<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[213675] trunk/Source/JavaScriptCore</title>
</head>
<body>

<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/213675">213675</a></dd>
<dt>Author</dt> <dd>mark.lam@apple.com</dd>
<dt>Date</dt> <dd>2017-03-09 14:39:09 -0800 (Thu, 09 Mar 2017)</dd>
</dl>

<h3>Log Message</h3>
<pre>Refactoring some HeapVerifier code.
https://bugs.webkit.org/show_bug.cgi?id=169443

Reviewed by Filip Pizlo.

Renamed LiveObjectData to CellProfile.
Renamed LiveObjectList to CellList.
Moved CellProfile.*, CellList.*, and HeapVerifier.* from the heap folder to the tools folder.
Updated the HeapVerifier to handle JSCells instead of just JSObjects.

This is in preparation for subsequent patches to fix up the HeapVerifier for service again.

* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* heap/Heap.cpp:
(JSC::Heap::runBeginPhase):
(JSC::Heap::runEndPhase):
* heap/HeapVerifier.cpp: Removed.
* heap/HeapVerifier.h: Removed.
* heap/LiveObjectData.h: Removed.
* heap/LiveObjectList.cpp: Removed.
* heap/LiveObjectList.h: Removed.
* tools/CellList.cpp: Copied from Source/JavaScriptCore/heap/LiveObjectList.cpp.
(JSC::CellList::findCell):
(JSC::LiveObjectList::findObject): Deleted.
* tools/CellList.h: Copied from Source/JavaScriptCore/heap/LiveObjectList.h.
(JSC::CellList::CellList):
(JSC::CellList::reset):
(JSC::LiveObjectList::LiveObjectList): Deleted.
(JSC::LiveObjectList::reset): Deleted.
* tools/CellProfile.h: Copied from Source/JavaScriptCore/heap/LiveObjectData.h.
(JSC::CellProfile::CellProfile):
(JSC::LiveObjectData::LiveObjectData): Deleted.
* tools/HeapVerifier.cpp: Copied from Source/JavaScriptCore/heap/HeapVerifier.cpp.
(JSC::GatherCellFunctor::GatherCellFunctor):
(JSC::GatherCellFunctor::visit):
(JSC::GatherCellFunctor::operator()):
(JSC::HeapVerifier::gatherLiveCells):
(JSC::HeapVerifier::cellListForGathering):
(JSC::trimDeadCellsFromList):
(JSC::HeapVerifier::trimDeadCells):
(JSC::HeapVerifier::verifyButterflyIsInStorageSpace):
(JSC::HeapVerifier::reportCell):
(JSC::HeapVerifier::checkIfRecorded):
(JSC::GatherLiveObjFunctor::GatherLiveObjFunctor): Deleted.
(JSC::GatherLiveObjFunctor::visit): Deleted.
(JSC::GatherLiveObjFunctor::operator()): Deleted.
(JSC::HeapVerifier::gatherLiveObjects): Deleted.
(JSC::HeapVerifier::liveObjectListForGathering): Deleted.
(JSC::trimDeadObjectsFromList): Deleted.
(JSC::HeapVerifier::trimDeadObjects): Deleted.
(JSC::HeapVerifier::reportObject): Deleted.
* tools/HeapVerifier.h: Copied from Source/JavaScriptCore/heap/HeapVerifier.h.</pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceJavaScriptCoreCMakeListstxt">trunk/Source/JavaScriptCore/CMakeLists.txt</a></li>
<li><a href="#trunkSourceJavaScriptCoreChangeLog">trunk/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCoreJavaScriptCorexcodeprojprojectpbxproj">trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj</a></li>
<li><a href="#trunkSourceJavaScriptCoreheapHeapcpp">trunk/Source/JavaScriptCore/heap/Heap.cpp</a></li>
</ul>

<h3>Added Paths</h3>
<ul>
<li><a href="#trunkSourceJavaScriptCoretoolsCellListcpp">trunk/Source/JavaScriptCore/tools/CellList.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoretoolsCellListh">trunk/Source/JavaScriptCore/tools/CellList.h</a></li>
<li><a href="#trunkSourceJavaScriptCoretoolsCellProfileh">trunk/Source/JavaScriptCore/tools/CellProfile.h</a></li>
<li><a href="#trunkSourceJavaScriptCoretoolsHeapVerifiercpp">trunk/Source/JavaScriptCore/tools/HeapVerifier.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoretoolsHeapVerifierh">trunk/Source/JavaScriptCore/tools/HeapVerifier.h</a></li>
</ul>

<h3>Removed Paths</h3>
<ul>
<li><a href="#trunkSourceJavaScriptCoreheapHeapVerifiercpp">trunk/Source/JavaScriptCore/heap/HeapVerifier.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreheapHeapVerifierh">trunk/Source/JavaScriptCore/heap/HeapVerifier.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreheapLiveObjectDatah">trunk/Source/JavaScriptCore/heap/LiveObjectData.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreheapLiveObjectListcpp">trunk/Source/JavaScriptCore/heap/LiveObjectList.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreheapLiveObjectListh">trunk/Source/JavaScriptCore/heap/LiveObjectList.h</a></li>
</ul>

</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceJavaScriptCoreCMakeListstxt"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/CMakeLists.txt (213674 => 213675)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/CMakeLists.txt        2017-03-09 22:37:13 UTC (rev 213674)
+++ trunk/Source/JavaScriptCore/CMakeLists.txt        2017-03-09 22:39:09 UTC (rev 213675)
</span><span class="lines">@@ -499,11 +499,9 @@
</span><span class="cx">     heap/HeapSnapshot.cpp
</span><span class="cx">     heap/HeapSnapshotBuilder.cpp
</span><span class="cx">     heap/HeapTimer.cpp
</span><del>-    heap/HeapVerifier.cpp
</del><span class="cx">     heap/IncrementalSweeper.cpp
</span><span class="cx">     heap/JITStubRoutineSet.cpp
</span><span class="cx">     heap/LargeAllocation.cpp
</span><del>-    heap/LiveObjectList.cpp
</del><span class="cx">     heap/MachineStackMarker.cpp
</span><span class="cx">     heap/MarkStack.cpp
</span><span class="cx">     heap/MarkedAllocator.cpp
</span><span class="lines">@@ -915,10 +913,12 @@
</span><span class="cx">     runtime/WeakSetConstructor.cpp
</span><span class="cx">     runtime/WeakSetPrototype.cpp
</span><span class="cx"> 
</span><ins>+    tools/CellList.cpp
</ins><span class="cx">     tools/CodeProfile.cpp
</span><span class="cx">     tools/CodeProfiling.cpp
</span><span class="cx">     tools/FunctionOverrides.cpp
</span><span class="cx">     tools/FunctionWhitelist.cpp
</span><ins>+    tools/HeapVerifier.cpp
</ins><span class="cx">     tools/JSDollarVM.cpp
</span><span class="cx">     tools/JSDollarVMPrototype.cpp
</span><span class="cx">     tools/SigillCrashAnalyzer.cpp
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ChangeLog (213674 => 213675)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ChangeLog        2017-03-09 22:37:13 UTC (rev 213674)
+++ trunk/Source/JavaScriptCore/ChangeLog        2017-03-09 22:39:09 UTC (rev 213675)
</span><span class="lines">@@ -1,3 +1,59 @@
</span><ins>+2017-03-09  Mark Lam  &lt;mark.lam@apple.com&gt;
+
+        Refactoring some HeapVerifier code.
+        https://bugs.webkit.org/show_bug.cgi?id=169443
+
+        Reviewed by Filip Pizlo.
+
+        Renamed LiveObjectData to CellProfile.
+        Renamed LiveObjectList to CellList.
+        Moved CellProfile.*, CellList.*, and HeapVerifier.* from the heap folder to the tools folder.
+        Updated the HeapVerifier to handle JSCells instead of just JSObjects.
+
+        This is in preparation for subsequent patches to fix up the HeapVerifier for service again.
+
+        * CMakeLists.txt:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * heap/Heap.cpp:
+        (JSC::Heap::runBeginPhase):
+        (JSC::Heap::runEndPhase):
+        * heap/HeapVerifier.cpp: Removed.
+        * heap/HeapVerifier.h: Removed.
+        * heap/LiveObjectData.h: Removed.
