun have been moved. */
-    if (script != originalScript || fun != originalFun) {
-        p = table.lookupForAdd(key);
-        JS_ASSERT(!p);
-    }
-
-    if (!table.relookupOrAdd(p, key, clone.get()))
-        return NULL;
-
-    return clone;
-}
-
-JSContext *
-js::NewContext(JSRuntime *rt, size_t stackChunkSize)
-{
-    JS_AbortIfWrongThread(rt);
-
-    JSContext *cx = js_new<JSContext>(rt);
-    if (!cx)
-        return NULL;
-
-    if (!cx->cycleDetectorSet.init()) {
-        js_delete(cx);
-        return NULL;
-    }
-
-    /*
-     * Here the GC lock is still held after js_InitContextThreadAndLockGC took it and
-     * the GC is not running on another thread.
-     */
-    bool first = rt->contextList.isEmpty();
-    rt->contextList.insertBack(cx);
-
-    /*
-     * If cx is the first context on this runtime, initialize well-known atoms,
-     * keywords, numbers, strings and self-hosted scripts. If one of these
-     * steps should fail, the runtime will be left in a partially initialized
-     * state, with zeroes and nulls stored in the default-initialized remainder
-     * of the struct. We'll clean the runtime up under DestroyContext, because
-     * cx will be "last" as well as "first".
-     */
-    if (first) {
-#ifdef JS_THREADSAFE
-        JS_BeginRequest(cx);
-#endif
-        bool ok = rt->staticStrings.init(cx);
-        if (ok)
-            ok = InitCommonNames(cx);
-        if (ok)
-            ok = rt->initSelfHosting(cx);
-
-#ifdef JS_THREADSAFE
-        JS_EndRequest(cx);
-#endif
-        if (!ok) {
-            DestroyContext(cx, DCM_NEW_FAILED);
-            return NULL;
-        }
-    }
-
-    JSContextCallback cxCallback = rt->cxCallback;
-    if (cxCallback && !cxCallback(cx, JSCONTEXT_NEW)) {
-        DestroyContext(cx, DCM_NEW_FAILED);
-        return NULL;
-    }
-
-    return cx;
-}
-
-void
-js::DestroyContext(JSContext *cx, DestroyContextMode mode)
-{
-    JSRuntime *rt = cx->runtime();
-    JS_AbortIfWrongThread(rt);
-
-#ifdef JS_THREADSAFE
-    if (cx->outstandingRequests != 0)
-        MOZ_CRASH();
-#endif
-
-#if (defined(JSGC_ROOT_ANALYSIS) || defined(JSGC_USE_EXACT_ROOTING)) && defined(DEBUG)
-    for (int i = 0; i < THING_ROOT_LIMIT; ++i)
-        JS_ASSERT(cx->thingGCRooters[i] == NULL);
-#endif
-
-    if (mode != DCM_NEW_FAILED) {
-        if (JSContextCallback cxCallback = rt->cxCallback) {
-            /*
-             * JSCONTEXT_DESTROY callback is not allowed to fail and must
-             * return true.
-             */
-            JS_ALWAYS_TRUE(cxCallback(cx, JSCONTEXT_DESTROY));
-        }
-    }
-
-    cx->remove();
-    bool last = !rt->hasContexts();
-    if (last) {
-        JS_ASSERT(!rt->isHeapBusy());
-
-        /*
-         * Dump remaining type inference results first. This printing
-         * depends on atoms still existing.
-         */
-        for (CompartmentsIter c(rt); !c.done(); c.next())
-            c->types.print(cx, false);
-
-        /* Off thread ion compilations depend on atoms still existing. */
-        for (CompartmentsIter c(rt); !c.done(); c.next())
-            CancelOffThreadIonCompile(c, NULL);
-
-        /* Unpin all common names before final GC. */
-        FinishCommonNames(rt);
-
-        /* Clear debugging state to remove GC roots. */
-        for (CompartmentsIter c(rt); !c.done(); c.next())
-            c->clearTraps(rt->defaultFreeOp());
-        JS_ClearAllWatchPoints(cx);
-
-        /* Clear the statics table to remove GC roots. */
-        rt->staticStrings.finish();
-
-        JS::PrepareForFullGC(rt);
-        GC(rt, GC_NORMAL, JS::gcreason::LAST_CONTEXT);
-
-        /*
-         * Clear the self-hosted global and delete self-hosted classes *after*
-         * GC, as finalizers for objects check for clasp->finalize during GC.
-         */
-        rt->finishSelfHosting();
-    } else if (mode == DCM_FORCE_GC) {
-        JS_ASSERT(!rt->isHeapBusy());
-        JS::PrepareForFullGC(rt);
-        GC(rt, GC_NORMAL, JS::gcreason::DESTROY_CONTEXT);
-    }
-    js_delete_poison(cx);
-}
-
-bool
-AutoResolving::alreadyStartedSlow() const
-{
-    JS_ASSERT(link);
-    AutoResolving *cursor = link;
-    do {
-        JS_ASSERT(this != cursor);
-        if (object.get() == cursor->object && id.get() == cursor->id && kind == cursor->kind)
-            return true;
-    } while (!!(cursor = cursor->link));
-    return false;
-}
-
-static void
-ReportError(JSContext *cx, const char *message, JSErrorReport *reportp,
-            JSErrorCallback callback, void *userRef)
-{
-    /*
-     * Check the error report, and set a JavaScript-catchable exception
-     * if the error is defined to have an associated exception.  If an
-     * exception is thrown, then the JSREPORT_EXCEPTION flag will be set
-     * on the error report, and exception-aware hosts should ignore it.
-     */
-    JS_ASSERT(reportp);
-    if ((!callback || callback == js_GetErrorMessage) &&
-        reportp->errorNumber == JSMSG_UNCAUGHT_EXCEPTION)
-        reportp->flags |= JSREPORT_EXCEPTION;
-
-    /*
-     * Call the error reporter only if an exception wasn't raised.
-     *
-     * If an exception was raised, then we call the debugErrorHook
-     * (if present) to give it a chance to see the error before it
-     * propagates out of scope.  This is needed for compatibility
-     * with the old scheme.
-     */
-    if (!JS_IsRunning(cx) ||
-        !js_ErrorToException(cx, message, reportp, callback, userRef)) {
-        js_ReportErrorAgain(cx, message, reportp);
-    } else if (JSDebugErrorHook hook = cx->runtime()->debugHooks.debugErrorHook) {
-        /*
-         * If we've already chewed up all the C stack, don't call into the
-         * error reporter since this may trigger an infinite recursion where
-         * the reporter triggers an over-recursion.
-         */
-        int stackDummy;
-        if (!JS_CHECK_STACK_SIZE(cx->mainThread().nativeStackLimit, &stackDummy))
-            return;
-
-        if (cx->errorReporter)
-            hook(cx, message, reportp, cx->runtime()->debugHooks.debugErrorHookData);
-    }
-}
-
-/*
- * The given JSErrorReport object have been zeroed and must not outlive
- * cx->fp() (otherwise report->originPrincipals may become invalid).
- */
-static void
-PopulateReportBlame(JSContext *cx, JSErrorReport *report)
-{
-    /*
-     * Walk stack until we find a frame that is associated with a non-builtin
-     * rather than a builtin frame.
-     */
-    NonBuiltinScriptFrameIter iter(cx);
-    if (iter.done())
-        return;
-
-    report->filename = iter.script()->filename();
-    report->lineno = PCToLineNumber(iter.script(), iter.pc(), &report->column);
-    report->originPrincipals = iter.script()->originPrincipals;
-}
-
-/*
- * Since memory has been exhausted, avoid the normal error-handling path which
- * allocates an error object, report and callstack. If code is running, simply
- * throw the static atom "out of memory". If code is not running, call the
- * error reporter directly.
- *
- * Furthermore, callers of js_ReportOutOfMemory (viz., malloc) assume a GC does
- * not occur, so GC must be avoided or suppressed.
- */
-void
-js_ReportOutOfMemory(JSContext *cx)
-{
-    cx->runtime()->hadOutOfMemory = true;
-
-    if (JS_IsRunning(cx)) {
-        cx->setPendingException(StringValue(cx->names().outOfMemory));
-        return;
-    }
-
-    /* Get the message for this error, but we don't expand any arguments. */
-    const JSErrorFormatString *efs =
-        js_GetLocalizedErrorMessage(cx, NULL, NULL, JSMSG_OUT_OF_MEMORY);
-    const char *msg = efs ? efs->format : "Out of memory";
-
-    /* Fill out the report, but don't do anything that requires allocation. */
-    JSErrorReport report;
-    PodZero(&report);
-    report.flags = JSREPORT_ERROR;
-    report.errorNumber = JSMSG_OUT_OF_MEMORY;
-    PopulateReportBlame(cx, &report);
-
-    /* Report the error. */
-    if (JSErrorReporter onError = cx->errorReporter) {
-        AutoSuppressGC suppressGC(cx);
-        onError(cx, msg, &report);
-    }
-}
-
-JS_FRIEND_API(void)
-js_ReportOverRecursed(JSContext *maybecx)
-{
-#ifdef JS_MORE_DETERMINISTIC
-    /*
-     * We cannot make stack depth deterministic across different
-     * implementations (e.g. JIT vs. interpreter will differ in
-     * their maximum stack depth).
-     * However, we can detect externally when we hit the maximum
-     * stack depth which is useful for external testing programs
-     * like fuzzers.
-     */
-    fprintf(stderr, "js_ReportOverRecursed called\n");
-#endif
-    if (maybecx)
-        JS_ReportErrorNumber(maybecx, js_GetErrorMessage, NULL, JSMSG_OVER_RECURSED);
-}
-
-void
-js_ReportAllocationOverflow(JSContext *maybecx)
-{
-    if (maybecx) {
-        AutoSuppressGC suppressGC(maybecx);
-        JS_ReportErrorNumber(maybecx, js_GetErrorMessage, NULL, JSMSG_ALLOC_OVERFLOW);
-    }
-}
-
-/*
- * Given flags and the state of cx, decide whether we should report an
- * error, a warning, or just continue execution normally.  Return
- * true if we should continue normally, without reporting anything;
- * otherwise, adjust *flags as appropriate and return false.
- */
-static bool
-checkReportFlags(JSContext *cx, unsigned *flags)
-{
-    if (JSREPORT_IS_STRICT_MODE_ERROR(*flags)) {
-        /*
-         * Error in strict code; warning with extra warnings option; okay
-         * otherwise.  We assume that if the top frame is a native, then it is
-         * strict if the nearest scripted frame is strict, see bug 536306.
-         */
-        JSScript *script = cx->currentScript();
-        if (script && script->strict)
-            *flags &= ~JSREPORT_WARNING;
-        else if (cx->hasExtraWarningsOption())
-            *flags |= JSREPORT_WARNING;
-        else
-            return true;
-    } else if (JSREPORT_IS_STRICT(*flags)) {
-        /* Warning/error only when JSOPTION_STRICT is set. */
-        if (!cx->hasExtraWarningsOption())
-            return true;
-    }
-
-    /* Warnings become errors when JSOPTION_WERROR is set. */
-    if (JSREPORT_IS_WARNING(*flags) && cx->hasWErrorOption())
-        *flags &= ~JSREPORT_WARNING;
-
-    return false;
-}
-
-JSBool
-js_ReportErrorVA(JSContext *cx, unsigned flags, const char *format, va_list ap)
-{
-    char *message;
-    jschar *ucmessage;
-    size_t messagelen;
