<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[209897] trunk/Source</title>
</head>
<body>

<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/209897">209897</a></dd>
<dt>Author</dt> <dd>fpizlo@apple.com</dd>
<dt>Date</dt> <dd>2016-12-15 18:16:19 -0800 (Thu, 15 Dec 2016)</dd>
</dl>

<h3>Log Message</h3>
<pre>Get rid of HeapRootVisitor and make SlotVisitor less painful to use
https://bugs.webkit.org/show_bug.cgi?id=165911

Reviewed by Geoffrey Garen.
Source/JavaScriptCore:

        
Previously we had two ways of adding a raw pointer to the GC's mark stack:
        
- SlotVisitor::appendUnbarrieredXYZ() methods
- HeapRootVisitor::visit() methods
        
HeapRootVisitor existed only to prevent you from calling its non-WriteBarrier&lt;&gt; methods
unless you had permission. But SlotVisitor would let you do it anyway, because that was
a lot more practical.
        
I think that we should just have one way to do it. This removes HeapRootVisitor. It
also renames appendUnbarrieredXYZ to appendUnbarriered, and it removes the use of extra
indirection (so you now pass const WriteBarrier&lt;&gt;&amp; instead of WriteBarrier&lt;&gt;*).

* API/JSCallbackObject.h:
(JSC::JSCallbackObjectData::JSPrivatePropertyMap::visitChildren):
* JavaScriptCore.xcodeproj/project.pbxproj:
* Scripts/builtins/builtins_templates.py:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::visitWeakly):
(JSC::CodeBlock::visitChildren):
(JSC::CodeBlock::propagateTransitions):
(JSC::CodeBlock::determineLiveness):
(JSC::CodeBlock::visitOSRExitTargets):
(JSC::CodeBlock::stronglyVisitStrongReferences):
(JSC::CodeBlock::stronglyVisitWeakReferences):
* bytecode/DirectEvalCodeCache.cpp:
(JSC::DirectEvalCodeCache::visitAggregate):
* bytecode/InternalFunctionAllocationProfile.h:
(JSC::InternalFunctionAllocationProfile::visitAggregate):
* bytecode/ObjectAllocationProfile.h:
(JSC::ObjectAllocationProfile::visitAggregate):
* bytecode/PolymorphicAccess.cpp:
(JSC::AccessCase::propagateTransitions):
* bytecode/UnlinkedCodeBlock.cpp:
(JSC::UnlinkedCodeBlock::visitChildren):
* bytecode/UnlinkedFunctionExecutable.cpp:
(JSC::UnlinkedFunctionExecutable::visitChildren):
* debugger/DebuggerScope.cpp:
(JSC::DebuggerScope::visitChildren):
* dfg/DFGDesiredTransitions.cpp:
(JSC::DFG::DesiredTransition::visitChildren):
* dfg/DFGDesiredWeakReferences.cpp:
(JSC::DFG::DesiredWeakReferences::visitChildren):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::visitChildren):
* dfg/DFGPlan.cpp:
(JSC::DFG::Plan::markCodeBlocks):
(JSC::DFG::Plan::checkLivenessAndVisitChildren):
* heap/HandleSet.cpp:
(JSC::HandleSet::visitStrongHandles):
* heap/HandleSet.h:
* heap/HandleStack.cpp:
(JSC::HandleStack::visit):
* heap/HandleStack.h:
* heap/Heap.cpp:
(JSC::Heap::markToFixpoint):
* heap/Heap.h:
* heap/HeapRootVisitor.h: Removed.
* heap/LargeAllocation.cpp:
(JSC::LargeAllocation::visitWeakSet):
* heap/LargeAllocation.h:
* heap/MarkedBlock.h:
(JSC::MarkedBlock::Handle::visitWeakSet):
* heap/MarkedSpace.cpp:
(JSC::MarkedSpace::visitWeakSets):
* heap/MarkedSpace.h:
* heap/SlotVisitor.cpp:
(JSC::SlotVisitor::appendUnbarriered):
* heap/SlotVisitor.h:
* heap/SlotVisitorInlines.h:
(JSC::SlotVisitor::appendUnbarriered):
(JSC::SlotVisitor::append):
(JSC::SlotVisitor::appendHidden):
(JSC::SlotVisitor::appendValues):
(JSC::SlotVisitor::appendValuesHidden):
(JSC::SlotVisitor::appendUnbarrieredPointer): Deleted.
(JSC::SlotVisitor::appendUnbarrieredReadOnlyPointer): Deleted.
(JSC::SlotVisitor::appendUnbarrieredValue): Deleted.
(JSC::SlotVisitor::appendUnbarrieredReadOnlyValue): Deleted.
(JSC::SlotVisitor::appendUnbarrieredWeak): Deleted.
* heap/WeakBlock.cpp:
(JSC::WeakBlock::specializedVisit):
(JSC::WeakBlock::visit):
* heap/WeakBlock.h:
* heap/WeakSet.h:
(JSC::WeakSet::visit):
* interpreter/ShadowChicken.cpp:
(JSC::ShadowChicken::visitChildren):
* jit/GCAwareJITStubRoutine.cpp:
(JSC::MarkingGCAwareJITStubRoutine::markRequiredObjectsInternal):
* jit/PolymorphicCallStubRoutine.cpp:
(JSC::PolymorphicCallStubRoutine::markRequiredObjectsInternal):
* jsc.cpp:
(WTF::Element::visitChildren):
(WTF::ImpureGetter::visitChildren):
(WTF::SimpleObject::visitChildren):
* runtime/AbstractModuleRecord.cpp:
(JSC::AbstractModuleRecord::visitChildren):
* runtime/ArgList.cpp:
(JSC::MarkedArgumentBuffer::markLists):
* runtime/ArgList.h:
* runtime/ClonedArguments.cpp:
(JSC::ClonedArguments::visitChildren):
* runtime/DirectArguments.cpp:
(JSC::DirectArguments::visitChildren):
* runtime/EvalExecutable.cpp:
(JSC::EvalExecutable::visitChildren):
* runtime/Exception.cpp:
(JSC::Exception::visitChildren):
* runtime/FunctionExecutable.cpp:
(JSC::FunctionExecutable::visitChildren):
* runtime/FunctionRareData.cpp:
(JSC::FunctionRareData::visitChildren):
* runtime/GetterSetter.cpp:
(JSC::GetterSetter::visitChildren):
* runtime/HashMapImpl.cpp:
(JSC::HashMapBucket&lt;Data&gt;::visitChildren):
(JSC::HashMapImpl&lt;HashMapBucket&gt;::visitChildren):
* runtime/InferredTypeTable.cpp:
(JSC::InferredTypeTable::visitChildren):
* runtime/InternalFunction.cpp:
(JSC::InternalFunction::visitChildren):
* runtime/IntlCollator.cpp:
(JSC::IntlCollator::visitChildren):
* runtime/IntlCollatorConstructor.cpp:
(JSC::IntlCollatorConstructor::visitChildren):
* runtime/IntlDateTimeFormat.cpp:
(JSC::IntlDateTimeFormat::visitChildren):
* runtime/IntlDateTimeFormatConstructor.cpp:
(JSC::IntlDateTimeFormatConstructor::visitChildren):
* runtime/IntlNumberFormat.cpp:
(JSC::IntlNumberFormat::visitChildren):
* runtime/IntlNumberFormatConstructor.cpp:
(JSC::IntlNumberFormatConstructor::visitChildren):
* runtime/JSBoundFunction.cpp:
(JSC::JSBoundFunction::visitChildren):
* runtime/JSCallee.cpp:
(JSC::JSCallee::visitChildren):
* runtime/JSCellInlines.h:
(JSC::JSCell::visitChildren):
* runtime/JSCustomGetterSetterFunction.cpp:
(JSC::JSCustomGetterSetterFunction::visitChildren):
* runtime/JSFunction.cpp:
(JSC::JSFunction::visitChildren):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::visitChildren):
* runtime/JSMapIterator.cpp:
(JSC::JSMapIterator::visitChildren):
* runtime/JSModuleEnvironment.cpp:
(JSC::JSModuleEnvironment::visitChildren):
* runtime/JSModuleNamespaceObject.cpp:
(JSC::JSModuleNamespaceObject::visitChildren):
* runtime/JSModuleRecord.cpp:
(JSC::JSModuleRecord::visitChildren):
* runtime/JSNativeStdFunction.cpp:
(JSC::JSNativeStdFunction::visitChildren):
* runtime/JSObject.cpp:
(JSC::JSObject::visitButterflyImpl):
* runtime/JSPromiseDeferred.cpp:
(JSC::JSPromiseDeferred::visitChildren):
* runtime/JSPropertyNameEnumerator.cpp:
(JSC::JSPropertyNameEnumerator::visitChildren):
* runtime/JSPropertyNameIterator.cpp:
(JSC::JSPropertyNameIterator::visitChildren):
* runtime/JSProxy.cpp:
(JSC::JSProxy::visitChildren):
* runtime/JSScope.cpp:
(JSC::JSScope::visitChildren):
* runtime/JSSegmentedVariableObject.cpp:
(JSC::JSSegmentedVariableObject::visitChildren):
* runtime/JSSetIterator.cpp:
(JSC::JSSetIterator::visitChildren):
* runtime/JSString.cpp:
(JSC::JSRopeString::visitFibers):
* runtime/JSSymbolTableObject.cpp:
(JSC::JSSymbolTableObject::visitChildren):
* runtime/JSWeakMap.cpp:
(JSC::JSWeakMap::visitChildren):
* runtime/JSWeakSet.cpp:
(JSC::JSWeakSet::visitChildren):
* runtime/JSWithScope.cpp:
(JSC::JSWithScope::visitChildren):
* runtime/JSWrapperObject.cpp:
(JSC::JSWrapperObject::visitChildren):
* runtime/LazyClassStructure.cpp:
(JSC::LazyClassStructure::visit):
* runtime/LazyPropertyInlines.h:
(JSC::ElementType&gt;::visit):
* runtime/MapBase.cpp:
(JSC::MapBase&lt;HashMapBucketType&gt;::visitChildren):
* runtime/ModuleProgramExecutable.cpp:
(JSC::ModuleProgramExecutable::visitChildren):
* runtime/NativeErrorConstructor.cpp:
(JSC::NativeErrorConstructor::visitChildren):
* runtime/ProgramExecutable.cpp:
(JSC::ProgramExecutable::visitChildren):
* runtime/ProxyObject.cpp:
(JSC::ProxyObject::visitChildren):
* runtime/ProxyRevoke.cpp:
(JSC::ProxyRevoke::visitChildren):
* runtime/RegExpCachedResult.cpp:
(JSC::RegExpCachedResult::visitChildren):
* runtime/RegExpObject.cpp:
(JSC::RegExpObject::visitChildren):
* runtime/RegExpPrototype.cpp:
(JSC::RegExpPrototype::visitChildren):
* runtime/SamplingProfiler.cpp:
(JSC::SamplingProfiler::visit):
* runtime/ScopedArguments.cpp:
(JSC::ScopedArguments::visitChildren):
* runtime/SmallStrings.cpp:
(JSC::SmallStrings::visitStrongReferences):
* runtime/SparseArrayValueMap.cpp:
(JSC::SparseArrayValueMap::visitChildren):
* runtime/Structure.cpp:
(JSC::Structure::visitChildren):
(JSC::Structure::markIfCheap):
* runtime/StructureChain.cpp:
(JSC::StructureChain::visitChildren):
* runtime/StructureRareData.cpp:
(JSC::StructureRareData::visitChildren):
* runtime/SymbolTable.cpp:
(JSC::SymbolTable::visitChildren):
* runtime/TypeProfilerLog.cpp:
(JSC::TypeProfilerLog::visit):
* runtime/WeakMapData.cpp:
(JSC::WeakMapData::DeadKeyCleaner::visitWeakReferences):
* wasm/js/JSWebAssemblyInstance.cpp:
(JSC::JSWebAssemblyInstance::visitChildren):
* wasm/js/JSWebAssemblyMemory.cpp:
(JSC::JSWebAssemblyMemory::visitChildren):
* wasm/js/JSWebAssemblyModule.cpp:
(JSC::JSWebAssemblyModule::visitChildren):
* wasm/js/JSWebAssemblyTable.cpp:
(JSC::JSWebAssemblyTable::visitChildren):
* wasm/js/WebAssemblyFunction.cpp:
(JSC::WebAssemblyFunction::visitChildren):
* wasm/js/WebAssemblyModuleRecord.cpp:
(JSC::WebAssemblyModuleRecord::visitChildren):

Source/WebCore:


No new tests because no new behavior.
        
This updates WebCore code to new JSC API.

* bindings/js/JSDOMBinding.cpp:
(WebCore::DOMConstructorJSBuiltinObject::visitChildren):
* bindings/js/JSDOMGlobalObject.cpp:
(WebCore::JSDOMGlobalObject::visitChildren):
* bindings/js/JSDOMPromise.h:
(WebCore::DeferredPromise::visitAggregate):
* bindings/js/JSEventListener.cpp:
(WebCore::JSEventListener::visitJSFunction):
* bindings/js/JSWorkerGlobalScopeBase.cpp:
(WebCore::JSWorkerGlobalScopeBase::visitChildren):
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateImplementation):</pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceJavaScriptCoreAPIJSCallbackObjecth">trunk/Source/JavaScriptCore/API/JSCallbackObject.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreChangeLog">trunk/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCoreJavaScriptCorexcodeprojprojectpbxproj">trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj</a></li>
<li><a href="#trunkSourceJavaScriptCoreScriptsbuiltinsbuiltins_templatespy">trunk/Source/JavaScriptCore/Scripts/builtins/builtins_templates.py</a></li>
<li><a href="#trunkSourceJavaScriptCoreScriptstestsbuiltinsexpectedWebCoreAnotherGuardedInternalBuiltinSeparatejsresult">trunk/Source/JavaScriptCore/Scripts/tests/builtins/expected/WebCore-AnotherGuardedInternalBuiltin-Separate.js-result</a></li>
<li><a href="#trunkSourceJavaScriptCoreScriptstestsbuiltinsexpectedWebCoreGuardedInternalBuiltinSeparatejsresult">trunk/Source/JavaScriptCore/Scripts/tests/builtins/expected/WebCore-GuardedInternalBuiltin-Separate.js-result</a></li>
<li><a href="#trunkSourceJavaScriptCoreScriptstestsbuiltinsexpectedWebCorexmlCasingTestSeparatejsresult">trunk/Source/JavaScriptCore/Scripts/tests/builtins/expected/WebCore-xmlCasingTest-Separate.js-result</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeCodeBlockcpp">trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeDirectEvalCodeCachecpp">trunk/Source/JavaScriptCore/bytecode/DirectEvalCodeCache.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeInternalFunctionAllocationProfileh">trunk/Source/JavaScriptCore/bytecode/InternalFunctionAllocationProfile.h</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeObjectAllocationProfileh">trunk/Source/JavaScriptCore/bytecode/ObjectAllocationProfile.h</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodePolymorphicAccesscpp">trunk/Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeUnlinkedCodeBlockcpp">trunk/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeUnlinkedFunctionExecutablecpp">trunk/Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredebuggerDebuggerScopecpp">trunk/Source/JavaScriptCore/debugger/DebuggerScope.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGDesiredTransitionscpp">trunk/Source/JavaScriptCore/dfg/DFGDesiredTransitions.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGDesiredWeakReferencescpp">trunk/Source/JavaScriptCore/dfg/DFGDesiredWeakReferences.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGGraphcpp">trunk/Source/JavaScriptCore/dfg/DFGGraph.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGPlancpp">trunk/Source/JavaScriptCore/dfg/DFGPlan.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreheapHandleSetcpp">trunk/Source/JavaScriptCore/heap/HandleSet.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreheapHandleSeth">trunk/Source/JavaScriptCore/heap/HandleSet.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreheapHandleStackcpp">trunk/Source/JavaScriptCore/heap/HandleStack.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreheapHandleStackh">trunk/Source/JavaScriptCore/heap/HandleStack.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreheapHeapcpp">trunk/Source/JavaScriptCore/heap/Heap.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreheapHeaph">trunk/Source/JavaScriptCore/heap/Heap.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreheapLargeAllocationcpp">trunk/Source/JavaScriptCore/heap/LargeAllocation.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreheapLargeAllocationh">trunk/Source/JavaScriptCore/heap/LargeAllocation.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreheapMarkedBlockh">trunk/Source/JavaScriptCore/heap/MarkedBlock.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreheapMarkedSpacecpp">trunk/Source/JavaScriptCore/heap/MarkedSpace.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreheapMarkedSpaceh">trunk/Source/JavaScriptCore/heap/MarkedSpace.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreheapSlotVisitorcpp">trunk/Source/JavaScriptCore/heap/SlotVisitor.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreheapSlotVisitorh">trunk/Source/JavaScriptCore/heap/SlotVisitor.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreheapSlotVisitorInlinesh">trunk/Source/JavaScriptCore/heap/SlotVisitorInlines.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreheapWeakBlockcpp">trunk/Source/JavaScriptCore/heap/WeakBlock.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreheapWeakBlockh">trunk/Source/JavaScriptCore/heap/WeakBlock.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreheapWeakSeth">trunk/Source/JavaScriptCore/heap/WeakSet.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreinterpreterShadowChickencpp">trunk/Source/JavaScriptCore/interpreter/ShadowChicken.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitGCAwareJITStubRoutinecpp">trunk/Source/JavaScriptCore/jit/GCAwareJITStubRoutine.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitPolymorphicCallStubRoutinecpp">trunk/Source/JavaScriptCore/jit/PolymorphicCallStubRoutine.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejsccpp">trunk/Source/JavaScriptCore/jsc.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeAbstractModuleRecordcpp">trunk/Source/JavaScriptCore/runtime/AbstractModuleRecord.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeArgListcpp">trunk/Source/JavaScriptCore/runtime/ArgList.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeArgListh">trunk/Source/JavaScriptCore/runtime/ArgList.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeClonedArgumentscpp">trunk/Source/JavaScriptCore/runtime/ClonedArguments.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeDirectArgumentscpp">trunk/Source/JavaScriptCore/runtime/DirectArguments.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeEvalExecutablecpp">trunk/Source/JavaScriptCore/runtime/EvalExecutable.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeExceptioncpp">trunk/Source/JavaScriptCore/runtime/Exception.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeFunctionExecutablecpp">trunk/Source/JavaScriptCore/runtime/FunctionExecutable.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeFunctionRareDatacpp">trunk/Source/JavaScriptCore/runtime/FunctionRareData.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeGetterSettercpp">trunk/Source/JavaScriptCore/runtime/GetterSetter.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeHashMapImplcpp">trunk/Source/JavaScriptCore/runtime/HashMapImpl.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeInferredTypeTablecpp">trunk/Source/JavaScriptCore/runtime/InferredTypeTable.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeInternalFunctioncpp">trunk/Source/JavaScriptCore/runtime/InternalFunction.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeIntlCollatorcpp">trunk/Source/JavaScriptCore/runtime/IntlCollator.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeIntlCollatorConstructorcpp">trunk/Source/JavaScriptCore/runtime/IntlCollatorConstructor.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeIntlDateTimeFormatcpp">trunk/Source/JavaScriptCore/runtime/IntlDateTimeFormat.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeIntlDateTimeFormatConstructorcpp">trunk/Source/JavaScriptCore/runtime/IntlDateTimeFormatConstructor.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeIntlNumberFormatcpp">trunk/Source/JavaScriptCore/runtime/IntlNumberFormat.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeIntlNumberFormatConstructorcpp">trunk/Source/JavaScriptCore/runtime/IntlNumberFormatConstructor.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSBoundFunctioncpp">trunk/Source/JavaScriptCore/runtime/JSBoundFunction.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSCalleecpp">trunk/Source/JavaScriptCore/runtime/JSCallee.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSCellInlinesh">trunk/Source/JavaScriptCore/runtime/JSCellInlines.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSCustomGetterSetterFunctioncpp">trunk/Source/JavaScriptCore/runtime/JSCustomGetterSetterFunction.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSFunctioncpp">trunk/Source/JavaScriptCore/runtime/JSFunction.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSGlobalObjectcpp">trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSMapIteratorcpp">trunk/Source/JavaScriptCore/runtime/JSMapIterator.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSModuleEnvironmentcpp">trunk/Source/JavaScriptCore/runtime/JSModuleEnvironment.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSModuleNamespaceObjectcpp">trunk/Source/JavaScriptCore/runtime/JSModuleNamespaceObject.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSModuleRecordcpp">trunk/Source/JavaScriptCore/runtime/JSModuleRecord.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSNativeStdFunctioncpp">trunk/Source/JavaScriptCore/runtime/JSNativeStdFunction.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSObjectcpp">trunk/Source/JavaScriptCore/runtime/JSObject.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSPromiseDeferredcpp">trunk/Source/JavaScriptCore/runtime/JSPromiseDeferred.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSPropertyNameEnumeratorcpp">trunk/Source/JavaScriptCore/runtime/JSPropertyNameEnumerator.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSPropertyNameIteratorcpp">trunk/Source/JavaScriptCore/runtime/JSPropertyNameIterator.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSProxycpp">trunk/Source/JavaScriptCore/runtime/JSProxy.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSScopecpp">trunk/Source/JavaScriptCore/runtime/JSScope.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSSegmentedVariableObjectcpp">trunk/Source/JavaScriptCore/runtime/JSSegmentedVariableObject.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSSetIteratorcpp">trunk/Source/JavaScriptCore/runtime/JSSetIterator.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSStringcpp">trunk/Source/JavaScriptCore/runtime/JSString.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSSymbolTableObjectcpp">trunk/Source/JavaScriptCore/runtime/JSSymbolTableObject.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSWeakMapcpp">trunk/Source/JavaScriptCore/runtime/JSWeakMap.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSWeakSetcpp">trunk/Source/JavaScriptCore/runtime/JSWeakSet.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSWithScopecpp">trunk/Source/JavaScriptCore/runtime/JSWithScope.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSWrapperObjectcpp">trunk/Source/JavaScriptCore/runtime/JSWrapperObject.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeLazyClassStructurecpp">trunk/Source/JavaScriptCore/runtime/LazyClassStructure.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeLazyPropertyInlinesh">trunk/Source/JavaScriptCore/runtime/LazyPropertyInlines.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeMapBasecpp">trunk/Source/JavaScriptCore/runtime/MapBase.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeModuleProgramExecutablecpp">trunk/Source/JavaScriptCore/runtime/ModuleProgramExecutable.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeNativeErrorConstructorcpp">trunk/Source/JavaScriptCore/runtime/NativeErrorConstructor.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeProgramExecutablecpp">trunk/Source/JavaScriptCore/runtime/ProgramExecutable.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeProxyObjectcpp">trunk/Source/JavaScriptCore/runtime/ProxyObject.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeProxyRevokecpp">trunk/Source/JavaScriptCore/runtime/ProxyRevoke.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeRegExpCachedResultcpp">trunk/Source/JavaScriptCore/runtime/RegExpCachedResult.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeRegExpObjectcpp">trunk/Source/JavaScriptCore/runtime/RegExpObject.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeRegExpPrototypecpp">trunk/Source/JavaScriptCore/runtime/RegExpPrototype.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeSamplingProfilercpp">trunk/Source/JavaScriptCore/runtime/SamplingProfiler.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeScopedArgumentscpp">trunk/Source/JavaScriptCore/runtime/ScopedArguments.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeSmallStringscpp">trunk/Source/JavaScriptCore/runtime/SmallStrings.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeSparseArrayValueMapcpp">trunk/Source/JavaScriptCore/runtime/SparseArrayValueMap.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeStructurecpp">trunk/Source/JavaScriptCore/runtime/Structure.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeStructureChaincpp">trunk/Source/JavaScriptCore/runtime/StructureChain.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeStructureRareDatacpp">trunk/Source/JavaScriptCore/runtime/StructureRareData.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeSymbolTablecpp">trunk/Source/JavaScriptCore/runtime/SymbolTable.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeTypeProfilerLogcpp">trunk/Source/JavaScriptCore/runtime/TypeProfilerLog.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeWeakMapDatacpp">trunk/Source/JavaScriptCore/runtime/WeakMapData.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorewasmjsJSWebAssemblyInstancecpp">trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorewasmjsJSWebAssemblyMemorycpp">trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyMemory.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorewasmjsJSWebAssemblyModulecpp">trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyModule.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorewasmjsJSWebAssemblyTablecpp">trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyTable.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorewasmjsWebAssemblyFunctioncpp">trunk/Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorewasmjsWebAssemblyModuleRecordcpp">trunk/Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp</a></li>
<li><a href="#trunkSourceWebCoreChangeLog">trunk/Source/WebCore/ChangeLog</a></li>
<li><a href="#trunkSourceWebCorebindingsjsJSDOMBindingcpp">trunk/Source/WebCore/bindings/js/JSDOMBinding.cpp</a></li>
<li><a href="#trunkSourceWebCorebindingsjsJSDOMGlobalObjectcpp">trunk/Source/WebCore/bindings/js/JSDOMGlobalObject.cpp</a></li>
<li><a href="#trunkSourceWebCorebindingsjsJSDOMPromiseh">trunk/Source/WebCore/bindings/js/JSDOMPromise.h</a></li>
<li><a href="#trunkSourceWebCorebindingsjsJSEventListenercpp">trunk/Source/WebCore/bindings/js/JSEventListener.cpp</a></li>
<li><a href="#trunkSourceWebCorebindingsjsJSWorkerGlobalScopeBasecpp">trunk/Source/WebCore/bindings/js/JSWorkerGlobalScopeBase.cpp</a></li>
<li><a href="#trunkSourceWebCorebindingsscriptsCodeGeneratorJSpm">trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm</a></li>
</ul>

