<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[241037] trunk/Source/JavaScriptCore</title>
</head>
<body>

<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/241037">241037</a></dd>
<dt>Author</dt> <dd>ysuzuki@apple.com</dd>
<dt>Date</dt> <dd>2019-02-06 11:49:04 -0800 (Wed, 06 Feb 2019)</dd>
</dl>

<h3>Log Message</h3>
<pre>[JSC] NativeExecutable should be smaller
https://bugs.webkit.org/show_bug.cgi?id=194331

Reviewed by Michael Saboff.

NativeExecutable takes 88 bytes now. Since our GC rounds the size with 16, it actually takes 96 bytes in IsoSubspaces.
Since a lot of NativeExecutable are allocated, we already has two MarkedBlocks even just after JSGlobalObject initialization.
This patch makes sizeof(NativeExecutable) 64 bytes, which is 32 bytes smaller than 96 bytes. Now our JSGlobalObject initialization
only takes one MarkedBlock for NativeExecutable.

To make NativeExecutable smaller,

1. m_numParametersForCall and m_numParametersForConstruct in ExecutableBase are only meaningful in ScriptExecutable subclasses. Since
   they are not touched from JIT, we can remove them from ExecutableBase and move them to ScriptExecutable.

2. DOMJIT::Signature* is rarely used. Rather than having it in NativeExecutable, we should put it in NativeJITCode. Since NativeExecutable
   always has JITCode, we can safely query the value from NativeExecutable. This patch creates NativeDOMJITCode, which is a subclass of
   NativeJITCode, and instantiated only when DOMJIT::Signature* is given.

3. Move Intrinsic to a member of ScriptExecutable or JITCode. Since JITCode has some paddings to put things, we can leverage this to put
   Intrinsic for NativeExecutable.

We also move "clearCode" code from ExecutableBase to ScriptExecutable since it is only valid for ScriptExecutable subclasses.

* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/CallVariant.h:
* interpreter/Interpreter.cpp:
* jit/JITCode.cpp:
(JSC::DirectJITCode::DirectJITCode):
(JSC::NativeJITCode::NativeJITCode):
(JSC::NativeDOMJITCode::NativeDOMJITCode):
* jit/JITCode.h:
(JSC::JITCode::signature const):
(JSC::JITCode::intrinsic):
* jit/JITOperations.cpp:
* jit/JITThunks.cpp:
(JSC::JITThunks::hostFunctionStub):
* jit/Repatch.cpp:
* llint/LLIntSlowPaths.cpp:
* runtime/ExecutableBase.cpp:
(JSC::ExecutableBase::dump const):
(JSC::ExecutableBase::hashFor const):
(JSC::ExecutableBase::hasClearableCode const): Deleted.
(JSC::ExecutableBase::clearCode): Deleted.
* runtime/ExecutableBase.h:
(JSC::ExecutableBase::ExecutableBase):
(JSC::ExecutableBase::isModuleProgramExecutable):
(JSC::ExecutableBase::isHostFunction const):
(JSC::ExecutableBase::generatedJITCodeForCall const):
(JSC::ExecutableBase::generatedJITCodeForConstruct const):
(JSC::ExecutableBase::generatedJITCodeFor const):
(JSC::ExecutableBase::generatedJITCodeForCall): Deleted.
(JSC::ExecutableBase::generatedJITCodeForConstruct): Deleted.
(JSC::ExecutableBase::generatedJITCodeFor): Deleted.
(JSC::ExecutableBase::offsetOfNumParametersFor): Deleted.
(JSC::ExecutableBase::hasJITCodeForCall const): Deleted.
(JSC::ExecutableBase::hasJITCodeForConstruct const): Deleted.
(JSC::ExecutableBase::intrinsic const): Deleted.
* runtime/ExecutableBaseInlines.h: Added.