-    JSErrorReport report;
-    JSBool warning;
-
-    if (checkReportFlags(cx, &flags))
-        return JS_TRUE;
-
-    message = JS_vsmprintf(format, ap);
-    if (!message)
-        return JS_FALSE;
-    messagelen = strlen(message);
-
-    PodZero(&report);
-    report.flags = flags;
-    report.errorNumber = JSMSG_USER_DEFINED_ERROR;
-    report.ucmessage = ucmessage = InflateString(cx, message, &messagelen);
-    PopulateReportBlame(cx, &report);
-
-    warning = JSREPORT_IS_WARNING(report.flags);
-
-    ReportError(cx, message, &report, NULL, NULL);
-    js_free(message);
-    js_free(ucmessage);
-    return warning;
-}
-
-/* |callee| requires a usage string provided by JS_DefineFunctionsWithHelp. */
-void
-js::ReportUsageError(JSContext *cx, HandleObject callee, const char *msg)
-{
-    const char *usageStr = "usage";
-    PropertyName *usageAtom = Atomize(cx, usageStr, strlen(usageStr))->asPropertyName();
-    RootedId id(cx, NameToId(usageAtom));
-    DebugOnly<Shape *> shape = static_cast<Shape *>(callee->nativeLookup(cx, id));
-    JS_ASSERT(!shape->configurable());
-    JS_ASSERT(!shape->writable());
-    JS_ASSERT(shape->hasDefaultGetter());
-
-    RootedValue usage(cx);
-    if (!JS_LookupProperty(cx, callee, "usage", usage.address()))
-        return;
-
-    if (JSVAL_IS_VOID(usage)) {
-        JS_ReportError(cx, "%s", msg);
-    } else {
-        JSString *str = JSVAL_TO_STRING(usage);
-        JS::Anchor<JSString *> a_str(str);
-        const jschar *chars = JS_GetStringCharsZ(cx, str);
-        if (!chars)
-            return;
-        JS_ReportError(cx, "%s. Usage: %hs", msg, chars);
-    }
-}
-
-bool
-js::PrintError(JSContext *cx, FILE *file, const char *message, JSErrorReport *report,
-               bool reportWarnings)
-{
-    if (!report) {
-        fprintf(file, "%s\n", message);
-        fflush(file);
-        return false;
-    }
-
-    /* Conditionally ignore reported warnings. */
-    if (JSREPORT_IS_WARNING(report->flags) && !reportWarnings)
-        return false;
-
-    char *prefix = NULL;
-    if (report->filename)
-        prefix = JS_smprintf("%s:", report->filename);
-    if (report->lineno) {
-        char *tmp = prefix;
-        prefix = JS_smprintf("%s%u:%u ", tmp ? tmp : "", report->lineno, report->column);
-        JS_free(cx, tmp);
-    }
-    if (JSREPORT_IS_WARNING(report->flags)) {
-        char *tmp = prefix;
-        prefix = JS_smprintf("%s%swarning: ",
-                             tmp ? tmp : "",
-                             JSREPORT_IS_STRICT(report->flags) ? "strict " : "");
-        JS_free(cx, tmp);
-    }
-
-    /* embedded newlines -- argh! */
-    const char *ctmp;
-    while ((ctmp = strchr(message, '\n')) != 0) {
-        ctmp++;
-        if (prefix)
-            fputs(prefix, file);
-        fwrite(message, 1, ctmp - message, file);
-        message = ctmp;
-    }
-
-    /* If there were no filename or lineno, the prefix might be empty */
-    if (prefix)
-        fputs(prefix, file);
-    fputs(message, file);
-
-    if (report->linebuf) {
-        /* report->linebuf usually ends with a newline. */
-        int n = strlen(report->linebuf);
-        fprintf(file, ":\n%s%s%s%s",
-                prefix,
-                report->linebuf,
-                (n > 0 && report->linebuf[n-1] == '\n') ? "" : "\n",
-                prefix);
-        n = report->tokenptr - report->linebuf;
-        for (int i = 0, j = 0; i < n; i++) {
-            if (report->linebuf[i] == '\t') {
-                for (int k = (j + 8) & ~7; j < k; j++) {
-                    fputc('.', file);
-                }
-                continue;
-            }
-            fputc('.', file);
-            j++;
-        }
-        fputc('^', file);
-    }
-    fputc('\n', file);
-    fflush(file);
-    JS_free(cx, prefix);
-    return true;
-}
-
-/*
- * The arguments from ap need to be packaged up into an array and stored
- * into the report struct.
- *
- * The format string addressed by the error number may contain operands
- * identified by the format {N}, where N is a decimal digit. Each of these
- * is to be replaced by the Nth argument from the va_list. The complete
- * message is placed into reportp->ucmessage converted to a JSString.
- *
- * Returns true if the expansion succeeds (can fail if out of memory).
- */
-JSBool
-js_ExpandErrorArguments(JSContext *cx, JSErrorCallback callback,
-                        void *userRef, const unsigned errorNumber,
-                        char **messagep, JSErrorReport *reportp,
-                        ErrorArgumentsType argumentsType, va_list ap)
-{
-    const JSErrorFormatString *efs;
-    int i;
-    int argCount;
-    bool messageArgsPassed = !!reportp->messageArgs;
-
-    *messagep = NULL;
-
-    /* Most calls supply js_GetErrorMessage; if this is so, assume NULL. */
-    if (!callback || callback == js_GetErrorMessage)
-        efs = js_GetLocalizedErrorMessage(cx, userRef, NULL, errorNumber);
-    else
-        efs = callback(userRef, NULL, errorNumber);
-    if (efs) {
-        reportp->exnType = efs->exnType;
-
-        size_t totalArgsLength = 0;
-        size_t argLengths[10]; /* only {0} thru {9} supported */
-        argCount = efs->argCount;
-        JS_ASSERT(argCount <= 10);
-        if (argCount > 0) {
-            /*
-             * Gather the arguments into an array, and accumulate
-             * their sizes. We allocate 1 more than necessary and
-             * null it out to act as the caboose when we free the
-             * pointers later.
-             */
-            if (messageArgsPassed) {
-                JS_ASSERT(!reportp->messageArgs[argCount]);
-            } else {
-                reportp->messageArgs = cx->pod_malloc<const jschar*>(argCount + 1);
-                if (!reportp->messageArgs)
-                    return JS_FALSE;
-                /* NULL-terminate for easy copying. */
-                reportp->messageArgs[argCount] = NULL;
-            }
-            for (i = 0; i < argCount; i++) {
-                if (messageArgsPassed) {
-                    /* Do nothing. */
-                } else if (argumentsType == ArgumentsAreASCII) {
-                    char *charArg = va_arg(ap, char *);
-                    size_t charArgLength = strlen(charArg);
-                    reportp->messageArgs[i] = InflateString(cx, charArg, &charArgLength);
-                    if (!reportp->messageArgs[i])
-                        goto error;
-                } else {
-                    reportp->messageArgs[i] = va_arg(ap, jschar *);
-                }
-                argLengths[i] = js_strlen(reportp->messageArgs[i]);
-                totalArgsLength += argLengths[i];
-            }
-        }
-        /*
-         * Parse the error format, substituting the argument X
-         * for {X} in the format.
-         */
-        if (argCount > 0) {
-            if (efs->format) {
-                jschar *buffer, *fmt, *out;
-                int expandedArgs = 0;
-                size_t expandedLength;
-                size_t len = strlen(efs->format);
-
-                buffer = fmt = InflateString(cx, efs->format, &len);
-                if (!buffer)
-                    goto error;
-                expandedLength = len
-                                 - (3 * argCount)       /* exclude the {n} */
-                                 + totalArgsLength;
-
-                /*
-                * Note - the above calculation assumes that each argument
-                * is used once and only once in the expansion !!!
-                */
-                reportp->ucmessage = out = cx->pod_malloc<jschar>(expandedLength + 1);
-                if (!out) {
-                    js_free(buffer);
-                    goto error;
-                }
-                while (*fmt) {
-                    if (*fmt == '{') {
-                        if (isdigit(fmt[1])) {
-                            int d = JS7_UNDEC(fmt[1]);
-                            JS_ASSERT(d < argCount);
-                            js_strncpy(out, reportp->messageArgs[d],
-                                       argLengths[d]);
-                            out += argLengths[d];
-                            fmt += 3;
-                            expandedArgs++;
-                            continue;
-                        }
-                    }
-                    *out++ = *fmt++;
-                }
-                JS_ASSERT(expandedArgs == argCount);
-                *out = 0;
-                js_free(buffer);
-                TwoByteChars ucmsg(reportp->ucmessage,
-                                   PointerRangeSize(static_cast<const jschar *>(reportp->ucmessage),
-                                                    static_cast<const jschar *>(out)));
-                *messagep = LossyTwoByteCharsToNewLatin1CharsZ(cx, ucmsg).c_str();
-                if (!*messagep)
-                    goto error;
-            }
-        } else {
-            /* Non-null messageArgs should have at least one non-null arg. */
-            JS_ASSERT(!reportp->messageArgs);
-            /*
-             * Zero arguments: the format string (if it exists) is the
-             * entire message.
-             */
-            if (efs->format) {
-                size_t len;
-                *messagep = JS_strdup(cx, efs->format);
-                if (!*messagep)
-                    goto error;
-                len = strlen(*messagep);
-                reportp->ucmessage = InflateString(cx, *messagep, &len);
-                if (!reportp->ucmessage)
-                    goto error;
-            }
-        }
-    }
-    if (*messagep == NULL) {
-        /* where's the right place for this ??? */
-        const char *defaultErrorMessage
-            = "No error message available for error number %d";
-        size_t nbytes = strlen(defaultErrorMessage) + 16;
-        *messagep = cx->pod_malloc<char>(nbytes);
-        if (!*messagep)
-            goto error;
-        JS_snprintf(*messagep, nbytes, defaultErrorMessage, errorNumber);
-    }
-    return JS_TRUE;
-
-error:
-    if (!messageArgsPassed && reportp->messageArgs) {
-        /* free the arguments only if we allocated them */
-        if (argumentsType == ArgumentsAreASCII) {
-            i = 0;
-            while (reportp->messageArgs[i])
-                js_free((void *)reportp->messageArgs[i++]);