<h3>Removed Paths</h3>
<ul>
<li><a href="#trunkSourceJavaScriptCoreheapHeapRootVisitorh">trunk/Source/JavaScriptCore/heap/HeapRootVisitor.h</a></li>
</ul>

</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceJavaScriptCoreAPIJSCallbackObjecth"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/API/JSCallbackObject.h (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/API/JSCallbackObject.h        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/API/JSCallbackObject.h        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2006, 2007, 2008, 2010 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2006-2016 Apple Inc. All rights reserved.
</ins><span class="cx">  * Copyright (C) 2007 Eric Seidel &lt;eric@webkit.org&gt;
</span><span class="cx">  *
</span><span class="cx">  * Redistribution and use in source and binary forms, with or without
</span><span class="lines">@@ -108,7 +108,7 @@
</span><span class="cx">             LockHolder locker(m_lock);
</span><span class="cx">             for (PrivatePropertyMap::iterator ptr = m_propertyMap.begin(); ptr != m_propertyMap.end(); ++ptr) {
</span><span class="cx">                 if (ptr-&gt;value)
</span><del>-                    visitor.append(&amp;ptr-&gt;value);
</del><ins>+                    visitor.append(ptr-&gt;value);
</ins><span class="cx">             }
</span><span class="cx">         }
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ChangeLog (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ChangeLog        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/ChangeLog        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -1,3 +1,250 @@
</span><ins>+2016-12-15  Filip Pizlo  &lt;fpizlo@apple.com&gt;
+
+        Get rid of HeapRootVisitor and make SlotVisitor less painful to use
+        https://bugs.webkit.org/show_bug.cgi?id=165911
+
+        Reviewed by Geoffrey Garen.
+        
+        Previously we had two ways of adding a raw pointer to the GC's mark stack:
+        
+        - SlotVisitor::appendUnbarrieredXYZ() methods
+        - HeapRootVisitor::visit() methods
+        
+        HeapRootVisitor existed only to prevent you from calling its non-WriteBarrier&lt;&gt; methods
+        unless you had permission. But SlotVisitor would let you do it anyway, because that was
+        a lot more practical.
+        
+        I think that we should just have one way to do it. This removes HeapRootVisitor. It
+        also renames appendUnbarrieredXYZ to appendUnbarriered, and it removes the use of extra
+        indirection (so you now pass const WriteBarrier&lt;&gt;&amp; instead of WriteBarrier&lt;&gt;*).
+
+        * API/JSCallbackObject.h:
+        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::visitChildren):
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * Scripts/builtins/builtins_templates.py:
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::visitWeakly):
+        (JSC::CodeBlock::visitChildren):
+        (JSC::CodeBlock::propagateTransitions):
+        (JSC::CodeBlock::determineLiveness):
+        (JSC::CodeBlock::visitOSRExitTargets):
+        (JSC::CodeBlock::stronglyVisitStrongReferences):
+        (JSC::CodeBlock::stronglyVisitWeakReferences):
+        * bytecode/DirectEvalCodeCache.cpp:
+        (JSC::DirectEvalCodeCache::visitAggregate):
+        * bytecode/InternalFunctionAllocationProfile.h:
+        (JSC::InternalFunctionAllocationProfile::visitAggregate):
+        * bytecode/ObjectAllocationProfile.h:
+        (JSC::ObjectAllocationProfile::visitAggregate):
+        * bytecode/PolymorphicAccess.cpp:
+        (JSC::AccessCase::propagateTransitions):
+        * bytecode/UnlinkedCodeBlock.cpp:
+        (JSC::UnlinkedCodeBlock::visitChildren):
+        * bytecode/UnlinkedFunctionExecutable.cpp:
+        (JSC::UnlinkedFunctionExecutable::visitChildren):
+        * debugger/DebuggerScope.cpp:
+        (JSC::DebuggerScope::visitChildren):
+        * dfg/DFGDesiredTransitions.cpp:
+        (JSC::DFG::DesiredTransition::visitChildren):
+        * dfg/DFGDesiredWeakReferences.cpp:
+        (JSC::DFG::DesiredWeakReferences::visitChildren):
+        * dfg/DFGGraph.cpp:
+        (JSC::DFG::Graph::visitChildren):
+        * dfg/DFGPlan.cpp:
+        (JSC::DFG::Plan::markCodeBlocks):
+        (JSC::DFG::Plan::checkLivenessAndVisitChildren):
+        * heap/HandleSet.cpp:
+        (JSC::HandleSet::visitStrongHandles):
+        * heap/HandleSet.h:
+        * heap/HandleStack.cpp:
+        (JSC::HandleStack::visit):
+        * heap/HandleStack.h:
+        * heap/Heap.cpp:
+        (JSC::Heap::markToFixpoint):
+        * heap/Heap.h:
+        * heap/HeapRootVisitor.h: Removed.
+        * heap/LargeAllocation.cpp:
+        (JSC::LargeAllocation::visitWeakSet):
+        * heap/LargeAllocation.h:
+        * heap/MarkedBlock.h:
+        (JSC::MarkedBlock::Handle::visitWeakSet):
+        * heap/MarkedSpace.cpp:
+        (JSC::MarkedSpace::visitWeakSets):
+        * heap/MarkedSpace.h:
+        * heap/SlotVisitor.cpp:
+        (JSC::SlotVisitor::appendUnbarriered):
+        * heap/SlotVisitor.h:
+        * heap/SlotVisitorInlines.h:
+        (JSC::SlotVisitor::appendUnbarriered):
+        (JSC::SlotVisitor::append):
+        (JSC::SlotVisitor::appendHidden):
+        (JSC::SlotVisitor::appendValues):
+        (JSC::SlotVisitor::appendValuesHidden):
+        (JSC::SlotVisitor::appendUnbarrieredPointer): Deleted.
+        (JSC::SlotVisitor::appendUnbarrieredReadOnlyPointer): Deleted.
+        (JSC::SlotVisitor::appendUnbarrieredValue): Deleted.
+        (JSC::SlotVisitor::appendUnbarrieredReadOnlyValue): Deleted.
+        (JSC::SlotVisitor::appendUnbarrieredWeak): Deleted.
+        * heap/WeakBlock.cpp:
+        (JSC::WeakBlock::specializedVisit):
+        (JSC::WeakBlock::visit):
+        * heap/WeakBlock.h:
+        * heap/WeakSet.h:
+        (JSC::WeakSet::visit):
+        * interpreter/ShadowChicken.cpp:
+        (JSC::ShadowChicken::visitChildren):
+        * jit/GCAwareJITStubRoutine.cpp:
+        (JSC::MarkingGCAwareJITStubRoutine::markRequiredObjectsInternal):
+        * jit/PolymorphicCallStubRoutine.cpp:
+        (JSC::PolymorphicCallStubRoutine::markRequiredObjectsInternal):
+        * jsc.cpp:
+        (WTF::Element::visitChildren):
+        (WTF::ImpureGetter::visitChildren):
+        (WTF::SimpleObject::visitChildren):
+        * runtime/AbstractModuleRecord.cpp:
+        (JSC::AbstractModuleRecord::visitChildren):
+        * runtime/ArgList.cpp:
+        (JSC::MarkedArgumentBuffer::markLists):
+        * runtime/ArgList.h:
+        * runtime/ClonedArguments.cpp:
+        (JSC::ClonedArguments::visitChildren):
+        * runtime/DirectArguments.cpp:
+        (JSC::DirectArguments::visitChildren):
+        * runtime/EvalExecutable.cpp:
+        (JSC::EvalExecutable::visitChildren):
+        * runtime/Exception.cpp:
+        (JSC::Exception::visitChildren):
+        * runtime/FunctionExecutable.cpp:
+        (JSC::FunctionExecutable::visitChildren):
+        * runtime/FunctionRareData.cpp:
+        (JSC::FunctionRareData::visitChildren):
+        * runtime/GetterSetter.cpp:
+        (JSC::GetterSetter::visitChildren):
+        * runtime/HashMapImpl.cpp:
+        (JSC::HashMapBucket&lt;Data&gt;::visitChildren):
+        (JSC::HashMapImpl&lt;HashMapBucket&gt;::visitChildren):
+        * runtime/InferredTypeTable.cpp:
+        (JSC::InferredTypeTable::visitChildren):
+        * runtime/InternalFunction.cpp:
+        (JSC::InternalFunction::visitChildren):
+        * runtime/IntlCollator.cpp:
+        (JSC::IntlCollator::visitChildren):
+        * runtime/IntlCollatorConstructor.cpp:
+        (JSC::IntlCollatorConstructor::visitChildren):
+        * runtime/IntlDateTimeFormat.cpp:
+        (JSC::IntlDateTimeFormat::visitChildren):
+        * runtime/IntlDateTimeFormatConstructor.cpp:
+        (JSC::IntlDateTimeFormatConstructor::visitChildren):
+        * runtime/IntlNumberFormat.cpp:
+        (JSC::IntlNumberFormat::visitChildren):
+        * runtime/IntlNumberFormatConstructor.cpp:
+        (JSC::IntlNumberFormatConstructor::visitChildren):
+        * runtime/JSBoundFunction.cpp:
+        (JSC::JSBoundFunction::visitChildren):
+        * runtime/JSCallee.cpp:
+        (JSC::JSCallee::visitChildren):
+        * runtime/JSCellInlines.h:
+        (JSC::JSCell::visitChildren):
+        * runtime/JSCustomGetterSetterFunction.cpp:
+        (JSC::JSCustomGetterSetterFunction::visitChildren):
+        * runtime/JSFunction.cpp:
+        (JSC::JSFunction::visitChildren):
+        * runtime/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::visitChildren):
+        * runtime/JSMapIterator.cpp:
+        (JSC::JSMapIterator::visitChildren):
+        * runtime/JSModuleEnvironment.cpp:
+        (JSC::JSModuleEnvironment::visitChildren):
+        * runtime/JSModuleNamespaceObject.cpp:
+        (JSC::JSModuleNamespaceObject::visitChildren):
+        * runtime/JSModuleRecord.cpp:
+        (JSC::JSModuleRecord::visitChildren):
+        * runtime/JSNativeStdFunction.cpp:
+        (JSC::JSNativeStdFunction::visitChildren):
+        * runtime/JSObject.cpp:
+        (JSC::JSObject::visitButterflyImpl):
+        * runtime/JSPromiseDeferred.cpp:
+        (JSC::JSPromiseDeferred::visitChildren):
+        * runtime/JSPropertyNameEnumerator.cpp:
+        (JSC::JSPropertyNameEnumerator::visitChildren):
+        * runtime/JSPropertyNameIterator.cpp:
+        (JSC::JSPropertyNameIterator::visitChildren):
+        * runtime/JSProxy.cpp:
+        (JSC::JSProxy::visitChildren):
+        * runtime/JSScope.cpp:
+        (JSC::JSScope::visitChildren):
+        * runtime/JSSegmentedVariableObject.cpp:
+        (JSC::JSSegmentedVariableObject::visitChildren):
+        * runtime/JSSetIterator.cpp:
+        (JSC::JSSetIterator::visitChildren):
+        * runtime/JSString.cpp:
+        (JSC::JSRopeString::visitFibers):
+        * runtime/JSSymbolTableObject.cpp:
+        (JSC::JSSymbolTableObject::visitChildren):
+        * runtime/JSWeakMap.cpp:
+        (JSC::JSWeakMap::visitChildren):
+        * runtime/JSWeakSet.cpp:
+        (JSC::JSWeakSet::visitChildren):
+        * runtime/JSWithScope.cpp:
+        (JSC::JSWithScope::visitChildren):
+        * runtime/JSWrapperObject.cpp:
+        (JSC::JSWrapperObject::visitChildren):
+        * runtime/LazyClassStructure.cpp:
+        (JSC::LazyClassStructure::visit):
+        * runtime/LazyPropertyInlines.h:
+        (JSC::ElementType&gt;::visit):
+        * runtime/MapBase.cpp:
+        (JSC::MapBase&lt;HashMapBucketType&gt;::visitChildren):
+        * runtime/ModuleProgramExecutable.cpp:
+        (JSC::ModuleProgramExecutable::visitChildren):
+        * runtime/NativeErrorConstructor.cpp:
+        (JSC::NativeErrorConstructor::visitChildren):
+        * runtime/ProgramExecutable.cpp:
+        (JSC::ProgramExecutable::visitChildren):
+        * runtime/ProxyObject.cpp:
+        (JSC::ProxyObject::visitChildren):
+        * runtime/ProxyRevoke.cpp:
+        (JSC::ProxyRevoke::visitChildren):
+        * runtime/RegExpCachedResult.cpp:
+        (JSC::RegExpCachedResult::visitChildren):
+        * runtime/RegExpObject.cpp:
+        (JSC::RegExpObject::visitChildren):
+        * runtime/RegExpPrototype.cpp:
+        (JSC::RegExpPrototype::visitChildren):
+        * runtime/SamplingProfiler.cpp:
+        (JSC::SamplingProfiler::visit):
+        * runtime/ScopedArguments.cpp:
+        (JSC::ScopedArguments::visitChildren):
+        * runtime/SmallStrings.cpp:
+        (JSC::SmallStrings::visitStrongReferences):
+        * runtime/SparseArrayValueMap.cpp:
+        (JSC::SparseArrayValueMap::visitChildren):
+        * runtime/Structure.cpp:
+        (JSC::Structure::visitChildren):
+        (JSC::Structure::markIfCheap):
+        * runtime/StructureChain.cpp:
+        (JSC::StructureChain::visitChildren):
+        * runtime/StructureRareData.cpp:
+        (JSC::StructureRareData::visitChildren):
+        * runtime/SymbolTable.cpp:
+        (JSC::SymbolTable::visitChildren):
+        * runtime/TypeProfilerLog.cpp:
+        (JSC::TypeProfilerLog::visit):
+        * runtime/WeakMapData.cpp:
+        (JSC::WeakMapData::DeadKeyCleaner::visitWeakReferences):
+        * wasm/js/JSWebAssemblyInstance.cpp:
+        (JSC::JSWebAssemblyInstance::visitChildren):
+        * wasm/js/JSWebAssemblyMemory.cpp:
+        (JSC::JSWebAssemblyMemory::visitChildren):
+        * wasm/js/JSWebAssemblyModule.cpp:
+        (JSC::JSWebAssemblyModule::visitChildren):
+        * wasm/js/JSWebAssemblyTable.cpp:
+        (JSC::JSWebAssemblyTable::visitChildren):
+        * wasm/js/WebAssemblyFunction.cpp:
+        (JSC::WebAssemblyFunction::visitChildren):
+        * wasm/js/WebAssemblyModuleRecord.cpp:
+        (JSC::WebAssemblyModuleRecord::visitChildren):
+
</ins><span class="cx"> 2016-12-15  Myles C. Maxfield  &lt;mmaxfield@apple.com&gt;
</span><span class="cx"> 
</span><span class="cx">         Sort Xcode project files
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreJavaScriptCorexcodeprojprojectpbxproj"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -1202,7 +1202,6 @@
</span><span class="cx">                 14E9D17B107EC469004DDA21 /* JSGlobalObjectFunctions.cpp in Sources */ = {isa = PBXBuildFile; fileRef = BC756FC60E2031B200DE7D12 /* JSGlobalObjectFunctions.cpp */; };
</span><span class="cx">                 14F7256514EE265E00B1652B /* WeakHandleOwner.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 14F7256314EE265E00B1652B /* WeakHandleOwner.cpp */; };
</span><span class="cx">                 14F7256614EE265E00B1652B /* WeakHandleOwner.h in Headers */ = {isa = PBXBuildFile; fileRef = 14F7256414EE265E00B1652B /* WeakHandleOwner.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><del>-                14F97447138C853E00DA1C67 /* HeapRootVisitor.h in Headers */ = {isa = PBXBuildFile; fileRef = 14F97446138C853E00DA1C67 /* HeapRootVisitor.h */; settings = {ATTRIBUTES = (Private, ); }; };
</del><span class="cx">                 1A28D4A8177B71C80007FA3C /* JSStringRefPrivate.h in Headers */ = {isa = PBXBuildFile; fileRef = 1A28D4A7177B71C80007FA3C /* JSStringRefPrivate.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx">                 1A8826B1653C4CD1A642983B /* TemplateRegistryKeyTable.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 8B47F234366C4B72AC852A7E /* TemplateRegistryKeyTable.cpp */; };
</span><span class="cx">                 1ACF7377171CA6FB00C9BB1E /* Weak.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 1ACF7376171CA6FB00C9BB1E /* Weak.cpp */; };
</span><span class="lines">@@ -3579,7 +3578,6 @@
</span><span class="cx">                 14F252560D08DD8D004ECFFF /* JSEnvironmentRecord.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSEnvironmentRecord.h; sourceTree = &quot;&lt;group&gt;&quot;; };
</span><span class="cx">                 14F7256314EE265E00B1652B /* WeakHandleOwner.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = WeakHandleOwner.cpp; sourceTree = &quot;&lt;group&gt;&quot;; };
</span><span class="cx">                 14F7256414EE265E00B1652B /* WeakHandleOwner.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WeakHandleOwner.h; sourceTree = &quot;&lt;group&gt;&quot;; };
</span><del>-                14F97446138C853E00DA1C67 /* HeapRootVisitor.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = HeapRootVisitor.h; sourceTree = &quot;&lt;group&gt;&quot;; };
</del><span class="cx">                 169948EDE68D4054B01EF797 /* DefinePropertyAttributes.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DefinePropertyAttributes.h; sourceTree = &quot;&lt;group&gt;&quot;; };
</span><span class="cx">                 1879510614C540FFB561C124 /* JSModuleLoader.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSModuleLoader.cpp; sourceTree = &quot;&lt;group&gt;&quot;; };
</span><span class="cx">                 1A28D4A7177B71C80007FA3C /* JSStringRefPrivate.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSStringRefPrivate.h; sourceTree = &quot;&lt;group&gt;&quot;; };
</span><span class="lines">@@ -5693,7 +5691,6 @@
</span><span class="cx">                                 A5339EC81BB4B4510054F005 /* HeapObserver.h */,
</span><span class="cx">                                 A5398FA91C750D950060A963 /* HeapProfiler.cpp */,
</span><span class="cx">                                 A5398FAA1C750D950060A963 /* HeapProfiler.h */,
</span><del>-                                14F97446138C853E00DA1C67 /* HeapRootVisitor.h */,
</del><span class="cx">                                 A54C2AAE1C6544D100A18D78 /* HeapSnapshot.cpp */,
</span><span class="cx">                                 A54C2AAF1C6544D100A18D78 /* HeapSnapshot.h */,
</span><span class="cx">                                 A5311C341C77CEAC00E6B1B6 /* HeapSnapshotBuilder.cpp */,
</span><span class="lines">@@ -8366,7 +8363,6 @@
</span><span class="cx">                                 2AD8932B17E3868F00668276 /* HeapIterationScope.h in Headers */,
</span><span class="cx">                                 A5339EC91BB4B4600054F005 /* HeapObserver.h in Headers */,
</span><span class="cx">                                 A5398FAB1C750DA40060A963 /* HeapProfiler.h in Headers */,
</span><del>-                                14F97447138C853E00DA1C67 /* HeapRootVisitor.h in Headers */,
</del><span class="cx">                                 A54C2AB11C6544F200A18D78 /* HeapSnapshot.h in Headers */,
</span><span class="cx">                                 A5311C361C77CEC500E6B1B6 /* HeapSnapshotBuilder.h in Headers */,
</span><span class="cx">                                 C24D31E3161CD695002AA4DB /* HeapStatistics.h in Headers */,
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreScriptsbuiltinsbuiltins_templatespy"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/Scripts/builtins/builtins_templates.py (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/Scripts/builtins/builtins_templates.py        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/Scripts/builtins/builtins_templates.py        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -1,6 +1,6 @@
</span><span class="cx"> #!/usr/bin/env python
</span><span class="cx"> #
</span><del>-# Copyright (c) 2014, 2015 Apple Inc. All rights reserved.
</del><ins>+# Copyright (c) 2014-2016 Apple Inc. All rights reserved.
</ins><span class="cx"> # Copyright (C) 2015 Canon Inc. All rights reserved.
</span><span class="cx"> #
</span><span class="cx"> # Redistribution and use in source and binary forms, with or without
</span><span class="lines">@@ -205,7 +205,7 @@
</span><span class="cx"> 
</span><span class="cx"> inline void ${objectName}BuiltinFunctions::visit(JSC::SlotVisitor&amp; visitor)
</span><span class="cx"> {
</span><del>-#define VISIT_FUNCTION(name) visitor.append(&amp;m_##name##Function);
</del><ins>+#define VISIT_FUNCTION(name) visitor.append(m_##name##Function);
</ins><span class="cx">     ${macroPrefix}_FOREACH_${objectMacro}_BUILTIN_FUNCTION_NAME(VISIT_FUNCTION)
</span><span class="cx"> #undef VISIT_FUNCTION
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreScriptstestsbuiltinsexpectedWebCoreAnotherGuardedInternalBuiltinSeparatejsresult"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/Scripts/tests/builtins/expected/WebCore-AnotherGuardedInternalBuiltin-Separate.js-result (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/Scripts/tests/builtins/expected/WebCore-AnotherGuardedInternalBuiltin-Separate.js-result        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/Scripts/tests/builtins/expected/WebCore-AnotherGuardedInternalBuiltin-Separate.js-result        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -142,7 +142,7 @@
</span><span class="cx"> 
</span><span class="cx"> inline void AnotherGuardedInternalBuiltinBuiltinFunctions::visit(JSC::SlotVisitor&amp; visitor)
</span><span class="cx"> {
</span><del>-#define VISIT_FUNCTION(name) visitor.append(&amp;m_##name##Function);
</del><ins>+#define VISIT_FUNCTION(name) visitor.append(m_##name##Function);
</ins><span class="cx">     WEBCORE_FOREACH_ANOTHERGUARDEDINTERNALBUILTIN_BUILTIN_FUNCTION_NAME(VISIT_FUNCTION)
</span><span class="cx"> #undef VISIT_FUNCTION
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreScriptstestsbuiltinsexpectedWebCoreGuardedInternalBuiltinSeparatejsresult"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/Scripts/tests/builtins/expected/WebCore-GuardedInternalBuiltin-Separate.js-result (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/Scripts/tests/builtins/expected/WebCore-GuardedInternalBuiltin-Separate.js-result        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/Scripts/tests/builtins/expected/WebCore-GuardedInternalBuiltin-Separate.js-result        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -143,7 +143,7 @@
</span><span class="cx"> 
</span><span class="cx"> inline void GuardedInternalBuiltinBuiltinFunctions::visit(JSC::SlotVisitor&amp; visitor)
</span><span class="cx"> {
</span><del>-#define VISIT_FUNCTION(name) visitor.append(&amp;m_##name##Function);
</del><ins>+#define VISIT_FUNCTION(name) visitor.append(m_##name##Function);
</ins><span class="cx">     WEBCORE_FOREACH_GUARDEDINTERNALBUILTIN_BUILTIN_FUNCTION_NAME(VISIT_FUNCTION)
</span><span class="cx"> #undef VISIT_FUNCTION
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreScriptstestsbuiltinsexpectedWebCorexmlCasingTestSeparatejsresult"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/Scripts/tests/builtins/expected/WebCore-xmlCasingTest-Separate.js-result (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/Scripts/tests/builtins/expected/WebCore-xmlCasingTest-Separate.js-result        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/Scripts/tests/builtins/expected/WebCore-xmlCasingTest-Separate.js-result        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -157,7 +157,7 @@
</span><span class="cx"> 
</span><span class="cx"> inline void xmlCasingTestBuiltinFunctions::visit(JSC::SlotVisitor&amp; visitor)
</span><span class="cx"> {
</span><del>-#define VISIT_FUNCTION(name) visitor.append(&amp;m_##name##Function);
</del><ins>+#define VISIT_FUNCTION(name) visitor.append(m_##name##Function);
</ins><span class="cx">     WEBCORE_FOREACH_XMLCASINGTEST_BUILTIN_FUNCTION_NAME(VISIT_FUNCTION)
</span><span class="cx"> #undef VISIT_FUNCTION
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeCodeBlockcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -2461,7 +2461,7 @@
</span><span class="cx">         return;
</span><span class="cx"> 
</span><span class="cx">     if (shouldVisitStrongly(locker)) {
</span><del>-        visitor.appendUnbarrieredReadOnlyPointer(this);
</del><ins>+        visitor.appendUnbarriered(this);
</ins><span class="cx">         return;
</span><span class="cx">     }
</span><span class="cx">     
</span><span class="lines">@@ -2476,7 +2476,7 @@
</span><span class="cx"> 
</span><span class="cx">     // If we jettison ourselves we'll install our alternative, so make sure that it
</span><span class="cx">     // survives GC even if we don't.
</span><del>-    visitor.append(&amp;m_alternative);
</del><ins>+    visitor.append(m_alternative);
</ins><span class="cx">     
</span><span class="cx">     // There are two things that we use weak reference harvesters for: DFG fixpoint for
</span><span class="cx">     // jettisoning, and trying to find structures that would be live based on some
</span><span class="lines">@@ -2528,7 +2528,7 @@
</span><span class="cx">     visitor.addUnconditionalFinalizer(&amp;m_unconditionalFinalizer);
</span><span class="cx"> 
</span><span class="cx">     if (CodeBlock* otherBlock = specialOSREntryBlockOrNull())
</span><del>-        visitor.appendUnbarrieredReadOnlyPointer(otherBlock);
</del><ins>+        visitor.appendUnbarriered(otherBlock);
</ins><span class="cx"> 
</span><span class="cx">     if (m_jitCode)
</span><span class="cx">         visitor.reportExtraMemoryVisited(m_jitCode-&gt;size());
</span><span class="lines">@@ -2654,7 +2654,7 @@
</span><span class="cx">                 Structure* newStructure =
</span><span class="cx">                     m_vm-&gt;heap.structureIDTable().get(newStructureID);
</span><span class="cx">                 if (Heap::isMarkedConcurrently(oldStructure))
</span><del>-                    visitor.appendUnbarrieredReadOnlyPointer(newStructure);
</del><ins>+                    visitor.appendUnbarriered(newStructure);
</ins><span class="cx">                 else
</span><span class="cx">                     allAreMarkedSoFar = false;
</span><span class="cx">                 break;
</span><span class="lines">@@ -2699,7 +2699,7 @@
</span><span class="cx">                 // to mark (i.e. its global object and prototype are both already
</span><span class="cx">                 // live).
</span><span class="cx">                 
</span><del>-                visitor.append(&amp;dfgCommon-&gt;transitions[i].m_to);
</del><ins>+                visitor.append(dfgCommon-&gt;transitions[i].m_to);
</ins><span class="cx">             } else
</span><span class="cx">                 allAreMarkedSoFar = false;
</span><span class="cx">         }
</span><span class="lines">@@ -2747,7 +2747,7 @@
</span><span class="cx">     // All weak references are live. Record this information so we don't
</span><span class="cx">     // come back here again, and scan the strong references.
</span><span class="cx">     dfgCommon-&gt;livenessHasBeenProved = true;