(JSC::ExecutableBase::intrinsic const):
(JSC::ExecutableBase::hasJITCodeForCall const):
(JSC::ExecutableBase::hasJITCodeForConstruct const):
* runtime/JSBoundFunction.cpp:
* runtime/JSType.cpp:
(WTF::printInternal):
* runtime/JSType.h:
* runtime/NativeExecutable.cpp:
(JSC::NativeExecutable::create):
(JSC::NativeExecutable::createStructure):
(JSC::NativeExecutable::NativeExecutable):
(JSC::NativeExecutable::signatureFor const):
(JSC::NativeExecutable::intrinsic const):
* runtime/NativeExecutable.h:
* runtime/ScriptExecutable.cpp:
(JSC::ScriptExecutable::ScriptExecutable):
(JSC::ScriptExecutable::clearCode):
(JSC::ScriptExecutable::installCode):
(JSC::ScriptExecutable::hasClearableCode const):
* runtime/ScriptExecutable.h:
(JSC::ScriptExecutable::intrinsic const):
(JSC::ScriptExecutable::hasJITCodeForCall const):
(JSC::ScriptExecutable::hasJITCodeForConstruct const):
* runtime/VM.cpp:
(JSC::VM::getHostFunction):</pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceJavaScriptCoreCMakeListstxt">trunk/Source/JavaScriptCore/CMakeLists.txt</a></li>
<li><a href="#trunkSourceJavaScriptCoreChangeLog">trunk/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCoreJavaScriptCorexcodeprojprojectpbxproj">trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeCallVarianth">trunk/Source/JavaScriptCore/bytecode/CallVariant.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreinterpreterInterpretercpp">trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITCodecpp">trunk/Source/JavaScriptCore/jit/JITCode.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITCodeh">trunk/Source/JavaScriptCore/jit/JITCode.h</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITOperationscpp">trunk/Source/JavaScriptCore/jit/JITOperations.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITThunkscpp">trunk/Source/JavaScriptCore/jit/JITThunks.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitRepatchcpp">trunk/Source/JavaScriptCore/jit/Repatch.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorellintLLIntSlowPathscpp">trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeExecutableBasecpp">trunk/Source/JavaScriptCore/runtime/ExecutableBase.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeExecutableBaseh">trunk/Source/JavaScriptCore/runtime/ExecutableBase.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSBoundFunctioncpp">trunk/Source/JavaScriptCore/runtime/JSBoundFunction.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSTypecpp">trunk/Source/JavaScriptCore/runtime/JSType.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSTypeh">trunk/Source/JavaScriptCore/runtime/JSType.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeNativeExecutablecpp">trunk/Source/JavaScriptCore/runtime/NativeExecutable.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeNativeExecutableh">trunk/Source/JavaScriptCore/runtime/NativeExecutable.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeScriptExecutablecpp">trunk/Source/JavaScriptCore/runtime/ScriptExecutable.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeScriptExecutableh">trunk/Source/JavaScriptCore/runtime/ScriptExecutable.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeVMcpp">trunk/Source/JavaScriptCore/runtime/VM.cpp</a></li>
</ul>

<h3>Added Paths</h3>
<ul>
<li><a href="#trunkSourceJavaScriptCoreruntimeExecutableBaseInlinesh">trunk/Source/JavaScriptCore/runtime/ExecutableBaseInlines.h</a></li>
</ul>

</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceJavaScriptCoreCMakeListstxt"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/CMakeLists.txt (241036 => 241037)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/CMakeLists.txt       2019-02-06 19:40:29 UTC (rev 241036)
+++ trunk/Source/JavaScriptCore/CMakeLists.txt  2019-02-06 19:49:04 UTC (rev 241037)
</span><span class="lines">@@ -782,6 +782,7 @@
</span><span class="cx">     runtime/ExceptionHelpers.h
</span><span class="cx">     runtime/ExceptionScope.h
</span><span class="cx">     runtime/ExecutableBase.h
</span><ins>+    runtime/ExecutableBaseInlines.h
</ins><span class="cx">     runtime/Float32Array.h
</span><span class="cx">     runtime/Float64Array.h
</span><span class="cx">     runtime/FunctionConstructor.h
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ChangeLog (241036 => 241037)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ChangeLog    2019-02-06 19:40:29 UTC (rev 241036)
+++ trunk/Source/JavaScriptCore/ChangeLog       2019-02-06 19:49:04 UTC (rev 241037)
</span><span class="lines">@@ -1,3 +1,91 @@
</span><ins>+2019-02-06  Yusuke Suzuki  <ysuzuki@apple.com>
+
+        [JSC] NativeExecutable should be smaller
+        https://bugs.webkit.org/show_bug.cgi?id=194331
+
+        Reviewed by Michael Saboff.
+
+        NativeExecutable takes 88 bytes now. Since our GC rounds the size with 16, it actually takes 96 bytes in IsoSubspaces.
+        Since a lot of NativeExecutable are allocated, we already has two MarkedBlocks even just after JSGlobalObject initialization.
+        This patch makes sizeof(NativeExecutable) 64 bytes, which is 32 bytes smaller than 96 bytes. Now our JSGlobalObject initialization
+        only takes one MarkedBlock for NativeExecutable.
+
+        To make NativeExecutable smaller,
+
+        1. m_numParametersForCall and m_numParametersForConstruct in ExecutableBase are only meaningful in ScriptExecutable subclasses. Since
+           they are not touched from JIT, we can remove them from ExecutableBase and move them to ScriptExecutable.
+
+        2. DOMJIT::Signature* is rarely used. Rather than having it in NativeExecutable, we should put it in NativeJITCode. Since NativeExecutable
+           always has JITCode, we can safely query the value from NativeExecutable. This patch creates NativeDOMJITCode, which is a subclass of
+           NativeJITCode, and instantiated only when DOMJIT::Signature* is given.
+
+        3. Move Intrinsic to a member of ScriptExecutable or JITCode. Since JITCode has some paddings to put things, we can leverage this to put
+           Intrinsic for NativeExecutable.
+
+        We also move "clearCode" code from ExecutableBase to ScriptExecutable since it is only valid for ScriptExecutable subclasses.