+        * heap/LiveObjectList.cpp: Removed.
+        * heap/LiveObjectList.h: Removed.
+        * tools/CellList.cpp: Copied from Source/JavaScriptCore/heap/LiveObjectList.cpp.
+        (JSC::CellList::findCell):
+        (JSC::LiveObjectList::findObject): Deleted.
+        * tools/CellList.h: Copied from Source/JavaScriptCore/heap/LiveObjectList.h.
+        (JSC::CellList::CellList):
+        (JSC::CellList::reset):
+        (JSC::LiveObjectList::LiveObjectList): Deleted.
+        (JSC::LiveObjectList::reset): Deleted.
+        * tools/CellProfile.h: Copied from Source/JavaScriptCore/heap/LiveObjectData.h.
+        (JSC::CellProfile::CellProfile):
+        (JSC::LiveObjectData::LiveObjectData): Deleted.
+        * tools/HeapVerifier.cpp: Copied from Source/JavaScriptCore/heap/HeapVerifier.cpp.
+        (JSC::GatherCellFunctor::GatherCellFunctor):
+        (JSC::GatherCellFunctor::visit):
+        (JSC::GatherCellFunctor::operator()):
+        (JSC::HeapVerifier::gatherLiveCells):
+        (JSC::HeapVerifier::cellListForGathering):
+        (JSC::trimDeadCellsFromList):
+        (JSC::HeapVerifier::trimDeadCells):
+        (JSC::HeapVerifier::verifyButterflyIsInStorageSpace):
+        (JSC::HeapVerifier::reportCell):
+        (JSC::HeapVerifier::checkIfRecorded):
+        (JSC::GatherLiveObjFunctor::GatherLiveObjFunctor): Deleted.
+        (JSC::GatherLiveObjFunctor::visit): Deleted.
+        (JSC::GatherLiveObjFunctor::operator()): Deleted.
+        (JSC::HeapVerifier::gatherLiveObjects): Deleted.
+        (JSC::HeapVerifier::liveObjectListForGathering): Deleted.
+        (JSC::trimDeadObjectsFromList): Deleted.
+        (JSC::HeapVerifier::trimDeadObjects): Deleted.
+        (JSC::HeapVerifier::reportObject): Deleted.
+        * tools/HeapVerifier.h: Copied from Source/JavaScriptCore/heap/HeapVerifier.h.
+
</ins><span class="cx"> 2017-03-09  Anders Carlsson  &lt;andersca@apple.com&gt;
</span><span class="cx"> 
</span><span class="cx">         Add delegate support to WebCore
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreJavaScriptCorexcodeprojprojectpbxproj"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj (213674 => 213675)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj        2017-03-09 22:37:13 UTC (rev 213674)
+++ trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj        2017-03-09 22:39:09 UTC (rev 213675)
</span><span class="lines">@@ -2360,6 +2360,11 @@
</span><span class="cx">                 FE187A0D1C030D5C0038BBCA /* JITDivGenerator.h in Headers */ = {isa = PBXBuildFile; fileRef = FE187A0B1C0229230038BBCA /* JITDivGenerator.h */; };
</span><span class="cx">                 FE187A0E1C030D640038BBCA /* JITDivGenerator.cpp in Sources */ = {isa = PBXBuildFile; fileRef = FE187A0A1C0229230038BBCA /* JITDivGenerator.cpp */; };
</span><span class="cx">                 FE187A0F1C030D6C0038BBCA /* SnippetOperand.h in Headers */ = {isa = PBXBuildFile; fileRef = FE187A0C1C02EBA70038BBCA /* SnippetOperand.h */; };
</span><ins>+                FE1BD01E1E72002A00134BC9 /* CellList.h in Headers */ = {isa = PBXBuildFile; fileRef = FE1BD01C1E72002100134BC9 /* CellList.h */; };
+                FE1BD01F1E72002D00134BC9 /* CellList.cpp in Sources */ = {isa = PBXBuildFile; fileRef = FE1BD01B1E72002100134BC9 /* CellList.cpp */; };
+                FE1BD0211E72027900134BC9 /* CellProfile.h in Headers */ = {isa = PBXBuildFile; fileRef = FE1BD0201E72027000134BC9 /* CellProfile.h */; };
+                FE1BD0241E72053800134BC9 /* HeapVerifier.cpp in Sources */ = {isa = PBXBuildFile; fileRef = FE1BD0221E72052F00134BC9 /* HeapVerifier.cpp */; };
+                FE1BD0251E72053800134BC9 /* HeapVerifier.h in Headers */ = {isa = PBXBuildFile; fileRef = FE1BD0231E72052F00134BC9 /* HeapVerifier.h */; };
</ins><span class="cx">                 FE1C0FFD1B193E9800B53FCA /* Exception.h in Headers */ = {isa = PBXBuildFile; fileRef = FE1C0FFC1B193E9800B53FCA /* Exception.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx">                 FE1C0FFF1B194FD100B53FCA /* Exception.cpp in Sources */ = {isa = PBXBuildFile; fileRef = FE1C0FFE1B194FD100B53FCA /* Exception.cpp */; };
</span><span class="cx">                 FE20CE9D15F04A9500DF3430 /* LLIntCLoop.cpp in Sources */ = {isa = PBXBuildFile; fileRef = FE20CE9B15F04A9500DF3430 /* LLIntCLoop.cpp */; };
</span><span class="lines">@@ -2377,9 +2382,6 @@
</span><span class="cx">                 FE384EE61ADDB7AD0055DE2C /* JSDollarVM.h in Headers */ = {isa = PBXBuildFile; fileRef = FE384EE21ADDB7AD0055DE2C /* JSDollarVM.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx">                 FE384EE71ADDB7AD0055DE2C /* JSDollarVMPrototype.cpp in Sources */ = {isa = PBXBuildFile; fileRef = FE384EE31ADDB7AD0055DE2C /* JSDollarVMPrototype.cpp */; };
</span><span class="cx">                 FE384EE81ADDB7AD0055DE2C /* JSDollarVMPrototype.h in Headers */ = {isa = PBXBuildFile; fileRef = FE384EE41ADDB7AD0055DE2C /* JSDollarVMPrototype.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><del>-                FE3913541B794F6E00EDAF71 /* LiveObjectList.cpp in Sources */ = {isa = PBXBuildFile; fileRef = FE3913521B794AC900EDAF71 /* LiveObjectList.cpp */; };
-                FE3913551B794F8A00EDAF71 /* LiveObjectData.h in Headers */ = {isa = PBXBuildFile; fileRef = FE3913511B794AC900EDAF71 /* LiveObjectData.h */; settings = {ATTRIBUTES = (Private, ); }; };
-                FE3913561B794F8F00EDAF71 /* LiveObjectList.h in Headers */ = {isa = PBXBuildFile; fileRef = FE3913531B794AC900EDAF71 /* LiveObjectList.h */; settings = {ATTRIBUTES = (Private, ); }; };
</del><span class="cx">                 FE3A06A61C10B72D00390FDD /* JITBitOrGenerator.h in Headers */ = {isa = PBXBuildFile; fileRef = FE3A06A41C10B70800390FDD /* JITBitOrGenerator.h */; };
</span><span class="cx">                 FE3A06A81C10BC8100390FDD /* JITBitBinaryOpGenerator.h in Headers */ = {isa = PBXBuildFile; fileRef = FE3A06A71C10BC7400390FDD /* JITBitBinaryOpGenerator.h */; };
</span><span class="cx">                 FE3A06AC1C10C39E00390FDD /* JITBitOrGenerator.cpp in Sources */ = {isa = PBXBuildFile; fileRef = FE3A06A31C10B70800390FDD /* JITBitOrGenerator.cpp */; };
</span><span class="lines">@@ -2406,8 +2408,6 @@
</span><span class="cx">                 FE68C6381B90DE0B0042BCB3 /* MacroAssemblerPrinter.cpp in Sources */ = {isa = PBXBuildFile; fileRef = FE68C6351B90DDD90042BCB3 /* MacroAssemblerPrinter.cpp */; };
</span><span class="cx">                 FE6F56DE1E64EAD600D17801 /* VMTraps.h in Headers */ = {isa = PBXBuildFile; fileRef = FE6F56DD1E64E92000D17801 /* VMTraps.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx">                 FE6F56DF1E64EADB00D17801 /* VMTraps.cpp in Sources */ = {isa = PBXBuildFile; fileRef = FE6F56DC1E64E92000D17801 /* VMTraps.cpp */; };
</span><del>-                FE7BA60F1A1A7CEC00F1F7B4 /* HeapVerifier.cpp in Sources */ = {isa = PBXBuildFile; fileRef = FE7BA60D1A1A7CEC00F1F7B4 /* HeapVerifier.cpp */; };
-                FE7BA6101A1A7CEC00F1F7B4 /* HeapVerifier.h in Headers */ = {isa = PBXBuildFile; fileRef = FE7BA60E1A1A7CEC00F1F7B4 /* HeapVerifier.h */; settings = {ATTRIBUTES = (Private, ); }; };
</del><span class="cx">                 FE7C41961B97FC4B00F4D598 /* PingPongStackOverflowTest.cpp in Sources */ = {isa = PBXBuildFile; fileRef = FEDA50D41B97F442009A3B4F /* PingPongStackOverflowTest.cpp */; };