</span><del>-    visitor.appendUnbarrieredReadOnlyPointer(this);
</del><ins>+    visitor.appendUnbarriered(this);
</ins><span class="cx"> #endif // ENABLE(DFG_JIT)
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="lines">@@ -3045,7 +3045,7 @@
</span><span class="cx">     // guaranteeing that it matches the details of the CodeBlock we compiled
</span><span class="cx">     // the OSR exit against.
</span><span class="cx"> 
</span><del>-    visitor.append(&amp;m_alternative);
</del><ins>+    visitor.append(m_alternative);
</ins><span class="cx"> 
</span><span class="cx"> #if ENABLE(DFG_JIT)
</span><span class="cx">     DFG::CommonData* dfgCommon = m_jitCode-&gt;dfgCommon();
</span><span class="lines">@@ -3052,7 +3052,7 @@
</span><span class="cx">     if (dfgCommon-&gt;inlineCallFrames) {
</span><span class="cx">         for (auto* inlineCallFrame : *dfgCommon-&gt;inlineCallFrames) {
</span><span class="cx">             ASSERT(inlineCallFrame-&gt;baselineCodeBlock);
</span><del>-            visitor.append(&amp;inlineCallFrame-&gt;baselineCodeBlock);
</del><ins>+            visitor.append(inlineCallFrame-&gt;baselineCodeBlock);
</ins><span class="cx">         }
</span><span class="cx">     }
</span><span class="cx"> #endif
</span><span class="lines">@@ -3062,22 +3062,22 @@
</span><span class="cx"> {
</span><span class="cx">     UNUSED_PARAM(locker);
</span><span class="cx">     
</span><del>-    visitor.append(&amp;m_globalObject);
-    visitor.append(&amp;m_ownerExecutable);
-    visitor.append(&amp;m_unlinkedCode);
</del><ins>+    visitor.append(m_globalObject);
+    visitor.append(m_ownerExecutable);
+    visitor.append(m_unlinkedCode);
</ins><span class="cx">     if (m_rareData)
</span><span class="cx">         m_rareData-&gt;m_directEvalCodeCache.visitAggregate(visitor);
</span><span class="cx">     visitor.appendValues(m_constantRegisters.data(), m_constantRegisters.size());
</span><span class="cx">     for (size_t i = 0; i &lt; m_functionExprs.size(); ++i)
</span><del>-        visitor.append(&amp;m_functionExprs[i]);
</del><ins>+        visitor.append(m_functionExprs[i]);
</ins><span class="cx">     for (size_t i = 0; i &lt; m_functionDecls.size(); ++i)
</span><del>-        visitor.append(&amp;m_functionDecls[i]);
</del><ins>+        visitor.append(m_functionDecls[i]);
</ins><span class="cx">     for (unsigned i = 0; i &lt; m_objectAllocationProfiles.size(); ++i)
</span><span class="cx">         m_objectAllocationProfiles[i].visitAggregate(visitor);
</span><span class="cx"> 
</span><span class="cx"> #if ENABLE(JIT)
</span><span class="cx">     for (ByValInfo* byValInfo : m_byValInfos)
</span><del>-        visitor.append(&amp;byValInfo-&gt;cachedSymbol);
</del><ins>+        visitor.append(byValInfo-&gt;cachedSymbol);
</ins><span class="cx"> #endif
</span><span class="cx"> 
</span><span class="cx"> #if ENABLE(DFG_JIT)
</span><span class="lines">@@ -3098,16 +3098,16 @@
</span><span class="cx"> 
</span><span class="cx">     for (unsigned i = 0; i &lt; dfgCommon-&gt;transitions.size(); ++i) {
</span><span class="cx">         if (!!dfgCommon-&gt;transitions[i].m_codeOrigin)
</span><del>-            visitor.append(&amp;dfgCommon-&gt;transitions[i].m_codeOrigin); // Almost certainly not necessary, since the code origin should also be a weak reference. Better to be safe, though.
-        visitor.append(&amp;dfgCommon-&gt;transitions[i].m_from);
-        visitor.append(&amp;dfgCommon-&gt;transitions[i].m_to);
</del><ins>+            visitor.append(dfgCommon-&gt;transitions[i].m_codeOrigin); // Almost certainly not necessary, since the code origin should also be a weak reference. Better to be safe, though.
+        visitor.append(dfgCommon-&gt;transitions[i].m_from);
+        visitor.append(dfgCommon-&gt;transitions[i].m_to);
</ins><span class="cx">     }
</span><span class="cx">     
</span><span class="cx">     for (unsigned i = 0; i &lt; dfgCommon-&gt;weakReferences.size(); ++i)
</span><del>-        visitor.append(&amp;dfgCommon-&gt;weakReferences[i]);
</del><ins>+        visitor.append(dfgCommon-&gt;weakReferences[i]);
</ins><span class="cx"> 
</span><span class="cx">     for (unsigned i = 0; i &lt; dfgCommon-&gt;weakStructureReferences.size(); ++i)
</span><del>-        visitor.append(&amp;dfgCommon-&gt;weakStructureReferences[i]);
</del><ins>+        visitor.append(dfgCommon-&gt;weakStructureReferences[i]);
</ins><span class="cx"> 
</span><span class="cx">     dfgCommon-&gt;livenessHasBeenProved = true;
</span><span class="cx"> #endif    
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeDirectEvalCodeCachecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/DirectEvalCodeCache.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/DirectEvalCodeCache.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/bytecode/DirectEvalCodeCache.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -47,7 +47,7 @@
</span><span class="cx">     LockHolder locker(m_lock);
</span><span class="cx">     EvalCacheMap::iterator end = m_cacheMap.end();
</span><span class="cx">     for (EvalCacheMap::iterator ptr = m_cacheMap.begin(); ptr != end; ++ptr)
</span><del>-        visitor.append(&amp;ptr-&gt;value);
</del><ins>+        visitor.append(ptr-&gt;value);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeInternalFunctionAllocationProfileh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/InternalFunctionAllocationProfile.h (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/InternalFunctionAllocationProfile.h        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/bytecode/InternalFunctionAllocationProfile.h        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -38,7 +38,7 @@
</span><span class="cx">     Structure* createAllocationStructureFromBase(VM&amp;, JSCell* owner, JSObject* prototype, Structure* base);
</span><span class="cx"> 
</span><span class="cx">     void clear() { m_structure.clear(); }
</span><del>-    void visitAggregate(SlotVisitor&amp; visitor) { visitor.append(&amp;m_structure); }
</del><ins>+    void visitAggregate(SlotVisitor&amp; visitor) { visitor.append(m_structure); }
</ins><span class="cx"> 
</span><span class="cx"> private:
</span><span class="cx">     WriteBarrier&lt;Structure&gt; m_structure;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeObjectAllocationProfileh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/ObjectAllocationProfile.h (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/ObjectAllocationProfile.h        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/bytecode/ObjectAllocationProfile.h        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013-2016 Apple Inc. All rights reserved.
</ins><span class="cx">  *
</span><span class="cx">  * Redistribution and use in source and binary forms, with or without
</span><span class="cx">  * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -121,7 +121,7 @@
</span><span class="cx"> 
</span><span class="cx">     void visitAggregate(SlotVisitor&amp; visitor)
</span><span class="cx">     {
</span><del>-        visitor.append(&amp;m_structure);
</del><ins>+        visitor.append(m_structure);
</ins><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx"> private:
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodePolymorphicAccesscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -575,7 +575,7 @@
</span><span class="cx">     switch (m_type) {
</span><span class="cx">     case Transition:
</span><span class="cx">         if (Heap::isMarkedConcurrently(m_structure-&gt;previousID()))
</span><del>-            visitor.appendUnbarrieredReadOnlyPointer(m_structure.get());
</del><ins>+            visitor.appendUnbarriered(m_structure.get());
</ins><span class="cx">         else
</span><span class="cx">             result = false;
</span><span class="cx">         break;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeUnlinkedCodeBlockcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -94,15 +94,15 @@
</span><span class="cx">     Base::visitChildren(thisObject, visitor);
</span><span class="cx">     auto locker = holdLock(*thisObject);
</span><span class="cx">     for (FunctionExpressionVector::iterator ptr = thisObject-&gt;m_functionDecls.begin(), end = thisObject-&gt;m_functionDecls.end(); ptr != end; ++ptr)
</span><del>-        visitor.append(ptr);
</del><ins>+        visitor.append(*ptr);
</ins><span class="cx">     for (FunctionExpressionVector::iterator ptr = thisObject-&gt;m_functionExprs.begin(), end = thisObject-&gt;m_functionExprs.end(); ptr != end; ++ptr)
</span><del>-        visitor.append(ptr);
</del><ins>+        visitor.append(*ptr);
</ins><span class="cx">     visitor.appendValues(thisObject-&gt;m_constantRegisters.data(), thisObject-&gt;m_constantRegisters.size());
</span><span class="cx">     if (thisObject-&gt;m_unlinkedInstructions)
</span><span class="cx">         visitor.reportExtraMemoryVisited(thisObject-&gt;m_unlinkedInstructions-&gt;sizeInBytes());
</span><span class="cx">     if (thisObject-&gt;m_rareData) {
</span><span class="cx">         for (size_t i = 0, end = thisObject-&gt;m_rareData-&gt;m_regexps.size(); i != end; i++)
</span><del>-            visitor.append(&amp;thisObject-&gt;m_rareData-&gt;m_regexps[i]);
</del><ins>+            visitor.append(thisObject-&gt;m_rareData-&gt;m_regexps[i]);
</ins><span class="cx">     }
</span><span class="cx"> }
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeUnlinkedFunctionExecutablecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -127,8 +127,8 @@
</span><span class="cx">     UnlinkedFunctionExecutable* thisObject = jsCast&lt;UnlinkedFunctionExecutable*&gt;(cell);
</span><span class="cx">     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
</span><span class="cx">     Base::visitChildren(thisObject, visitor);
</span><del>-    visitor.append(&amp;thisObject-&gt;m_unlinkedCodeBlockForCall);
-    visitor.append(&amp;thisObject-&gt;m_unlinkedCodeBlockForConstruct);
</del><ins>+    visitor.append(thisObject-&gt;m_unlinkedCodeBlockForCall);
+    visitor.append(thisObject-&gt;m_unlinkedCodeBlockForConstruct);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> FunctionExecutable* UnlinkedFunctionExecutable::link(VM&amp; vm, const SourceCode&amp; passedParentSource, std::optional&lt;int&gt; overrideLineNumber, Intrinsic intrinsic)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredebuggerDebuggerScopecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/debugger/DebuggerScope.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/debugger/DebuggerScope.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/debugger/DebuggerScope.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -61,8 +61,8 @@
</span><span class="cx">     DebuggerScope* thisObject = jsCast&lt;DebuggerScope*&gt;(cell);
</span><span class="cx">     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
</span><span class="cx">     JSObject::visitChildren(thisObject, visitor);
</span><del>-    visitor.append(&amp;thisObject-&gt;m_scope);
-    visitor.append(&amp;thisObject-&gt;m_next);
</del><ins>+    visitor.append(thisObject-&gt;m_scope);
+    visitor.append(thisObject-&gt;m_next);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> String DebuggerScope::className(const JSObject* object)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGDesiredTransitionscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGDesiredTransitions.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGDesiredTransitions.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/dfg/DFGDesiredTransitions.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013, 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013-2016 Apple Inc. All rights reserved.
</ins><span class="cx">  *
</span><span class="cx">  * Redistribution and use in source and binary forms, with or without
</span><span class="cx">  * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -53,9 +53,9 @@
</span><span class="cx"> 
</span><span class="cx"> void DesiredTransition::visitChildren(SlotVisitor&amp; visitor)
</span><span class="cx"> {
</span><del>-    visitor.appendUnbarrieredPointer(&amp;m_codeOriginOwner);
-    visitor.appendUnbarrieredPointer(&amp;m_oldStructure);
-    visitor.appendUnbarrieredPointer(&amp;m_newStructure);
</del><ins>+    visitor.appendUnbarriered(m_codeOriginOwner);
+    visitor.appendUnbarriered(m_oldStructure);
+    visitor.appendUnbarriered(m_newStructure);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> DesiredTransitions::DesiredTransitions()
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGDesiredWeakReferencescpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGDesiredWeakReferences.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGDesiredWeakReferences.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/dfg/DFGDesiredWeakReferences.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013-2015 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013-2016 Apple Inc. All rights reserved.
</ins><span class="cx">  *
</span><span class="cx">  * Redistribution and use in source and binary forms, with or without
</span><span class="cx">  * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -81,7 +81,7 @@
</span><span class="cx"> void DesiredWeakReferences::visitChildren(SlotVisitor&amp; visitor)
</span><span class="cx"> {
</span><span class="cx">     for (JSCell* target : m_references)
</span><del>-        visitor.appendUnbarrieredPointer(&amp;target);
</del><ins>+        visitor.appendUnbarriered(target);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> } } // namespace JSC::DFG
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGGraphcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGGraph.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGGraph.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/dfg/DFGGraph.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -1410,8 +1410,8 @@
</span><span class="cx"> void Graph::visitChildren(SlotVisitor&amp; visitor)
</span><span class="cx"> {
</span><span class="cx">     for (FrozenValue* value : m_frozenValues) {
</span><del>-        visitor.appendUnbarrieredReadOnlyValue(value-&gt;value());
-        visitor.appendUnbarrieredReadOnlyPointer(value-&gt;structure());
</del><ins>+        visitor.appendUnbarriered(value-&gt;value());
+        visitor.appendUnbarriered(value-&gt;structure());
</ins><span class="cx">     }
</span><span class="cx">     
</span><span class="cx">     for (BlockIndex blockIndex = numBlocks(); blockIndex--;) {
</span><span class="lines">@@ -1425,28 +1425,26 @@
</span><span class="cx">             switch (node-&gt;op()) {
</span><span class="cx">             case CheckStructure:
</span><span class="cx">                 for (unsigned i = node-&gt;structureSet().size(); i--;)
</span><del>-                    visitor.appendUnbarrieredReadOnlyPointer(node-&gt;structureSet()[i]);
</del><ins>+                    visitor.appendUnbarriered(node-&gt;structureSet()[i]);
</ins><span class="cx">                 break;
</span><span class="cx">                 
</span><span class="cx">             case NewObject:
</span><span class="cx">             case ArrayifyToStructure:
</span><span class="cx">             case NewStringObject:
</span><del>-                visitor.appendUnbarrieredReadOnlyPointer(node-&gt;structure());
</del><ins>+                visitor.appendUnbarriered(node-&gt;structure());
</ins><span class="cx">                 break;
</span><span class="cx">                 
</span><span class="cx">             case PutStructure:
</span><span class="cx">             case AllocatePropertyStorage:
</span><span class="cx">             case ReallocatePropertyStorage:
</span><del>-                visitor.appendUnbarrieredReadOnlyPointer(
-                    node-&gt;transition()-&gt;previous);
-                visitor.appendUnbarrieredReadOnlyPointer(
-                    node-&gt;transition()-&gt;next);
</del><ins>+                visitor.appendUnbarriered(node-&gt;transition()-&gt;previous);
+                visitor.appendUnbarriered(node-&gt;transition()-&gt;next);
</ins><span class="cx">                 break;
</span><span class="cx">                 
</span><span class="cx">             case MultiGetByOffset:
</span><span class="cx">                 for (const MultiGetByOffsetCase&amp; getCase : node-&gt;multiGetByOffsetData().cases) {
</span><span class="cx">                     for (Structure* structure : getCase.set())
</span><del>-                        visitor.appendUnbarrieredReadOnlyPointer(structure);
</del><ins>+                        visitor.appendUnbarriered(structure);
</ins><span class="cx">                 }
</span><span class="cx">                 break;
</span><span class="cx">                     
</span><span class="lines">@@ -1455,9 +1453,9 @@
</span><span class="cx">                     PutByIdVariant&amp; variant = node-&gt;multiPutByOffsetData().variants[i];
</span><span class="cx">                     const StructureSet&amp; set = variant.oldStructure();
</span><span class="cx">                     for (unsigned j = set.size(); j--;)
</span><del>-                        visitor.appendUnbarrieredReadOnlyPointer(set[j]);
</del><ins>+                        visitor.appendUnbarriered(set[j]);
</ins><span class="cx">                     if (variant.kind() == PutByIdVariant::Transition)
</span><del>-                        visitor.appendUnbarrieredReadOnlyPointer(variant.newStructure());
</del><ins>+                        visitor.appendUnbarriered(variant.newStructure());
</ins><span class="cx">                 }
</span><span class="cx">                 break;
</span><span class="cx">                 
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGPlancpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGPlan.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGPlan.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/dfg/DFGPlan.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -619,10 +619,10 @@
</span><span class="cx">     // an explicit barrier. So, we need to be pessimistic and assume that
</span><span class="cx">     // all our CodeBlocks must be visited during GC.
</span><span class="cx"> 
</span><del>-    slotVisitor.appendUnbarrieredReadOnlyPointer(codeBlock);
-    slotVisitor.appendUnbarrieredReadOnlyPointer(codeBlock-&gt;alternative());
</del><ins>+    slotVisitor.appendUnbarriered(codeBlock);
+    slotVisitor.appendUnbarriered(codeBlock-&gt;alternative());
</ins><span class="cx">     if (profiledDFGCodeBlock)
</span><del>-        slotVisitor.appendUnbarrieredReadOnlyPointer(profiledDFGCodeBlock);
</del><ins>+        slotVisitor.appendUnbarriered(profiledDFGCodeBlock);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void Plan::rememberCodeBlocks(VM&amp; vm)
</span><span class="lines">@@ -647,16 +647,16 @@
</span><span class="cx"> 
</span><span class="cx">     cleanMustHandleValuesIfNecessary();
</span><span class="cx">     for (unsigned i = mustHandleValues.size(); i--;)
</span><del>-        visitor.appendUnbarrieredValue(&amp;mustHandleValues[i]);
</del><ins>+        visitor.appendUnbarriered(mustHandleValues[i]);
</ins><span class="cx"> 
</span><del>-    visitor.appendUnbarrieredReadOnlyPointer(codeBlock);
-    visitor.appendUnbarrieredReadOnlyPointer(codeBlock-&gt;alternative());
-    visitor.appendUnbarrieredReadOnlyPointer(profiledDFGCodeBlock);
</del><ins>+    visitor.appendUnbarriered(codeBlock);
+    visitor.appendUnbarriered(codeBlock-&gt;alternative());
+    visitor.appendUnbarriered(profiledDFGCodeBlock);
</ins><span class="cx"> 
</span><span class="cx">     if (inlineCallFrames) {
</span><span class="cx">         for (auto* inlineCallFrame : *inlineCallFrames) {
</span><span class="cx">             ASSERT(inlineCallFrame-&gt;baselineCodeBlock.get());
</span><del>-            visitor.appendUnbarrieredReadOnlyPointer(inlineCallFrame-&gt;baselineCodeBlock.get());
</del><ins>+            visitor.appendUnbarriered(inlineCallFrame-&gt;baselineCodeBlock.get());
</ins><span class="cx">         }
</span><span class="cx">     }
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreheapHandleSetcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/heap/HandleSet.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/heap/HandleSet.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/heap/HandleSet.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2011 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2011-2016 Apple Inc. All rights reserved.
</ins><span class="cx">  *
</span><span class="cx">  * Redistribution and use in source and binary forms, with or without
</span><span class="cx">  * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -28,7 +28,6 @@
</span><span class="cx"> 
</span><span class="cx"> #include &quot;HandleBlock.h&quot;
</span><span class="cx"> #include &quot;HandleBlockInlines.h&quot;
</span><del>-#include &quot;HeapRootVisitor.h&quot;
</del><span class="cx"> #include &quot;JSObject.h&quot;
</span><span class="cx"> #include &quot;JSCInlines.h&quot;
</span><span class="cx"> #include &lt;wtf/DataLog.h&gt;
</span><span class="lines">@@ -59,7 +58,7 @@
</span><span class="cx">     }
</span><span class="cx"> }
</span><span class="cx"> 
</span><del>-void HandleSet::visitStrongHandles(HeapRootVisitor&amp; heapRootVisitor)
</del><ins>+void HandleSet::visitStrongHandles(SlotVisitor&amp; visitor)
</ins><span class="cx"> {
</span><span class="cx">     Node* end = m_strongList.end();
</span><span class="cx">     for (Node* node = m_strongList.begin(); node != end; node = node-&gt;next()) {
</span><span class="lines">@@ -66,7 +65,7 @@
</span><span class="cx"> #if ENABLE(GC_VALIDATION)
</span><span class="cx">         RELEASE_ASSERT(isLiveNode(node));
</span><span class="cx"> #endif
</span><del>-        heapRootVisitor.visit(node-&gt;slot());
</del><ins>+        visitor.appendUnbarriered(*node-&gt;slot());
</ins><span class="cx">     }
</span><span class="cx"> }
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreheapHandleSeth"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/heap/HandleSet.h (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/heap/HandleSet.h        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/heap/HandleSet.h        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -36,9 +36,9 @@
</span><span class="cx"> namespace JSC {
</span><span class="cx"> 
</span><span class="cx"> class HandleSet;
</span><del>-class HeapRootVisitor;
</del><span class="cx"> class VM;
</span><span class="cx"> class JSValue;
</span><ins>+class SlotVisitor;
</ins><span class="cx"> 
</span><span class="cx"> class HandleNode {
</span><span class="cx"> public:
</span><span class="lines">@@ -73,7 +73,7 @@
</span><span class="cx">     HandleSlot allocate();
</span><span class="cx">     void deallocate(HandleSlot);
</span><span class="cx"> 
</span><del>-    void visitStrongHandles(HeapRootVisitor&amp;);
</del><ins>+    void visitStrongHandles(SlotVisitor&amp;);
</ins><span class="cx"> 
</span><span class="cx">     JS_EXPORT_PRIVATE void writeBarrier(HandleSlot, const JSValue&amp;);
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreheapHandleStackcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/heap/HandleStack.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/heap/HandleStack.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/heap/HandleStack.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2010 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2010-2016 Apple Inc. All rights reserved.
</ins><span class="cx">  *
</span><span class="cx">  * Redistribution and use in source and binary forms, with or without
</span><span class="cx">  * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -26,7 +26,6 @@
</span><span class="cx"> #include &quot;config.h&quot;
</span><span class="cx"> #include &quot;HandleStack.h&quot;
</span><span class="cx"> 
</span><del>-#include &quot;HeapRootVisitor.h&quot;
</del><span class="cx"> #include &quot;JSObject.h&quot;
</span><span class="cx"> #include &quot;JSCInlines.h&quot;
</span><span class="cx"> 
</span><span class="lines">@@ -40,7 +39,7 @@
</span><span class="cx">     grow();
</span><span class="cx"> }
</span><span class="cx"> 
</span><del>-void HandleStack::visit(HeapRootVisitor&amp; heapRootVisitor)
</del><ins>+void HandleStack::visit(SlotVisitor&amp; visitor)
</ins><span class="cx"> {
</span><span class="cx">     const Vector&lt;HandleSlot&gt;&amp; blocks = m_blockStack.blocks();
</span><span class="cx">     size_t blockLength = m_blockStack.blockLength;
</span><span class="lines">@@ -48,10 +47,10 @@
</span><span class="cx">     int end = blocks.size() - 1;
</span><span class="cx">     for (int i = 0; i &lt; end; ++i) {
</span><span class="cx">         HandleSlot block = blocks[i];
</span><del>-        heapRootVisitor.visit(block, blockLength);
</del><ins>+        visitor.appendUnbarriered(block, blockLength);
</ins><span class="cx">     }
</span><span class="cx">     HandleSlot block = blocks[end];
</span><del>-    heapRootVisitor.visit(block, m_frame.m_next - block);
</del><ins>+    visitor.appendUnbarriered(block, m_frame.m_next - block);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void HandleStack::grow()