-        }
-        js_free((void *)reportp->messageArgs);
-        reportp->messageArgs = NULL;
-    }
-    if (reportp->ucmessage) {
-        js_free((void *)reportp->ucmessage);
-        reportp->ucmessage = NULL;
-    }
-    if (*messagep) {
-        js_free((void *)*messagep);
-        *messagep = NULL;
-    }
-    return JS_FALSE;
-}
-
-JSBool
-js_ReportErrorNumberVA(JSContext *cx, unsigned flags, JSErrorCallback callback,
-                       void *userRef, const unsigned errorNumber,
-                       ErrorArgumentsType argumentsType, va_list ap)
-{
-    JSErrorReport report;
-    char *message;
-    JSBool warning;
-
-    if (checkReportFlags(cx, &flags))
-        return JS_TRUE;
-    warning = JSREPORT_IS_WARNING(flags);
-
-    PodZero(&report);
-    report.flags = flags;
-    report.errorNumber = errorNumber;
-    PopulateReportBlame(cx, &report);
-
-    if (!js_ExpandErrorArguments(cx, callback, userRef, errorNumber,
-                                 &message, &report, argumentsType, ap)) {
-        return JS_FALSE;
-    }
-
-    ReportError(cx, message, &report, callback, userRef);
-
-    if (message)
-        js_free(message);
-    if (report.messageArgs) {
-        /*
-         * js_ExpandErrorArguments owns its messageArgs only if it had to
-         * inflate the arguments (from regular |char *|s).
-         */
-        if (argumentsType == ArgumentsAreASCII) {
-            int i = 0;
-            while (report.messageArgs[i])
-                js_free((void *)report.messageArgs[i++]);
-        }
-        js_free((void *)report.messageArgs);
-    }
-    if (report.ucmessage)
-        js_free((void *)report.ucmessage);
-
-    return warning;
-}
-
-bool
-js_ReportErrorNumberUCArray(JSContext *cx, unsigned flags, JSErrorCallback callback,
-                            void *userRef, const unsigned errorNumber,
-                            const jschar **args)
-{
-    if (checkReportFlags(cx, &flags))
-        return true;
-    bool warning = JSREPORT_IS_WARNING(flags);
-
-    JSErrorReport report;
-    PodZero(&report);
-    report.flags = flags;
-    report.errorNumber = errorNumber;
-    PopulateReportBlame(cx, &report);
-    report.messageArgs = args;
-
-    char *message;
-    va_list dummy;
-    if (!js_ExpandErrorArguments(cx, callback, userRef, errorNumber,
-                                 &message, &report, ArgumentsAreUnicode, dummy)) {
-        return false;
-    }
-
-    ReportError(cx, message, &report, callback, userRef);
-
-    if (message)
-        js_free(message);
-    if (report.ucmessage)
-        js_free((void *)report.ucmessage);
-
-    return warning;
-}
-
-JS_FRIEND_API(void)
-js_ReportErrorAgain(JSContext *cx, const char *message, JSErrorReport *reportp)
-{
-    JSErrorReporter onError;
-
-    if (!message)
-        return;
-
-    onError = cx->errorReporter;
-
-    /*
-     * If debugErrorHook is present then we give it a chance to veto
-     * sending the error on to the regular ErrorReporter.
-     */
-    if (onError) {
-        JSDebugErrorHook hook = cx->runtime()->debugHooks.debugErrorHook;
-        if (hook && !hook(cx, message, reportp, cx->runtime()->debugHooks.debugErrorHookData))
-            onError = NULL;
-    }
-    if (onError)
-        onError(cx, message, reportp);
-}
-
-void
-js_ReportIsNotDefined(JSContext *cx, const char *name)
-{
-    JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL, JSMSG_NOT_DEFINED, name);
-}
-
-JSBool
-js_ReportIsNullOrUndefined(JSContext *cx, int spindex, HandleValue v,
-                           HandleString fallback)
-{
-    char *bytes;
-    JSBool ok;
-
-    bytes = DecompileValueGenerator(cx, spindex, v, fallback);
-    if (!bytes)
-        return JS_FALSE;
-
-    if (strcmp(bytes, js_undefined_str) == 0 ||
-        strcmp(bytes, js_null_str) == 0) {
-        ok = JS_ReportErrorFlagsAndNumber(cx, JSREPORT_ERROR,
-                                          js_GetErrorMessage, NULL,
-                                          JSMSG_NO_PROPERTIES, bytes,
-                                          NULL, NULL);
-    } else if (v.isUndefined()) {
-        ok = JS_ReportErrorFlagsAndNumber(cx, JSREPORT_ERROR,
-                                          js_GetErrorMessage, NULL,
-                                          JSMSG_UNEXPECTED_TYPE, bytes,
-                                          js_undefined_str, NULL);
-    } else {
-        JS_ASSERT(v.isNull());
-        ok = JS_ReportErrorFlagsAndNumber(cx, JSREPORT_ERROR,
-                                          js_GetErrorMessage, NULL,
-                                          JSMSG_UNEXPECTED_TYPE, bytes,
-                                          js_null_str, NULL);
-    }
-
-    js_free(bytes);
-    return ok;
-}
-
-void
-js_ReportMissingArg(JSContext *cx, HandleValue v, unsigned arg)
-{
-    char argbuf[11];
-    char *bytes;
-    RootedAtom atom(cx);
-
-    JS_snprintf(argbuf, sizeof argbuf, "%u", arg);
-    bytes = NULL;
-    if (IsFunctionObject(v)) {
-        atom = v.toObject().as<JSFunction>().atom();
-        bytes = DecompileValueGenerator(cx, JSDVG_SEARCH_STACK,
-                                        v, atom);
-        if (!bytes)
-            return;
-    }
-    JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
-                         JSMSG_MISSING_FUN_ARG, argbuf,
-                         bytes ? bytes : "");
-    js_free(bytes);
-}
-
-JSBool
-js_ReportValueErrorFlags(JSContext *cx, unsigned flags, const unsigned errorNumber,
-                         int spindex, HandleValue v, HandleString fallback,
-                         const char *arg1, const char *arg2)
-{
-    char *bytes;
-    JSBool ok;
-
-    JS_ASSERT(js_ErrorFormatString[errorNumber].argCount >= 1);
-    JS_ASSERT(js_ErrorFormatString[errorNumber].argCount <= 3);
-    bytes = DecompileValueGenerator(cx, spindex, v, fallback);
-    if (!bytes)
-        return JS_FALSE;
-
-    ok = JS_ReportErrorFlagsAndNumber(cx, flags, js_GetErrorMessage,
-                                      NULL, errorNumber, bytes, arg1, arg2);
-    js_free(bytes);
-    return ok;
-}
-
-const JSErrorFormatString js_ErrorFormatString[JSErr_Limit] = {
-#define MSG_DEF(name, number, count, exception, format) \
-    { format, count, exception } ,
-#include "js.msg"
-#undef MSG_DEF
-};
-
-JS_FRIEND_API(const JSErrorFormatString *)
-js_GetErrorMessage(void *userRef, const char *locale, const unsigned errorNumber)
-{
-    if ((errorNumber > 0) && (errorNumber < JSErr_Limit))
-        return &js_ErrorFormatString[errorNumber];
-    return NULL;
-}
-
-JSBool
-js_InvokeOperationCallback(JSContext *cx)
-{
-    JS_ASSERT_REQUEST_DEPTH(cx);
-
-    JSRuntime *rt = cx->runtime();
-    JS_ASSERT(rt->interrupt != 0);
-
-    /*
-     * Reset the callback counter first, then run GC and yield. If another
-     * thread is racing us here we will accumulate another callback request
-     * which will be serviced at the next opportunity.
-     */
-    JS_ATOMIC_SET(&rt->interrupt, 0);
-
-    /* IonMonkey sets its stack limit to UINTPTR_MAX to trigger operaton callbacks. */
-    rt->resetIonStackLimit();
-
-    if (rt->gcIsNeeded)
-        GCSlice(rt, GC_NORMAL, rt->gcTriggerReason);
-
-#ifdef JSGC_GENERATIONAL
-    if (rt->gcStoreBuffer.isAboutToOverflow())
-        MinorGC(rt, JS::gcreason::FULL_STORE_BUFFER);
-#endif
-
-#ifdef JS_ION
-    /*
-     * A worker thread may have set the callback after finishing an Ion
-     * compilation.
-     */
-    ion::AttachFinishedCompilations(cx);
-#endif
-
-    /*
-     * Important: Additional callbacks can occur inside the callback handler
-     * if it re-enters the JS engine. The embedding must ensure that the
-     * callback is disconnected before attempting such re-entry.
-     */
-    JSOperationCallback cb = cx->operationCallback;
-    return !cb || cb(cx);
-}
-
-JSBool
-js_HandleExecutionInterrupt(JSContext *cx)
-{
-    JSBool result = JS_TRUE;
-    if (cx->runtime()->interrupt)
-        result = js_InvokeOperationCallback(cx) && result;
-    return result;
-}
-
-js::ThreadSafeContext::ThreadSafeContext(JSRuntime *rt, PerThreadData *pt, ContextKind kind)
-  : ContextFriendFields(rt),
-    contextKind_(kind),
-    perThreadData(pt)
-{ }
-
-bool
-ThreadSafeContext::isJSContext() const
-{
-    return contextKind_ == Context_JS;
-}
-
-JSContext *
-ThreadSafeContext::asJSContext()
-{
-    JS_ASSERT(isJSContext());
-    return reinterpret_cast<JSContext *>(this);
-}
-
-bool
-ThreadSafeContext::isForkJoinSlice() const
-{
-    return contextKind_ == Context_ForkJoin;
-}
-
-ForkJoinSlice *
-ThreadSafeContext::asForkJoinSlice()
-{
-    JS_ASSERT(isForkJoinSlice());
-    return reinterpret_cast<ForkJoinSlice *>(this);
-}
-
-JSContext::JSContext(JSRuntime *rt)
-  : ThreadSafeContext(rt, &rt->mainThread, Context_JS),
-    throwing(false),
-    exception(UndefinedValue()),
-    options_(0),
-    reportGranularity(JS_DEFAULT_JITREPORT_GRANULARITY),
-    resolvingList(NULL),
-    generatingError(false),
-    enterCompartmentDepth_(0),
-    savedFrameChains_(),
-    defaultCompartmentObject_(NULL),
-    cycleDetectorSet(MOZ_THIS_IN_INITIALIZER_LIST()),
-    errorReporter(NULL),
-    operationCallback(NULL),
-    data(NULL),
-    data2(NULL),
-#ifdef JS_THREADSAFE
-    outstandingRequests(0),
-#endif
-    resolveFlags(0),
-    iterValue(MagicValue(JS_NO_ITER_VALUE)),
-    jitIsBroken(false),
-#ifdef MOZ_TRACE_JSCALLS
-    functionCallback(NULL),
-#endif
-    innermostGenerator_(NULL)
-{
-#ifdef DEBUG
-    stackIterAssertionEnabled = true;
-#endif
-
-    JS_ASSERT(static_cast<ContextFriendFields*>(this) ==
-              ContextFriendFields::get(this));
-
-#ifdef JSGC_TRACK_EXACT_ROOTS
-    PodArrayZero(thingGCRooters);
-#endif
-#if defined(DEBUG) && defined(JS_GC_ZEAL) && defined(JSGC_ROOT_ANALYSIS) && !defined(JS_THREADSAFE)
-    skipGCRooters = NULL;
-#endif
-}
-
-JSContext::~JSContext()
-{
-    /* Free the stuff hanging off of cx. */
-    JS_ASSERT(!resolvingList);
-}
-
 bool
 JSRuntime::setDefaultLocale(const char *locale)
 {
     if (!locale)
         return false;
     resetDefaultLocale();
     defaultLocale = JS_strdup(this, locale);
     return defaultLocale != NULL;
@@ -1260,102 +209,16 @@ JSRuntime::getDefaultLocale()
         *p = '\0';
     while ((p = strchr(lang, '_')))
         *p = '-';
 