</span><span class="cx">                 FE80C1971D775CDD008510C0 /* CatchScope.h in Headers */ = {isa = PBXBuildFile; fileRef = FE80C1961D775B27008510C0 /* CatchScope.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx">                 FE80C1991D775FBE008510C0 /* CatchScope.cpp in Sources */ = {isa = PBXBuildFile; fileRef = FE80C1981D775FB4008510C0 /* CatchScope.cpp */; };
</span><span class="lines">@@ -4940,6 +4940,11 @@
</span><span class="cx">                 FE187A0A1C0229230038BBCA /* JITDivGenerator.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JITDivGenerator.cpp; sourceTree = &quot;&lt;group&gt;&quot;; };
</span><span class="cx">                 FE187A0B1C0229230038BBCA /* JITDivGenerator.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JITDivGenerator.h; sourceTree = &quot;&lt;group&gt;&quot;; };
</span><span class="cx">                 FE187A0C1C02EBA70038BBCA /* SnippetOperand.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SnippetOperand.h; sourceTree = &quot;&lt;group&gt;&quot;; };
</span><ins>+                FE1BD01B1E72002100134BC9 /* CellList.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CellList.cpp; sourceTree = &quot;&lt;group&gt;&quot;; };
+                FE1BD01C1E72002100134BC9 /* CellList.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CellList.h; sourceTree = &quot;&lt;group&gt;&quot;; };
+                FE1BD0201E72027000134BC9 /* CellProfile.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CellProfile.h; sourceTree = &quot;&lt;group&gt;&quot;; };
+                FE1BD0221E72052F00134BC9 /* HeapVerifier.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = HeapVerifier.cpp; sourceTree = &quot;&lt;group&gt;&quot;; };
+                FE1BD0231E72052F00134BC9 /* HeapVerifier.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = HeapVerifier.h; sourceTree = &quot;&lt;group&gt;&quot;; };
</ins><span class="cx">                 FE1C0FFC1B193E9800B53FCA /* Exception.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Exception.h; sourceTree = &quot;&lt;group&gt;&quot;; };
</span><span class="cx">                 FE1C0FFE1B194FD100B53FCA /* Exception.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Exception.cpp; sourceTree = &quot;&lt;group&gt;&quot;; };
</span><span class="cx">                 FE20CE9B15F04A9500DF3430 /* LLIntCLoop.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = LLIntCLoop.cpp; path = llint/LLIntCLoop.cpp; sourceTree = &quot;&lt;group&gt;&quot;; };
</span><span class="lines">@@ -4957,9 +4962,6 @@
</span><span class="cx">                 FE384EE21ADDB7AD0055DE2C /* JSDollarVM.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSDollarVM.h; sourceTree = &quot;&lt;group&gt;&quot;; };
</span><span class="cx">                 FE384EE31ADDB7AD0055DE2C /* JSDollarVMPrototype.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSDollarVMPrototype.cpp; sourceTree = &quot;&lt;group&gt;&quot;; };
</span><span class="cx">                 FE384EE41ADDB7AD0055DE2C /* JSDollarVMPrototype.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSDollarVMPrototype.h; sourceTree = &quot;&lt;group&gt;&quot;; };
</span><del>-                FE3913511B794AC900EDAF71 /* LiveObjectData.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = LiveObjectData.h; sourceTree = &quot;&lt;group&gt;&quot;; };
-                FE3913521B794AC900EDAF71 /* LiveObjectList.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = LiveObjectList.cpp; sourceTree = &quot;&lt;group&gt;&quot;; };
-                FE3913531B794AC900EDAF71 /* LiveObjectList.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = LiveObjectList.h; sourceTree = &quot;&lt;group&gt;&quot;; };
</del><span class="cx">                 FE3A06A31C10B70800390FDD /* JITBitOrGenerator.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JITBitOrGenerator.cpp; sourceTree = &quot;&lt;group&gt;&quot;; };
</span><span class="cx">                 FE3A06A41C10B70800390FDD /* JITBitOrGenerator.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JITBitOrGenerator.h; sourceTree = &quot;&lt;group&gt;&quot;; };
</span><span class="cx">                 FE3A06A71C10BC7400390FDD /* JITBitBinaryOpGenerator.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JITBitBinaryOpGenerator.h; sourceTree = &quot;&lt;group&gt;&quot;; };
</span><span class="lines">@@ -4986,8 +4988,6 @@
</span><span class="cx">                 FE68C6361B90DDD90042BCB3 /* MacroAssemblerPrinter.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MacroAssemblerPrinter.h; sourceTree = &quot;&lt;group&gt;&quot;; };
</span><span class="cx">                 FE6F56DC1E64E92000D17801 /* VMTraps.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = VMTraps.cpp; sourceTree = &quot;&lt;group&gt;&quot;; };
</span><span class="cx">                 FE6F56DD1E64E92000D17801 /* VMTraps.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = VMTraps.h; sourceTree = &quot;&lt;group&gt;&quot;; };
</span><del>-                FE7BA60D1A1A7CEC00F1F7B4 /* HeapVerifier.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = HeapVerifier.cpp; sourceTree = &quot;&lt;group&gt;&quot;; };
-                FE7BA60E1A1A7CEC00F1F7B4 /* HeapVerifier.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = HeapVerifier.h; sourceTree = &quot;&lt;group&gt;&quot;; };
</del><span class="cx">                 FE80C1961D775B27008510C0 /* CatchScope.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CatchScope.h; sourceTree = &quot;&lt;group&gt;&quot;; };
</span><span class="cx">                 FE80C1981D775FB4008510C0 /* CatchScope.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CatchScope.cpp; sourceTree = &quot;&lt;group&gt;&quot;; };
</span><span class="cx">                 FE80C19A1D7768FD008510C0 /* ExceptionEventLocation.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ExceptionEventLocation.cpp; sourceTree = &quot;&lt;group&gt;&quot;; };
</span><span class="lines">@@ -5871,8 +5871,6 @@
</span><span class="cx">                                 C2E526BB1590EF000054E48D /* HeapTimer.cpp */,
</span><span class="cx">                                 C2E526BC1590EF000054E48D /* HeapTimer.h */,
</span><span class="cx">                                 0FADE6721D4D23BC00768457 /* HeapUtil.h */,
</span><del>-                                FE7BA60D1A1A7CEC00F1F7B4 /* HeapVerifier.cpp */,
-                                FE7BA60E1A1A7CEC00F1F7B4 /* HeapVerifier.h */,
</del><span class="cx">                                 C25F8BCB157544A900245B71 /* IncrementalSweeper.cpp */,
</span><span class="cx">                                 C25F8BCC157544A900245B71 /* IncrementalSweeper.h */,
</span><span class="cx">                                 0F766D2915A8CC34008F363E /* JITStubRoutineSet.cpp */,
</span><span class="lines">@@ -5880,9 +5878,6 @@
</span><span class="cx">                                 0F070A451D543A89006E7232 /* LargeAllocation.cpp */,
</span><span class="cx">                                 0F070A461D543A89006E7232 /* LargeAllocation.h */,
</span><span class="cx">                                 0F431736146BAC65007E3890 /* ListableHandler.h */,
</span><del>-                                FE3913511B794AC900EDAF71 /* LiveObjectData.h */,
-                                FE3913521B794AC900EDAF71 /* LiveObjectList.cpp */,
-                                FE3913531B794AC900EDAF71 /* LiveObjectList.h */,
</del><span class="cx">                                 142E3130134FF0A600AFADB5 /* Local.h */,
</span><span class="cx">                                 142E3131134FF0A600AFADB5 /* LocalScope.h */,