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreheapHandleStackh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/heap/HandleStack.h (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/heap/HandleStack.h        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/heap/HandleStack.h        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2010 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2010-2016 Apple Inc. All rights reserved.
</ins><span class="cx">  *
</span><span class="cx">  * Redistribution and use in source and binary forms, with or without
</span><span class="cx">  * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -32,7 +32,7 @@
</span><span class="cx"> namespace JSC {
</span><span class="cx"> 
</span><span class="cx"> class LocalScope;
</span><del>-class HeapRootVisitor;
</del><ins>+class SlotVisitor;
</ins><span class="cx"> 
</span><span class="cx"> class HandleStack {
</span><span class="cx"> public:
</span><span class="lines">@@ -49,7 +49,7 @@
</span><span class="cx"> 
</span><span class="cx">     HandleSlot push();
</span><span class="cx"> 
</span><del>-    void visit(HeapRootVisitor&amp;);
</del><ins>+    void visit(SlotVisitor&amp;);
</ins><span class="cx"> 
</span><span class="cx"> private:
</span><span class="cx">     JS_EXPORT_PRIVATE void grow();
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreheapHeapcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/heap/Heap.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/heap/Heap.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/heap/Heap.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -26,6 +26,7 @@
</span><span class="cx"> #include &quot;ConservativeRoots.h&quot;
</span><span class="cx"> #include &quot;DFGWorklist.h&quot;
</span><span class="cx"> #include &quot;EdenGCActivityCallback.h&quot;
</span><ins>+#include &quot;Exception.h&quot;
</ins><span class="cx"> #include &quot;FullGCActivityCallback.h&quot;
</span><span class="cx"> #include &quot;GCActivityCallback.h&quot;
</span><span class="cx"> #include &quot;GCIncomingRefCountedSetInlines.h&quot;
</span><span class="lines">@@ -35,7 +36,6 @@
</span><span class="cx"> #include &quot;HeapHelperPool.h&quot;
</span><span class="cx"> #include &quot;HeapIterationScope.h&quot;
</span><span class="cx"> #include &quot;HeapProfiler.h&quot;
</span><del>-#include &quot;HeapRootVisitor.h&quot;
</del><span class="cx"> #include &quot;HeapSnapshot.h&quot;
</span><span class="cx"> #include &quot;HeapStatistics.h&quot;
</span><span class="cx"> #include &quot;HeapVerifier.h&quot;
</span><span class="lines">@@ -515,8 +515,6 @@
</span><span class="cx"> {
</span><span class="cx">     TimingScope markToFixpointTimingScope(*this, &quot;Heap::markToFixpoint&quot;);
</span><span class="cx">     
</span><del>-    HeapRootVisitor heapRootVisitor(*m_collectorSlotVisitor);
-    
</del><span class="cx">     if (m_collectionScope == CollectionScope::Full) {
</span><span class="cx">         m_opaqueRoots.clear();
</span><span class="cx">         m_collectorSlotVisitor-&gt;clearMarkStacks();
</span><span class="lines">@@ -559,7 +557,8 @@
</span><span class="cx">             }
</span><span class="cx">         });
</span><span class="cx"> 
</span><del>-    m_collectorSlotVisitor-&gt;didStartMarking();
</del><ins>+    SlotVisitor&amp; slotVisitor = *m_collectorSlotVisitor;
+    slotVisitor.didStartMarking();
</ins><span class="cx"> 
</span><span class="cx">     SpaceTimeScheduler scheduler(*this);
</span><span class="cx">     
</span><span class="lines">@@ -580,55 +579,53 @@
</span><span class="cx">         // Now we visit roots that don't get barriered, so each fixpoint iteration just revisits
</span><span class="cx">         // all of them.
</span><span class="cx"> #if JSC_OBJC_API_ENABLED
</span><del>-        scanExternalRememberedSet(*m_vm, *m_collectorSlotVisitor);
</del><ins>+        scanExternalRememberedSet(*m_vm, slotVisitor);
</ins><span class="cx"> #endif
</span><span class="cx">             
</span><span class="cx">         if (m_vm-&gt;smallStrings.needsToBeVisited(*m_collectionScope))
</span><del>-            m_vm-&gt;smallStrings.visitStrongReferences(*m_collectorSlotVisitor);
</del><ins>+            m_vm-&gt;smallStrings.visitStrongReferences(slotVisitor);
</ins><span class="cx">             
</span><span class="cx">         for (auto&amp; pair : m_protectedValues)
</span><del>-            heapRootVisitor.visit(&amp;pair.key);
</del><ins>+            slotVisitor.appendUnbarriered(pair.key);
</ins><span class="cx">             
</span><span class="cx">         if (m_markListSet &amp;&amp; m_markListSet-&gt;size())
</span><del>-            MarkedArgumentBuffer::markLists(heapRootVisitor, *m_markListSet);
</del><ins>+            MarkedArgumentBuffer::markLists(slotVisitor, *m_markListSet);
</ins><span class="cx">             
</span><del>-        if (m_vm-&gt;exception())
-            heapRootVisitor.visit(m_vm-&gt;addressOfException());
-        if (m_vm-&gt;lastException())
-            heapRootVisitor.visit(m_vm-&gt;addressOfLastException());
</del><ins>+        slotVisitor.appendUnbarriered(m_vm-&gt;exception());
+        slotVisitor.appendUnbarriered(m_vm-&gt;lastException());
</ins><span class="cx">             
</span><del>-        m_handleSet.visitStrongHandles(heapRootVisitor);
-        m_handleStack.visit(heapRootVisitor);
</del><ins>+        m_handleSet.visitStrongHandles(slotVisitor);
+        m_handleStack.visit(slotVisitor);
</ins><span class="cx"> 
</span><span class="cx"> #if ENABLE(SAMPLING_PROFILER)
</span><span class="cx">         if (SamplingProfiler* samplingProfiler = m_vm-&gt;samplingProfiler()) {
</span><span class="cx">             LockHolder locker(samplingProfiler-&gt;getLock());
</span><span class="cx">             samplingProfiler-&gt;processUnverifiedStackTraces();
</span><del>-            samplingProfiler-&gt;visit(*m_collectorSlotVisitor);
</del><ins>+            samplingProfiler-&gt;visit(slotVisitor);
</ins><span class="cx">             if (Options::logGC() == GCLogging::Verbose)
</span><del>-                dataLog(&quot;Sampling Profiler data:\n&quot;, *m_collectorSlotVisitor);
</del><ins>+                dataLog(&quot;Sampling Profiler data:\n&quot;, slotVisitor);
</ins><span class="cx">         }
</span><span class="cx"> #endif // ENABLE(SAMPLING_PROFILER)
</span><span class="cx">         
</span><span class="cx">         if (m_vm-&gt;typeProfiler())
</span><del>-            m_vm-&gt;typeProfilerLog()-&gt;visit(*m_collectorSlotVisitor);
</del><ins>+            m_vm-&gt;typeProfilerLog()-&gt;visit(slotVisitor);
</ins><span class="cx">                 
</span><del>-        m_vm-&gt;shadowChicken().visitChildren(*m_collectorSlotVisitor);
</del><ins>+        m_vm-&gt;shadowChicken().visitChildren(slotVisitor);
</ins><span class="cx">                 
</span><del>-        m_jitStubRoutines-&gt;traceMarkedStubRoutines(*m_collectorSlotVisitor);
</del><ins>+        m_jitStubRoutines-&gt;traceMarkedStubRoutines(slotVisitor);
</ins><span class="cx"> 
</span><del>-        m_collectorSlotVisitor-&gt;mergeOpaqueRootsIfNecessary();
</del><ins>+        slotVisitor.mergeOpaqueRootsIfNecessary();
</ins><span class="cx">         for (auto&amp; parallelVisitor : m_parallelSlotVisitors)
</span><span class="cx">             parallelVisitor-&gt;mergeOpaqueRootsIfNecessary();
</span><span class="cx"> 
</span><del>-        m_objectSpace.visitWeakSets(heapRootVisitor);
</del><ins>+        m_objectSpace.visitWeakSets(slotVisitor);
</ins><span class="cx">         harvestWeakReferences();
</span><span class="cx">         visitCompilerWorklistWeakReferences();
</span><del>-        DFG::markCodeBlocks(*m_vm, *m_collectorSlotVisitor);
-        bool shouldTerminate = m_collectorSlotVisitor-&gt;isEmpty() &amp;&amp; m_mutatorMarkStack-&gt;isEmpty();
</del><ins>+        DFG::markCodeBlocks(*m_vm, slotVisitor);
+        bool shouldTerminate = slotVisitor.isEmpty() &amp;&amp; m_mutatorMarkStack-&gt;isEmpty();
</ins><span class="cx">         
</span><span class="cx">         if (Options::logGC()) {
</span><del>-            dataLog(m_collectorSlotVisitor-&gt;collectorMarkStack().size(), &quot;+&quot;, m_mutatorMarkStack-&gt;size() + m_collectorSlotVisitor-&gt;mutatorMarkStack().size(), &quot;, a=&quot;, m_bytesAllocatedThisCycle / 1024, &quot; kb, b=&quot;, m_barriersExecuted, &quot;, mu=&quot;, scheduler.currentDecision().targetMutatorUtilization(), &quot; &quot;);
</del><ins>+            dataLog(slotVisitor.collectorMarkStack().size(), &quot;+&quot;, m_mutatorMarkStack-&gt;size() + slotVisitor.mutatorMarkStack().size(), &quot;, a=&quot;, m_bytesAllocatedThisCycle / 1024, &quot; kb, b=&quot;, m_barriersExecuted, &quot;, mu=&quot;, scheduler.currentDecision().targetMutatorUtilization(), &quot; &quot;);
</ins><span class="cx">         }
</span><span class="cx">         
</span><span class="cx">         // We want to do this to conservatively ensure that we rescan any code blocks that are
</span><span class="lines">@@ -645,14 +642,14 @@
</span><span class="cx">         
</span><span class="cx">         // The SlotVisitor's mark stacks are accessed by the collector thread (i.e. this thread)
</span><span class="cx">         // without locks. That's why we double-buffer.
</span><del>-        m_mutatorMarkStack-&gt;transferTo(m_collectorSlotVisitor-&gt;mutatorMarkStack());
</del><ins>+        m_mutatorMarkStack-&gt;transferTo(slotVisitor.mutatorMarkStack());
</ins><span class="cx">         
</span><span class="cx">         if (Options::logGC() == GCLogging::Verbose)
</span><del>-            dataLog(&quot;Live Weak Handles:\n&quot;, *m_collectorSlotVisitor);
</del><ins>+            dataLog(&quot;Live Weak Handles:\n&quot;, slotVisitor);
</ins><span class="cx">         
</span><span class="cx">         {
</span><span class="cx">             TimingScope traceTimingScope(*this, &quot;Heap::markToFixpoint tracing&quot;);
</span><del>-            ParallelModeEnabler enabler(*m_collectorSlotVisitor);
</del><ins>+            ParallelModeEnabler enabler(slotVisitor);
</ins><span class="cx">             
</span><span class="cx">             if (Options::useCollectorTimeslicing()) {
</span><span class="cx">                 scheduler.snapPhase();
</span><span class="lines">@@ -663,7 +660,7 @@
</span><span class="cx">                     if (decision.shouldBeResumed()) {
</span><span class="cx">                         {
</span><span class="cx">                             ResumeTheWorldScope resumeTheWorldScope(*this);
</span><del>-                            drainResult = m_collectorSlotVisitor-&gt;drainInParallelPassively(decision.timeToStop());
</del><ins>+                            drainResult = slotVisitor.drainInParallelPassively(decision.timeToStop());
</ins><span class="cx">                             if (drainResult == SlotVisitor::SharedDrainResult::Done) {
</span><span class="cx">                                 // At this point we will stop. But maybe the scheduler does not want
</span><span class="cx">                                 // that.
</span><span class="lines">@@ -680,13 +677,13 @@
</span><span class="cx">                                 dataLog(&quot;wul!=&quot;, wakeUpLatency.milliseconds(), &quot; ms &quot;);
</span><span class="cx">                         }
</span><span class="cx">                     } else
</span><del>-                        drainResult = m_collectorSlotVisitor-&gt;drainInParallel(decision.timeToResume());
</del><ins>+                        drainResult = slotVisitor.drainInParallel(decision.timeToResume());
</ins><span class="cx">                 } while (drainResult != SlotVisitor::SharedDrainResult::Done);
</span><span class="cx">             } else {
</span><span class="cx">                 // Disabling collector timeslicing is meant to be used together with
</span><span class="cx">                 // --collectContinuously=true to maximize the opportunity for harmful races.
</span><span class="cx">                 ResumeTheWorldScope resumeTheWorldScope(*this);
</span><del>-                m_collectorSlotVisitor-&gt;drainInParallel();
</del><ins>+                slotVisitor.drainInParallel();
</ins><span class="cx">             }
</span><span class="cx">         }
</span><span class="cx">     }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreheapHeaph"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/heap/Heap.h (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/heap/Heap.h        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/heap/Heap.h        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -63,7 +63,6 @@
</span><span class="cx"> class GCAwareJITStubRoutine;
</span><span class="cx"> class Heap;
</span><span class="cx"> class HeapProfiler;
</span><del>-class HeapRootVisitor;
</del><span class="cx"> class HeapVerifier;
</span><span class="cx"> class HelpingGCScope;
</span><span class="cx"> class IncrementalSweeper;
</span><span class="lines">@@ -459,7 +458,6 @@
</span><span class="cx">     void visitConservativeRoots(ConservativeRoots&amp;);
</span><span class="cx">     void visitCompilerWorklistWeakReferences();
</span><span class="cx">     void removeDeadCompilerWorklistEntries();
</span><del>-    void markToFixpoint(HeapRootVisitor&amp;);
</del><span class="cx">     void updateObjectCounts(double gcStartTime);
</span><span class="cx">     void endMarking();
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreheapHeapRootVisitorh"></a>
<div class="delfile"><h4>Deleted: trunk/Source/JavaScriptCore/heap/HeapRootVisitor.h (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/heap/HeapRootVisitor.h        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/heap/HeapRootVisitor.h        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -1,84 +0,0 @@
</span><del>-/*
- * Copyright (C) 2009, 2011 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
- */
-
-#pragma once
-
-#include &quot;SlotVisitor.h&quot;
-#include &quot;SlotVisitorInlines.h&quot;
-
-namespace JSC {
-
-    // Privileged class for marking JSValues directly. It is only safe to use
-    // this class to mark direct heap roots that are marked during every GC pass.
-    // All other references should be wrapped in WriteBarriers.
-    class HeapRootVisitor {
-    private:
-        friend class Heap;
-        HeapRootVisitor(SlotVisitor&amp;);
-
-    public:
-        void visit(JSValue*);
-        void visit(JSValue*, size_t);
-        void visit(JSString**);
-        void visit(JSCell**);
-
-        SlotVisitor&amp; visitor();
-
-    private:
-        SlotVisitor&amp; m_visitor;
-    };
-
-    inline HeapRootVisitor::HeapRootVisitor(SlotVisitor&amp; visitor)
-        : m_visitor(visitor)
-    {
-    }
-
-    inline void HeapRootVisitor::visit(JSValue* slot)
-    {
-        m_visitor.appendUnbarrieredValue(slot);
-    }
-
-    inline void HeapRootVisitor::visit(JSValue* slot, size_t count)
-    {
-        for (size_t i = 0; i &lt; count; ++i)
-            m_visitor.appendUnbarrieredValue(&amp;slot[i]);
-    }
-
-    inline void HeapRootVisitor::visit(JSString** slot)
-    {
-        m_visitor.appendUnbarrieredPointer(slot);
-    }
-
-    inline void HeapRootVisitor::visit(JSCell** slot)
-    {
-        m_visitor.appendUnbarrieredPointer(slot);
-    }
-
-    inline SlotVisitor&amp; HeapRootVisitor::visitor()
-    {
-        return m_visitor;
-    }
-
-} // namespace JSC
</del></span></pre></div>
<a id="trunkSourceJavaScriptCoreheapLargeAllocationcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/heap/LargeAllocation.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/heap/LargeAllocation.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/heap/LargeAllocation.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -65,7 +65,7 @@
</span><span class="cx">     m_weakSet.shrink();
</span><span class="cx"> }
</span><span class="cx"> 
</span><del>-void LargeAllocation::visitWeakSet(HeapRootVisitor&amp; visitor)
</del><ins>+void LargeAllocation::visitWeakSet(SlotVisitor&amp; visitor)
</ins><span class="cx"> {
</span><span class="cx">     m_weakSet.visit(visitor);
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreheapLargeAllocationh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/heap/LargeAllocation.h (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/heap/LargeAllocation.h        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/heap/LargeAllocation.h        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -30,6 +30,8 @@
</span><span class="cx"> 
</span><span class="cx"> namespace JSC {
</span><span class="cx"> 
</span><ins>+class SlotVisitor;
+
</ins><span class="cx"> // WebKit has a good malloc that already knows what to do for large allocations. The GC shouldn't
</span><span class="cx"> // have to think about such things. That's where LargeAllocation comes in. We will allocate large
</span><span class="cx"> // objects directly using malloc, and put the LargeAllocation header just before them. We can detect
</span><span class="lines">@@ -62,7 +64,7 @@
</span><span class="cx">     
</span><span class="cx">     void shrink();
</span><span class="cx">     
</span><del>-    void visitWeakSet(HeapRootVisitor&amp;);
</del><ins>+    void visitWeakSet(SlotVisitor&amp;);
</ins><span class="cx">     void reapWeakSet();
</span><span class="cx">     
</span><span class="cx">     void clearNewlyAllocated() { m_isNewlyAllocated = false; }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreheapMarkedBlockh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/heap/MarkedBlock.h (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/heap/MarkedBlock.h        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/heap/MarkedBlock.h        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -40,6 +40,7 @@
</span><span class="cx"> class JSCell;
</span><span class="cx"> class MarkedAllocator;
</span><span class="cx"> class MarkedSpace;
</span><ins>+class SlotVisitor;
</ins><span class="cx"> 
</span><span class="cx"> typedef uintptr_t Bits;
</span><span class="cx"> typedef uint32_t HeapVersion;
</span><span class="lines">@@ -132,7 +133,7 @@
</span><span class="cx">         
</span><span class="cx">         void shrink();
</span><span class="cx">             
</span><del>-        unsigned visitWeakSet(HeapRootVisitor&amp;);
</del><ins>+        unsigned visitWeakSet(SlotVisitor&amp;);
</ins><span class="cx">         void reapWeakSet();
</span><span class="cx">             
</span><span class="cx">         // While allocating from a free list, MarkedBlock temporarily has bogus
</span><span class="lines">@@ -431,9 +432,9 @@
</span><span class="cx">     m_weakSet.shrink();
</span><span class="cx"> }
</span><span class="cx"> 
</span><del>-inline unsigned MarkedBlock::Handle::visitWeakSet(HeapRootVisitor&amp; heapRootVisitor)
</del><ins>+inline unsigned MarkedBlock::Handle::visitWeakSet(SlotVisitor&amp; visitor)
</ins><span class="cx"> {
</span><del>-    return m_weakSet.visit(heapRootVisitor);
</del><ins>+    return m_weakSet.visit(visitor);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> inline void MarkedBlock::Handle::reapWeakSet()
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreheapMarkedSpacecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/heap/MarkedSpace.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/heap/MarkedSpace.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/heap/MarkedSpace.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -359,10 +359,10 @@
</span><span class="cx">     m_allocatorForEmptyAllocation = m_firstAllocator;
</span><span class="cx"> }
</span><span class="cx"> 
</span><del>-void MarkedSpace::visitWeakSets(HeapRootVisitor&amp; heapRootVisitor)
</del><ins>+void MarkedSpace::visitWeakSets(SlotVisitor&amp; visitor)
</ins><span class="cx"> {
</span><span class="cx">     auto visit = [&amp;] (WeakSet* weakSet) {
</span><del>-        weakSet-&gt;visit(heapRootVisitor);
</del><ins>+        weakSet-&gt;visit(visitor);
</ins><span class="cx">     };
</span><span class="cx">     
</span><span class="cx">     m_newActiveWeakSets.forEach(visit);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreheapMarkedSpaceh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/heap/MarkedSpace.h (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/heap/MarkedSpace.h        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/heap/MarkedSpace.h        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -129,7 +129,7 @@
</span><span class="cx">     
</span><span class="cx">     void prepareForAllocation();
</span><span class="cx"> 
</span><del>-    void visitWeakSets(HeapRootVisitor&amp;);
</del><ins>+    void visitWeakSets(SlotVisitor&amp;);
</ins><span class="cx">     void reapWeakSets();
</span><span class="cx"> 
</span><span class="cx">     MarkedBlockSet&amp; blocks() { return m_blocks; }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreheapSlotVisitorcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/heap/SlotVisitor.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/heap/SlotVisitor.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/heap/SlotVisitor.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -216,7 +216,7 @@
</span><span class="cx">     } }
</span><span class="cx"> }
</span><span class="cx"> 
</span><del>-void SlotVisitor::append(JSValue value)
</del><ins>+void SlotVisitor::appendUnbarriered(JSValue value)
</ins><span class="cx"> {
</span><span class="cx">     if (!value || !value.isCell())
</span><span class="cx">         return;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreheapSlotVisitorh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/heap/SlotVisitor.h (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/heap/SlotVisitor.h        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/heap/SlotVisitor.h        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -52,7 +52,6 @@
</span><span class="cx">     WTF_MAKE_FAST_ALLOCATED;
</span><span class="cx"> 
</span><span class="cx">     friend class SetCurrentCellScope;
</span><del>-    friend class HeapRootVisitor; // Allowed to mark a JSValue* or JSCell** directly.
</del><span class="cx">     friend class Heap;
</span><span class="cx"> 
</span><span class="cx"> public:
</span><span class="lines">@@ -70,20 +69,27 @@
</span><span class="cx"> 
</span><span class="cx">     void append(ConservativeRoots&amp;);
</span><span class="cx">     
</span><del>-    template&lt;typename T&gt; void append(WriteBarrierBase&lt;T&gt;*);
-    template&lt;typename T&gt; void appendHidden(WriteBarrierBase&lt;T&gt;*);
</del><ins>+    template&lt;typename T&gt; void append(const WriteBarrierBase&lt;T&gt;&amp;);
+    template&lt;typename T&gt; void appendHidden(const WriteBarrierBase&lt;T&gt;&amp;);
</ins><span class="cx">     template&lt;typename Iterator&gt; void append(Iterator begin , Iterator end);
</span><del>-    void appendValues(WriteBarrierBase&lt;Unknown&gt;*, size_t count);
-    void appendValuesHidden(WriteBarrierBase&lt;Unknown&gt;*, size_t count);
</del><ins>+    void appendValues(const WriteBarrierBase&lt;Unknown&gt;*, size_t count);
+    void appendValuesHidden(const WriteBarrierBase&lt;Unknown&gt;*, size_t count);
</ins><span class="cx">     
</span><ins>+    // These don't require you to prove that you have a WriteBarrier&lt;&gt;. That makes sense
+    // for:
+    //
+    // - roots.
+    // - sophisticated data structures that barrier through other means (like DFG::Plan and
+    //   friends).
+    //
+    // If you are not a root and you don't know what kind of barrier you have, then you
+    // shouldn't call these methods.
+    JS_EXPORT_PRIVATE void appendUnbarriered(JSValue);
+    void appendUnbarriered(JSValue*, size_t);
+    void appendUnbarriered(JSCell*);
+    
</ins><span class="cx">     template&lt;typename T&gt;
</span><del>-    void appendUnbarrieredPointer(T**);
-    void appendUnbarrieredValue(JSValue*);
-    template&lt;typename T&gt;
-    void appendUnbarrieredWeak(Weak&lt;T&gt;*);
-    template&lt;typename T&gt;
-    void appendUnbarrieredReadOnlyPointer(T*);
-    void appendUnbarrieredReadOnlyValue(JSValue);
</del><ins>+    void append(const Weak&lt;T&gt;&amp; weak);
</ins><span class="cx">     
</span><span class="cx">     JS_EXPORT_PRIVATE void addOpaqueRoot(void*);
</span><span class="cx">     JS_EXPORT_PRIVATE bool containsOpaqueRoot(void*) const;
</span><span class="lines">@@ -149,7 +155,6 @@
</span><span class="cx"> private:
</span><span class="cx">     friend class ParallelModeEnabler;
</span><span class="cx">     
</span><del>-    JS_EXPORT_PRIVATE void append(JSValue); // This is private to encourage clients to use WriteBarrier&lt;T&gt;.
</del><span class="cx">     void appendJSCellOrAuxiliary(HeapCell*);
</span><span class="cx">     void appendHidden(JSValue);
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreheapSlotVisitorInlinesh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/heap/SlotVisitorInlines.h (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/heap/SlotVisitorInlines.h        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/heap/SlotVisitorInlines.h        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2012, 2013, 2015 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2012-2016 Apple Inc. All rights reserved.
</ins><span class="cx">  *
</span><span class="cx">  * Redistribution and use in source and binary forms, with or without
</span><span class="cx">  * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -31,47 +31,33 @@