     defaultLocale = lang;
     return defaultLocale;
 }
 
-/*
- * Since this function is only called in the context of a pending exception,
- * the caller must subsequently take an error path. If wrapping fails, it will
- * set a new (uncatchable) exception to be used in place of the original.
- */
-void
-JSContext::wrapPendingException()
-{
-    RootedValue value(this, getPendingException());
-    clearPendingException();
-    if (compartment()->wrap(this, &value))
-        setPendingException(value);
-}
-
-
-void
-JSContext::enterGenerator(JSGenerator *gen)
-{
-    JS_ASSERT(!gen->prevGenerator);
-    gen->prevGenerator = innermostGenerator_;
-    innermostGenerator_ = gen;
-}
-
-void
-JSContext::leaveGenerator(JSGenerator *gen)
-{
-    JS_ASSERT(innermostGenerator_ == gen);
-    innermostGenerator_ = innermostGenerator_->prevGenerator;
-    gen->prevGenerator = NULL;
-}
-
-
-bool
-JSContext::runningWithTrustedPrincipals() const
-{
-    return !compartment() || compartment()->principals == runtime()->trustedPrincipals();
-}
-
-bool
-JSContext::saveFrameChain()
-{
-    if (!savedFrameChains_.append(SavedFrameChain(compartment(), enterCompartmentDepth_)))
-        return false;
-
-    if (Activation *act = mainThread().activation())
-        act->saveFrameChain();
-
-    if (defaultCompartmentObject_)
-        setCompartment(defaultCompartmentObject_->compartment());
-    else
-        setCompartment(NULL);
-    enterCompartmentDepth_ = 0;
-
-    if (isExceptionPending())
-        wrapPendingException();
-    return true;
-}
-
-void
-JSContext::restoreFrameChain()
-{
-    SavedFrameChain sfc = savedFrameChains_.popCopy();
-    setCompartment(sfc.compartment);
-    enterCompartmentDepth_ = sfc.enterCompartmentCount;
-
-    if (Activation *act = mainThread().activation())
-        act->restoreFrameChain();
-
-    if (isExceptionPending())
-        wrapPendingException();
-}
-
-bool
-JSContext::currentlyRunning() const
-{
-    for (ActivationIterator iter(runtime()); !iter.done(); ++iter) {
-        if (iter.activation()->cx() == this) {
-            if (iter.activation()->hasSavedFrameChain())
-                return false;
-            return true;
-        }
-    }
-
-    return false;
-}
-
 void
 JSRuntime::setGCMaxMallocBytes(size_t value)
 {
     /*
      * For compatibility treat any value that exceeds PTRDIFF_T_MAX to
      * mean that value.
      */
     gcMaxMallocBytes = (ptrdiff_t(value) >= 0) ? value : size_t(-1) >> 1;
@@ -1414,156 +277,8 @@ JSRuntime::onOutOfMemory(void *p, size_t
       p = js_realloc(p, nbytes);
     if (p)
         return p;
     if (cx)
         js_ReportOutOfMemory(cx);
     return NULL;
 }
 