</span><span class="cx">                                 0F208AD61DF0925A007D3269 /* LockDuringMarking.h */,
</span><span class="lines">@@ -6923,6 +6918,9 @@
</span><span class="cx">                 8603CEF014C753EF00AE59E3 /* tools */ = {
</span><span class="cx">                         isa = PBXGroup;
</span><span class="cx">                         children = (
</span><ins>+                                FE1BD01B1E72002100134BC9 /* CellList.cpp */,
+                                FE1BD01C1E72002100134BC9 /* CellList.h */,
+                                FE1BD0201E72027000134BC9 /* CellProfile.h */,
</ins><span class="cx">                                 86B5822E14D2373B00A9C306 /* CodeProfile.cpp */,
</span><span class="cx">                                 86B5822F14D2373B00A9C306 /* CodeProfile.h */,
</span><span class="cx">                                 8603CEF214C7546400AE59E3 /* CodeProfiling.cpp */,
</span><span class="lines">@@ -6931,6 +6929,8 @@
</span><span class="cx">                                 FE4BFF2A1AD476E700088F87 /* FunctionOverrides.h */,
</span><span class="cx">                                 FEA0C4001CDD7D0E00481991 /* FunctionWhitelist.cpp */,
</span><span class="cx">                                 FEA0C4011CDD7D0E00481991 /* FunctionWhitelist.h */,
</span><ins>+                                FE1BD0221E72052F00134BC9 /* HeapVerifier.cpp */,
+                                FE1BD0231E72052F00134BC9 /* HeapVerifier.h */,
</ins><span class="cx">                                 FE384EE11ADDB7AD0055DE2C /* JSDollarVM.cpp */,
</span><span class="cx">                                 FE384EE21ADDB7AD0055DE2C /* JSDollarVM.h */,
</span><span class="cx">                                 FE384EE31ADDB7AD0055DE2C /* JSDollarVMPrototype.cpp */,
</span><span class="lines">@@ -8294,6 +8294,7 @@
</span><span class="cx">                                 0FC3CCFC19ADA410006AC72A /* DFGBlockMap.h in Headers */,
</span><span class="cx">                                 0FC3CCFD19ADA410006AC72A /* DFGBlockMapInlines.h in Headers */,
</span><span class="cx">                                 5381B9391E60E97D0090F794 /* WasmFaultSignalHandler.h in Headers */,
</span><ins>+                                FE1BD01E1E72002A00134BC9 /* CellList.h in Headers */,
</ins><span class="cx">                                 0FC3CCFE19ADA410006AC72A /* DFGBlockSet.h in Headers */,
</span><span class="cx">                                 0FBF158D19B7A53100695DD0 /* DFGBlockSetInlines.h in Headers */,
</span><span class="cx">                                 0FC3CD0019ADA410006AC72A /* DFGBlockWorklist.h in Headers */,
</span><span class="lines">@@ -8327,6 +8328,7 @@
</span><span class="cx">                                 C2981FD917BAEE4B00A3BC98 /* DFGDesiredWeakReferences.h in Headers */,
</span><span class="cx">                                 0FF427651591A1CE004CB9FF /* DFGDisassembler.h in Headers */,
</span><span class="cx">                                 0F5A1274192D9FDF008764A3 /* DFGDoesGC.h in Headers */,
</span><ins>+                                FE1BD0251E72053800134BC9 /* HeapVerifier.h in Headers */,
</ins><span class="cx">                                 0FD81AD3154FB4F000983E72 /* DFGDominators.h in Headers */,
</span><span class="cx">                                 E322E5A31DA64439006E7709 /* DFGDOMJITPatchpointParams.h in Headers */,
</span><span class="cx">                                 0F1E3A471534CBB9000F9456 /* DFGDoubleFormatState.h in Headers */,
</span><span class="lines">@@ -8642,7 +8644,6 @@
</span><span class="cx">                                 C2E526BE1590EF000054E48D /* HeapTimer.h in Headers */,
</span><span class="cx">                                 0FD0E5EA1E43D34D0006AB08 /* GCConductor.h in Headers */,
</span><span class="cx">                                 0FADE6731D4D23BE00768457 /* HeapUtil.h in Headers */,
</span><del>-                                FE7BA6101A1A7CEC00F1F7B4 /* HeapVerifier.h in Headers */,
</del><span class="cx">                                 0F4680D514BBD24B00BFE272 /* HostCallReturnValue.h in Headers */,
</span><span class="cx">                                 DC2143071CA32E55000A8869 /* ICStats.h in Headers */,
</span><span class="cx">                                 BC18C40F0E16F5CD00B34460 /* Identifier.h in Headers */,
</span><span class="lines">@@ -8936,8 +8937,6 @@
</span><span class="cx">                                 86D3B3C310159D7F002865E7 /* LinkBuffer.h in Headers */,
</span><span class="cx">                                 0F431738146BAC69007E3890 /* ListableHandler.h in Headers */,
</span><span class="cx">                                 A7E2EA6B0FB460CF00601F06 /* LiteralParser.h in Headers */,
</span><del>-                                FE3913551B794F8A00EDAF71 /* LiveObjectData.h in Headers */,
-                                FE3913561B794F8F00EDAF71 /* LiveObjectList.h in Headers */,
</del><span class="cx">                                 70DE9A091BE7D69E005D89D9 /* LLIntAssembly.h in Headers */,
</span><span class="cx">                                 0F0FC45A14BD15F500B81154 /* LLIntCallLinkInfo.h in Headers */,
</span><span class="cx">                                 FE20CE9E15F04A9500DF3430 /* LLIntCLoop.h in Headers */,
</span><span class="lines">@@ -8961,6 +8960,7 @@
</span><span class="cx">                                 86D3B2C610156BDE002865E7 /* MacroAssemblerARM.h in Headers */,
</span><span class="cx">                                 A1A009C01831A22D00CF8711 /* MacroAssemblerARM64.h in Headers */,
</span><span class="cx">                                 86ADD1460FDDEA980006EEC2 /* MacroAssemblerARMv7.h in Headers */,
</span><ins>+                                FE1BD0211E72027900134BC9 /* CellProfile.h in Headers */,
</ins><span class="cx">                                 863B23E00FC6118900703AA4 /* MacroAssemblerCodeRef.h in Headers */,
</span><span class="cx">                                 E32AB2441DCD75F400D7533A /* MacroAssemblerHelpers.h in Headers */,
</span><span class="cx">                                 86C568E111A213EE0007F7F0 /* MacroAssemblerMIPS.h in Headers */,
</span><span class="lines">@@ -10275,7 +10275,6 @@
</span><span class="cx">                                 A54C2AB01C6544EE00A18D78 /* HeapSnapshot.cpp in Sources */,
</span><span class="cx">                                 A5311C371C77CECA00E6B1B6 /* HeapSnapshotBuilder.cpp in Sources */,
</span><span class="cx">                                 C2E526BD1590EF000054E48D /* HeapTimer.cpp in Sources */,
</span><del>-                                FE7BA60F1A1A7CEC00F1F7B4 /* HeapVerifier.cpp in Sources */,
</del><span class="cx">                                 0F4680D414BBD24900BFE272 /* HostCallReturnValue.cpp in Sources */,
</span><span class="cx">                                 DC2143081CA32E58000A8869 /* ICStats.cpp in Sources */,
</span><span class="cx">                                 147F39CE107EC37600427A48 /* Identifier.cpp in Sources */,
</span><span class="lines">@@ -10480,7 +10479,6 @@
</span><span class="cx">                                 148F21B0107EC5410042EC2C /* Lexer.cpp in Sources */,
</span><span class="cx">                                 0FF4275715914A20004CB9FF /* LinkBuffer.cpp in Sources */,
</span><span class="cx">                                 A7E2EA6C0FB460CF00601F06 /* LiteralParser.cpp in Sources */,