</span><span class="cx"> 
</span><span class="cx"> namespace JSC {
</span><span class="cx"> 
</span><del>-template&lt;typename T&gt;
-inline void SlotVisitor::appendUnbarrieredPointer(T** slot)
</del><ins>+inline void SlotVisitor::appendUnbarriered(JSValue* slot, size_t count)
</ins><span class="cx"> {
</span><del>-    ASSERT(slot);
-    append(*slot);
</del><ins>+    for (size_t i = count; i--;)
+        appendUnbarriered(slot[i]);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><del>-template&lt;typename T&gt;
-inline void SlotVisitor::appendUnbarrieredReadOnlyPointer(T* cell)
</del><ins>+inline void SlotVisitor::appendUnbarriered(JSCell* cell)
</ins><span class="cx"> {
</span><del>-    append(cell);
</del><ins>+    appendUnbarriered(JSValue(cell));
</ins><span class="cx"> }
</span><span class="cx"> 
</span><del>-inline void SlotVisitor::appendUnbarrieredValue(JSValue* slot)
-{
-    ASSERT(slot);
-    append(*slot);
-}
-
-inline void SlotVisitor::appendUnbarrieredReadOnlyValue(JSValue value)
-{
-    append(value);
-}
-
</del><span class="cx"> template&lt;typename T&gt;
</span><del>-inline void SlotVisitor::appendUnbarrieredWeak(Weak&lt;T&gt;* weak)
</del><ins>+inline void SlotVisitor::append(const Weak&lt;T&gt;&amp; weak)
</ins><span class="cx"> {
</span><del>-    ASSERT(weak);
-    append(weak-&gt;get());
</del><ins>+    appendUnbarriered(weak.get());
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> template&lt;typename T&gt;
</span><del>-inline void SlotVisitor::append(WriteBarrierBase&lt;T&gt;* slot)
</del><ins>+inline void SlotVisitor::append(const WriteBarrierBase&lt;T&gt;&amp; slot)
</ins><span class="cx"> {
</span><del>-    append(slot-&gt;get());
</del><ins>+    appendUnbarriered(slot.get());
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> template&lt;typename T&gt;
</span><del>-inline void SlotVisitor::appendHidden(WriteBarrierBase&lt;T&gt;* slot)
</del><ins>+inline void SlotVisitor::appendHidden(const WriteBarrierBase&lt;T&gt;&amp; slot)
</ins><span class="cx"> {
</span><del>-    appendHidden(slot-&gt;get());
</del><ins>+    appendHidden(slot.get());
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> template&lt;typename Iterator&gt;
</span><span class="lines">@@ -78,19 +64,19 @@
</span><span class="cx"> inline void SlotVisitor::append(Iterator begin, Iterator end)
</span><span class="cx"> {
</span><span class="cx">     for (auto it = begin; it != end; ++it)
</span><del>-        append(&amp;*it);
</del><ins>+        append(*it);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><del>-inline void SlotVisitor::appendValues(WriteBarrierBase&lt;Unknown&gt;* barriers, size_t count)
</del><ins>+inline void SlotVisitor::appendValues(const WriteBarrierBase&lt;Unknown&gt;* barriers, size_t count)
</ins><span class="cx"> {
</span><span class="cx">     for (size_t i = 0; i &lt; count; ++i)
</span><del>-        append(&amp;barriers[i]);
</del><ins>+        append(barriers[i]);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><del>-inline void SlotVisitor::appendValuesHidden(WriteBarrierBase&lt;Unknown&gt;* barriers, size_t count)
</del><ins>+inline void SlotVisitor::appendValuesHidden(const WriteBarrierBase&lt;Unknown&gt;* barriers, size_t count)
</ins><span class="cx"> {
</span><span class="cx">     for (size_t i = 0; i &lt; count; ++i)
</span><del>-        appendHidden(&amp;barriers[i]);
</del><ins>+        appendHidden(barriers[i]);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> inline void SlotVisitor::reportExtraMemoryVisited(size_t size)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreheapWeakBlockcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/heap/WeakBlock.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/heap/WeakBlock.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/heap/WeakBlock.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -28,7 +28,6 @@
</span><span class="cx"> 
</span><span class="cx"> #include &quot;CellContainerInlines.h&quot;
</span><span class="cx"> #include &quot;Heap.h&quot;
</span><del>-#include &quot;HeapRootVisitor.h&quot;
</del><span class="cx"> #include &quot;JSCInlines.h&quot;
</span><span class="cx"> #include &quot;JSObject.h&quot;
</span><span class="cx"> #include &quot;WeakHandleOwner.h&quot;
</span><span class="lines">@@ -97,10 +96,8 @@
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> template&lt;typename ContainerType&gt;
</span><del>-void WeakBlock::specializedVisit(ContainerType&amp; container, HeapRootVisitor&amp; heapRootVisitor)
</del><ins>+void WeakBlock::specializedVisit(ContainerType&amp; container, SlotVisitor&amp; visitor)
</ins><span class="cx"> {
</span><del>-    SlotVisitor&amp; visitor = heapRootVisitor.visitor();
-    
</del><span class="cx">     HeapVersion markingVersion = visitor.markingVersion();
</span><span class="cx"> 
</span><span class="cx">     for (size_t i = 0; i &lt; weakImplCount(); ++i) {
</span><span class="lines">@@ -112,7 +109,7 @@
</span><span class="cx">         if (!weakHandleOwner)
</span><span class="cx">             continue;
</span><span class="cx"> 
</span><del>-        const JSValue&amp; jsValue = weakImpl-&gt;jsValue();
</del><ins>+        JSValue jsValue = weakImpl-&gt;jsValue();
</ins><span class="cx">         if (container.isMarkedConcurrently(markingVersion, jsValue.asCell()))
</span><span class="cx">             continue;
</span><span class="cx">         
</span><span class="lines">@@ -119,11 +116,11 @@
</span><span class="cx">         if (!weakHandleOwner-&gt;isReachableFromOpaqueRoots(Handle&lt;Unknown&gt;::wrapSlot(&amp;const_cast&lt;JSValue&amp;&gt;(jsValue)), weakImpl-&gt;context(), visitor))
</span><span class="cx">             continue;
</span><span class="cx"> 
</span><del>-        heapRootVisitor.visit(&amp;const_cast&lt;JSValue&amp;&gt;(jsValue));
</del><ins>+        visitor.appendUnbarriered(jsValue);
</ins><span class="cx">     }
</span><span class="cx"> }
</span><span class="cx"> 
</span><del>-void WeakBlock::visit(HeapRootVisitor&amp; heapRootVisitor)
</del><ins>+void WeakBlock::visit(SlotVisitor&amp; visitor)
</ins><span class="cx"> {
</span><span class="cx">     // If a block is completely empty, a visit won't have any effect.
</span><span class="cx">     if (isEmpty())
</span><span class="lines">@@ -133,9 +130,9 @@
</span><span class="cx">     ASSERT(m_container);
</span><span class="cx">     
</span><span class="cx">     if (m_container.isLargeAllocation())
</span><del>-        specializedVisit(m_container.largeAllocation(), heapRootVisitor);
</del><ins>+        specializedVisit(m_container.largeAllocation(), visitor);
</ins><span class="cx">     else
</span><del>-        specializedVisit(m_container.markedBlock(), heapRootVisitor);
</del><ins>+        specializedVisit(m_container.markedBlock(), visitor);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void WeakBlock::reap()
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreheapWeakBlockh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/heap/WeakBlock.h (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/heap/WeakBlock.h        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/heap/WeakBlock.h        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -33,7 +33,7 @@
</span><span class="cx"> namespace JSC {
</span><span class="cx"> 
</span><span class="cx"> class Heap;
</span><del>-class HeapRootVisitor;
</del><ins>+class SlotVisitor;
</ins><span class="cx"> 
</span><span class="cx"> class WeakBlock : public DoublyLinkedListNode&lt;WeakBlock&gt; {
</span><span class="cx"> public:
</span><span class="lines">@@ -63,7 +63,7 @@
</span><span class="cx">     void sweep();
</span><span class="cx">     SweepResult takeSweepResult();
</span><span class="cx"> 
</span><del>-    void visit(HeapRootVisitor&amp;);
</del><ins>+    void visit(SlotVisitor&amp;);
</ins><span class="cx">     void reap();
</span><span class="cx"> 
</span><span class="cx">     void lastChanceToFinalize();
</span><span class="lines">@@ -73,7 +73,7 @@
</span><span class="cx">     static FreeCell* asFreeCell(WeakImpl*);
</span><span class="cx">     
</span><span class="cx">     template&lt;typename ContainerType&gt;
</span><del>-    void specializedVisit(ContainerType&amp;, HeapRootVisitor&amp;);
</del><ins>+    void specializedVisit(ContainerType&amp;, SlotVisitor&amp;);
</ins><span class="cx"> 
</span><span class="cx">     explicit WeakBlock(CellContainer);
</span><span class="cx">     void finalize(WeakImpl*);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreheapWeakSeth"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/heap/WeakSet.h (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/heap/WeakSet.h        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/heap/WeakSet.h        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -53,7 +53,7 @@
</span><span class="cx"> 
</span><span class="cx">     bool isEmpty() const;
</span><span class="cx"> 
</span><del>-    unsigned visit(HeapRootVisitor&amp;);
</del><ins>+    unsigned visit(SlotVisitor&amp;);
</ins><span class="cx">     void reap();
</span><span class="cx">     void sweep();
</span><span class="cx">     void shrink();
</span><span class="lines">@@ -106,7 +106,7 @@
</span><span class="cx">         block-&gt;lastChanceToFinalize();
</span><span class="cx"> }
</span><span class="cx"> 
</span><del>-inline unsigned WeakSet::visit(HeapRootVisitor&amp; visitor)
</del><ins>+inline unsigned WeakSet::visit(SlotVisitor&amp; visitor)
</ins><span class="cx"> {
</span><span class="cx">     unsigned count = 0;
</span><span class="cx">     for (WeakBlock* block = m_blocks.head(); block; block = block-&gt;next()) {
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreinterpreterShadowChickencpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/interpreter/ShadowChicken.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/interpreter/ShadowChicken.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/interpreter/ShadowChicken.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -408,23 +408,23 @@
</span><span class="cx">     for (unsigned i = m_logCursor - m_log; i--;) {
</span><span class="cx">         JSObject* callee = m_log[i].callee;
</span><span class="cx">         if (callee != Packet::tailMarker() &amp;&amp; callee != Packet::throwMarker())
</span><del>-            visitor.appendUnbarrieredReadOnlyPointer(callee);
</del><ins>+            visitor.appendUnbarriered(callee);
</ins><span class="cx">         if (callee != Packet::throwMarker())
</span><del>-            visitor.appendUnbarrieredReadOnlyPointer(m_log[i].scope);
</del><ins>+            visitor.appendUnbarriered(m_log[i].scope);
</ins><span class="cx">         if (callee == Packet::tailMarker()) {
</span><del>-            visitor.appendUnbarrieredValue(&amp;m_log[i].thisValue);
-            visitor.appendUnbarrieredReadOnlyPointer(m_log[i].codeBlock);
</del><ins>+            visitor.appendUnbarriered(m_log[i].thisValue);
+            visitor.appendUnbarriered(m_log[i].codeBlock);
</ins><span class="cx">         }
</span><span class="cx">     }
</span><span class="cx">     
</span><span class="cx">     for (unsigned i = m_stack.size(); i--; ) {
</span><span class="cx">         Frame&amp; frame = m_stack[i];
</span><del>-        visitor.appendUnbarrieredValue(&amp;frame.thisValue);
-        visitor.appendUnbarrieredReadOnlyPointer(frame.callee);
</del><ins>+        visitor.appendUnbarriered(frame.thisValue);
+        visitor.appendUnbarriered(frame.callee);
</ins><span class="cx">         if (frame.scope)
</span><del>-            visitor.appendUnbarrieredReadOnlyPointer(frame.scope);
</del><ins>+            visitor.appendUnbarriered(frame.scope);
</ins><span class="cx">         if (frame.codeBlock)
</span><del>-            visitor.appendUnbarrieredReadOnlyPointer(frame.codeBlock);
</del><ins>+            visitor.appendUnbarriered(frame.codeBlock);
</ins><span class="cx">     }
</span><span class="cx"> }
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitGCAwareJITStubRoutinecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/GCAwareJITStubRoutine.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/GCAwareJITStubRoutine.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/jit/GCAwareJITStubRoutine.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -98,7 +98,7 @@
</span><span class="cx"> void MarkingGCAwareJITStubRoutine::markRequiredObjectsInternal(SlotVisitor&amp; visitor)
</span><span class="cx"> {
</span><span class="cx">     for (auto&amp; entry : m_cells)
</span><del>-        visitor.append(&amp;entry);
</del><ins>+        visitor.append(entry);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitPolymorphicCallStubRoutinecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/PolymorphicCallStubRoutine.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/PolymorphicCallStubRoutine.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/jit/PolymorphicCallStubRoutine.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2015 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2015-2016 Apple Inc. All rights reserved.
</ins><span class="cx">  *
</span><span class="cx">  * Redistribution and use in source and binary forms, with or without
</span><span class="cx">  * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -129,7 +129,7 @@
</span><span class="cx"> void PolymorphicCallStubRoutine::markRequiredObjectsInternal(SlotVisitor&amp; visitor)
</span><span class="cx"> {
</span><span class="cx">     for (auto&amp; variant : m_variants)
</span><del>-        visitor.append(&amp;variant);
</del><ins>+        visitor.append(variant);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejsccpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jsc.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jsc.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/jsc.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -183,7 +183,7 @@
</span><span class="cx">         Element* thisObject = jsCast&lt;Element*&gt;(cell);
</span><span class="cx">         ASSERT_GC_OBJECT_INHERITS(thisObject, info());
</span><span class="cx">         Base::visitChildren(thisObject, visitor);
</span><del>-        visitor.append(&amp;thisObject-&gt;m_root);
</del><ins>+        visitor.append(thisObject-&gt;m_root);
</ins><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     static ElementHandleOwner* handleOwner();
</span><span class="lines">@@ -330,7 +330,7 @@
</span><span class="cx">     {
</span><span class="cx">         Base::visitChildren(cell, visitor);
</span><span class="cx">         ImpureGetter* thisObject = jsCast&lt;ImpureGetter*&gt;(cell);
</span><del>-        visitor.append(&amp;thisObject-&gt;m_delegate);
</del><ins>+        visitor.append(thisObject-&gt;m_delegate);
</ins><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     void setDelegate(VM&amp; vm, JSObject* delegate)
</span><span class="lines">@@ -521,7 +521,7 @@
</span><span class="cx">         SimpleObject* thisObject = jsCast&lt;SimpleObject*&gt;(cell);
</span><span class="cx">         ASSERT_GC_OBJECT_INHERITS(thisObject, info());
</span><span class="cx">         Base::visitChildren(thisObject, visitor);
</span><del>-        visitor.append(&amp;thisObject-&gt;m_hiddenValue);
</del><ins>+        visitor.append(thisObject-&gt;m_hiddenValue);
</ins><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     static Structure* createStructure(VM&amp; vm, JSGlobalObject* globalObject, JSValue prototype)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeAbstractModuleRecordcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/AbstractModuleRecord.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/AbstractModuleRecord.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/AbstractModuleRecord.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -68,9 +68,9 @@
</span><span class="cx"> {
</span><span class="cx">     AbstractModuleRecord* thisObject = jsCast&lt;AbstractModuleRecord*&gt;(cell);
</span><span class="cx">     Base::visitChildren(thisObject, visitor);
</span><del>-    visitor.append(&amp;thisObject-&gt;m_moduleEnvironment);
-    visitor.append(&amp;thisObject-&gt;m_moduleNamespaceObject);
-    visitor.append(&amp;thisObject-&gt;m_dependenciesMap);
</del><ins>+    visitor.append(thisObject-&gt;m_moduleEnvironment);
+    visitor.append(thisObject-&gt;m_moduleNamespaceObject);
+    visitor.append(thisObject-&gt;m_dependenciesMap);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void AbstractModuleRecord::appendRequestedModule(const Identifier&amp; moduleName)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeArgListcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/ArgList.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/ArgList.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/ArgList.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -21,7 +21,6 @@
</span><span class="cx"> #include &quot;config.h&quot;
</span><span class="cx"> #include &quot;ArgList.h&quot;
</span><span class="cx"> 
</span><del>-#include &quot;HeapRootVisitor.h&quot;
</del><span class="cx"> #include &quot;JSCJSValue.h&quot;
</span><span class="cx"> #include &quot;JSObject.h&quot;
</span><span class="cx"> #include &quot;JSCInlines.h&quot;
</span><span class="lines">@@ -54,13 +53,13 @@
</span><span class="cx">     result.m_argCount =  m_argCount - startIndex;
</span><span class="cx"> }
</span><span class="cx"> 
</span><del>-void MarkedArgumentBuffer::markLists(HeapRootVisitor&amp; heapRootVisitor, ListSet&amp; markSet)
</del><ins>+void MarkedArgumentBuffer::markLists(SlotVisitor&amp; visitor, ListSet&amp; markSet)
</ins><span class="cx"> {
</span><span class="cx">     ListSet::iterator end = markSet.end();
</span><span class="cx">     for (ListSet::iterator it = markSet.begin(); it != end; ++it) {
</span><span class="cx">         MarkedArgumentBuffer* list = *it;
</span><span class="cx">         for (int i = 0; i &lt; list-&gt;m_size; ++i)
</span><del>-            heapRootVisitor.visit(reinterpret_cast&lt;JSValue*&gt;(&amp;list-&gt;slotFor(i)));
</del><ins>+            visitor.appendUnbarriered(JSValue::decode(list-&gt;slotFor(i)));
</ins><span class="cx">     }
</span><span class="cx"> }
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeArgListh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/ArgList.h (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/ArgList.h        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/ArgList.h        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -92,7 +92,7 @@
</span><span class="cx">         return JSValue::decode(slotFor(m_size - 1));
</span><span class="cx">     }
</span><span class="cx">         
</span><del>-    static void markLists(HeapRootVisitor&amp;, ListSet&amp;);
</del><ins>+    static void markLists(SlotVisitor&amp;, ListSet&amp;);
</ins><span class="cx"> 
</span><span class="cx"> private:
</span><span class="cx">     void expandCapacity();
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeClonedArgumentscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/ClonedArguments.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/ClonedArguments.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/ClonedArguments.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -273,7 +273,7 @@
</span><span class="cx">     ClonedArguments* thisObject = jsCast&lt;ClonedArguments*&gt;(cell);
</span><span class="cx">     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
</span><span class="cx">     Base::visitChildren(thisObject, visitor);
</span><del>-    visitor.append(&amp;thisObject-&gt;m_callee);
</del><ins>+    visitor.append(thisObject-&gt;m_callee);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeDirectArgumentscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/DirectArguments.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/DirectArguments.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/DirectArguments.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -97,7 +97,7 @@
</span><span class="cx">     Base::visitChildren(thisObject, visitor);
</span><span class="cx">     
</span><span class="cx">     visitor.appendValues(thisObject-&gt;storage(), std::max(thisObject-&gt;m_length, thisObject-&gt;m_minCapacity));
</span><del>-    visitor.append(&amp;thisObject-&gt;m_callee);
</del><ins>+    visitor.append(thisObject-&gt;m_callee);
</ins><span class="cx"> 
</span><span class="cx">     if (bool* override = thisObject-&gt;m_overrides.get())
</span><span class="cx">         visitor.markAuxiliary(override);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeEvalExecutablecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/EvalExecutable.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/EvalExecutable.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/EvalExecutable.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -49,7 +49,7 @@
</span><span class="cx">     EvalExecutable* thisObject = jsCast&lt;EvalExecutable*&gt;(cell);
</span><span class="cx">     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
</span><span class="cx">     ScriptExecutable::visitChildren(thisObject, visitor);
</span><del>-    visitor.append(&amp;thisObject-&gt;m_unlinkedEvalCodeBlock);
</del><ins>+    visitor.append(thisObject-&gt;m_unlinkedEvalCodeBlock);
</ins><span class="cx">     if (EvalCodeBlock* evalCodeBlock = thisObject-&gt;m_evalCodeBlock.get())
</span><span class="cx">         evalCodeBlock-&gt;visitWeakly(visitor);
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeExceptioncpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/Exception.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/Exception.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/Exception.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -57,7 +57,7 @@
</span><span class="cx">     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
</span><span class="cx">     Base::visitChildren(thisObject, visitor);
</span><span class="cx"> 
</span><del>-    visitor.append(&amp;thisObject-&gt;m_value);
</del><ins>+    visitor.append(thisObject-&gt;m_value);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> Exception::Exception(VM&amp; vm)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeFunctionExecutablecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/FunctionExecutable.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/FunctionExecutable.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/FunctionExecutable.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -89,8 +89,8 @@
</span><span class="cx">         codeBlockForCall-&gt;visitWeakly(visitor);
</span><span class="cx">     if (FunctionCodeBlock* codeBlockForConstruct = thisObject-&gt;m_codeBlockForConstruct.get())
</span><span class="cx">         codeBlockForConstruct-&gt;visitWeakly(visitor);
</span><del>-    visitor.append(&amp;thisObject-&gt;m_unlinkedExecutable);
-    visitor.append(&amp;thisObject-&gt;m_singletonFunction);
</del><ins>+    visitor.append(thisObject-&gt;m_unlinkedExecutable);
+    visitor.append(thisObject-&gt;m_singletonFunction);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> FunctionExecutable* FunctionExecutable::fromGlobalCode(
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeFunctionRareDatacpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/FunctionRareData.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/FunctionRareData.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/FunctionRareData.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -56,7 +56,7 @@
</span><span class="cx"> 
</span><span class="cx">     rareData-&gt;m_objectAllocationProfile.visitAggregate(visitor);
</span><span class="cx">     rareData-&gt;m_internalFunctionAllocationProfile.visitAggregate(visitor);
</span><del>-    visitor.append(&amp;rareData-&gt;m_boundFunctionStructure);
</del><ins>+    visitor.append(rareData-&gt;m_boundFunctionStructure);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> FunctionRareData::FunctionRareData(VM&amp; vm)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeGetterSettercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/GetterSetter.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/GetterSetter.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/GetterSetter.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -41,8 +41,8 @@
</span><span class="cx">     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
</span><span class="cx">     JSCell::visitChildren(thisObject, visitor);
</span><span class="cx"> 
</span><del>-    visitor.append(&amp;thisObject-&gt;m_getter);
-    visitor.append(&amp;thisObject-&gt;m_setter);
</del><ins>+    visitor.append(thisObject-&gt;m_getter);
+    visitor.append(thisObject-&gt;m_setter);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> GetterSetter* GetterSetter::withGetter(VM&amp; vm, JSGlobalObject* globalObject, JSObject* newGetter)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeHashMapImplcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/HashMapImpl.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/HashMapImpl.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/HashMapImpl.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -45,8 +45,8 @@
</span><span class="cx">     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
</span><span class="cx">     Base::visitChildren(thisObject, visitor);
</span><span class="cx"> 