-static bool
-ComputeIsJITBroken()
-{
-#if !defined(ANDROID) || defined(GONK)
-    return false;
-#else  // ANDROID
-    if (getenv("JS_IGNORE_JIT_BROKENNESS")) {
-        return false;
-    }
-
-    std::string line;
-
-    // Check for the known-bad kernel version (2.6.29).
-    std::ifstream osrelease("/proc/sys/kernel/osrelease");
-    std::getline(osrelease, line);
-    __android_log_print(ANDROID_LOG_INFO, "Gecko", "Detected osrelease `%s'",
-                        line.c_str());
-
-    if (line.npos == line.find("2.6.29")) {
-        // We're using something other than 2.6.29, so the JITs should work.
-        __android_log_print(ANDROID_LOG_INFO, "Gecko", "JITs are not broken");
-        return false;
-    }
-
-    // We're using 2.6.29, and this causes trouble with the JITs on i9000.
-    line = "";
-    bool broken = false;
-    std::ifstream cpuinfo("/proc/cpuinfo");
-    do {
-        if (0 == line.find("Hardware")) {
-            const char* blacklist[] = {
-                "SCH-I400",     // Samsung Continuum
-                "SGH-T959",     // Samsung i9000, Vibrant device
-                "SGH-I897",     // Samsung i9000, Captivate device
-                "SCH-I500",     // Samsung i9000, Fascinate device
-                "SPH-D700",     // Samsung i9000, Epic device
-                "GT-I9000",     // Samsung i9000, UK/Europe device
-                NULL
-            };
-            for (const char** hw = &blacklist[0]; *hw; ++hw) {
-                if (line.npos != line.find(*hw)) {
-                    __android_log_print(ANDROID_LOG_INFO, "Gecko",
-                                        "Blacklisted device `%s'", *hw);
-                    broken = true;
-                    break;
-                }
-            }
-            break;
-        }
-        std::getline(cpuinfo, line);
-    } while(!cpuinfo.fail() && !cpuinfo.eof());
-
-    __android_log_print(ANDROID_LOG_INFO, "Gecko", "JITs are %sbroken",
-                        broken ? "" : "not ");
-
-    return broken;
-#endif  // ifndef ANDROID
-}
-
-static bool
-IsJITBrokenHere()
-{
-    static bool computedIsBroken = false;
-    static bool isBroken = false;
-    if (!computedIsBroken) {
-        isBroken = ComputeIsJITBroken();
-        computedIsBroken = true;
-    }
-    return isBroken;
-}
-
-void
-JSContext::updateJITEnabled()
-{
-    jitIsBroken = IsJITBrokenHere();
-}
-
-size_t
-JSContext::sizeOfIncludingThis(mozilla::MallocSizeOf mallocSizeOf) const
-{
-    /*
-     * There are other JSContext members that could be measured; the following
-     * ones have been found by DMD to be worth measuring.  More stuff may be
-     * added later.
-     */
-    return mallocSizeOf(this) + cycleDetectorSet.sizeOfExcludingThis(mallocSizeOf);
-}
-
-void
-JSContext::mark(JSTracer *trc)
-{
-    /* Stack frames and slots are traced by StackSpace::mark. */
-
-    /* Mark other roots-by-definition in the JSContext. */
-    if (defaultCompartmentObject_ && !hasOption(JSOPTION_UNROOTED_GLOBAL))
-        MarkObjectRoot(trc, &defaultCompartmentObject_, "default compartment object");
-    if (isExceptionPending())
-        MarkValueRoot(trc, &exception, "exception");
-
-    TraceCycleDetectionSet(trc, cycleDetectorSet);
-
-    MarkValueRoot(trc, &iterValue, "iterValue");
-}
-
-JSVersion
-JSContext::findVersion() const
-{
-    if (JSScript *script = currentScript(NULL, ALLOW_CROSS_COMPARTMENT))
-        return script->getVersion();
-
-    if (compartment() && compartment()->options().version != JSVERSION_UNKNOWN)
-        return compartment()->options().version;
-
-    return runtime()->defaultVersion();
-}
-
-#if defined JS_THREADSAFE && defined DEBUG
-
-JS::AutoCheckRequestDepth::AutoCheckRequestDepth(JSContext *cx)
-    : cx(cx)
-{
-    JS_ASSERT(cx->runtime()->requestDepth || cx->runtime()->isHeapBusy());
-    cx->runtime()->assertValidThread();
-    cx->runtime()->checkRequestDepth++;
-}
-
-JS::AutoCheckRequestDepth::~AutoCheckRequestDepth()
-{
-    JS_ASSERT(cx->runtime()->checkRequestDepth != 0);
-    cx->runtime()->checkRequestDepth--;
-}
-
-#endif
-
-#ifdef JS_CRASH_DIAGNOSTICS
-void CompartmentChecker::check(StackFrame *fp)
-{
-    if (fp)
-        check(fp->scopeChain());
-}
-
-void CompartmentChecker::check(AbstractFramePtr frame)
-{
-    if (frame)
-        check(frame.scopeChain());
-}
-#endif
-
copy from js/src/jscntxt.h
copy to js/src/vm/Runtime.h
--- a/js/src/jscntxt.h
+++ b/js/src/vm/Runtime.h
@@ -1,18 +1,16 @@
 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
  * vim: set ts=8 sts=4 et sw=4 tw=99:
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-/* JS execution context. */
-
-#ifndef jscntxt_h
-#define jscntxt_h
+#ifndef vm_Runtime_h
+#define vm_Runtime_h
 
 #include "mozilla/LinkedList.h"
 #include "mozilla/MemoryReporting.h"
 #include "mozilla/PodOperations.h"
 
 #include <string.h>
 #include <setjmp.h>
 
@@ -50,90 +48,25 @@ js_ReportOutOfMemory(JSContext *cx);
 
 extern void
 js_ReportAllocationOverflow(JSContext *cx);
 
 namespace js {
 
 typedef Rooted<JSLinearString*> RootedLinearString;
 
-struct CallsiteCloneKey {
-    /* The original function that we are cloning. */
-    JSFunction *original;
-
-    /* The script of the call. */
-    JSScript *script;
-
-    /* The offset of the call. */
-    uint32_t offset;
-
-    CallsiteCloneKey(JSFunction *f, JSScript *s, uint32_t o) : original(f), script(s), offset(o) {}
-
-    typedef CallsiteCloneKey Lookup;
-
-    static inline uint32_t hash(CallsiteCloneKey key) {
-        return uint32_t(size_t(key.script->code + key.offset) ^ size_t(key.original));
-    }
-
-    static inline bool match(const CallsiteCloneKey &a, const CallsiteCloneKey &b) {
-        return a.script == b.script && a.offset == b.offset && a.original == b.original;
-    }
-};
-
-typedef HashMap<CallsiteCloneKey,
-                ReadBarriered<JSFunction>,
-                CallsiteCloneKey,
-                SystemAllocPolicy> CallsiteCloneTable;
-
-JSFunction *CloneFunctionAtCallsite(JSContext *cx, HandleFunction fun,
-                                    HandleScript script, jsbytecode *pc);
-
-typedef HashSet<JSObject *> ObjectSet;
-typedef HashSet<Shape *> ShapeSet;
-
-/* Detects cycles when traversing an object graph. */
-class AutoCycleDetector
-{
-    JSContext *cx;
-    RootedObject obj;
-    bool cyclic;
-    uint32_t hashsetGenerationAtInit;
-    ObjectSet::AddPtr hashsetAddPointer;
-    MOZ_DECL_USE_GUARD_OBJECT_NOTIFIER
-
-  public:
-    AutoCycleDetector(JSContext *cx, HandleObject objArg
-                      MOZ_GUARD_OBJECT_NOTIFIER_PARAM)
-      : cx(cx), obj(cx, objArg), cyclic(true)
-    {
-        MOZ_GUARD_OBJECT_NOTIFIER_INIT;
-    }
-
-    ~AutoCycleDetector();
-
-    bool init();
-
-    bool foundCycle() { return cyclic; }
-};
-
-/* Updates references in the cycle detection set if the GC moves them. */
-extern void
-TraceCycleDetectionSet(JSTracer *trc, ObjectSet &set);
-
 class MathCache;
 
 namespace ion {
-class IonActivation;
 class IonRuntime;
 struct PcScriptCache;
 }
 
 class AsmJSActivation;
 class InterpreterFrames;
-class WeakMapBase;
 class WorkerThreadState;
 
 /*
  * GetSrcNote cache to avoid O(n^2) growth in finding a source note for a
  * given pc in a script. We use the script->code pointer to tag the cache,
  * instead of the script address itself, so that source notes are always found
  * by offset from the bytecode with which they were generated.
  */
@@ -1543,18 +1476,16 @@ struct JSRuntime : public JS::shadow::Ru
 };
 
 /* Common macros to access thread-local caches in JSRuntime. */
 #define JS_KEEP_ATOMS(rt)   (rt)->gcKeepAtoms++;
 #define JS_UNKEEP_ATOMS(rt) (rt)->gcKeepAtoms--;
 
 namespace js {
 
-struct AutoResolving;
-
 /*
  * Flags accompany script version data so that a) dynamically created scripts
  * can inherit their caller's compile-time properties and b) scripts can be
  * appropriately compared in the eval cache across global option changes. An
  * example of the latter is enabling the top-level-anonymous-function-is-error
  * option: subsequent evals of the same, previously-valid script text may have
  * become invalid.
  */
@@ -1597,430 +1528,16 @@ FreeOp::free_(void *p)
 {
     if (shouldFreeLater()) {
         runtime()->gcHelperThread.freeLater(p);
         return;
     }
     js_free(p);
 }
 