+
+        * CMakeLists.txt:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * bytecode/CallVariant.h:
+        * interpreter/Interpreter.cpp:
+        * jit/JITCode.cpp:
+        (JSC::DirectJITCode::DirectJITCode):
+        (JSC::NativeJITCode::NativeJITCode):
+        (JSC::NativeDOMJITCode::NativeDOMJITCode):
+        * jit/JITCode.h:
+        (JSC::JITCode::signature const):
+        (JSC::JITCode::intrinsic):
+        * jit/JITOperations.cpp:
+        * jit/JITThunks.cpp:
+        (JSC::JITThunks::hostFunctionStub):
+        * jit/Repatch.cpp:
+        * llint/LLIntSlowPaths.cpp:
+        * runtime/ExecutableBase.cpp:
+        (JSC::ExecutableBase::dump const):
+        (JSC::ExecutableBase::hashFor const):
+        (JSC::ExecutableBase::hasClearableCode const): Deleted.
+        (JSC::ExecutableBase::clearCode): Deleted.
+        * runtime/ExecutableBase.h:
+        (JSC::ExecutableBase::ExecutableBase):
+        (JSC::ExecutableBase::isModuleProgramExecutable):
+        (JSC::ExecutableBase::isHostFunction const):
+        (JSC::ExecutableBase::generatedJITCodeForCall const):
+        (JSC::ExecutableBase::generatedJITCodeForConstruct const):
+        (JSC::ExecutableBase::generatedJITCodeFor const):
+        (JSC::ExecutableBase::generatedJITCodeForCall): Deleted.
+        (JSC::ExecutableBase::generatedJITCodeForConstruct): Deleted.
+        (JSC::ExecutableBase::generatedJITCodeFor): Deleted.
+        (JSC::ExecutableBase::offsetOfNumParametersFor): Deleted.
+        (JSC::ExecutableBase::hasJITCodeForCall const): Deleted.
+        (JSC::ExecutableBase::hasJITCodeForConstruct const): Deleted.
+        (JSC::ExecutableBase::intrinsic const): Deleted.
+        * runtime/ExecutableBaseInlines.h: Added.
+        (JSC::ExecutableBase::intrinsic const):
+        (JSC::ExecutableBase::hasJITCodeForCall const):
+        (JSC::ExecutableBase::hasJITCodeForConstruct const):
+        * runtime/JSBoundFunction.cpp:
+        * runtime/JSType.cpp:
+        (WTF::printInternal):
+        * runtime/JSType.h:
+        * runtime/NativeExecutable.cpp:
+        (JSC::NativeExecutable::create):
+        (JSC::NativeExecutable::createStructure):
+        (JSC::NativeExecutable::NativeExecutable):
+        (JSC::NativeExecutable::signatureFor const):
+        (JSC::NativeExecutable::intrinsic const):
+        * runtime/NativeExecutable.h:
+        * runtime/ScriptExecutable.cpp:
+        (JSC::ScriptExecutable::ScriptExecutable):
+        (JSC::ScriptExecutable::clearCode):
+        (JSC::ScriptExecutable::installCode):
+        (JSC::ScriptExecutable::hasClearableCode const):
+        * runtime/ScriptExecutable.h:
+        (JSC::ScriptExecutable::intrinsic const):
+        (JSC::ScriptExecutable::hasJITCodeForCall const):
+        (JSC::ScriptExecutable::hasJITCodeForConstruct const):
+        * runtime/VM.cpp:
+        (JSC::VM::getHostFunction):
+
</ins><span class="cx"> 2019-02-06  Pablo Saavedra  <psaavedra@igalia.com>
</span><span class="cx"> 
</span><span class="cx">         Build failure after r240431
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreJavaScriptCorexcodeprojprojectpbxproj"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj (241036 => 241037)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj     2019-02-06 19:40:29 UTC (rev 241036)
+++ trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj        2019-02-06 19:49:04 UTC (rev 241037)
</span><span class="lines">@@ -1759,6 +1759,7 @@
</span><span class="cx">          E350708A1DC49BBF0089BCD6 /* DOMJITSignature.h in Headers */ = {isa = PBXBuildFile; fileRef = E35070891DC49BB60089BCD6 /* DOMJITSignature.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx">          E354622B1B6065D100545386 /* ConstructAbility.h in Headers */ = {isa = PBXBuildFile; fileRef = E354622A1B6065D100545386 /* ConstructAbility.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx">          E3555B8A1DAE03A500F36921 /* DOMJITCallDOMGetterSnippet.h in Headers */ = {isa = PBXBuildFile; fileRef = E3555B891DAE03A200F36921 /* DOMJITCallDOMGetterSnippet.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><ins>+               E35A0B9D220AD87A00AC4474 /* ExecutableBaseInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = E35A0B9C220AD87A00AC4474 /* ExecutableBaseInlines.h */; settings = {ATTRIBUTES = (Private, ); }; };