</span><del>-    visitor.append(&amp;thisObject-&gt;m_next);
-    visitor.append(&amp;thisObject-&gt;m_prev);
</del><ins>+    visitor.append(thisObject-&gt;m_next);
+    visitor.append(thisObject-&gt;m_prev);
</ins><span class="cx"> 
</span><span class="cx">     static_assert(sizeof(Data) % sizeof(WriteBarrier&lt;Unknown&gt;) == 0, &quot;We assume that these are filled with WriteBarrier&lt;Unknown&gt; members only.&quot;);
</span><span class="cx">     visitor.appendValues(bitwise_cast&lt;WriteBarrier&lt;Unknown&gt;*&gt;(&amp;thisObject-&gt;m_data), sizeof(Data) / sizeof(WriteBarrier&lt;Unknown&gt;));
</span><span class="lines">@@ -67,8 +67,8 @@
</span><span class="cx">     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
</span><span class="cx">     Base::visitChildren(thisObject, visitor);
</span><span class="cx"> 
</span><del>-    visitor.append(&amp;thisObject-&gt;m_head);
-    visitor.append(&amp;thisObject-&gt;m_tail);
</del><ins>+    visitor.append(thisObject-&gt;m_head);
+    visitor.append(thisObject-&gt;m_tail);
</ins><span class="cx">     
</span><span class="cx">     if (HashMapBufferType* buffer = thisObject-&gt;m_buffer.get())
</span><span class="cx">         visitor.markAuxiliary(buffer);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeInferredTypeTablecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/InferredTypeTable.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/InferredTypeTable.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/InferredTypeTable.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -60,7 +60,7 @@
</span><span class="cx">         if (!entry.value)
</span><span class="cx">             continue;
</span><span class="cx">         if (entry.value-&gt;isRelevant())
</span><del>-            visitor.append(&amp;entry.value);
</del><ins>+            visitor.append(entry.value);
</ins><span class="cx">         else
</span><span class="cx">             entry.value.clear();
</span><span class="cx">     }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeInternalFunctioncpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/InternalFunction.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/InternalFunction.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/InternalFunction.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -57,7 +57,7 @@
</span><span class="cx">     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
</span><span class="cx">     Base::visitChildren(thisObject, visitor);
</span><span class="cx">     
</span><del>-    visitor.append(&amp;thisObject-&gt;m_originalName);
</del><ins>+    visitor.append(thisObject-&gt;m_originalName);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> const String&amp; InternalFunction::name()
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeIntlCollatorcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/IntlCollator.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/IntlCollator.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/IntlCollator.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -91,7 +91,7 @@
</span><span class="cx"> 
</span><span class="cx">     Base::visitChildren(thisObject, visitor);
</span><span class="cx"> 
</span><del>-    visitor.append(&amp;thisObject-&gt;m_boundCompare);
</del><ins>+    visitor.append(thisObject-&gt;m_boundCompare);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> static Vector&lt;String&gt; sortLocaleData(const String&amp; locale, size_t keyIndex)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeIntlCollatorConstructorcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/IntlCollatorConstructor.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/IntlCollatorConstructor.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/IntlCollatorConstructor.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -160,7 +160,7 @@
</span><span class="cx"> 
</span><span class="cx">     Base::visitChildren(thisObject, visitor);
</span><span class="cx"> 
</span><del>-    visitor.append(&amp;thisObject-&gt;m_collatorStructure);
</del><ins>+    visitor.append(thisObject-&gt;m_collatorStructure);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeIntlDateTimeFormatcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/IntlDateTimeFormat.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/IntlDateTimeFormat.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/IntlDateTimeFormat.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -90,7 +90,7 @@
</span><span class="cx"> 
</span><span class="cx">     Base::visitChildren(thisObject, visitor);
</span><span class="cx"> 
</span><del>-    visitor.append(&amp;thisObject-&gt;m_boundFormat);
</del><ins>+    visitor.append(thisObject-&gt;m_boundFormat);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void IntlDateTimeFormat::setBoundFormat(VM&amp; vm, JSBoundFunction* format)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeIntlDateTimeFormatConstructorcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/IntlDateTimeFormatConstructor.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/IntlDateTimeFormatConstructor.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/IntlDateTimeFormatConstructor.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -161,7 +161,7 @@
</span><span class="cx"> 
</span><span class="cx">     Base::visitChildren(thisObject, visitor);
</span><span class="cx"> 
</span><del>-    visitor.append(&amp;thisObject-&gt;m_dateTimeFormatStructure);
</del><ins>+    visitor.append(thisObject-&gt;m_dateTimeFormatStructure);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeIntlNumberFormatcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/IntlNumberFormat.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/IntlNumberFormat.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/IntlNumberFormat.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -84,7 +84,7 @@
</span><span class="cx"> 
</span><span class="cx">     Base::visitChildren(thisObject, visitor);
</span><span class="cx"> 
</span><del>-    visitor.append(&amp;thisObject-&gt;m_boundFormat);
</del><ins>+    visitor.append(thisObject-&gt;m_boundFormat);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> static Vector&lt;String&gt; localeData(const String&amp; locale, size_t keyIndex)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeIntlNumberFormatConstructorcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/IntlNumberFormatConstructor.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/IntlNumberFormatConstructor.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/IntlNumberFormatConstructor.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -161,7 +161,7 @@
</span><span class="cx"> 
</span><span class="cx">     Base::visitChildren(thisObject, visitor);
</span><span class="cx"> 
</span><del>-    visitor.append(&amp;thisObject-&gt;m_numberFormatStructure);
</del><ins>+    visitor.append(thisObject-&gt;m_numberFormatStructure);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSBoundFunctioncpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSBoundFunction.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSBoundFunction.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/JSBoundFunction.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -207,9 +207,9 @@
</span><span class="cx">     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
</span><span class="cx">     Base::visitChildren(thisObject, visitor);
</span><span class="cx"> 
</span><del>-    visitor.append(&amp;thisObject-&gt;m_targetFunction);
-    visitor.append(&amp;thisObject-&gt;m_boundThis);
-    visitor.append(&amp;thisObject-&gt;m_boundArgs);
</del><ins>+    visitor.append(thisObject-&gt;m_targetFunction);
+    visitor.append(thisObject-&gt;m_boundThis);
+    visitor.append(thisObject-&gt;m_boundArgs);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSCalleecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSCallee.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSCallee.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/JSCallee.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -60,7 +60,7 @@
</span><span class="cx">     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
</span><span class="cx">     Base::visitChildren(thisObject, visitor);
</span><span class="cx"> 
</span><del>-    visitor.append(&amp;thisObject-&gt;m_scope);
</del><ins>+    visitor.append(thisObject-&gt;m_scope);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSCellInlinesh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSCellInlines.h (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSCellInlines.h        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/JSCellInlines.h        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -117,8 +117,7 @@
</span><span class="cx"> 
</span><span class="cx"> inline void JSCell::visitChildren(JSCell* cell, SlotVisitor&amp; visitor)
</span><span class="cx"> {
</span><del>-    Structure* structure = cell-&gt;structure(visitor.vm());
-    visitor.appendUnbarrieredPointer(&amp;structure);
</del><ins>+    visitor.appendUnbarriered(cell-&gt;structure(visitor.vm()));
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> ALWAYS_INLINE VM&amp; ExecState::vm() const
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSCustomGetterSetterFunctioncpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSCustomGetterSetterFunction.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSCustomGetterSetterFunction.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/JSCustomGetterSetterFunction.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -82,7 +82,7 @@
</span><span class="cx">     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
</span><span class="cx">     Base::visitChildren(thisObject, visitor);
</span><span class="cx"> 
</span><del>-    visitor.append(&amp;thisObject-&gt;m_getterSetter);
</del><ins>+    visitor.append(thisObject-&gt;m_getterSetter);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void JSCustomGetterSetterFunction::finishCreation(VM&amp; vm, NativeExecutable* executable, CustomGetterSetter* getterSetter, const String&amp; name)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSFunctioncpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSFunction.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSFunction.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/JSFunction.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -207,8 +207,8 @@
</span><span class="cx">     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
</span><span class="cx">     Base::visitChildren(thisObject, visitor);
</span><span class="cx"> 
</span><del>-    visitor.append(&amp;thisObject-&gt;m_executable);
-    visitor.append(&amp;thisObject-&gt;m_rareData);
</del><ins>+    visitor.append(thisObject-&gt;m_executable);
+    visitor.append(thisObject-&gt;m_rareData);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> CallType JSFunction::getCallData(JSCell* cell, CallData&amp; callData)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSGlobalObjectcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -1159,111 +1159,111 @@
</span><span class="cx">     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
</span><span class="cx">     Base::visitChildren(thisObject, visitor);
</span><span class="cx"> 
</span><del>-    visitor.append(&amp;thisObject-&gt;m_globalThis);
</del><ins>+    visitor.append(thisObject-&gt;m_globalThis);
</ins><span class="cx"> 
</span><del>-    visitor.append(&amp;thisObject-&gt;m_globalLexicalEnvironment);
-    visitor.append(&amp;thisObject-&gt;m_globalScopeExtension);
-    visitor.append(&amp;thisObject-&gt;m_globalCallee);
-    visitor.append(&amp;thisObject-&gt;m_regExpConstructor);
-    visitor.append(&amp;thisObject-&gt;m_errorConstructor);
-    visitor.append(&amp;thisObject-&gt;m_nativeErrorPrototypeStructure);
-    visitor.append(&amp;thisObject-&gt;m_nativeErrorStructure);
</del><ins>+    visitor.append(thisObject-&gt;m_globalLexicalEnvironment);
+    visitor.append(thisObject-&gt;m_globalScopeExtension);
+    visitor.append(thisObject-&gt;m_globalCallee);
+    visitor.append(thisObject-&gt;m_regExpConstructor);
+    visitor.append(thisObject-&gt;m_errorConstructor);
+    visitor.append(thisObject-&gt;m_nativeErrorPrototypeStructure);
+    visitor.append(thisObject-&gt;m_nativeErrorStructure);
</ins><span class="cx">     thisObject-&gt;m_evalErrorConstructor.visit(visitor);
</span><del>-    visitor.append(&amp;thisObject-&gt;m_rangeErrorConstructor);
</del><ins>+    visitor.append(thisObject-&gt;m_rangeErrorConstructor);
</ins><span class="cx">     thisObject-&gt;m_referenceErrorConstructor.visit(visitor);
</span><span class="cx">     thisObject-&gt;m_syntaxErrorConstructor.visit(visitor);
</span><del>-    visitor.append(&amp;thisObject-&gt;m_typeErrorConstructor);
</del><ins>+    visitor.append(thisObject-&gt;m_typeErrorConstructor);
</ins><span class="cx">     thisObject-&gt;m_URIErrorConstructor.visit(visitor);
</span><del>-    visitor.append(&amp;thisObject-&gt;m_objectConstructor);
-    visitor.append(&amp;thisObject-&gt;m_promiseConstructor);
</del><ins>+    visitor.append(thisObject-&gt;m_objectConstructor);
+    visitor.append(thisObject-&gt;m_promiseConstructor);
</ins><span class="cx"> 
</span><del>-    visitor.append(&amp;thisObject-&gt;m_nullGetterFunction);
-    visitor.append(&amp;thisObject-&gt;m_nullSetterFunction);
</del><ins>+    visitor.append(thisObject-&gt;m_nullGetterFunction);
+    visitor.append(thisObject-&gt;m_nullSetterFunction);
</ins><span class="cx"> 
</span><del>-    visitor.append(&amp;thisObject-&gt;m_parseIntFunction);
-    visitor.append(&amp;thisObject-&gt;m_evalFunction);
-    visitor.append(&amp;thisObject-&gt;m_callFunction);
-    visitor.append(&amp;thisObject-&gt;m_applyFunction);
-    visitor.append(&amp;thisObject-&gt;m_throwTypeErrorFunction);
</del><ins>+    visitor.append(thisObject-&gt;m_parseIntFunction);
+    visitor.append(thisObject-&gt;m_evalFunction);
+    visitor.append(thisObject-&gt;m_callFunction);
+    visitor.append(thisObject-&gt;m_applyFunction);
+    visitor.append(thisObject-&gt;m_throwTypeErrorFunction);
</ins><span class="cx">     thisObject-&gt;m_arrayProtoToStringFunction.visit(visitor);
</span><span class="cx">     thisObject-&gt;m_arrayProtoValuesFunction.visit(visitor);
</span><span class="cx">     thisObject-&gt;m_initializePromiseFunction.visit(visitor);
</span><span class="cx">     thisObject-&gt;m_iteratorProtocolFunction.visit(visitor);
</span><del>-    visitor.append(&amp;thisObject-&gt;m_newPromiseCapabilityFunction);
-    visitor.append(&amp;thisObject-&gt;m_functionProtoHasInstanceSymbolFunction);
</del><ins>+    visitor.append(thisObject-&gt;m_newPromiseCapabilityFunction);
+    visitor.append(thisObject-&gt;m_functionProtoHasInstanceSymbolFunction);
</ins><span class="cx">     thisObject-&gt;m_throwTypeErrorGetterSetter.visit(visitor);
</span><del>-    visitor.append(&amp;thisObject-&gt;m_throwTypeErrorArgumentsCalleeAndCallerGetterSetter);
-    visitor.append(&amp;thisObject-&gt;m_moduleLoader);
</del><ins>+    visitor.append(thisObject-&gt;m_throwTypeErrorArgumentsCalleeAndCallerGetterSetter);
+    visitor.append(thisObject-&gt;m_moduleLoader);
</ins><span class="cx"> 
</span><del>-    visitor.append(&amp;thisObject-&gt;m_objectPrototype);
-    visitor.append(&amp;thisObject-&gt;m_functionPrototype);
-    visitor.append(&amp;thisObject-&gt;m_arrayPrototype);
-    visitor.append(&amp;thisObject-&gt;m_errorPrototype);
-    visitor.append(&amp;thisObject-&gt;m_iteratorPrototype);
-    visitor.append(&amp;thisObject-&gt;m_generatorFunctionPrototype);
-    visitor.append(&amp;thisObject-&gt;m_generatorPrototype);
-    visitor.append(&amp;thisObject-&gt;m_asyncFunctionPrototype);
-    visitor.append(&amp;thisObject-&gt;m_moduleLoaderPrototype);
</del><ins>+    visitor.append(thisObject-&gt;m_objectPrototype);
+    visitor.append(thisObject-&gt;m_functionPrototype);
+    visitor.append(thisObject-&gt;m_arrayPrototype);
+    visitor.append(thisObject-&gt;m_errorPrototype);
+    visitor.append(thisObject-&gt;m_iteratorPrototype);
+    visitor.append(thisObject-&gt;m_generatorFunctionPrototype);
+    visitor.append(thisObject-&gt;m_generatorPrototype);
+    visitor.append(thisObject-&gt;m_asyncFunctionPrototype);
+    visitor.append(thisObject-&gt;m_moduleLoaderPrototype);
</ins><span class="cx"> 
</span><span class="cx">     thisObject-&gt;m_debuggerScopeStructure.visit(visitor);
</span><span class="cx">     thisObject-&gt;m_withScopeStructure.visit(visitor);
</span><del>-    visitor.append(&amp;thisObject-&gt;m_strictEvalActivationStructure);
-    visitor.append(&amp;thisObject-&gt;m_lexicalEnvironmentStructure);
</del><ins>+    visitor.append(thisObject-&gt;m_strictEvalActivationStructure);
+    visitor.append(thisObject-&gt;m_lexicalEnvironmentStructure);
</ins><span class="cx">     thisObject-&gt;m_moduleEnvironmentStructure.visit(visitor);
</span><del>-    visitor.append(&amp;thisObject-&gt;m_directArgumentsStructure);
-    visitor.append(&amp;thisObject-&gt;m_scopedArgumentsStructure);
-    visitor.append(&amp;thisObject-&gt;m_clonedArgumentsStructure);
-    visitor.append(&amp;thisObject-&gt;m_objectStructureForObjectConstructor);
</del><ins>+    visitor.append(thisObject-&gt;m_directArgumentsStructure);
+    visitor.append(thisObject-&gt;m_scopedArgumentsStructure);
+    visitor.append(thisObject-&gt;m_clonedArgumentsStructure);
+    visitor.append(thisObject-&gt;m_objectStructureForObjectConstructor);
</ins><span class="cx">     for (unsigned i = 0; i &lt; NumberOfIndexingShapes; ++i)
</span><del>-        visitor.append(&amp;thisObject-&gt;m_originalArrayStructureForIndexingShape[i]);
</del><ins>+        visitor.append(thisObject-&gt;m_originalArrayStructureForIndexingShape[i]);
</ins><span class="cx">     for (unsigned i = 0; i &lt; NumberOfIndexingShapes; ++i)
</span><del>-        visitor.append(&amp;thisObject-&gt;m_arrayStructureForIndexingShapeDuringAllocation[i]);
</del><ins>+        visitor.append(thisObject-&gt;m_arrayStructureForIndexingShapeDuringAllocation[i]);
</ins><span class="cx">     thisObject-&gt;m_callbackConstructorStructure.visit(visitor);
</span><span class="cx">     thisObject-&gt;m_callbackFunctionStructure.visit(visitor);
</span><span class="cx">     thisObject-&gt;m_callbackObjectStructure.visit(visitor);
</span><del>-    visitor.append(&amp;thisObject-&gt;m_propertyNameIteratorStructure);
</del><ins>+    visitor.append(thisObject-&gt;m_propertyNameIteratorStructure);
</ins><span class="cx"> #if JSC_OBJC_API_ENABLED
</span><span class="cx">     thisObject-&gt;m_objcCallbackFunctionStructure.visit(visitor);
</span><span class="cx">     thisObject-&gt;m_objcWrapperObjectStructure.visit(visitor);
</span><span class="cx"> #endif
</span><span class="cx">     thisObject-&gt;m_nullPrototypeObjectStructure.visit(visitor);
</span><del>-    visitor.append(&amp;thisObject-&gt;m_errorStructure);
-    visitor.append(&amp;thisObject-&gt;m_calleeStructure);
-    visitor.append(&amp;thisObject-&gt;m_functionStructure);
</del><ins>+    visitor.append(thisObject-&gt;m_errorStructure);
+    visitor.append(thisObject-&gt;m_calleeStructure);
+    visitor.append(thisObject-&gt;m_functionStructure);
</ins><span class="cx">     thisObject-&gt;m_customGetterSetterFunctionStructure.visit(visitor);
</span><span class="cx">     thisObject-&gt;m_boundFunctionStructure.visit(visitor);
</span><del>-    visitor.append(&amp;thisObject-&gt;m_getterSetterStructure);
</del><ins>+    visitor.append(thisObject-&gt;m_getterSetterStructure);
</ins><span class="cx">     thisObject-&gt;m_nativeStdFunctionStructure.visit(visitor);
</span><span class="cx">     thisObject-&gt;m_namedFunctionStructure.visit(visitor);
</span><del>-    visitor.append(&amp;thisObject-&gt;m_symbolObjectStructure);
-    visitor.append(&amp;thisObject-&gt;m_regExpStructure);
-    visitor.append(&amp;thisObject-&gt;m_generatorFunctionStructure);
-    visitor.append(&amp;thisObject-&gt;m_asyncFunctionStructure);
-    visitor.append(&amp;thisObject-&gt;m_iteratorResultObjectStructure);
-    visitor.append(&amp;thisObject-&gt;m_regExpMatchesArrayStructure);
-    visitor.append(&amp;thisObject-&gt;m_moduleRecordStructure);
-    visitor.append(&amp;thisObject-&gt;m_moduleNamespaceObjectStructure);
-    visitor.append(&amp;thisObject-&gt;m_dollarVMStructure);
-    visitor.append(&amp;thisObject-&gt;m_proxyObjectStructure);
-    visitor.append(&amp;thisObject-&gt;m_callableProxyObjectStructure);
-    visitor.append(&amp;thisObject-&gt;m_proxyRevokeStructure);
-    visitor.append(&amp;thisObject-&gt;m_moduleLoaderStructure);
</del><ins>+    visitor.append(thisObject-&gt;m_symbolObjectStructure);
+    visitor.append(thisObject-&gt;m_regExpStructure);
+    visitor.append(thisObject-&gt;m_generatorFunctionStructure);
+    visitor.append(thisObject-&gt;m_asyncFunctionStructure);
+    visitor.append(thisObject-&gt;m_iteratorResultObjectStructure);
+    visitor.append(thisObject-&gt;m_regExpMatchesArrayStructure);
+    visitor.append(thisObject-&gt;m_moduleRecordStructure);
+    visitor.append(thisObject-&gt;m_moduleNamespaceObjectStructure);
+    visitor.append(thisObject-&gt;m_dollarVMStructure);
+    visitor.append(thisObject-&gt;m_proxyObjectStructure);
+    visitor.append(thisObject-&gt;m_callableProxyObjectStructure);
+    visitor.append(thisObject-&gt;m_proxyRevokeStructure);
+    visitor.append(thisObject-&gt;m_moduleLoaderStructure);
</ins><span class="cx">     
</span><del>-    visitor.append(&amp;thisObject-&gt;m_arrayBufferPrototype);
-    visitor.append(&amp;thisObject-&gt;m_arrayBufferStructure);
-    visitor.append(&amp;thisObject-&gt;m_sharedArrayBufferPrototype);
-    visitor.append(&amp;thisObject-&gt;m_sharedArrayBufferStructure);
</del><ins>+    visitor.append(thisObject-&gt;m_arrayBufferPrototype);
+    visitor.append(thisObject-&gt;m_arrayBufferStructure);
+    visitor.append(thisObject-&gt;m_sharedArrayBufferPrototype);
+    visitor.append(thisObject-&gt;m_sharedArrayBufferStructure);
</ins><span class="cx"> 
</span><span class="cx"> #define VISIT_SIMPLE_TYPE(CapitalName, lowerName, properName, instanceType, jsName, prototypeBase) \
</span><del>-    visitor.append(&amp;thisObject-&gt;m_ ## lowerName ## Prototype); \
-    visitor.append(&amp;thisObject-&gt;m_ ## properName ## Structure); \
</del><ins>+    visitor.append(thisObject-&gt;m_ ## lowerName ## Prototype); \
+    visitor.append(thisObject-&gt;m_ ## properName ## Structure); \
</ins><span class="cx"> 
</span><span class="cx">     FOR_EACH_SIMPLE_BUILTIN_TYPE(VISIT_SIMPLE_TYPE)
</span><span class="cx">     
</span><span class="cx"> #if ENABLE(WEBASSEMBLY)
</span><del>-    visitor.append(&amp;thisObject-&gt;m_webAssemblyStructure);
-    visitor.append(&amp;thisObject-&gt;m_webAssemblyModuleRecordStructure);
-    visitor.append(&amp;thisObject-&gt;m_webAssemblyFunctionStructure);
</del><ins>+    visitor.append(thisObject-&gt;m_webAssemblyStructure);
+    visitor.append(thisObject-&gt;m_webAssemblyModuleRecordStructure);
+    visitor.append(thisObject-&gt;m_webAssemblyFunctionStructure);
</ins><span class="cx">     FOR_EACH_WEBASSEMBLY_CONSTRUCTOR_TYPE(VISIT_SIMPLE_TYPE)
</span><span class="cx"> #endif // ENABLE(WEBASSEMBLY)
</span><span class="cx"> 
</span><span class="lines">@@ -1280,7 +1280,7 @@
</span><span class="cx">     for (unsigned i = NUMBER_OF_TYPED_ARRAY_TYPES; i--;)
</span><span class="cx">         thisObject-&gt;lazyTypedArrayStructure(indexToTypedArrayType(i)).visit(visitor);
</span><span class="cx">     
</span><del>-    visitor.append(&amp;thisObject-&gt;m_speciesGetterSetter);
</del><ins>+    visitor.append(thisObject-&gt;m_speciesGetterSetter);
</ins><span class="cx">     thisObject-&gt;m_typedArrayProto.visit(visitor);
</span><span class="cx">     thisObject-&gt;m_typedArraySuperConstructor.visit(visitor);
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSMapIteratorcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSMapIterator.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSMapIterator.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/JSMapIterator.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -45,8 +45,8 @@
</span><span class="cx">     JSMapIterator* thisObject = jsCast&lt;JSMapIterator*&gt;(cell);
</span><span class="cx">     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
</span><span class="cx">     Base::visitChildren(thisObject, visitor);
</span><del>-    visitor.append(&amp;thisObject-&gt;m_map);
-    visitor.append(&amp;thisObject-&gt;m_iter);
</del><ins>+    visitor.append(thisObject-&gt;m_map);
+    visitor.append(thisObject-&gt;m_iter);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> JSValue JSMapIterator::createPair(CallFrame* callFrame, JSValue key, JSValue value)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSModuleEnvironmentcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSModuleEnvironment.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSModuleEnvironment.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/JSModuleEnvironment.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -74,7 +74,7 @@
</span><span class="cx">     JSModuleEnvironment* thisObject = jsCast&lt;JSModuleEnvironment*&gt;(cell);
</span><span class="cx">     Base::visitChildren(thisObject, visitor);