-class ForkJoinSlice;
-
-/*
- * ThreadSafeContext is the base class for both JSContext, the "normal"
- * sequential context, and ForkJoinSlice, the per-thread parallel context used
- * in PJS.
- *
- * When cast to a ThreadSafeContext, the only usable operations are casting
- * back to the context from which it came, and generic allocation
- * operations. These generic versions branch internally based on whether the
- * underneath context is really a JSContext or a ForkJoinSlice, and are in
- * general more expensive than using the context directly.
- *
- * Thus, ThreadSafeContext should only be used for VM functions that may be
- * called in both sequential and parallel execution. The most likely class of
- * VM functions that do these are those that allocate commonly used data
- * structures, such as concatenating strings and extending elements.
- */
-struct ThreadSafeContext : js::ContextFriendFields,
-                           public MallocProvider<ThreadSafeContext>
-{
-  public:
-    enum ContextKind {
-        Context_JS,
-        Context_ForkJoin
-    };
-
-  private:
-    ContextKind contextKind_;
-
-  public:
-    PerThreadData *perThreadData;
-
-    explicit ThreadSafeContext(JSRuntime *rt, PerThreadData *pt, ContextKind kind);
-
-    bool isJSContext() const;
-    JSContext *asJSContext();
-
-    bool isForkJoinSlice() const;
-    ForkJoinSlice *asForkJoinSlice();
-
-#ifdef JSGC_GENERATIONAL
-    inline bool hasNursery() const {
-        return isJSContext();
-    }
-
-    inline js::Nursery &nursery() {
-        JS_ASSERT(hasNursery());
-        return runtime_->gcNursery;
-    }
-#endif
-
-    /* Cut outs for string operations. */
-    StaticStrings &staticStrings() { return runtime_->staticStrings; }
-    JSAtomState &names() { return runtime_->atomState; }
-
-    /*
-     * Allocator used when allocating GCThings on this context. If we are a
-     * JSContext, this is the Zone allocator of the JSContext's zone. If we
-     * are the per-thread data of a ForkJoinSlice, this is a per-thread
-     * allocator.
-     *
-     * This does not live in PerThreadData because the notion of an allocator
-     * is only per-thread in PJS. The runtime (and the main thread) can have
-     * more than one zone, each with its own allocator, and it's up to the
-     * context to specify what compartment and zone we are operating in.
-     */
-  protected:
-    Allocator *allocator_;
-
-  public:
-    static size_t offsetOfAllocator() { return offsetof(ThreadSafeContext, allocator_); }
-
-    inline Allocator *const allocator();
-
-    /* GC support. */
-    AllowGC allowGC() const {
-        switch (contextKind_) {
-          case Context_JS:
-            return CanGC;
-          case Context_ForkJoin:
-            return NoGC;
-          default:
-            /* Silence warnings. */
-            MOZ_ASSUME_UNREACHABLE("Bad context kind");
-        }
-    }
-
-    template <typename T>
-    bool isInsideCurrentZone(T thing) const {
-        return thing->isInsideZone(zone_);
-    }
-
-    void *onOutOfMemory(void *p, size_t nbytes) {
-        return runtime_->onOutOfMemory(p, nbytes, isJSContext() ? asJSContext() : NULL);
-    }
-    inline void updateMallocCounter(size_t nbytes) {
-        /* Note: this is racy. */
-        runtime_->updateMallocCounter(zone_, nbytes);
-    }
-    void reportAllocationOverflow() {
-        js_ReportAllocationOverflow(isJSContext() ? asJSContext() : NULL);
-    }
-};
-
-} /* namespace js */
-
-struct JSContext : js::ThreadSafeContext,
-                   public mozilla::LinkedListElement<JSContext>
-{
-    explicit JSContext(JSRuntime *rt);
-    ~JSContext();
-
-    JSRuntime *runtime() const { return runtime_; }
-    JSCompartment *compartment() const { return compartment_; }
-
-    inline JS::Zone *zone() const {
-        JS_ASSERT_IF(!compartment(), !zone_);
-        JS_ASSERT_IF(compartment(), js::GetCompartmentZone(compartment()) == zone_);
-        return zone_;
-    }
-    js::PerThreadData &mainThread() const { return runtime()->mainThread; }
-
-  private:
-    /* Exception state -- the exception member is a GC root by definition. */
-    bool                throwing;            /* is there a pending exception? */
-    js::Value           exception;           /* most-recently-thrown exception */
-
-    /* Per-context options. */
-    unsigned            options_;            /* see jsapi.h for JSOPTION_* */
-
-  public:
-    int32_t             reportGranularity;  /* see vm/Probes.h */
-
-    js::AutoResolving   *resolvingList;
-
-    /* True if generating an error, to prevent runaway recursion. */
-    bool                generatingError;
-
-    inline void setCompartment(JSCompartment *comp);
-
-    /*
-     * "Entering" a compartment changes cx->compartment (which changes
-     * cx->global). Note that this does not push any StackFrame which means
-     * that it is possible for cx->fp()->compartment() != cx->compartment.
-     * This is not a problem since, in general, most places in the VM cannot
-     * know that they were called from script (e.g., they may have been called
-     * through the JSAPI via JS_CallFunction) and thus cannot expect fp.
-     *
-     * Compartments should be entered/left in a LIFO fasion. The depth of this
-     * enter/leave stack is maintained by enterCompartmentDepth_ and queried by
-     * hasEnteredCompartment.
-     *
-     * To enter a compartment, code should prefer using AutoCompartment over
-     * manually calling cx->enterCompartment/leaveCompartment.
-     */
-  private:
-    unsigned            enterCompartmentDepth_;
-  public:
-    bool hasEnteredCompartment() const {
-        return enterCompartmentDepth_ > 0;
-    }
-#ifdef DEBUG
-    unsigned getEnterCompartmentDepth() const {
-        return enterCompartmentDepth_;
-    }
-#endif
-
-    inline void enterCompartment(JSCompartment *c);
-    inline void leaveCompartment(JSCompartment *oldCompartment);
-
-    /* See JS_SaveFrameChain/JS_RestoreFrameChain. */
-  private:
-    struct SavedFrameChain {
-        SavedFrameChain(JSCompartment *comp, unsigned count)
-          : compartment(comp), enterCompartmentCount(count) {}
-        JSCompartment *compartment;
-        unsigned enterCompartmentCount;
-    };
-    typedef js::Vector<SavedFrameChain, 1, js::SystemAllocPolicy> SaveStack;
-    SaveStack           savedFrameChains_;
-  public:
-    bool saveFrameChain();
-    void restoreFrameChain();
-
-    /*
-     * When no compartments have been explicitly entered, the context's
-     * compartment will be set to the compartment of the "default compartment
-     * object".
-     */
-  private:
-    JSObject *defaultCompartmentObject_;
-  public:
-    inline void setDefaultCompartmentObject(JSObject *obj);
-    inline void setDefaultCompartmentObjectIfUnset(JSObject *obj);
-    JSObject *maybeDefaultCompartmentObject() const { return defaultCompartmentObject_; }
-
-    /*
-     * Current global. This is only safe to use within the scope of the
-     * AutoCompartment from which it's called.
-     */
-    inline js::Handle<js::GlobalObject*> global() const;
-
-    /* Wrap cx->exception for the current compartment. */
-    void wrapPendingException();
-
-    /* State for object and array toSource conversion. */
-    js::ObjectSet       cycleDetectorSet;
-
-    /* Per-context optional error reporter. */
-    JSErrorReporter     errorReporter;
-
-    /* Branch callback. */
-    JSOperationCallback operationCallback;
-
-    /* Client opaque pointers. */
-    void                *data;
-    void                *data2;
-
-    inline js::RegExpStatics *regExpStatics();
-
-  public:
-
-    /*
-     * Return:
-     * - The newest scripted frame's version, if there is such a frame.
-     * - The version from the compartment.
-     * - The default version.
-     *
-     * Note: if this ever shows up in a profile, just add caching!
-     */
-    JSVersion findVersion() const;
-
-    void setOptions(unsigned opts) {
-        JS_ASSERT((opts & JSOPTION_MASK) == opts);
-        options_ = opts;
-    }
-
-    unsigned options() const { return options_; }
-
-    bool hasOption(unsigned opt) const {
-        JS_ASSERT((opt & JSOPTION_MASK) == opt);
-        return !!(options_ & opt);
-    }
-
-    bool hasExtraWarningsOption() const { return hasOption(JSOPTION_EXTRA_WARNINGS); }
-    bool hasWErrorOption() const { return hasOption(JSOPTION_WERROR); }
-
-    js::LifoAlloc &tempLifoAlloc() { return runtime()->tempLifoAlloc; }
-    inline js::LifoAlloc &analysisLifoAlloc();
-    inline js::LifoAlloc &typeLifoAlloc();
-
-    inline js::PropertyTree &propertyTree();
-
-#ifdef JS_THREADSAFE
-    unsigned            outstandingRequests;/* number of JS_BeginRequest calls
-                                               without the corresponding
-                                               JS_EndRequest. */
-#endif
-
-    /* Stored here to avoid passing it around as a parameter. */
-    unsigned               resolveFlags;
-
-    /* Location to stash the iteration value between JSOP_MOREITER and JSOP_ITERNEXT. */
-    js::Value           iterValue;
-
-    bool jitIsBroken;
-
-    inline bool typeInferenceEnabled() const;
-
-    void updateJITEnabled();
-
-    /* Whether this context has JS frames on the stack. */
-    bool currentlyRunning() const;
-
-    bool currentlyRunningInInterpreter() const {
-        return mainThread().activation()->isInterpreter();
-    }
-    bool currentlyRunningInJit() const {
-        return mainThread().activation()->isJit();
-    }
-    js::StackFrame *interpreterFrame() const {
-        return mainThread().activation()->asInterpreter()->current();
-    }
-    js::FrameRegs &interpreterRegs() const {
-        return mainThread().activation()->asInterpreter()->regs();
-    }
-
-    /*
-     * Get the topmost script and optional pc on the stack. By default, this
-     * function only returns a JSScript in the current compartment, returning
-     * NULL if the current script is in a different compartment. This behavior
-     * can be overridden by passing ALLOW_CROSS_COMPARTMENT.
-     */
-    enum MaybeAllowCrossCompartment {
-        DONT_ALLOW_CROSS_COMPARTMENT = false,
-        ALLOW_CROSS_COMPARTMENT = true
-    };
-    inline JSScript *currentScript(jsbytecode **pc = NULL,
-                                   MaybeAllowCrossCompartment = DONT_ALLOW_CROSS_COMPARTMENT) const;
-
-#ifdef MOZ_TRACE_JSCALLS
-    /* Function entry/exit debugging callback. */
-    JSFunctionCallback    functionCallback;
-
-    void doFunctionCallback(const JSFunction *fun,
-                            const JSScript *scr,
-                            int entering) const
-    {
-        if (functionCallback)
-            functionCallback(fun, scr, this, entering);
-    }
-#endif
-
-  private:
-    /* Innermost-executing generator or null if no generator are executing. */
-    JSGenerator *innermostGenerator_;
-  public:
-    JSGenerator *innermostGenerator() const { return innermostGenerator_; }
-    void enterGenerator(JSGenerator *gen);
-    void leaveGenerator(JSGenerator *gen);
-
-    void *onOutOfMemory(void *p, size_t nbytes) {
-        return runtime()->onOutOfMemory(p, nbytes, this);
-    }
-    void updateMallocCounter(size_t nbytes) {
-        runtime()->updateMallocCounter(zone(), nbytes);
-    }
-    void reportAllocationOverflow() {
-        js_ReportAllocationOverflow(this);
-    }
-
-    bool isExceptionPending() {
-        return throwing;
-    }
-
-    js::Value getPendingException() {
-        JS_ASSERT(throwing);
-        return exception;
-    }
-
-    void setPendingException(js::Value v);
-
-    void clearPendingException() {
-        throwing = false;
-        exception.setUndefined();
-    }
-
-#ifdef DEBUG
-    /*
-     * Controls whether a quadratic-complexity assertion is performed during
-     * stack iteration; defaults to true.
-     */
-    bool stackIterAssertionEnabled;
-#endif
-
-    /*
-     * See JS_SetTrustedPrincipals in jsapi.h.
-     * Note: !cx->compartment is treated as trusted.
-     */
-    bool runningWithTrustedPrincipals() const;
-
-    JS_FRIEND_API(size_t) sizeOfIncludingThis(mozilla::MallocSizeOf mallocSizeOf) const;
-
-    void mark(JSTracer *trc);
-
-  private:
-    /*
-     * The allocation code calls the function to indicate either OOM failure
-     * when p is null or that a memory pressure counter has reached some
-     * threshold when p is not null. The function takes the pointer and not
-     * a boolean flag to minimize the amount of code in its inlined callers.
-     */
-    JS_FRIEND_API(void) checkMallocGCPressure(void *p);
-}; /* struct JSContext */
-
-namespace js {
-
-struct AutoResolving {
-  public:
-    enum Kind {
-        LOOKUP,
-        WATCH
-    };
-
-    AutoResolving(JSContext *cx, HandleObject obj, HandleId id, Kind kind = LOOKUP
-                  MOZ_GUARD_OBJECT_NOTIFIER_PARAM)
-      : context(cx), object(obj), id(id), kind(kind), link(cx->resolvingList)
-    {
-        MOZ_GUARD_OBJECT_NOTIFIER_INIT;
-        JS_ASSERT(obj);
-        cx->resolvingList = this;
-    }
-
-    ~AutoResolving() {
-        JS_ASSERT(context->resolvingList == this);
-        context->resolvingList = link;
-    }
-
-    bool alreadyStarted() const {
-        return link && alreadyStartedSlow();
-    }
-
-  private:
-    bool alreadyStartedSlow() const;
-
-    JSContext           *const context;
-    HandleObject        object;
-    HandleId            id;
-    Kind                const kind;
-    AutoResolving       *const link;
-    MOZ_DECL_USE_GUARD_OBJECT_NOTIFIER
-};
-
 #ifdef JS_THREADSAFE
 # define JS_LOCK_GC(rt)    PR_Lock((rt)->gcLock)
 # define JS_UNLOCK_GC(rt)  PR_Unlock((rt)->gcLock)
 #else
 # define JS_LOCK_GC(rt)    do { } while (0)
 # define JS_UNLOCK_GC(rt)  do { } while (0)
 #endif
 