</ins><span class="cx">           E35CA1541DBC3A5C00F83516 /* DOMJITHeapRange.h in Headers */ = {isa = PBXBuildFile; fileRef = E35CA1521DBC3A5600F83516 /* DOMJITHeapRange.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx">          E35CA1561DBC3A5F00F83516 /* DOMJITAbstractHeap.h in Headers */ = {isa = PBXBuildFile; fileRef = E35CA1501DBC3A5600F83516 /* DOMJITAbstractHeap.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx">          E35E03601B7AB43E0073AD2A /* InspectorInstrumentationObject.h in Headers */ = {isa = PBXBuildFile; fileRef = E35E035E1B7AB43E0073AD2A /* InspectorInstrumentationObject.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="lines">@@ -4692,6 +4693,7 @@
</span><span class="cx">          E35070891DC49BB60089BCD6 /* DOMJITSignature.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DOMJITSignature.h; sourceTree = "<group>"; };
</span><span class="cx">          E354622A1B6065D100545386 /* ConstructAbility.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ConstructAbility.h; sourceTree = "<group>"; };
</span><span class="cx">          E3555B891DAE03A200F36921 /* DOMJITCallDOMGetterSnippet.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DOMJITCallDOMGetterSnippet.h; sourceTree = "<group>"; };
</span><ins>+               E35A0B9C220AD87A00AC4474 /* ExecutableBaseInlines.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ExecutableBaseInlines.h; sourceTree = "<group>"; };
</ins><span class="cx">           E35CA14F1DBC3A5600F83516 /* DOMJITAbstractHeap.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = DOMJITAbstractHeap.cpp; sourceTree = "<group>"; };
</span><span class="cx">          E35CA1501DBC3A5600F83516 /* DOMJITAbstractHeap.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DOMJITAbstractHeap.h; sourceTree = "<group>"; };
</span><span class="cx">          E35CA1511DBC3A5600F83516 /* DOMJITHeapRange.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = DOMJITHeapRange.cpp; sourceTree = "<group>"; };
</span><span class="lines">@@ -6734,6 +6736,7 @@
</span><span class="cx">                          FE6491361D78F01300A694D4 /* ExceptionScope.h */,
</span><span class="cx">                          147341E91DC2CF2500AA29BA /* ExecutableBase.cpp */,
</span><span class="cx">                          147341CB1DC02D7200AA29BA /* ExecutableBase.h */,
</span><ins>+                               E35A0B9C220AD87A00AC4474 /* ExecutableBaseInlines.h */,
</ins><span class="cx">                           A7A8AF2917ADB5F3005AB174 /* Float32Array.h */,
</span><span class="cx">                          A7A8AF2A17ADB5F3005AB174 /* Float64Array.h */,
</span><span class="cx">                          BC2680C00E16D4E900A06E92 /* FunctionConstructor.cpp */,
</span><span class="lines">@@ -8950,6 +8953,7 @@
</span><span class="cx">                          0FF054FA1AC35B4400E5BE57 /* ExecutableAllocationFuzz.h in Headers */,
</span><span class="cx">                          A766B44F0EE8DCD1009518CA /* ExecutableAllocator.h in Headers */,
</span><span class="cx">                          147341CC1DC02D7200AA29BA /* ExecutableBase.h in Headers */,
</span><ins>+                               E35A0B9D220AD87A00AC4474 /* ExecutableBaseInlines.h in Headers */,
</ins><span class="cx">                           14142E531B796EDD00F4BF4B /* ExecutableInfo.h in Headers */,
</span><span class="cx">                          0F60FE901FFC37020003320A /* ExecutableToCodeBlockEdge.h in Headers */,
</span><span class="cx">                          0F56A1D315000F35002992B1 /* ExecutionCounter.h in Headers */,
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeCallVarianth"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/CallVariant.h (241036 => 241037)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/CallVariant.h       2019-02-06 19:40:29 UTC (rev 241036)
+++ trunk/Source/JavaScriptCore/bytecode/CallVariant.h  2019-02-06 19:49:04 UTC (rev 241037)
</span><span class="lines">@@ -25,6 +25,7 @@
</span><span class="cx"> 
</span><span class="cx"> #pragma once
</span><span class="cx"> 
</span><ins>+#include "ExecutableBaseInlines.h"
</ins><span class="cx"> #include "FunctionExecutable.h"
</span><span class="cx"> #include "JSCast.h"
</span><span class="cx"> #include "JSFunction.h"
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreinterpreterInterpretercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp (241036 => 241037)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp  2019-02-06 19:40:29 UTC (rev 241036)
+++ trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp     2019-02-06 19:49:04 UTC (rev 241037)