</span><span class="cx">     visitor.appendValues(thisObject-&gt;variables(), thisObject-&gt;symbolTable()-&gt;scopeSize());
</span><del>-    visitor.append(&amp;thisObject-&gt;moduleRecordSlot());
</del><ins>+    visitor.append(thisObject-&gt;moduleRecordSlot());
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> bool JSModuleEnvironment::getOwnPropertySlot(JSObject* cell, ExecState* exec, PropertyName propertyName, PropertySlot&amp; slot)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSModuleNamespaceObjectcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSModuleNamespaceObject.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSModuleNamespaceObject.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/JSModuleNamespaceObject.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -92,7 +92,7 @@
</span><span class="cx">     JSModuleNamespaceObject* thisObject = jsCast&lt;JSModuleNamespaceObject*&gt;(cell);
</span><span class="cx">     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
</span><span class="cx">     Base::visitChildren(thisObject, visitor);
</span><del>-    visitor.append(&amp;thisObject-&gt;m_moduleRecord);
</del><ins>+    visitor.append(thisObject-&gt;m_moduleRecord);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> bool JSModuleNamespaceObject::getOwnPropertySlot(JSObject* cell, ExecState* exec, PropertyName propertyName, PropertySlot&amp; slot)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSModuleRecordcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSModuleRecord.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSModuleRecord.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/JSModuleRecord.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -73,7 +73,7 @@
</span><span class="cx"> {
</span><span class="cx">     JSModuleRecord* thisObject = jsCast&lt;JSModuleRecord*&gt;(cell);
</span><span class="cx">     Base::visitChildren(thisObject, visitor);
</span><del>-    visitor.append(&amp;thisObject-&gt;m_moduleProgramExecutable);
</del><ins>+    visitor.append(thisObject-&gt;m_moduleProgramExecutable);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void JSModuleRecord::link(ExecState* exec)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSNativeStdFunctioncpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSNativeStdFunction.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSNativeStdFunction.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/JSNativeStdFunction.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -47,7 +47,7 @@
</span><span class="cx">     JSNativeStdFunction* thisObject = jsCast&lt;JSNativeStdFunction*&gt;(cell);
</span><span class="cx">     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
</span><span class="cx">     Base::visitChildren(thisObject, visitor);
</span><del>-    visitor.append(&amp;thisObject-&gt;m_functionCell);
</del><ins>+    visitor.append(thisObject-&gt;m_functionCell);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void JSNativeStdFunction::finishCreation(VM&amp; vm, NativeExecutable* executable, int length, const String&amp; name, NativeStdFunctionCell* functionCell)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSObjectcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSObject.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSObject.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/JSObject.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -149,7 +149,7 @@
</span><span class="cx">         case ALL_ARRAY_STORAGE_INDEXING_TYPES:
</span><span class="cx">             visitor.appendValuesHidden(butterfly-&gt;arrayStorage()-&gt;m_vector, butterfly-&gt;arrayStorage()-&gt;vectorLength());
</span><span class="cx">             if (butterfly-&gt;arrayStorage()-&gt;m_sparseMap)
</span><del>-                visitor.append(&amp;butterfly-&gt;arrayStorage()-&gt;m_sparseMap);
</del><ins>+                visitor.append(butterfly-&gt;arrayStorage()-&gt;m_sparseMap);
</ins><span class="cx">             break;
</span><span class="cx">         default:
</span><span class="cx">             break;
</span><span class="lines">@@ -411,7 +411,7 @@
</span><span class="cx">         default: // ALL_ARRAY_STORAGE_INDEXING_TYPES
</span><span class="cx">             visitor.appendValuesHidden(butterfly-&gt;arrayStorage()-&gt;m_vector, butterfly-&gt;arrayStorage()-&gt;vectorLength());
</span><span class="cx">             if (butterfly-&gt;arrayStorage()-&gt;m_sparseMap)
</span><del>-                visitor.append(&amp;butterfly-&gt;arrayStorage()-&gt;m_sparseMap);
</del><ins>+                visitor.append(butterfly-&gt;arrayStorage()-&gt;m_sparseMap);
</ins><span class="cx">             break;
</span><span class="cx">         }
</span><span class="cx">         break;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSPromiseDeferredcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSPromiseDeferred.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSPromiseDeferred.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/JSPromiseDeferred.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -121,9 +121,9 @@
</span><span class="cx"> 
</span><span class="cx">     Base::visitChildren(thisObject, visitor);
</span><span class="cx"> 
</span><del>-    visitor.append(&amp;thisObject-&gt;m_promise);
-    visitor.append(&amp;thisObject-&gt;m_resolve);
-    visitor.append(&amp;thisObject-&gt;m_reject);
</del><ins>+    visitor.append(thisObject-&gt;m_promise);
+    visitor.append(thisObject-&gt;m_resolve);
+    visitor.append(thisObject-&gt;m_reject);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSPropertyNameEnumeratorcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSPropertyNameEnumerator.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSPropertyNameEnumerator.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/JSPropertyNameEnumerator.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -92,8 +92,8 @@
</span><span class="cx">     JSPropertyNameEnumerator* thisObject = jsCast&lt;JSPropertyNameEnumerator*&gt;(cell);
</span><span class="cx">     auto locker = holdLock(*thisObject);
</span><span class="cx">     for (unsigned i = 0; i &lt; thisObject-&gt;m_propertyNames.size(); ++i)
</span><del>-        visitor.append(&amp;thisObject-&gt;m_propertyNames[i]);
-    visitor.append(&amp;thisObject-&gt;m_prototypeChain);
</del><ins>+        visitor.append(thisObject-&gt;m_propertyNames[i]);
+    visitor.append(thisObject-&gt;m_prototypeChain);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSPropertyNameIteratorcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSPropertyNameIterator.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSPropertyNameIterator.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/JSPropertyNameIterator.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -82,8 +82,8 @@
</span><span class="cx">     JSPropertyNameIterator* thisObject = jsCast&lt;JSPropertyNameIterator*&gt;(cell);
</span><span class="cx">     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
</span><span class="cx">     Base::visitChildren(thisObject, visitor);
</span><del>-    visitor.append(&amp;thisObject-&gt;m_iteratedObject);
-    visitor.append(&amp;thisObject-&gt;m_propertyNameEnumerator);
</del><ins>+    visitor.append(thisObject-&gt;m_iteratedObject);
+    visitor.append(thisObject-&gt;m_propertyNameEnumerator);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> bool JSPropertyNameIterator::next(ExecState* exec, JSValue&amp; output)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSProxycpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSProxy.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSProxy.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/JSProxy.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -41,7 +41,7 @@
</span><span class="cx">     JSProxy* thisObject = jsCast&lt;JSProxy*&gt;(cell);
</span><span class="cx">     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
</span><span class="cx">     Base::visitChildren(thisObject, visitor);
</span><del>-    visitor.append(&amp;thisObject-&gt;m_target);
</del><ins>+    visitor.append(thisObject-&gt;m_target);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void JSProxy::setTarget(VM&amp; vm, JSGlobalObject* globalObject)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSScopecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSScope.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSScope.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/JSScope.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -44,7 +44,7 @@
</span><span class="cx">     JSScope* thisObject = jsCast&lt;JSScope*&gt;(cell);
</span><span class="cx">     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
</span><span class="cx">     Base::visitChildren(thisObject, visitor);
</span><del>-    visitor.append(&amp;thisObject-&gt;m_next);
</del><ins>+    visitor.append(thisObject-&gt;m_next);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> // Returns true if we found enough information to terminate optimization.
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSSegmentedVariableObjectcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSSegmentedVariableObject.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSSegmentedVariableObject.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/JSSegmentedVariableObject.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -70,7 +70,7 @@
</span><span class="cx">     // relatively easily.
</span><span class="cx">     auto locker = holdLock(thisObject-&gt;m_lock);
</span><span class="cx">     for (unsigned i = thisObject-&gt;m_variables.size(); i--;)
</span><del>-        slotVisitor.appendHidden(&amp;thisObject-&gt;m_variables[i]);
</del><ins>+        slotVisitor.appendHidden(thisObject-&gt;m_variables[i]);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void JSSegmentedVariableObject::heapSnapshot(JSCell* cell, HeapSnapshotBuilder&amp; builder)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSSetIteratorcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSSetIterator.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSSetIterator.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/JSSetIterator.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -45,8 +45,8 @@
</span><span class="cx">     JSSetIterator* thisObject = jsCast&lt;JSSetIterator*&gt;(cell);
</span><span class="cx">     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
</span><span class="cx">     Base::visitChildren(thisObject, visitor);
</span><del>-    visitor.append(&amp;thisObject-&gt;m_set);
-    visitor.append(&amp;thisObject-&gt;m_iter);
</del><ins>+    visitor.append(thisObject-&gt;m_set);
+    visitor.append(thisObject-&gt;m_iter);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> JSValue JSSetIterator::createPair(CallFrame* callFrame, JSValue key, JSValue value)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSStringcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSString.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSString.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/JSString.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -104,11 +104,11 @@
</span><span class="cx"> void JSRopeString::visitFibers(SlotVisitor&amp; visitor)
</span><span class="cx"> {
</span><span class="cx">     if (isSubstring()) {
</span><del>-        visitor.append(&amp;substringBase());
</del><ins>+        visitor.append(substringBase());
</ins><span class="cx">         return;
</span><span class="cx">     }
</span><span class="cx">     for (size_t i = 0; i &lt; s_maxInternalRopeLength &amp;&amp; fiber(i); ++i)
</span><del>-        visitor.append(&amp;fiber(i));
</del><ins>+        visitor.append(fiber(i));
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> static const unsigned maxLengthForOnStackResolve = 2048;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSSymbolTableObjectcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSSymbolTableObject.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSSymbolTableObject.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/JSSymbolTableObject.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -41,7 +41,7 @@
</span><span class="cx">     JSSymbolTableObject* thisObject = jsCast&lt;JSSymbolTableObject*&gt;(cell);
</span><span class="cx">     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
</span><span class="cx">     Base::visitChildren(thisObject, visitor);
</span><del>-    visitor.append(&amp;thisObject-&gt;m_symbolTable);
</del><ins>+    visitor.append(thisObject-&gt;m_symbolTable);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> bool JSSymbolTableObject::deleteProperty(JSCell* cell, ExecState* exec, PropertyName propertyName)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSWeakMapcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSWeakMap.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSWeakMap.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/JSWeakMap.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -43,7 +43,7 @@
</span><span class="cx"> {
</span><span class="cx">     Base::visitChildren(cell, visitor);
</span><span class="cx">     JSWeakMap* thisObj = jsCast&lt;JSWeakMap*&gt;(cell);
</span><del>-    visitor.append(&amp;thisObj-&gt;m_weakMapData);
</del><ins>+    visitor.append(thisObj-&gt;m_weakMapData);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> String JSWeakMap::toStringName(const JSObject*, ExecState*)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSWeakSetcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSWeakSet.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSWeakSet.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/JSWeakSet.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -43,7 +43,7 @@
</span><span class="cx"> {
</span><span class="cx">     Base::visitChildren(cell, visitor);
</span><span class="cx">     JSWeakSet* thisObj = jsCast&lt;JSWeakSet*&gt;(cell);
</span><del>-    visitor.append(&amp;thisObj-&gt;m_weakMapData);
</del><ins>+    visitor.append(thisObj-&gt;m_weakMapData);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> String JSWeakSet::toStringName(const JSC::JSObject*, ExecState*)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSWithScopecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSWithScope.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSWithScope.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/JSWithScope.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -46,7 +46,7 @@
</span><span class="cx">     JSWithScope* thisObject = jsCast&lt;JSWithScope*&gt;(cell);
</span><span class="cx">     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
</span><span class="cx">     Base::visitChildren(thisObject, visitor);
</span><del>-    visitor.append(&amp;thisObject-&gt;m_object);
</del><ins>+    visitor.append(thisObject-&gt;m_object);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> Structure* JSWithScope::createStructure(VM&amp; vm, JSGlobalObject* globalObject, JSValue proto)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSWrapperObjectcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSWrapperObject.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSWrapperObject.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/JSWrapperObject.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -33,7 +33,7 @@
</span><span class="cx">     JSWrapperObject* thisObject = jsCast&lt;JSWrapperObject*&gt;(cell);
</span><span class="cx">     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
</span><span class="cx">     JSObject::visitChildren(thisObject, visitor);
</span><del>-    visitor.append(&amp;thisObject-&gt;m_internalValue);
</del><ins>+    visitor.append(thisObject-&gt;m_internalValue);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeLazyClassStructurecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/LazyClassStructure.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/LazyClassStructure.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/LazyClassStructure.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -90,7 +90,7 @@
</span><span class="cx"> void LazyClassStructure::visit(SlotVisitor&amp; visitor)
</span><span class="cx"> {
</span><span class="cx">     m_structure.visit(visitor);
</span><del>-    visitor.append(&amp;m_constructor);
</del><ins>+    visitor.append(m_constructor);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void LazyClassStructure::dump(PrintStream&amp; out) const
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeLazyPropertyInlinesh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/LazyPropertyInlines.h (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/LazyPropertyInlines.h        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/LazyPropertyInlines.h        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -69,7 +69,7 @@
</span><span class="cx"> void LazyProperty&lt;OwnerType, ElementType&gt;::visit(SlotVisitor&amp; visitor)
</span><span class="cx"> {
</span><span class="cx">     if (m_pointer &amp;&amp; !(m_pointer &amp; lazyTag))
</span><del>-        visitor.appendUnbarrieredReadOnlyPointer(bitwise_cast&lt;ElementType*&gt;(m_pointer));
</del><ins>+        visitor.appendUnbarriered(bitwise_cast&lt;ElementType*&gt;(m_pointer));
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> template&lt;typename OwnerType, typename ElementType&gt;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeMapBasecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/MapBase.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/MapBase.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/MapBase.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -35,7 +35,7 @@
</span><span class="cx"> {
</span><span class="cx">     MapBase* thisObject = static_cast&lt;MapBase*&gt;(cell);
</span><span class="cx">     Base::visitChildren(thisObject, visitor);
</span><del>-    visitor.append(&amp;thisObject-&gt;m_map);
</del><ins>+    visitor.append(thisObject-&gt;m_map);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> template &lt;typename HashMapBucketType&gt;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeModuleProgramExecutablecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/ModuleProgramExecutable.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/ModuleProgramExecutable.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/ModuleProgramExecutable.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -91,8 +91,8 @@
</span><span class="cx">     ModuleProgramExecutable* thisObject = jsCast&lt;ModuleProgramExecutable*&gt;(cell);
</span><span class="cx">     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
</span><span class="cx">     ScriptExecutable::visitChildren(thisObject, visitor);
</span><del>-    visitor.append(&amp;thisObject-&gt;m_unlinkedModuleProgramCodeBlock);
-    visitor.append(&amp;thisObject-&gt;m_moduleEnvironmentSymbolTable);
</del><ins>+    visitor.append(thisObject-&gt;m_unlinkedModuleProgramCodeBlock);
+    visitor.append(thisObject-&gt;m_moduleEnvironmentSymbolTable);
</ins><span class="cx">     if (ModuleProgramCodeBlock* moduleProgramCodeBlock = thisObject-&gt;m_moduleProgramCodeBlock.get())
</span><span class="cx">         moduleProgramCodeBlock-&gt;visitWeakly(visitor);
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeNativeErrorConstructorcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/NativeErrorConstructor.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/NativeErrorConstructor.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/NativeErrorConstructor.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -58,7 +58,7 @@
</span><span class="cx">     NativeErrorConstructor* thisObject = jsCast&lt;NativeErrorConstructor*&gt;(cell);
</span><span class="cx">     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
</span><span class="cx">     Base::visitChildren(thisObject, visitor);
</span><del>-    visitor.append(&amp;thisObject-&gt;m_errorStructure);
</del><ins>+    visitor.append(thisObject-&gt;m_errorStructure);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> EncodedJSValue JSC_HOST_CALL Interpreter::constructWithNativeErrorConstructor(ExecState* exec)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeProgramExecutablecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/ProgramExecutable.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/ProgramExecutable.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/ProgramExecutable.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -203,7 +203,7 @@
</span><span class="cx">     ProgramExecutable* thisObject = jsCast&lt;ProgramExecutable*&gt;(cell);
</span><span class="cx">     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
</span><span class="cx">     ScriptExecutable::visitChildren(thisObject, visitor);
</span><del>-    visitor.append(&amp;thisObject-&gt;m_unlinkedProgramCodeBlock);
</del><ins>+    visitor.append(thisObject-&gt;m_unlinkedProgramCodeBlock);
</ins><span class="cx">     if (ProgramCodeBlock* programCodeBlock = thisObject-&gt;m_programCodeBlock.get())
</span><span class="cx">         programCodeBlock-&gt;visitWeakly(visitor);
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeProxyObjectcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/ProxyObject.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/ProxyObject.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/ProxyObject.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -1157,8 +1157,8 @@
</span><span class="cx">     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
</span><span class="cx">     Base::visitChildren(thisObject, visitor);
</span><span class="cx"> 
</span><del>-    visitor.append(&amp;thisObject-&gt;m_target);
-    visitor.append(&amp;thisObject-&gt;m_handler);
</del><ins>+    visitor.append(thisObject-&gt;m_target);
+    visitor.append(thisObject-&gt;m_handler);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeProxyRevokecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/ProxyRevoke.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/ProxyRevoke.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/ProxyRevoke.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -81,7 +81,7 @@
</span><span class="cx">     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
</span><span class="cx">     Base::visitChildren(thisObject, visitor);
</span><span class="cx"> 
</span><del>-    visitor.append(&amp;thisObject-&gt;m_proxy);
</del><ins>+    visitor.append(thisObject-&gt;m_proxy);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeRegExpCachedResultcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/RegExpCachedResult.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/RegExpCachedResult.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/RegExpCachedResult.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -33,13 +33,13 @@
</span><span class="cx"> 
</span><span class="cx"> void RegExpCachedResult::visitChildren(SlotVisitor&amp; visitor)
</span><span class="cx"> {
</span><del>-    visitor.append(&amp;m_lastInput);
-    visitor.append(&amp;m_lastRegExp);
</del><ins>+    visitor.append(m_lastInput);
+    visitor.append(m_lastRegExp);
</ins><span class="cx">     if (m_reified) {
</span><del>-        visitor.append(&amp;m_reifiedInput);
-        visitor.append(&amp;m_reifiedResult);
-        visitor.append(&amp;m_reifiedLeftContext);
-        visitor.append(&amp;m_reifiedRightContext);
</del><ins>+        visitor.append(m_reifiedInput);
+        visitor.append(m_reifiedResult);
+        visitor.append(m_reifiedLeftContext);
+        visitor.append(m_reifiedRightContext);
</ins><span class="cx">     }
</span><span class="cx"> }
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeRegExpObjectcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/RegExpObject.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/RegExpObject.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/RegExpObject.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -56,8 +56,8 @@
</span><span class="cx">     RegExpObject* thisObject = jsCast&lt;RegExpObject*&gt;(cell);
</span><span class="cx">     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
</span><span class="cx">     Base::visitChildren(thisObject, visitor);
</span><del>-    visitor.append(&amp;thisObject-&gt;m_regExp);
-    visitor.append(&amp;thisObject-&gt;m_lastIndex);
</del><ins>+    visitor.append(thisObject-&gt;m_regExp);
+    visitor.append(thisObject-&gt;m_lastIndex);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> bool RegExpObject::getOwnPropertySlot(JSObject* object, ExecState* exec, PropertyName propertyName, PropertySlot&amp; slot)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeRegExpPrototypecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/RegExpPrototype.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/RegExpPrototype.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/RegExpPrototype.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -91,7 +91,7 @@
</span><span class="cx">     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
</span><span class="cx">     Base::visitChildren(thisObject, visitor);
</span><span class="cx">     
</span><del>-    visitor.append(&amp;thisObject-&gt;m_emptyRegExp);
</del><ins>+    visitor.append(thisObject-&gt;m_emptyRegExp);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> // ------------------------------ Functions ---------------------------