</span><del>-                                FE3913541B794F6E00EDAF71 /* LiveObjectList.cpp in Sources */,
</del><span class="cx">                                 FE20CE9D15F04A9500DF3430 /* LLIntCLoop.cpp in Sources */,
</span><span class="cx">                                 0F4680D214BBD16500BFE272 /* LLIntData.cpp in Sources */,
</span><span class="cx">                                 0F38B01117CF078000B144D3 /* LLIntEntrypoint.cpp in Sources */,
</span><span class="lines">@@ -10632,6 +10630,7 @@
</span><span class="cx">                                 0FDE87FD1DFE6E540064C390 /* SpaceTimeMutatorScheduler.cpp in Sources */,
</span><span class="cx">                                 0F0CD4C415F6B6BB0032F1C0 /* SparseArrayValueMap.cpp in Sources */,
</span><span class="cx">                                 0F5541B11613C1FB00CE3E25 /* SpecialPointer.cpp in Sources */,
</span><ins>+                                FE1BD01F1E72002D00134BC9 /* CellList.cpp in Sources */,
</ins><span class="cx">                                 0FD82E86141F3FF100179C94 /* SpeculatedType.cpp in Sources */,
</span><span class="cx">                                 0F6DB7EA1D6124B800CDBF8E /* StackFrame.cpp in Sources */,
</span><span class="cx">                                 A7C1EAF117987AB600299DB2 /* StackVisitor.cpp in Sources */,
</span><span class="lines">@@ -10666,6 +10665,7 @@
</span><span class="cx">                                 0FA2C17B17D7CF84009D015F /* TestRunnerUtils.cpp in Sources */,
</span><span class="cx">                                 FE2E6A7B1D6EA62C0060F896 /* ThrowScope.cpp in Sources */,
</span><span class="cx">                                 A7386555118697B400540279 /* ThunkGenerators.cpp in Sources */,
</span><ins>+                                FE1BD0241E72053800134BC9 /* HeapVerifier.cpp in Sources */,
</ins><span class="cx">                                 0F2D4DE819832DAC007D4B19 /* ToThisStatus.cpp in Sources */,
</span><span class="cx">                                 0F952ABC1B487A7700C367C5 /* TrackedReferences.cpp in Sources */,
</span><span class="cx">                                 0F2B670717B6B5AB00A7AE3F /* TypedArrayController.cpp in Sources */,
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreheapHeapcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/heap/Heap.cpp (213674 => 213675)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/heap/Heap.cpp        2017-03-09 22:37:13 UTC (rev 213674)
+++ trunk/Source/JavaScriptCore/heap/Heap.cpp        2017-03-09 22:39:09 UTC (rev 213675)
</span><span class="lines">@@ -1103,7 +1103,7 @@
</span><span class="cx">         m_verifier-&gt;verify(HeapVerifier::Phase::BeforeGC);
</span><span class="cx">             
</span><span class="cx">         m_verifier-&gt;initializeGCCycle();
</span><del>-        m_verifier-&gt;gatherLiveObjects(HeapVerifier::Phase::BeforeMarking);
</del><ins>+        m_verifier-&gt;gatherLiveCells(HeapVerifier::Phase::BeforeMarking);
</ins><span class="cx">     }
</span><span class="cx">         
</span><span class="cx">     prepareForMarking();
</span><span class="lines">@@ -1333,7 +1333,7 @@
</span><span class="cx">     endMarking();
</span><span class="cx">         
</span><span class="cx">     if (m_verifier) {
</span><del>-        m_verifier-&gt;gatherLiveObjects(HeapVerifier::Phase::AfterMarking);
</del><ins>+        m_verifier-&gt;gatherLiveCells(HeapVerifier::Phase::AfterMarking);
</ins><span class="cx">         m_verifier-&gt;verify(HeapVerifier::Phase::AfterMarking);
</span><span class="cx">     }
</span><span class="cx">         
</span><span class="lines">@@ -1360,7 +1360,7 @@
</span><span class="cx">     didFinishCollection();
</span><span class="cx">     
</span><span class="cx">     if (m_verifier) {
</span><del>-        m_verifier-&gt;trimDeadObjects();
</del><ins>+        m_verifier-&gt;trimDeadCells();
</ins><span class="cx">         m_verifier-&gt;verify(HeapVerifier::Phase::AfterGC);
</span><span class="cx">     }
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreheapHeapVerifiercpp"></a>
<div class="delfile"><h4>Deleted: trunk/Source/JavaScriptCore/heap/HeapVerifier.cpp (213674 => 213675)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/heap/HeapVerifier.cpp        2017-03-09 22:37:13 UTC (rev 213674)
+++ trunk/Source/JavaScriptCore/heap/HeapVerifier.cpp        2017-03-09 22:39:09 UTC (rev 213675)
</span><span class="lines">@@ -1,217 +0,0 @@
</span><del>-/*
- * Copyright (C) 2014, 2016 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
- */
-
-#include &quot;config.h&quot;
-#include &quot;HeapVerifier.h&quot;
-
-#include &quot;ButterflyInlines.h&quot;
-#include &quot;HeapIterationScope.h&quot;
-#include &quot;JSCInlines.h&quot;
-#include &quot;JSObject.h&quot;
-#include &quot;MarkedSpaceInlines.h&quot;
-
-namespace JSC {
-
-HeapVerifier::HeapVerifier(Heap* heap, unsigned numberOfGCCyclesToRecord)
-    : m_heap(heap)
-    , m_currentCycle(0)
-    , m_numberOfCycles(numberOfGCCyclesToRecord)
-{
-    RELEASE_ASSERT(m_numberOfCycles &gt; 0);
-    m_cycles = std::make_unique&lt;GCCycle[]&gt;(m_numberOfCycles);
-}
-
-const char* HeapVerifier::phaseName(HeapVerifier::Phase phase)
-{
-    switch (phase) {
-    case Phase::BeforeGC:
-        return &quot;BeforeGC&quot;;
-    case Phase::BeforeMarking:
-        return &quot;BeforeMarking&quot;;
-    case Phase::AfterMarking:
-        return &quot;AfterMarking&quot;;
-    case Phase::AfterGC:
-        return &quot;AfterGC&quot;;
-    }
-    RELEASE_ASSERT_NOT_REACHED();
-    return nullptr; // Silencing a compiler warning.
-}
-
-void HeapVerifier::initializeGCCycle()
-{
-    Heap* heap = m_heap;
-    incrementCycle();
-    currentCycle().scope = *heap-&gt;collectionScope();
-}
-
-struct GatherLiveObjFunctor : MarkedBlock::CountFunctor {
-    GatherLiveObjFunctor(LiveObjectList&amp; list)
-        : m_list(list)
-    {
-        ASSERT(!list.liveObjects.size());
-    }
-
-    inline void visit(JSCell* cell)
-    {
-        if (!cell-&gt;isObject())
-            return;        
-        LiveObjectData data(asObject(cell));
-        m_list.liveObjects.append(data);
-    }
-
-    IterationStatus operator()(HeapCell* cell, HeapCell::Kind kind) const
-    {
-        if (kind == HeapCell::JSCell) {
-            // FIXME: This const_cast exists because this isn't a C++ lambda.
-            // https://bugs.webkit.org/show_bug.cgi?id=159644
-            const_cast&lt;GatherLiveObjFunctor*&gt;(this)-&gt;visit(static_cast&lt;JSCell*&gt;(cell));
-        }
-        return IterationStatus::Continue;
-    }
-
-    LiveObjectList&amp; m_list;
-};
-
-void HeapVerifier::gatherLiveObjects(HeapVerifier::Phase phase)
-{
-    Heap* heap = m_heap;
-    LiveObjectList&amp; list = *liveObjectListForGathering(phase);
-
-    HeapIterationScope iterationScope(*heap);
-    list.reset();
-    GatherLiveObjFunctor functor(list);
-    heap-&gt;m_objectSpace.forEachLiveCell(iterationScope, functor);
-}
-
-LiveObjectList* HeapVerifier::liveObjectListForGathering(HeapVerifier::Phase phase)
-{
-    switch (phase) {
-    case Phase::BeforeMarking:
-        return &amp;currentCycle().before;
-    case Phase::AfterMarking:
-        return &amp;currentCycle().after;
-    case Phase::BeforeGC:
-    case Phase::AfterGC:
-        // We should not be gathering live objects during these phases.
-        break;
-    }
-    RELEASE_ASSERT_NOT_REACHED();
-    return nullptr; // Silencing a compiler warning.