</span><span class="lines">@@ -37,6 +37,7 @@
</span><span class="cx"> #include "CodeBlock.h"
</span><span class="cx"> #include "CodeCache.h"
</span><span class="cx"> #include "DirectArguments.h"
</span><ins>+#include "ExecutableBaseInlines.h"
</ins><span class="cx"> #include "Heap.h"
</span><span class="cx"> #include "Debugger.h"
</span><span class="cx"> #include "DebuggerCallFrame.h"
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITCodecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITCode.cpp (241036 => 241037)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITCode.cpp      2019-02-06 19:40:29 UTC (rev 241036)
+++ trunk/Source/JavaScriptCore/jit/JITCode.cpp 2019-02-06 19:49:04 UTC (rev 241037)
</span><span class="lines">@@ -159,6 +159,15 @@
</span><span class="cx">     ASSERT(m_withArityCheck);
</span><span class="cx"> }
</span><span class="cx"> 
</span><ins>+DirectJITCode::DirectJITCode(JITCode::CodeRef<JSEntryPtrTag> ref, JITCode::CodePtr<JSEntryPtrTag> withArityCheck, JITType jitType, Intrinsic intrinsic)
+    : JITCodeWithCodeRef(ref, jitType)
+    , m_withArityCheck(withArityCheck)
+{
+    m_intrinsic = intrinsic;
+    ASSERT(m_ref);
+    ASSERT(m_withArityCheck);
+}
+
</ins><span class="cx"> DirectJITCode::~DirectJITCode()
</span><span class="cx"> {
</span><span class="cx"> }
</span><span class="lines">@@ -191,9 +200,10 @@
</span><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx"> 
</span><del>-NativeJITCode::NativeJITCode(CodeRef<JSEntryPtrTag> ref, JITType jitType)
</del><ins>+NativeJITCode::NativeJITCode(CodeRef<JSEntryPtrTag> ref, JITType jitType, Intrinsic intrinsic)
</ins><span class="cx">     : JITCodeWithCodeRef(ref, jitType)
</span><span class="cx"> {
</span><ins>+    m_intrinsic = intrinsic;
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> NativeJITCode::~NativeJITCode()
</span><span class="lines">@@ -219,6 +229,12 @@
</span><span class="cx">     return CodePtr<JSEntryPtrTag>();
</span><span class="cx"> }
</span><span class="cx"> 
</span><ins>+NativeDOMJITCode::NativeDOMJITCode(CodeRef<JSEntryPtrTag> ref, JITType type, Intrinsic intrinsic, const DOMJIT::Signature* signature)
+    : NativeJITCode(ref, type, intrinsic)
+    , m_signature(signature)
+{
+}
+
</ins><span class="cx"> #if ENABLE(JIT)
</span><span class="cx"> RegisterSet JITCode::liveRegistersToPreserveAtExceptionHandlingCallSite(CodeBlock*, CallSiteIndex)
</span><span class="cx"> {
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITCodeh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITCode.h (241036 => 241037)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITCode.h        2019-02-06 19:40:29 UTC (rev 241036)
+++ trunk/Source/JavaScriptCore/jit/JITCode.h   2019-02-06 19:49:04 UTC (rev 241037)
</span><span class="lines">@@ -43,6 +43,9 @@
</span><span class="cx"> class ForOSREntryJITCode;
</span><span class="cx"> class JITCode;
</span><span class="cx"> }
</span><ins>+namespace DOMJIT {
+class Signature;
+}
</ins><span class="cx"> 
</span><span class="cx"> struct ProtoCallFrame;
</span><span class="cx"> class TrackedReferences;
</span><span class="lines">@@ -152,6 +155,8 @@
</span><span class="cx">     {
</span><span class="cx">         return jitType == InterpreterThunk || jitType == BaselineJIT;
</span><span class="cx">     }
</span><ins>+
+    virtual const DOMJIT::Signature* signature() const { return nullptr; }
</ins><span class="cx">     
</span><span class="cx"> protected:
</span><span class="cx">     JITCode(JITType);
</span><span class="lines">@@ -198,8 +203,12 @@
</span><span class="cx">     virtual Optional<CodeOrigin> findPC(CodeBlock*, void* pc) { UNUSED_PARAM(pc); return WTF::nullopt; }
</span><span class="cx"> #endif
</span><span class="cx"> 
</span><ins>+    Intrinsic intrinsic() { return m_intrinsic; }
+
</ins><span class="cx"> private:
</span><span class="cx">     JITType m_jitType;
</span><ins>+protected:
+    Intrinsic m_intrinsic { NoIntrinsic }; // Effective only in NativeExecutable.
</ins><span class="cx"> };
</span><span class="cx"> 
</span><span class="cx"> class JITCodeWithCodeRef : public JITCode {
</span><span class="lines">@@ -224,6 +233,7 @@
</span><span class="cx"> public:
</span><span class="cx">     DirectJITCode(JITType);
</span><span class="cx">     DirectJITCode(CodeRef<JSEntryPtrTag>, CodePtr<JSEntryPtrTag> withArityCheck, JITType);
</span><ins>+    DirectJITCode(CodeRef<JSEntryPtrTag>, CodePtr<JSEntryPtrTag> withArityCheck, JITType, Intrinsic); // For generated thunk.