@@ -2097,215 +1614,23 @@ class MOZ_STACK_CLASS AutoKeepAtoms
 };
 
 // Maximum supported value of arguments.length. This bounds the maximum
 // number of arguments that can be supplied to Function.prototype.apply.
 // This value also bounds the number of elements parsed in an array
 // initialiser.
 static const unsigned ARGS_LENGTH_MAX = 500 * 1000;
 
-} /* namespace js */
-
-class JSAutoResolveFlags
-{
-  public:
-    JSAutoResolveFlags(JSContext *cx, unsigned flags
-                       MOZ_GUARD_OBJECT_NOTIFIER_PARAM)
-      : mContext(cx), mSaved(cx->resolveFlags)
-    {
-        MOZ_GUARD_OBJECT_NOTIFIER_INIT;
-        cx->resolveFlags = flags;
-    }
-
-    ~JSAutoResolveFlags() { mContext->resolveFlags = mSaved; }
-
-  private:
-    JSContext *mContext;
-    unsigned mSaved;
-    MOZ_DECL_USE_GUARD_OBJECT_NOTIFIER
-};
-
-namespace js {
-
-/*
- * Enumerate all contexts in a runtime.
- */
-class ContextIter {
-    JSContext *iter;
-
-public:
-    explicit ContextIter(JSRuntime *rt) {
-        iter = rt->contextList.getFirst();
-    }
-
-    bool done() const {
-        return !iter;
-    }
-
-    void next() {
-        JS_ASSERT(!done());
-        iter = iter->getNext();
-    }
-
-    JSContext *get() const {
-        JS_ASSERT(!done());
-        return iter;
-    }
-
-    operator JSContext *() const {
-        return get();
-    }
-
-    JSContext *operator ->() const {
-        return get();
-    }
-};
-
-/*
- * Create and destroy functions for JSContext, which is manually allocated
- * and exclusively owned.
- */
-extern JSContext *
-NewContext(JSRuntime *rt, size_t stackChunkSize);
-
-enum DestroyContextMode {
-    DCM_NO_GC,
-    DCM_FORCE_GC,
-    DCM_NEW_FAILED
-};
-
-extern void
-DestroyContext(JSContext *cx, DestroyContextMode mode);
-
-enum ErrorArgumentsType {
-    ArgumentsAreUnicode,
-    ArgumentsAreASCII
-};
-
 inline void
 PerThreadData::setIonStackLimit(uintptr_t limit)
 {
     JS_ASSERT(runtime_->currentThreadOwnsOperationCallbackLock());
     ionStackLimit = limit;
 }
 
-} /* namespace js */
-
-#ifdef va_start
-extern JSBool
-js_ReportErrorVA(JSContext *cx, unsigned flags, const char *format, va_list ap);
-
-extern JSBool
-js_ReportErrorNumberVA(JSContext *cx, unsigned flags, JSErrorCallback callback,
-                       void *userRef, const unsigned errorNumber,
-                       js::ErrorArgumentsType argumentsType, va_list ap);
-
-extern bool
-js_ReportErrorNumberUCArray(JSContext *cx, unsigned flags, JSErrorCallback callback,
-                            void *userRef, const unsigned errorNumber,
-                            const jschar **args);
-
-extern JSBool
-js_ExpandErrorArguments(JSContext *cx, JSErrorCallback callback,
-                        void *userRef, const unsigned errorNumber,
-                        char **message, JSErrorReport *reportp,
-                        js::ErrorArgumentsType argumentsType, va_list ap);
-#endif
-
-namespace js {
-
-/* |callee| requires a usage string provided by JS_DefineFunctionsWithHelp. */
-extern void
-ReportUsageError(JSContext *cx, HandleObject callee, const char *msg);
-
-/*
- * Prints a full report and returns true if the given report is non-NULL and
- * the report doesn't have the JSREPORT_WARNING flag set or reportWarnings is
- * true.
- * Returns false otherwise, printing just the message if the report is NULL.
- */
-extern bool
-PrintError(JSContext *cx, FILE *file, const char *message, JSErrorReport *report,
-           bool reportWarnings);
-} /* namespace js */
-
-/*
- * Report an exception using a previously composed JSErrorReport.
- * XXXbe remove from "friend" API
- */
-extern JS_FRIEND_API(void)
-js_ReportErrorAgain(JSContext *cx, const char *message, JSErrorReport *report);
-
-extern void
-js_ReportIsNotDefined(JSContext *cx, const char *name);
-
-/*
- * Report an attempt to access the property of a null or undefined value (v).
- */
-extern JSBool
-js_ReportIsNullOrUndefined(JSContext *cx, int spindex, js::HandleValue v,
-                           js::HandleString fallback);
-
-extern void
-js_ReportMissingArg(JSContext *cx, js::HandleValue v, unsigned arg);
-
-/*
- * Report error using js_DecompileValueGenerator(cx, spindex, v, fallback) as
- * the first argument for the error message. If the error message has less
- * then 3 arguments, use null for arg1 or arg2.
- */
-extern JSBool
-js_ReportValueErrorFlags(JSContext *cx, unsigned flags, const unsigned errorNumber,
-                         int spindex, js::HandleValue v, js::HandleString fallback,
-                         const char *arg1, const char *arg2);
-
-#define js_ReportValueError(cx,errorNumber,spindex,v,fallback)                \
-    ((void)js_ReportValueErrorFlags(cx, JSREPORT_ERROR, errorNumber,          \
-                                    spindex, v, fallback, NULL, NULL))
-
-#define js_ReportValueError2(cx,errorNumber,spindex,v,fallback,arg1)          \
-    ((void)js_ReportValueErrorFlags(cx, JSREPORT_ERROR, errorNumber,          \
-                                    spindex, v, fallback, arg1, NULL))
-
-#define js_ReportValueError3(cx,errorNumber,spindex,v,fallback,arg1,arg2)     \
-    ((void)js_ReportValueErrorFlags(cx, JSREPORT_ERROR, errorNumber,          \
-                                    spindex, v, fallback, arg1, arg2))
-
-extern const JSErrorFormatString js_ErrorFormatString[JSErr_Limit];
-
-#ifdef JS_THREADSAFE
-# define JS_ASSERT_REQUEST_DEPTH(cx)  JS_ASSERT((cx)->runtime()->requestDepth >= 1)
-#else
-# define JS_ASSERT_REQUEST_DEPTH(cx)  ((void) 0)
-#endif
-
-/*
- * Invoke the operation callback and return false if the current execution
- * is to be terminated.
- */
-extern JSBool
-js_InvokeOperationCallback(JSContext *cx);
-
-extern JSBool
-js_HandleExecutionInterrupt(JSContext *cx);
-
-/*
- * If the operation callback flag was set, call the operation callback.
- * This macro can run the full GC. Return true if it is OK to continue and
- * false otherwise.
- */
-static MOZ_ALWAYS_INLINE bool
-JS_CHECK_OPERATION_LIMIT(JSContext *cx)
-{
-    JS_ASSERT_REQUEST_DEPTH(cx);
-    return !cx->runtime()->interrupt || js_InvokeOperationCallback(cx);
-}
-
-namespace js {
-
 /************************************************************************/
 
 static JS_ALWAYS_INLINE void
 MakeRangeGCSafe(Value *vec, size_t len)
 {
     mozilla::PodZero(vec, len);
 }
 