-}
-
-static void trimDeadObjectsFromList(HashSet&lt;JSObject*&gt;&amp; knownLiveSet, LiveObjectList&amp; list)
-{
-    if (!list.hasLiveObjects)
-        return;
-
-    size_t liveObjectsFound = 0;
-    for (auto&amp; objData : list.liveObjects) {
-        if (objData.isConfirmedDead)
-            continue; // Don't &quot;resurrect&quot; known dead objects.
-        if (!knownLiveSet.contains(objData.obj)) {
-            objData.isConfirmedDead = true;
-            continue;
-        }
-        liveObjectsFound++;
-    }
-    list.hasLiveObjects = !!liveObjectsFound;
-}
-
-void HeapVerifier::trimDeadObjects()
-{
-    HashSet&lt;JSObject*&gt; knownLiveSet;
-
-    LiveObjectList&amp; after = currentCycle().after;
-    for (auto&amp; objData : after.liveObjects)
-        knownLiveSet.add(objData.obj);
-
-    trimDeadObjectsFromList(knownLiveSet, currentCycle().before);
-
-    for (int i = -1; i &gt; -m_numberOfCycles; i--) {
-        trimDeadObjectsFromList(knownLiveSet, cycleForIndex(i).before);
-        trimDeadObjectsFromList(knownLiveSet, cycleForIndex(i).after);
-    }
-}
-
-bool HeapVerifier::verifyButterflyIsInStorageSpace(Phase, LiveObjectList&amp;)
-{
-    // FIXME: Make this work again. https://bugs.webkit.org/show_bug.cgi?id=161752
-    return true;
-}
-
-void HeapVerifier::verify(HeapVerifier::Phase phase)
-{
-    bool beforeVerified = verifyButterflyIsInStorageSpace(phase, currentCycle().before);
-    bool afterVerified = verifyButterflyIsInStorageSpace(phase, currentCycle().after);
-    RELEASE_ASSERT(beforeVerified &amp;&amp; afterVerified);
-}
-
-void HeapVerifier::reportObject(LiveObjectData&amp; objData, int cycleIndex, HeapVerifier::GCCycle&amp; cycle, LiveObjectList&amp; list)
-{
-    JSObject* obj = objData.obj;
-
-    if (objData.isConfirmedDead) {
-        dataLogF(&quot;FOUND dead obj %p in GC[%d] %s list '%s'\n&quot;,
-            obj, cycleIndex, collectionScopeName(cycle.scope), list.name);
-        return;
-    }
-
-    Structure* structure = obj-&gt;structure();
-    Butterfly* butterfly = obj-&gt;butterfly();
-    void* butterflyBase = butterfly-&gt;base(structure);
-
-    dataLogF(&quot;FOUND obj %p type '%s' butterfly %p (base %p) in GC[%d] %s list '%s'\n&quot;,
-        obj, structure-&gt;classInfo()-&gt;className,
-        butterfly, butterflyBase,
-        cycleIndex, collectionScopeName(cycle.scope), list.name);
-}
-
-void HeapVerifier::checkIfRecorded(JSObject* obj)
-{
-    bool found = false;
-
-    for (int cycleIndex = 0; cycleIndex &gt; -m_numberOfCycles; cycleIndex--) {
-        GCCycle&amp; cycle = cycleForIndex(cycleIndex);
-        LiveObjectList&amp; beforeList = cycle.before; 
-        LiveObjectList&amp; afterList = cycle.after; 
-
-        LiveObjectData* objData;
-        objData = beforeList.findObject(obj);
-        if (objData) {
-            reportObject(*objData, cycleIndex, cycle, beforeList);
-            found = true;
-        }
-        objData = afterList.findObject(obj);
-        if (objData) {
-            reportObject(*objData, cycleIndex, cycle, afterList);
-            found = true;
-        }
-    }
-
-    if (!found)
-        dataLogF(&quot;obj %p NOT FOUND\n&quot;, obj);
-}
-
-} // namespace JSC
</del></span></pre></div>
<a id="trunkSourceJavaScriptCoreheapHeapVerifierh"></a>
<div class="delfile"><h4>Deleted: trunk/Source/JavaScriptCore/heap/HeapVerifier.h (213674 => 213675)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/heap/HeapVerifier.h        2017-03-09 22:37:13 UTC (rev 213674)
+++ trunk/Source/JavaScriptCore/heap/HeapVerifier.h        2017-03-09 22:39:09 UTC (rev 213675)
</span><span class="lines">@@ -1,95 +0,0 @@
</span><del>-/*
- * Copyright (C) 2014-2015 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
- */
-
-#pragma once
-
-#include &quot;Heap.h&quot;
-#include &quot;LiveObjectList.h&quot;
-
-namespace JSC {
-
-class JSObject;
-class MarkedBlock;
-
-class HeapVerifier {
-    WTF_MAKE_FAST_ALLOCATED;
-public:
-    enum class Phase {
-        BeforeGC,
-        BeforeMarking,
-        AfterMarking,
-        AfterGC
-    };
-
-    HeapVerifier(Heap*, unsigned numberOfGCCyclesToRecord);
-
-    void initializeGCCycle();
-    void gatherLiveObjects(Phase);
-    void trimDeadObjects();
-    void verify(Phase);
-
-    // Scans all previously recorded LiveObjectLists and checks if the specified
-    // object was in any of those lists.
-    JS_EXPORT_PRIVATE void checkIfRecorded(JSObject*);
-
-    static const char* phaseName(Phase);
-
-private:
-    struct GCCycle {
-        GCCycle()
-            : before(&quot;Before Marking&quot;)
-            , after(&quot;After Marking&quot;)
-        {
-        }
-
-        CollectionScope scope;
-        LiveObjectList before;
-        LiveObjectList after;
-    };
-
-    void incrementCycle() { m_currentCycle = (m_currentCycle + 1) % m_numberOfCycles; }
-    GCCycle&amp; currentCycle() { return m_cycles[m_currentCycle]; }
-    GCCycle&amp; cycleForIndex(int cycleIndex)
-    {
-        ASSERT(cycleIndex &lt;= 0 &amp;&amp; cycleIndex &gt; -m_numberOfCycles);
-        cycleIndex += m_currentCycle;
-        if (cycleIndex &lt; 0)
-            cycleIndex += m_numberOfCycles;
-        ASSERT(cycleIndex &lt; m_numberOfCycles);
-        return m_cycles[cycleIndex];
-    }
-
-    LiveObjectList* liveObjectListForGathering(Phase);
-    bool verifyButterflyIsInStorageSpace(Phase, LiveObjectList&amp;);
-
-    static void reportObject(LiveObjectData&amp;, int cycleIndex, HeapVerifier::GCCycle&amp;, LiveObjectList&amp;);
-
-    Heap* m_heap;
-    int m_currentCycle;
-    int m_numberOfCycles;
-    std::unique_ptr&lt;GCCycle[]&gt; m_cycles;
-};
-
-} // namespace JSC
</del></span></pre></div>
<a id="trunkSourceJavaScriptCoreheapLiveObjectDatah"></a>
<div class="delfile"><h4>Deleted: trunk/Source/JavaScriptCore/heap/LiveObjectData.h (213674 => 213675)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/heap/LiveObjectData.h        2017-03-09 22:37:13 UTC (rev 213674)
+++ trunk/Source/JavaScriptCore/heap/LiveObjectData.h        2017-03-09 22:39:09 UTC (rev 213675)
</span><span class="lines">@@ -1,43 +0,0 @@
</span><del>-/*
- * Copyright (C) 2015 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#pragma once
-
-namespace JSC {
-
-class JSObject;
-
-struct LiveObjectData {
-    LiveObjectData(JSObject* obj, bool isConfirmedDead = false)
-        : obj(obj)
-        , isConfirmedDead(isConfirmedDead)
-    {
-    }
-    
-    JSObject* obj;
-    bool isConfirmedDead;
-};
-
-} // namespace JSC
</del></span></pre></div>
<a id="trunkSourceJavaScriptCoreheapLiveObjectListcpp"></a>
<div class="delfile"><h4>Deleted: trunk/Source/JavaScriptCore/heap/LiveObjectList.cpp (213674 => 213675)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/heap/LiveObjectList.cpp        2017-03-09 22:37:13 UTC (rev 213674)
+++ trunk/Source/JavaScriptCore/heap/LiveObjectList.cpp        2017-03-09 22:39:09 UTC (rev 213675)
</span><span class="lines">@@ -1,40 +0,0 @@
</span><del>-/*
- * Copyright (C) 2015 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include &quot;config.h&quot;
-#include &quot;LiveObjectList.h&quot;
-
-namespace JSC {
-
-LiveObjectData* LiveObjectList::findObject(JSObject* obj)
-{
-    for (auto&amp; data : liveObjects) {
-        if (obj == data.obj)
-            return &amp;data;
-    }
-    return nullptr;
-}
-
-} // namespace JSC
</del></span></pre></div>
<a id="trunkSourceJavaScriptCoreheapLiveObjectListh"></a>
<div class="delfile"><h4>Deleted: trunk/Source/JavaScriptCore/heap/LiveObjectList.h (213674 => 213675)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/heap/LiveObjectList.h        2017-03-09 22:37:13 UTC (rev 213674)
+++ trunk/Source/JavaScriptCore/heap/LiveObjectList.h        2017-03-09 22:39:09 UTC (rev 213675)
</span><span class="lines">@@ -1,53 +0,0 @@
</span><del>-/*
- * Copyright (C) 2015 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#pragma once
-
-#include &quot;LiveObjectData.h&quot;
-#include &lt;wtf/Vector.h&gt;
-
-namespace JSC {
-
-struct LiveObjectList {
-    LiveObjectList(const char* name)
-        : name(name)
-        , hasLiveObjects(true)
-    {
-    }
-    
-    void reset()
-    {
-        liveObjects.clear();
-        hasLiveObjects = true; // Presume to have live objects until the list is trimmed.