</ins><span class="cx">     virtual ~DirectJITCode();
</span><span class="cx">     
</span><span class="cx">     void initializeCodeRef(CodeRef<JSEntryPtrTag>, CodePtr<JSEntryPtrTag> withArityCheck);
</span><span class="lines">@@ -237,7 +247,7 @@
</span><span class="cx"> class NativeJITCode : public JITCodeWithCodeRef {
</span><span class="cx"> public:
</span><span class="cx">     NativeJITCode(JITType);
</span><del>-    NativeJITCode(CodeRef<JSEntryPtrTag>, JITType);
</del><ins>+    NativeJITCode(CodeRef<JSEntryPtrTag>, JITType, Intrinsic);
</ins><span class="cx">     virtual ~NativeJITCode();
</span><span class="cx">     
</span><span class="cx">     void initializeCodeRef(CodeRef<JSEntryPtrTag>);
</span><span class="lines">@@ -245,6 +255,17 @@
</span><span class="cx">     CodePtr<JSEntryPtrTag> addressForCall(ArityCheckMode) override;
</span><span class="cx"> };
</span><span class="cx"> 
</span><ins>+class NativeDOMJITCode final : public NativeJITCode {
+public:
+    NativeDOMJITCode(CodeRef<JSEntryPtrTag>, JITType, Intrinsic, const DOMJIT::Signature*);
+    virtual ~NativeDOMJITCode() = default;
+
+    const DOMJIT::Signature* signature() const override { return m_signature; }
+
+private:
+    const DOMJIT::Signature* m_signature;
+};
+
</ins><span class="cx"> } // namespace JSC
</span><span class="cx"> 
</span><span class="cx"> namespace WTF {
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITOperationscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITOperations.cpp (241036 => 241037)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITOperations.cpp        2019-02-06 19:40:29 UTC (rev 241036)
+++ trunk/Source/JavaScriptCore/jit/JITOperations.cpp   2019-02-06 19:49:04 UTC (rev 241037)
</span><span class="lines">@@ -42,6 +42,7 @@
</span><span class="cx"> #include "ErrorHandlingScope.h"
</span><span class="cx"> #include "EvalCodeBlock.h"
</span><span class="cx"> #include "ExceptionFuzz.h"
</span><ins>+#include "ExecutableBaseInlines.h"
</ins><span class="cx"> #include "FTLOSREntry.h"
</span><span class="cx"> #include "FrameTracers.h"
</span><span class="cx"> #include "FunctionCodeBlock.h"
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITThunkscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITThunks.cpp (241036 => 241037)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITThunks.cpp    2019-02-06 19:40:29 UTC (rev 241036)
+++ trunk/Source/JavaScriptCore/jit/JITThunks.cpp       2019-02-06 19:49:04 UTC (rev 241037)
</span><span class="lines">@@ -124,13 +124,15 @@
</span><span class="cx">     RefPtr<JITCode> forCall;
</span><span class="cx">     if (generator) {
</span><span class="cx">         MacroAssemblerCodeRef<JSEntryPtrTag> entry = generator(vm).retagged<JSEntryPtrTag>();
</span><del>-        forCall = adoptRef(new DirectJITCode(entry, entry.code(), JITCode::HostCallThunk));
-    } else
-        forCall = adoptRef(new NativeJITCode(MacroAssemblerCodeRef<JSEntryPtrTag>::createSelfManagedCodeRef(ctiNativeCall(vm).retagged<JSEntryPtrTag>()), JITCode::HostCallThunk));
</del><ins>+        forCall = adoptRef(new DirectJITCode(entry, entry.code(), JITCode::HostCallThunk, intrinsic));
+    } else if (signature)
+        forCall = adoptRef(new NativeDOMJITCode(MacroAssemblerCodeRef<JSEntryPtrTag>::createSelfManagedCodeRef(ctiNativeCall(vm).retagged<JSEntryPtrTag>()), JITCode::HostCallThunk, intrinsic, signature));
+    else
+        forCall = adoptRef(new NativeJITCode(MacroAssemblerCodeRef<JSEntryPtrTag>::createSelfManagedCodeRef(ctiNativeCall(vm).retagged<JSEntryPtrTag>()), JITCode::HostCallThunk, intrinsic));
</ins><span class="cx">     
</span><del>-    Ref<JITCode> forConstruct = adoptRef(*new NativeJITCode(MacroAssemblerCodeRef<JSEntryPtrTag>::createSelfManagedCodeRef(ctiNativeConstruct(vm).retagged<JSEntryPtrTag>()), JITCode::HostCallThunk));
</del><ins>+    Ref<JITCode> forConstruct = adoptRef(*new NativeJITCode(MacroAssemblerCodeRef<JSEntryPtrTag>::createSelfManagedCodeRef(ctiNativeConstruct(vm).retagged<JSEntryPtrTag>()), JITCode::HostCallThunk, NoIntrinsic));
</ins><span class="cx">     
</span><del>-    NativeExecutable* nativeExecutable = NativeExecutable::create(*vm, forCall.releaseNonNull(), function, WTFMove(forConstruct), constructor, intrinsic, signature, name);
</del><ins>+    NativeExecutable* nativeExecutable = NativeExecutable::create(*vm, forCall.releaseNonNull(), function, WTFMove(forConstruct), constructor, name);
</ins><span class="cx">     weakAdd(*m_hostFunctionStubMap, std::make_tuple(function, constructor, name), Weak<NativeExecutable>(nativeExecutable, this));
</span><span class="cx">     return nativeExecutable;
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitRepatchcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/Repatch.cpp (241036 => 241037)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/Repatch.cpp      2019-02-06 19:40:29 UTC (rev 241036)