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeSamplingProfilercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/SamplingProfiler.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/SamplingProfiler.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/SamplingProfiler.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -519,7 +519,7 @@
</span><span class="cx"> {
</span><span class="cx">     RELEASE_ASSERT(m_lock.isLocked());
</span><span class="cx">     for (JSCell* cell : m_liveCellPointers)
</span><del>-        slotVisitor.appendUnbarrieredReadOnlyPointer(cell);
</del><ins>+        slotVisitor.appendUnbarriered(cell);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void SamplingProfiler::shutdown()
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeScopedArgumentscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/ScopedArguments.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/ScopedArguments.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/ScopedArguments.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -103,9 +103,9 @@
</span><span class="cx">     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
</span><span class="cx">     Base::visitChildren(thisObject, visitor);
</span><span class="cx"> 
</span><del>-    visitor.append(&amp;thisObject-&gt;m_callee);
-    visitor.append(&amp;thisObject-&gt;m_table);
-    visitor.append(&amp;thisObject-&gt;m_scope);
</del><ins>+    visitor.append(thisObject-&gt;m_callee);
+    visitor.append(thisObject-&gt;m_table);
+    visitor.append(thisObject-&gt;m_scope);
</ins><span class="cx">     
</span><span class="cx">     if (thisObject-&gt;m_totalLength &gt; thisObject-&gt;m_table-&gt;length()) {
</span><span class="cx">         visitor.appendValues(
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeSmallStringscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/SmallStrings.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/SmallStrings.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/SmallStrings.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -26,7 +26,6 @@
</span><span class="cx"> #include &quot;config.h&quot;
</span><span class="cx"> #include &quot;SmallStrings.h&quot;
</span><span class="cx"> 
</span><del>-#include &quot;HeapRootVisitor.h&quot;
</del><span class="cx"> #include &quot;JSGlobalObject.h&quot;
</span><span class="cx"> #include &quot;JSString.h&quot;
</span><span class="cx"> #include &quot;JSCInlines.h&quot;
</span><span class="lines">@@ -93,15 +92,15 @@
</span><span class="cx"> void SmallStrings::visitStrongReferences(SlotVisitor&amp; visitor)
</span><span class="cx"> {
</span><span class="cx">     m_needsToBeVisited = false;
</span><del>-    visitor.appendUnbarrieredPointer(&amp;m_emptyString);
</del><ins>+    visitor.appendUnbarriered(m_emptyString);
</ins><span class="cx">     for (unsigned i = 0; i &lt;= maxSingleCharacterString; ++i)
</span><del>-        visitor.appendUnbarrieredPointer(m_singleCharacterStrings + i);
-#define JSC_COMMON_STRINGS_ATTRIBUTE_VISIT(name) visitor.appendUnbarrieredPointer(&amp;m_##name);
</del><ins>+        visitor.appendUnbarriered(m_singleCharacterStrings[i]);
+#define JSC_COMMON_STRINGS_ATTRIBUTE_VISIT(name) visitor.appendUnbarriered(m_##name);
</ins><span class="cx">     JSC_COMMON_STRINGS_EACH_NAME(JSC_COMMON_STRINGS_ATTRIBUTE_VISIT)
</span><span class="cx"> #undef JSC_COMMON_STRINGS_ATTRIBUTE_VISIT
</span><del>-    visitor.appendUnbarrieredPointer(&amp;m_objectStringStart);
-    visitor.appendUnbarrieredPointer(&amp;m_nullObjectString);
-    visitor.appendUnbarrieredPointer(&amp;m_undefinedObjectString);
</del><ins>+    visitor.appendUnbarriered(m_objectStringStart);
+    visitor.appendUnbarriered(m_nullObjectString);
+    visitor.appendUnbarriered(m_undefinedObjectString);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> SmallStrings::~SmallStrings()
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeSparseArrayValueMapcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/SparseArrayValueMap.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/SparseArrayValueMap.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/SparseArrayValueMap.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -202,7 +202,7 @@
</span><span class="cx">     auto locker = holdLock(*thisMap);
</span><span class="cx">     iterator end = thisMap-&gt;m_map.end();
</span><span class="cx">     for (iterator it = thisMap-&gt;m_map.begin(); it != end; ++it)
</span><del>-        visitor.append(&amp;it-&gt;value);
</del><ins>+        visitor.append(it-&gt;value);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeStructurecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/Structure.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/Structure.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/Structure.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -1060,25 +1060,25 @@
</span><span class="cx">     
</span><span class="cx">     ConcurrentJSLocker locker(thisObject-&gt;m_lock);
</span><span class="cx">     
</span><del>-    visitor.append(&amp;thisObject-&gt;m_globalObject);
</del><ins>+    visitor.append(thisObject-&gt;m_globalObject);
</ins><span class="cx">     if (!thisObject-&gt;isObject())
</span><span class="cx">         thisObject-&gt;m_cachedPrototypeChain.clear();
</span><span class="cx">     else {
</span><del>-        visitor.append(&amp;thisObject-&gt;m_prototype);
-        visitor.append(&amp;thisObject-&gt;m_cachedPrototypeChain);
</del><ins>+        visitor.append(thisObject-&gt;m_prototype);
+        visitor.append(thisObject-&gt;m_cachedPrototypeChain);
</ins><span class="cx">     }
</span><del>-    visitor.append(&amp;thisObject-&gt;m_previousOrRareData);
</del><ins>+    visitor.append(thisObject-&gt;m_previousOrRareData);
</ins><span class="cx"> 
</span><span class="cx">     if (thisObject-&gt;isPinnedPropertyTable() || thisObject-&gt;isAddingPropertyForTransition()) {
</span><span class="cx">         // NOTE: This can interleave in pin(), in which case it may see a null property table.
</span><span class="cx">         // That's fine, because then the barrier will fire and we will scan this again.
</span><del>-        visitor.append(&amp;thisObject-&gt;m_propertyTableUnsafe);
</del><ins>+        visitor.append(thisObject-&gt;m_propertyTableUnsafe);
</ins><span class="cx">     } else if (visitor.isBuildingHeapSnapshot())
</span><del>-        visitor.append(&amp;thisObject-&gt;m_propertyTableUnsafe);
</del><ins>+        visitor.append(thisObject-&gt;m_propertyTableUnsafe);
</ins><span class="cx">     else if (thisObject-&gt;m_propertyTableUnsafe)
</span><span class="cx">         thisObject-&gt;m_propertyTableUnsafe.clear();
</span><span class="cx"> 
</span><del>-    visitor.append(&amp;thisObject-&gt;m_inferredTypeTable);
</del><ins>+    visitor.append(thisObject-&gt;m_inferredTypeTable);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> bool Structure::isCheapDuringGC()
</span><span class="lines">@@ -1096,7 +1096,7 @@
</span><span class="cx">     if (!isCheapDuringGC())
</span><span class="cx">         return Heap::isMarkedConcurrently(this);
</span><span class="cx">     
</span><del>-    visitor.appendUnbarrieredReadOnlyPointer(this);
</del><ins>+    visitor.appendUnbarriered(this);
</ins><span class="cx">     return true;
</span><span class="cx"> }
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeStructureChaincpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/StructureChain.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/StructureChain.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/StructureChain.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -51,7 +51,7 @@
</span><span class="cx">     if (WriteBarrier&lt;Structure&gt;* vector = thisObject-&gt;m_vector.get()) {
</span><span class="cx">         size_t i = 0;
</span><span class="cx">         while (vector[i])
</span><del>-            visitor.append(&amp;vector[i++]);
</del><ins>+            visitor.append(vector[i++]);
</ins><span class="cx">     }
</span><span class="cx"> }
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeStructureRareDatacpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/StructureRareData.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/StructureRareData.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/StructureRareData.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -67,9 +67,9 @@
</span><span class="cx">     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
</span><span class="cx"> 
</span><span class="cx">     JSCell::visitChildren(thisObject, visitor);
</span><del>-    visitor.append(&amp;thisObject-&gt;m_previous);
-    visitor.append(&amp;thisObject-&gt;m_objectToStringValue);
-    visitor.append(&amp;thisObject-&gt;m_cachedPropertyNameEnumerator);
</del><ins>+    visitor.append(thisObject-&gt;m_previous);
+    visitor.append(thisObject-&gt;m_objectToStringValue);
+    visitor.append(thisObject-&gt;m_cachedPropertyNameEnumerator);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> JSPropertyNameEnumerator* StructureRareData::cachedPropertyNameEnumerator() const
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeSymbolTablecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/SymbolTable.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/SymbolTable.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/SymbolTable.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -101,11 +101,11 @@
</span><span class="cx"> {
</span><span class="cx">     SymbolTable* thisSymbolTable = jsCast&lt;SymbolTable*&gt;(thisCell);
</span><span class="cx">     
</span><del>-    visitor.append(&amp;thisSymbolTable-&gt;m_arguments);
-    visitor.append(&amp;thisSymbolTable-&gt;m_singletonScope);
</del><ins>+    visitor.append(thisSymbolTable-&gt;m_arguments);
+    visitor.append(thisSymbolTable-&gt;m_singletonScope);
</ins><span class="cx">     
</span><span class="cx">     if (thisSymbolTable-&gt;m_rareData)
</span><del>-        visitor.append(&amp;thisSymbolTable-&gt;m_rareData-&gt;m_codeBlock);
</del><ins>+        visitor.append(thisSymbolTable-&gt;m_rareData-&gt;m_codeBlock);
</ins><span class="cx">     
</span><span class="cx">     // Save some memory. This is O(n) to rebuild and we do so on the fly.
</span><span class="cx">     ConcurrentJSLocker locker(thisSymbolTable-&gt;m_lock);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeTypeProfilerLogcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/TypeProfilerLog.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/TypeProfilerLog.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/TypeProfilerLog.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -104,10 +104,10 @@
</span><span class="cx"> void TypeProfilerLog::visit(SlotVisitor&amp; visitor)
</span><span class="cx"> {
</span><span class="cx">     for (LogEntry* entry = m_logStartPtr; entry != m_currentLogEntryPtr; ++entry) {
</span><del>-        visitor.appendUnbarrieredReadOnlyValue(entry-&gt;value);
</del><ins>+        visitor.appendUnbarriered(entry-&gt;value);
</ins><span class="cx">         if (StructureID id = entry-&gt;structureID) {
</span><span class="cx">             Structure* structure = visitor.heap()-&gt;structureIDTable().get(id); 
</span><del>-            visitor.appendUnbarrieredReadOnlyPointer(structure);
</del><ins>+            visitor.appendUnbarriered(structure);
</ins><span class="cx">         }
</span><span class="cx">     }
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeWeakMapDatacpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/WeakMapData.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/WeakMapData.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/runtime/WeakMapData.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -112,7 +112,7 @@
</span><span class="cx">         if (!Heap::isMarked(it-&gt;key))
</span><span class="cx">             continue;
</span><span class="cx">         m_liveKeyCount++;
</span><del>-        visitor.append(&amp;it-&gt;value);
</del><ins>+        visitor.append(it-&gt;value);
</ins><span class="cx">     }
</span><span class="cx">     RELEASE_ASSERT(m_liveKeyCount &lt;= m_target-&gt;m_map.size());
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorewasmjsJSWebAssemblyInstancecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -83,13 +83,13 @@
</span><span class="cx">     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
</span><span class="cx"> 
</span><span class="cx">     Base::visitChildren(thisObject, visitor);
</span><del>-    visitor.append(&amp;thisObject-&gt;m_module);
-    visitor.append(&amp;thisObject-&gt;m_moduleNamespaceObject);
-    visitor.append(&amp;thisObject-&gt;m_memory);
-    visitor.append(&amp;thisObject-&gt;m_table);
</del><ins>+    visitor.append(thisObject-&gt;m_module);
+    visitor.append(thisObject-&gt;m_moduleNamespaceObject);
+    visitor.append(thisObject-&gt;m_memory);
+    visitor.append(thisObject-&gt;m_table);
</ins><span class="cx">     visitor.reportExtraMemoryVisited(thisObject-&gt;module()-&gt;moduleInformation().globals.size());
</span><span class="cx">     for (unsigned i = 0; i &lt; thisObject-&gt;m_numImportFunctions; ++i)
</span><del>-        visitor.append(thisObject-&gt;importFunction(i));
</del><ins>+        visitor.append(*thisObject-&gt;importFunction(i));
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> const ClassInfo JSWebAssemblyInstance::s_info = { &quot;WebAssembly.Instance&quot;, &amp;Base::s_info, 0, CREATE_METHOD_TABLE(JSWebAssemblyInstance) };
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorewasmjsJSWebAssemblyMemorycpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyMemory.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyMemory.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyMemory.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -88,7 +88,7 @@
</span><span class="cx">     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
</span><span class="cx"> 
</span><span class="cx">     Base::visitChildren(thisObject, visitor);
</span><del>-    visitor.append(&amp;thisObject-&gt;m_bufferWrapper);
</del><ins>+    visitor.append(thisObject-&gt;m_bufferWrapper);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorewasmjsJSWebAssemblyModulecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyModule.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyModule.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyModule.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -79,11 +79,9 @@
</span><span class="cx">     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
</span><span class="cx"> 
</span><span class="cx">     Base::visitChildren(thisObject, visitor);
</span><del>-    visitor.append(&amp;thisObject-&gt;m_exportSymbolTable);
-    for (unsigned i = 0; i &lt; thisObject-&gt;m_calleeCount * 2; i++) {
-        WriteBarrier&lt;JSWebAssemblyCallee&gt;* callee = &amp;thisObject-&gt;callees()[i];
-        visitor.append(callee);
-    }
</del><ins>+    visitor.append(thisObject-&gt;m_exportSymbolTable);
+    for (unsigned i = 0; i &lt; thisObject-&gt;m_calleeCount * 2; i++)
+        visitor.append(thisObject-&gt;callees()[i]);
</ins><span class="cx"> 
</span><span class="cx">     visitor.addUnconditionalFinalizer(&amp;thisObject-&gt;m_unconditionalFinalizer);
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorewasmjsJSWebAssemblyTablecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyTable.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyTable.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyTable.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -91,7 +91,7 @@
</span><span class="cx">     Base::visitChildren(thisObject, visitor);
</span><span class="cx"> 
</span><span class="cx">     for (unsigned i = 0; i &lt; thisObject-&gt;m_size; ++i)
</span><del>-        visitor.append(&amp;thisObject-&gt;m_jsFunctions.get()[i]);
</del><ins>+        visitor.append(thisObject-&gt;m_jsFunctions.get()[i]);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> bool JSWebAssemblyTable::grow(uint32_t newSize)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorewasmjsWebAssemblyFunctioncpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -165,9 +165,9 @@
</span><span class="cx">     WebAssemblyFunction* thisObject = jsCast&lt;WebAssemblyFunction*&gt;(cell);
</span><span class="cx">     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
</span><span class="cx">     Base::visitChildren(thisObject, visitor);
</span><del>-    visitor.append(&amp;thisObject-&gt;m_instance);
-    visitor.append(&amp;thisObject-&gt;m_jsEntrypoint);
-    visitor.append(&amp;thisObject-&gt;m_wasmEntrypoint);
</del><ins>+    visitor.append(thisObject-&gt;m_instance);
+    visitor.append(thisObject-&gt;m_jsEntrypoint);
+    visitor.append(thisObject-&gt;m_wasmEntrypoint);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void WebAssemblyFunction::finishCreation(VM&amp; vm, NativeExecutable* executable, unsigned length, const String&amp; name, JSWebAssemblyInstance* instance, JSWebAssemblyCallee* jsEntrypoint, JSWebAssemblyCallee* wasmEntrypoint, Wasm::Signature* signature)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorewasmjsWebAssemblyModuleRecordcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -78,8 +78,8 @@
</span><span class="cx"> {
</span><span class="cx">     WebAssemblyModuleRecord* thisObject = jsCast&lt;WebAssemblyModuleRecord*&gt;(cell);
</span><span class="cx">     Base::visitChildren(thisObject, visitor);
</span><del>-    visitor.append(&amp;thisObject-&gt;m_instance);
-    visitor.append(&amp;thisObject-&gt;m_startFunction);
</del><ins>+    visitor.append(thisObject-&gt;m_instance);
+    visitor.append(thisObject-&gt;m_startFunction);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void WebAssemblyModuleRecord::link(ExecState* state, JSWebAssemblyInstance* instance)
</span></span></pre></div>
<a id="trunkSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/ChangeLog (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/ChangeLog        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/WebCore/ChangeLog        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -1,3 +1,27 @@
</span><ins>+2016-12-15  Filip Pizlo  &lt;fpizlo@apple.com&gt;
+
+        Get rid of HeapRootVisitor and make SlotVisitor less painful to use
+        https://bugs.webkit.org/show_bug.cgi?id=165911
+
+        Reviewed by Geoffrey Garen.
+
+        No new tests because no new behavior.
+        
+        This updates WebCore code to new JSC API.
+
+        * bindings/js/JSDOMBinding.cpp:
+        (WebCore::DOMConstructorJSBuiltinObject::visitChildren):
+        * bindings/js/JSDOMGlobalObject.cpp:
+        (WebCore::JSDOMGlobalObject::visitChildren):
+        * bindings/js/JSDOMPromise.h:
+        (WebCore::DeferredPromise::visitAggregate):
+        * bindings/js/JSEventListener.cpp:
+        (WebCore::JSEventListener::visitJSFunction):
+        * bindings/js/JSWorkerGlobalScopeBase.cpp:
+        (WebCore::JSWorkerGlobalScopeBase::visitChildren):
+        * bindings/scripts/CodeGeneratorJS.pm:
+        (GenerateImplementation):
+
</ins><span class="cx"> 2016-12-15  Myles C. Maxfield  &lt;mmaxfield@apple.com&gt;
</span><span class="cx"> 
</span><span class="cx">         Sort Xcode project files
</span></span></pre></div>
<a id="trunkSourceWebCorebindingsjsJSDOMBindingcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/bindings/js/JSDOMBinding.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/bindings/js/JSDOMBinding.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/WebCore/bindings/js/JSDOMBinding.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -1013,7 +1013,7 @@
</span><span class="cx">     auto* thisObject = jsCast&lt;DOMConstructorJSBuiltinObject*&gt;(cell);
</span><span class="cx">     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
</span><span class="cx">     Base::visitChildren(thisObject, visitor);
</span><del>-    visitor.append(&amp;thisObject-&gt;m_initializeFunction);
</del><ins>+    visitor.append(thisObject-&gt;m_initializeFunction);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> static EncodedJSValue JSC_HOST_CALL callThrowTypeError(ExecState* exec)
</span></span></pre></div>
<a id="trunkSourceWebCorebindingsjsJSDOMGlobalObjectcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/bindings/js/JSDOMGlobalObject.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/bindings/js/JSDOMGlobalObject.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/WebCore/bindings/js/JSDOMGlobalObject.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -191,10 +191,10 @@
</span><span class="cx">         auto locker = holdLock(thisObject-&gt;m_gcLock);
</span><span class="cx">         
</span><span class="cx">         for (auto&amp; structure : thisObject-&gt;structures(locker).values())
</span><del>-            visitor.append(&amp;structure);
</del><ins>+            visitor.append(structure);
</ins><span class="cx">         
</span><span class="cx">         for (auto&amp; constructor : thisObject-&gt;constructors(locker).values())
</span><del>-            visitor.append(&amp;constructor);
</del><ins>+            visitor.append(constructor);
</ins><span class="cx">         
</span><span class="cx">         for (auto&amp; deferredPromise : thisObject-&gt;deferredPromises(locker))
</span><span class="cx">             deferredPromise-&gt;visitAggregate(visitor);
</span></span></pre></div>
<a id="trunkSourceWebCorebindingsjsJSDOMPromiseh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/bindings/js/JSDOMPromise.h (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/bindings/js/JSDOMPromise.h        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/WebCore/bindings/js/JSDOMPromise.h        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -99,7 +99,7 @@
</span><span class="cx">     bool isSuspended() { return !m_deferred || !canInvokeCallback(); } // The wrapper world has gone away or active DOM objects have been suspended.
</span><span class="cx">     JSDOMGlobalObject* globalObject() { return m_globalObject.get(); }
</span><span class="cx"> 
</span><del>-    void visitAggregate(JSC::SlotVisitor&amp; visitor) { visitor.appendUnbarrieredWeak(&amp;m_deferred); }
</del><ins>+    void visitAggregate(JSC::SlotVisitor&amp; visitor) { visitor.append(m_deferred); }
</ins><span class="cx"> 
</span><span class="cx"> private:
</span><span class="cx">     DeferredPromise(JSDOMGlobalObject&amp;, JSC::JSPromiseDeferred&amp;);
</span></span></pre></div>
<a id="trunkSourceWebCorebindingsjsJSEventListenercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/bindings/js/JSEventListener.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/bindings/js/JSEventListener.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/WebCore/bindings/js/JSEventListener.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -70,7 +70,7 @@
</span><span class="cx">     if (!m_wrapper)
</span><span class="cx">         return;
</span><span class="cx"> 
</span><del>-    visitor.appendUnbarrieredWeak(&amp;m_jsFunction);
</del><ins>+    visitor.append(m_jsFunction);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void JSEventListener::handleEvent(ScriptExecutionContext* scriptExecutionContext, Event* event)
</span></span></pre></div>
<a id="trunkSourceWebCorebindingsjsJSWorkerGlobalScopeBasecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/bindings/js/JSWorkerGlobalScopeBase.cpp (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/bindings/js/JSWorkerGlobalScopeBase.cpp        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/WebCore/bindings/js/JSWorkerGlobalScopeBase.cpp        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -79,7 +79,7 @@
</span><span class="cx">     JSWorkerGlobalScopeBase* thisObject = jsCast&lt;JSWorkerGlobalScopeBase*&gt;(cell);
</span><span class="cx">     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
</span><span class="cx">     Base::visitChildren(thisObject, visitor);
</span><del>-    visitor.append(&amp;thisObject-&gt;m_proxy);
</del><ins>+    visitor.append(thisObject-&gt;m_proxy);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void JSWorkerGlobalScopeBase::destroy(JSCell* cell)
</span></span></pre></div>
<a id="trunkSourceWebCorebindingsscriptsCodeGeneratorJSpm"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm (209896 => 209897)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm        2016-12-16 01:54:58 UTC (rev 209896)
+++ trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm        2016-12-16 02:16:19 UTC (rev 209897)
</span><span class="lines">@@ -3977,7 +3977,7 @@
</span><span class="cx">             foreach (@{$interface-&gt;attributes}) {
</span><span class="cx">                 my $attribute = $_;
</span><span class="cx">                 if ($attribute-&gt;extendedAttributes-&gt;{CachedAttribute}) {
</span><del>-                    push(@implContent, &quot;    visitor.append(&amp;thisObject-&gt;m_&quot; . $attribute-&gt;name . &quot;);\n&quot;);
</del><ins>+                    push(@implContent, &quot;    visitor.append(thisObject-&gt;m_&quot; . $attribute-&gt;name . &quot;);\n&quot;);
</ins><span class="cx">                 }
</span><span class="cx">             }
</span><span class="cx">         }
</span></span></pre>
</div>
</div>

</body>
</html>