-    }
-    
-    LiveObjectData* findObject(JSObject*);
-    
-    const char* name;
-    Vector&lt;LiveObjectData&gt; liveObjects;
-    bool hasLiveObjects;
-};
-    
-} // namespace JSC
</del></span></pre></div>
<a id="trunkSourceJavaScriptCoretoolsCellListcppfromrev213674trunkSourceJavaScriptCoreheapLiveObjectListcpp"></a>
<div class="copfile"><h4>Copied: trunk/Source/JavaScriptCore/tools/CellList.cpp (from rev 213674, trunk/Source/JavaScriptCore/heap/LiveObjectList.cpp) (0 => 213675)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/tools/CellList.cpp                                (rev 0)
+++ trunk/Source/JavaScriptCore/tools/CellList.cpp        2017-03-09 22:39:09 UTC (rev 213675)
</span><span class="lines">@@ -0,0 +1,40 @@
</span><ins>+/*
+ * Copyright (C) 2015-2017 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include &quot;config.h&quot;
+#include &quot;CellList.h&quot;
+
+namespace JSC {
+
+CellProfile* CellList::findCell(JSCell* cell)
+{
+    for (auto&amp; profile : liveCells) {
+        if (cell == profile.cell)
+            return &amp;profile;
+    }
+    return nullptr;
+}
+
+} // namespace JSC
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoretoolsCellListhfromrev213674trunkSourceJavaScriptCoreheapLiveObjectListh"></a>
<div class="copfile"><h4>Copied: trunk/Source/JavaScriptCore/tools/CellList.h (from rev 213674, trunk/Source/JavaScriptCore/heap/LiveObjectList.h) (0 => 213675)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/tools/CellList.h                                (rev 0)
+++ trunk/Source/JavaScriptCore/tools/CellList.h        2017-03-09 22:39:09 UTC (rev 213675)
</span><span class="lines">@@ -0,0 +1,53 @@
</span><ins>+/*
+ * Copyright (C) 2015-2017 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#include &quot;CellProfile.h&quot;
+#include &lt;wtf/Vector.h&gt;
+
+namespace JSC {
+
+struct CellList {
+    CellList(const char* name)
+        : name(name)
+        , hasLiveCells(true)
+    {
+    }
+    
+    void reset()
+    {
+        liveCells.clear();
+        hasLiveCells = true; // Presume to have live objects until the list is trimmed.
+    }
+    
+    CellProfile* findCell(JSCell*);
+    
+    const char* name;
+    Vector&lt;CellProfile&gt; liveCells;
+    bool hasLiveCells;
+};
+    
+} // namespace JSC
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoretoolsCellProfilehfromrev213674trunkSourceJavaScriptCoreheapLiveObjectDatah"></a>
<div class="copfile"><h4>Copied: trunk/Source/JavaScriptCore/tools/CellProfile.h (from rev 213674, trunk/Source/JavaScriptCore/heap/LiveObjectData.h) (0 => 213675)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/tools/CellProfile.h                                (rev 0)
+++ trunk/Source/JavaScriptCore/tools/CellProfile.h        2017-03-09 22:39:09 UTC (rev 213675)
</span><span class="lines">@@ -0,0 +1,43 @@
</span><ins>+/*
+ * Copyright (C) 2015-2017 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+namespace JSC {
+
+class JSCell;
+
+struct CellProfile {
+    CellProfile(JSCell* cell, bool isConfirmedDead = false)
+        : cell(cell)
+        , isConfirmedDead(isConfirmedDead)
+    {
+    }
+    
+    JSCell* cell;
+    bool isConfirmedDead;
+};
+
+} // namespace JSC
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoretoolsHeapVerifiercppfromrev213674trunkSourceJavaScriptCoreheapHeapVerifiercpp"></a>
<div class="copfile"><h4>Copied: trunk/Source/JavaScriptCore/tools/HeapVerifier.cpp (from rev 213674, trunk/Source/JavaScriptCore/heap/HeapVerifier.cpp) (0 => 213675)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/tools/HeapVerifier.cpp                                (rev 0)
+++ trunk/Source/JavaScriptCore/tools/HeapVerifier.cpp        2017-03-09 22:39:09 UTC (rev 213675)
</span><span class="lines">@@ -0,0 +1,223 @@
</span><ins>+/*
+ * Copyright (C) 2014, 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include &quot;config.h&quot;
+#include &quot;HeapVerifier.h&quot;
+
+#include &quot;ButterflyInlines.h&quot;
+#include &quot;HeapIterationScope.h&quot;
+#include &quot;JSCInlines.h&quot;
+#include &quot;JSObject.h&quot;
+#include &quot;MarkedSpaceInlines.h&quot;
+
+namespace JSC {
+
+HeapVerifier::HeapVerifier(Heap* heap, unsigned numberOfGCCyclesToRecord)
+    : m_heap(heap)
+    , m_currentCycle(0)
+    , m_numberOfCycles(numberOfGCCyclesToRecord)
+{
+    RELEASE_ASSERT(m_numberOfCycles &gt; 0);
+    m_cycles = std::make_unique&lt;GCCycle[]&gt;(m_numberOfCycles);
+}
+
+const char* HeapVerifier::phaseName(HeapVerifier::Phase phase)
+{
+    switch (phase) {
+    case Phase::BeforeGC:
+        return &quot;BeforeGC&quot;;
+    case Phase::BeforeMarking:
+        return &quot;BeforeMarking&quot;;
+    case Phase::AfterMarking:
+        return &quot;AfterMarking&quot;;
+    case Phase::AfterGC:
+        return &quot;AfterGC&quot;;
+    }
+    RELEASE_ASSERT_NOT_REACHED();
+    return nullptr; // Silencing a compiler warning.
+}
+
+void HeapVerifier::initializeGCCycle()
+{
+    Heap* heap = m_heap;
+    incrementCycle();
+    currentCycle().scope = *heap-&gt;collectionScope();
+}
+
+struct GatherCellFunctor : MarkedBlock::CountFunctor {
+    GatherCellFunctor(CellList&amp; list)
+        : m_list(list)
+    {
+        ASSERT(!list.liveCells.size());
+    }
+
+    inline void visit(JSCell* cell)
+    {
+        CellProfile profile(cell);
+        m_list.liveCells.append(profile);
+    }
+
+    IterationStatus operator()(HeapCell* cell, HeapCell::Kind kind) const
+    {
+        if (kind == HeapCell::JSCell) {
+            // FIXME: This const_cast exists because this isn't a C++ lambda.