@@ -2361,134 +1686,16 @@ SetValueRangeToNull(Value *beg, Value *e
 }
 
 static JS_ALWAYS_INLINE void
 SetValueRangeToNull(Value *vec, size_t len)
 {
     SetValueRangeToNull(vec, vec + len);
 }
 
-class AutoStringVector : public AutoVectorRooter<JSString *>
-{
-  public:
-    explicit AutoStringVector(JSContext *cx
-                              MOZ_GUARD_OBJECT_NOTIFIER_PARAM)
-        : AutoVectorRooter<JSString *>(cx, STRINGVECTOR)
-    {
-        MOZ_GUARD_OBJECT_NOTIFIER_INIT;
-    }
-
-    MOZ_DECL_USE_GUARD_OBJECT_NOTIFIER
-};
-
-class AutoShapeVector : public AutoVectorRooter<Shape *>
-{
-  public:
-    explicit AutoShapeVector(JSContext *cx
-                             MOZ_GUARD_OBJECT_NOTIFIER_PARAM)
-        : AutoVectorRooter<Shape *>(cx, SHAPEVECTOR)
-    {
-        MOZ_GUARD_OBJECT_NOTIFIER_INIT;
-    }
-
-    MOZ_DECL_USE_GUARD_OBJECT_NOTIFIER
-};
-
-class AutoValueArray : public AutoGCRooter
-{
-    Value *start_;
-    unsigned length_;
-    SkipRoot skip;
-
-  public:
-    AutoValueArray(JSContext *cx, Value *start, unsigned length
-                   MOZ_GUARD_OBJECT_NOTIFIER_PARAM)
-      : AutoGCRooter(cx, VALARRAY), start_(start), length_(length), skip(cx, start, length)
-    {
-        MOZ_GUARD_OBJECT_NOTIFIER_INIT;
-    }
-
-    Value *start() { return start_; }
-    unsigned length() const { return length_; }
-
-    MutableHandleValue handleAt(unsigned i)
-    {
-        JS_ASSERT(i < length_);
-        return MutableHandleValue::fromMarkedLocation(&start_[i]);
-    }
-    HandleValue handleAt(unsigned i) const
-    {
-        JS_ASSERT(i < length_);
-        return HandleValue::fromMarkedLocation(&start_[i]);
-    }
-
-    MOZ_DECL_USE_GUARD_OBJECT_NOTIFIER
-};
-
-class AutoObjectObjectHashMap : public AutoHashMapRooter<JSObject *, JSObject *>
-{
-  public:
-    explicit AutoObjectObjectHashMap(JSContext *cx
-                                     MOZ_GUARD_OBJECT_NOTIFIER_PARAM)
-      : AutoHashMapRooter<JSObject *, JSObject *>(cx, OBJOBJHASHMAP)
-    {
-        MOZ_GUARD_OBJECT_NOTIFIER_INIT;
-    }
-
-    MOZ_DECL_USE_GUARD_OBJECT_NOTIFIER
-};
-
-class AutoObjectUnsigned32HashMap : public AutoHashMapRooter<JSObject *, uint32_t>
-{
-  public:
-    explicit AutoObjectUnsigned32HashMap(JSContext *cx
-                                         MOZ_GUARD_OBJECT_NOTIFIER_PARAM)
-      : AutoHashMapRooter<JSObject *, uint32_t>(cx, OBJU32HASHMAP)
-    {
-        MOZ_GUARD_OBJECT_NOTIFIER_INIT;
-    }
-
-    MOZ_DECL_USE_GUARD_OBJECT_NOTIFIER
-};
-
-class AutoObjectHashSet : public AutoHashSetRooter<JSObject *>
-{
-  public:
-    explicit AutoObjectHashSet(JSContext *cx
-                               MOZ_GUARD_OBJECT_NOTIFIER_PARAM)
-      : AutoHashSetRooter<JSObject *>(cx, OBJHASHSET)
-    {
-        MOZ_GUARD_OBJECT_NOTIFIER_INIT;
-    }
-
-    MOZ_DECL_USE_GUARD_OBJECT_NOTIFIER
-};
-
-class AutoAssertNoException
-{
-#ifdef DEBUG
-    JSContext *cx;
-    bool hadException;
-#endif
-
-  public:
-    AutoAssertNoException(JSContext *cx)
-#ifdef DEBUG
-      : cx(cx),
-        hadException(cx->isExceptionPending())
-#endif
-    {
-    }
-
-    ~AutoAssertNoException()
-    {
-        JS_ASSERT_IF(!hadException, !cx->isExceptionPending());
-    }
-};
-
 /*
  * Allocation policy that uses JSRuntime::malloc_ and friends, so that
  * memory pressure is properly accounted for. This is suitable for
  * long-lived objects owned by the JSRuntime.
  *
  * Since it doesn't hold a JSContext (those may not live long enough), it
  * can't report out-of-memory conditions itself; the caller must check for
  * OOM and take the appropriate action.
@@ -2496,60 +1703,23 @@ class AutoAssertNoException
  * FIXME bug 647103 - replace these *AllocPolicy names.
  */
 class RuntimeAllocPolicy
 {
     JSRuntime *const runtime;
 
   public:
     RuntimeAllocPolicy(JSRuntime *rt) : runtime(rt) {}
-    RuntimeAllocPolicy(JSContext *cx) : runtime(cx->runtime()) {}
     void *malloc_(size_t bytes) { return runtime->malloc_(bytes); }
     void *calloc_(size_t bytes) { return runtime->calloc_(bytes); }
     void *realloc_(void *p, size_t bytes) { return runtime->realloc_(p, bytes); }
     void free_(void *p) { js_free(p); }
     void reportAllocOverflow() const {}
 };
 
-/*
- * FIXME bug 647103 - replace these *AllocPolicy names.
- */
-class ContextAllocPolicy
-{
-    JSContext *const cx_;
-
-  public:
-    ContextAllocPolicy(JSContext *cx) : cx_(cx) {}
-    JSContext *context() const { return cx_; }
-    void *malloc_(size_t bytes) { return cx_->malloc_(bytes); }
-    void *calloc_(size_t bytes) { return cx_->calloc_(bytes); }
-    void *realloc_(void *p, size_t oldBytes, size_t bytes) { return cx_->realloc_(p, oldBytes, bytes); }
-    void free_(void *p) { js_free(p); }
-    void reportAllocOverflow() const { js_ReportAllocationOverflow(cx_); }
-};
-
-/* Exposed intrinsics so that Ion may inline them. */
-JSBool intrinsic_ToObject(JSContext *cx, unsigned argc, Value *vp);
-JSBool intrinsic_IsCallable(JSContext *cx, unsigned argc, Value *vp);
-JSBool intrinsic_ThrowError(JSContext *cx, unsigned argc, Value *vp);
-JSBool intrinsic_NewDenseArray(JSContext *cx, unsigned argc, Value *vp);
-
-JSBool intrinsic_UnsafePutElements(JSContext *cx, unsigned argc, Value *vp);
-JSBool intrinsic_UnsafeSetReservedSlot(JSContext *cx, unsigned argc, Value *vp);
-JSBool intrinsic_UnsafeGetReservedSlot(JSContext *cx, unsigned argc, Value *vp);
-JSBool intrinsic_NewObjectWithClassPrototype(JSContext *cx, unsigned argc, Value *vp);
-JSBool intrinsic_HaveSameClass(JSContext *cx, unsigned argc, Value *vp);
-
-JSBool intrinsic_ShouldForceSequential(JSContext *cx, unsigned argc, Value *vp);
-JSBool intrinsic_NewParallelArray(JSContext *cx, unsigned argc, Value *vp);
-
-#ifdef DEBUG
-JSBool intrinsic_Dump(JSContext *cx, unsigned argc, Value *vp);
-#endif
-
 } /* namespace js */
 
 #ifdef _MSC_VER
 #pragma warning(pop)
 #pragma warning(pop)
 #endif
 
-#endif /* jscntxt_h */
+#endif /* vm_Runtime_h */
--- a/js/src/vm/ScopeObject.cpp
+++ b/js/src/vm/ScopeObject.cpp
@@ -1593,18 +1593,18 @@ js_IsDebugScopeSlow(JSObject *obj)
     return obj->getClass() == &ObjectProxyClass &&
            GetProxyHandler(obj) == &DebugScopeProxy::singleton;
 }
 
 /*****************************************************************************/
 
 DebugScopes::DebugScopes(JSContext *cx)
  : proxiedScopes(cx),
-   missingScopes(cx),
-   liveScopes(cx)
+   missingScopes(cx->runtime()),
+   liveScopes(cx->runtime())
 {}
 
 DebugScopes::~DebugScopes()
 {
     JS_ASSERT(missingScopes.empty());
     WeakMapBase::removeWeakMapFromList(&proxiedScopes);
 }
 
--- a/js/src/vm/Shape.cpp
+++ b/js/src/vm/Shape.cpp
@@ -16,16 +16,17 @@
 
 #include "js/HashTable.h"
 #include "vm/Shape.h"
 
 #include "jscntxtinlines.h"
 #include "jsobjinlines.h"
 
 #include "vm/Shape-inl.h"
+#include "vm/Runtime-inl.h"
 
 using namespace js;
 using namespace js::gc;
 
 using mozilla::DebugOnly;
 using mozilla::PodZero;
 
 bool