+++ trunk/Source/JavaScriptCore/jit/Repatch.cpp 2019-02-06 19:49:04 UTC (rev 241037)
</span><span class="lines">@@ -35,6 +35,7 @@
</span><span class="cx"> #include "DFGSpeculativeJIT.h"
</span><span class="cx"> #include "DOMJITGetterSetter.h"
</span><span class="cx"> #include "DirectArguments.h"
</span><ins>+#include "ExecutableBaseInlines.h"
</ins><span class="cx"> #include "FTLThunks.h"
</span><span class="cx"> #include "FullCodeOrigin.h"
</span><span class="cx"> #include "FunctionCodeBlock.h"
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorellintLLIntSlowPathscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp (241036 => 241037)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp     2019-02-06 19:40:29 UTC (rev 241036)
+++ trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp        2019-02-06 19:49:04 UTC (rev 241037)
</span><span class="lines">@@ -34,6 +34,7 @@
</span><span class="cx"> #include "EvalCodeBlock.h"
</span><span class="cx"> #include "Exception.h"
</span><span class="cx"> #include "ExceptionFuzz.h"
</span><ins>+#include "ExecutableBaseInlines.h"
</ins><span class="cx"> #include "FrameTracers.h"
</span><span class="cx"> #include "FunctionCodeBlock.h"
</span><span class="cx"> #include "FunctionWhitelist.h"
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeExecutableBasecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/ExecutableBase.cpp (241036 => 241037)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/ExecutableBase.cpp   2019-02-06 19:40:29 UTC (rev 241036)
+++ trunk/Source/JavaScriptCore/runtime/ExecutableBase.cpp      2019-02-06 19:49:04 UTC (rev 241037)
</span><span class="lines">@@ -49,100 +49,17 @@
</span><span class="cx">     static_cast<ExecutableBase*>(cell)->ExecutableBase::~ExecutableBase();
</span><span class="cx"> }
</span><span class="cx"> 
</span><del>-bool ExecutableBase::hasClearableCode() const
-{
-    VM& vm = *this->vm();
-
-#if ENABLE(JIT)
-    if (m_jitCodeForCall
-        || m_jitCodeForConstruct
-        || m_jitCodeForCallWithArityCheck
-        || m_jitCodeForConstructWithArityCheck)
-        return true;
-#endif
-
-    if (structure(vm)->classInfo() == FunctionExecutable::info()) {
-        auto* executable = static_cast<const FunctionExecutable*>(this);
-        if (executable->m_codeBlockForCall || executable->m_codeBlockForConstruct)
-            return true;
-
-    } else if (structure(vm)->classInfo() == EvalExecutable::info()) {
-        auto* executable = static_cast<const EvalExecutable*>(this);
-        if (executable->m_evalCodeBlock || executable->m_unlinkedEvalCodeBlock)
-            return true;
-
-    } else if (structure(vm)->classInfo() == ProgramExecutable::info()) {
-        auto* executable = static_cast<const ProgramExecutable*>(this);
-        if (executable->m_programCodeBlock || executable->m_unlinkedProgramCodeBlock)
-            return true;
-
-    } else if (structure(vm)->classInfo() == ModuleProgramExecutable::info()) {
-        auto* executable = static_cast<const ModuleProgramExecutable*>(this);
-        if (executable->m_moduleProgramCodeBlock
-            || executable->m_unlinkedModuleProgramCodeBlock
-            || executable->m_moduleEnvironmentSymbolTable)
-            return true;
-    }
-    return false;
-}
-
-void ExecutableBase::clearCode()
-{
-#if ENABLE(JIT)
-    m_jitCodeForCall = nullptr;
-    m_jitCodeForConstruct = nullptr;
-    m_jitCodeForCallWithArityCheck = MacroAssemblerCodePtr<JSEntryPtrTag>();
-    m_jitCodeForConstructWithArityCheck = MacroAssemblerCodePtr<JSEntryPtrTag>();
-#endif
-    m_numParametersForCall = NUM_PARAMETERS_NOT_COMPILED;
-    m_numParametersForConstruct = NUM_PARAMETERS_NOT_COMPILED;
-    VM& vm = *this->vm();
-
-
-    if (structure(vm)->classInfo() == FunctionExecutable::info()) {
-        FunctionExecutable* executable = static_cast<FunctionExecutable*>(this);
-        executable->m_codeBlockForCall.clear();
-        executable->m_codeBlockForConstruct.clear();
-        return;
-    }
-
-    if (structure(vm)->classInfo() == EvalExecutable::info()) {
-        EvalExecutable* executable = static_cast<EvalExecutable*>(this);
-        executable->m_evalCodeBlock.clear();
-        executable->m_unlinkedEvalCodeBlock.clear();
-        return;
-    }
-    
-    if (structure(vm)->classInfo() == ProgramExecutable::info()) {
-        ProgramExecutable* executable = static_cast<ProgramExecutable*>(this);
-        executable->m_programCodeBlock.clear();
-        executable->m_unlinkedProgramCodeBlock.clear();
-        return;
-    }
-
-    if (structure(vm)->classInfo() == ModuleProgramExecutable::info()) {
-        ModuleProgramExecutable* executable = static_cast<ModuleProgramExecutable*>(this);
-        executable->m_moduleProgramCodeBlock.clear();
-        executable->m_unlinkedModuleProgramCodeBlock.clear();
-        executable->m_moduleEnvironmentSymbolTable.clear();
-        return;
-    }