+            // https://bugs.webkit.org/show_bug.cgi?id=159644
+            const_cast&lt;GatherCellFunctor*&gt;(this)-&gt;visit(static_cast&lt;JSCell*&gt;(cell));
+        }
+        return IterationStatus::Continue;
+    }
+
+    CellList&amp; m_list;
+};
+
+void HeapVerifier::gatherLiveCells(HeapVerifier::Phase phase)
+{
+    Heap* heap = m_heap;
+    CellList&amp; list = *cellListForGathering(phase);
+
+    HeapIterationScope iterationScope(*heap);
+    list.reset();
+    GatherCellFunctor functor(list);
+    heap-&gt;m_objectSpace.forEachLiveCell(iterationScope, functor);
+}
+
+CellList* HeapVerifier::cellListForGathering(HeapVerifier::Phase phase)
+{
+    switch (phase) {
+    case Phase::BeforeMarking:
+        return &amp;currentCycle().before;
+    case Phase::AfterMarking:
+        return &amp;currentCycle().after;
+    case Phase::BeforeGC:
+    case Phase::AfterGC:
+        // We should not be gathering live cells during these phases.
+        break;
+    }
+    RELEASE_ASSERT_NOT_REACHED();
+    return nullptr; // Silencing a compiler warning.
+}
+
+static void trimDeadCellsFromList(HashSet&lt;JSCell*&gt;&amp; knownLiveSet, CellList&amp; list)
+{
+    if (!list.hasLiveCells)
+        return;
+
+    size_t liveCellsFound = 0;
+    for (auto&amp; cellProfile : list.liveCells) {
+        if (cellProfile.isConfirmedDead)
+            continue; // Don't &quot;resurrect&quot; known dead cells.
+        if (!knownLiveSet.contains(cellProfile.cell)) {
+            cellProfile.isConfirmedDead = true;
+            continue;
+        }
+        liveCellsFound++;
+    }
+    list.hasLiveCells = !!liveCellsFound;
+}
+
+void HeapVerifier::trimDeadCells()
+{
+    HashSet&lt;JSCell*&gt; knownLiveSet;
+
+    CellList&amp; after = currentCycle().after;
+    for (auto&amp; cellProfile : after.liveCells)
+        knownLiveSet.add(cellProfile.cell);
+
+    trimDeadCellsFromList(knownLiveSet, currentCycle().before);
+
+    for (int i = -1; i &gt; -m_numberOfCycles; i--) {
+        trimDeadCellsFromList(knownLiveSet, cycleForIndex(i).before);
+        trimDeadCellsFromList(knownLiveSet, cycleForIndex(i).after);
+    }
+}
+
+bool HeapVerifier::verifyButterflyIsInStorageSpace(Phase, CellList&amp;)
+{
+    // FIXME: Make this work again. https://bugs.webkit.org/show_bug.cgi?id=161752
+    return true;
+}
+
+void HeapVerifier::verify(HeapVerifier::Phase phase)
+{
+    bool beforeVerified = verifyButterflyIsInStorageSpace(phase, currentCycle().before);
+    bool afterVerified = verifyButterflyIsInStorageSpace(phase, currentCycle().after);
+    RELEASE_ASSERT(beforeVerified &amp;&amp; afterVerified);
+}
+
+void HeapVerifier::reportCell(CellProfile&amp; cellProfile, int cycleIndex, HeapVerifier::GCCycle&amp; cycle, CellList&amp; list)
+{
+    JSCell* cell = cellProfile.cell;
+
+    if (cellProfile.isConfirmedDead) {
+        dataLogF(&quot;FOUND dead cell %p in GC[%d] %s list '%s'\n&quot;,
+            cell, cycleIndex, collectionScopeName(cycle.scope), list.name);
+        return;
+    }
+
+    if (cell-&gt;isObject()) {
+        JSObject* object = static_cast&lt;JSObject*&gt;(cell);
+        Structure* structure = object-&gt;structure();
+        Butterfly* butterfly = object-&gt;butterfly();
+        void* butterflyBase = butterfly-&gt;base(structure);
+
+        dataLogF(&quot;FOUND object %p type '%s' butterfly %p (base %p) in GC[%d] %s list '%s'\n&quot;,
+            object, structure-&gt;classInfo()-&gt;className,
+            butterfly, butterflyBase,
+            cycleIndex, collectionScopeName(cycle.scope), list.name);
+    } else {
+        Structure* structure = cell-&gt;structure();
+        dataLogF(&quot;FOUND cell %p type '%s' in GC[%d] %s list '%s'\n&quot;,
+            cell, structure-&gt;classInfo()-&gt;className,
+            cycleIndex, collectionScopeName(cycle.scope), list.name);
+    }
+}
+
+void HeapVerifier::checkIfRecorded(JSCell* cell)
+{
+    bool found = false;
+
+    for (int cycleIndex = 0; cycleIndex &gt; -m_numberOfCycles; cycleIndex--) {
+        GCCycle&amp; cycle = cycleForIndex(cycleIndex);
+        CellList&amp; beforeList = cycle.before;
+        CellList&amp; afterList = cycle.after;
+
+        CellProfile* profile;
+        profile = beforeList.findCell(cell);
+        if (profile) {
+            reportCell(*profile, cycleIndex, cycle, beforeList);
+            found = true;
+        }
+        profile = afterList.findCell(cell);
+        if (profile) {
+            reportCell(*profile, cycleIndex, cycle, afterList);
+            found = true;
+        }
+    }
+
+    if (!found)
+        dataLogF(&quot;cell %p NOT FOUND\n&quot;, cell);
+}
+
+} // namespace JSC
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoretoolsHeapVerifierhfromrev213674trunkSourceJavaScriptCoreheapHeapVerifierh"></a>
<div class="copfile"><h4>Copied: trunk/Source/JavaScriptCore/tools/HeapVerifier.h (from rev 213674, trunk/Source/JavaScriptCore/heap/HeapVerifier.h) (0 => 213675)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/tools/HeapVerifier.h                                (rev 0)
+++ trunk/Source/JavaScriptCore/tools/HeapVerifier.h        2017-03-09 22:39:09 UTC (rev 213675)
</span><span class="lines">@@ -0,0 +1,95 @@
</span><ins>+/*
+ * Copyright (C) 2014-2015 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#pragma once
+
+#include &quot;CellList.h&quot;
+#include &quot;Heap.h&quot;
+
+namespace JSC {
+
+class JSCell;
+class MarkedBlock;
+
+class HeapVerifier {
+    WTF_MAKE_FAST_ALLOCATED;
+public:
+    enum class Phase {
+        BeforeGC,
+        BeforeMarking,
+        AfterMarking,
+        AfterGC
+    };
+
+    HeapVerifier(Heap*, unsigned numberOfGCCyclesToRecord);
+
+    void initializeGCCycle();
+    void gatherLiveCells(Phase);
+    void trimDeadCells();
+    void verify(Phase);
+
+    // Scans all previously recorded CellLists and checks if the specified
+    // cell was in any of those lists.
+    JS_EXPORT_PRIVATE void checkIfRecorded(JSCell*);
+
+    static const char* phaseName(Phase);
+
+private:
+    struct GCCycle {
+        GCCycle()
+            : before(&quot;Before Marking&quot;)
+            , after(&quot;After Marking&quot;)
+        {
+        }
+
+        CollectionScope scope;
+        CellList before;
+        CellList after;
+    };
+
+    void incrementCycle() { m_currentCycle = (m_currentCycle + 1) % m_numberOfCycles; }
+    GCCycle&amp; currentCycle() { return m_cycles[m_currentCycle]; }
+    GCCycle&amp; cycleForIndex(int cycleIndex)
+    {
+        ASSERT(cycleIndex &lt;= 0 &amp;&amp; cycleIndex &gt; -m_numberOfCycles);
+        cycleIndex += m_currentCycle;
+        if (cycleIndex &lt; 0)
+            cycleIndex += m_numberOfCycles;
+        ASSERT(cycleIndex &lt; m_numberOfCycles);
+        return m_cycles[cycleIndex];
+    }
+
+    CellList* cellListForGathering(Phase);
+    bool verifyButterflyIsInStorageSpace(Phase, CellList&amp;);
+
+    static void reportCell(CellProfile&amp;, int cycleIndex, HeapVerifier::GCCycle&amp;, CellList&amp;);
+
+    Heap* m_heap;
+    int m_currentCycle;
+    int m_numberOfCycles;
+    std::unique_ptr&lt;GCCycle[]&gt; m_cycles;
+};
+
+} // namespace JSC
</ins></span></pre>
</div>
</div>

</body>
</html>