-    
-    ASSERT(structure(vm)->classInfo() == NativeExecutable::info());
-}
-
</del><span class="cx"> void ExecutableBase::dump(PrintStream& out) const
</span><span class="cx"> {
</span><del>-    VM& vm = *this->vm();
</del><span class="cx">     ExecutableBase* realThis = const_cast<ExecutableBase*>(this);
</span><span class="cx"> 
</span><del>-    if (classInfo(vm) == NativeExecutable::info()) {
</del><ins>+    switch (type()) {
+    case NativeExecutableType: {
</ins><span class="cx">         NativeExecutable* native = jsCast<NativeExecutable*>(realThis);
</span><span class="cx">         out.print("NativeExecutable:", RawPointer(bitwise_cast<void*>(native->function())), "/", RawPointer(bitwise_cast<void*>(native->constructor())));
</span><span class="cx">         return;
</span><span class="cx">     }
</span><del>-    
-    if (classInfo(vm) == EvalExecutable::info()) {
</del><ins>+    case EvalExecutableType: {
</ins><span class="cx">         EvalExecutable* eval = jsCast<EvalExecutable*>(realThis);
</span><span class="cx">         if (CodeBlock* codeBlock = eval->codeBlock())
</span><span class="cx">             out.print(*codeBlock);
</span><span class="lines">@@ -150,8 +67,7 @@
</span><span class="cx">             out.print("EvalExecutable w/o CodeBlock");
</span><span class="cx">         return;
</span><span class="cx">     }
</span><del>-    
-    if (classInfo(vm) == ProgramExecutable::info()) {
</del><ins>+    case ProgramExecutableType: {
</ins><span class="cx">         ProgramExecutable* eval = jsCast<ProgramExecutable*>(realThis);
</span><span class="cx">         if (CodeBlock* codeBlock = eval->codeBlock())
</span><span class="cx">             out.print(*codeBlock);
</span><span class="lines">@@ -159,8 +75,7 @@
</span><span class="cx">             out.print("ProgramExecutable w/o CodeBlock");
</span><span class="cx">         return;
</span><span class="cx">     }
</span><del>-
-    if (classInfo(vm) == ModuleProgramExecutable::info()) {
</del><ins>+    case ModuleProgramExecutableType: {
</ins><span class="cx">         ModuleProgramExecutable* executable = jsCast<ModuleProgramExecutable*>(realThis);
</span><span class="cx">         if (CodeBlock* codeBlock = executable->codeBlock())
</span><span class="cx">             out.print(*codeBlock);
</span><span class="lines">@@ -168,22 +83,27 @@
</span><span class="cx">             out.print("ModuleProgramExecutable w/o CodeBlock");
</span><span class="cx">         return;
</span><span class="cx">     }
</span><del>-    
-    FunctionExecutable* function = jsCast<FunctionExecutable*>(realThis);
-    if (!function->eitherCodeBlock())
-        out.print("FunctionExecutable w/o CodeBlock");
-    else {
-        CommaPrinter comma("/");
-        if (function->codeBlockForCall())
-            out.print(comma, *function->codeBlockForCall());
-        if (function->codeBlockForConstruct())
-            out.print(comma, *function->codeBlockForConstruct());
</del><ins>+    case FunctionExecutableType: {
+        FunctionExecutable* function = jsCast<FunctionExecutable*>(realThis);
+        if (!function->eitherCodeBlock())
+            out.print("FunctionExecutable w/o CodeBlock");
+        else {
+            CommaPrinter comma("/");
+            if (function->codeBlockForCall())
+                out.print(comma, *function->codeBlockForCall());
+            if (function->codeBlockForConstruct())
+                out.print(comma, *function->codeBlockForConstruct());
+        }
+        return;
</ins><span class="cx">     }
</span><ins>+    default:
+        RELEASE_ASSERT_NOT_REACHED();
+    }
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> CodeBlockHash ExecutableBase::hashFor(CodeSpecializationKind kind) const
</span><span class="cx"> {
</span><del>-    if (this->classInfo(*this->vm()) == NativeExecutable::info())
</del><ins>+    if (type() == NativeExecutableType)
</ins><span class="cx">         return jsCast<const NativeExecutable*>(this)->hashFor(kind);
</span><span class="cx">     
</span><span class="cx">     return jsCast<const ScriptExecutable*>(this)->hashFor(kind);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeExecutableBaseh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/ExecutableBase.h (241036 => 241037)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/ExecutableBase.h     2019-02-06 19:40:29 UTC (rev 241036)
+++ trunk/Source/JavaScriptCore/runtime/ExecutableBase.h        2019-02-06 19:49:04 UTC (rev 241037)
</span><span class="lines">@@ -60,14 +60,8 @@
</span><span class="cx">     friend MacroAssemblerCodeRef<JITThunkPtrTag> boundThisNoArgsFunctionCallGenerator(VM*);
</span><span class="cx"> 
</span><span class="cx"> protected:
</span><del>-    static const int NUM_PARAMETERS_IS_HOST = 0;
-    static const int NUM_PARAMETERS_NOT_COMPILED = -1;
-
-    ExecutableBase(VM& vm, Structure* structure, int numParameters, Intrinsic intrinsic)
</del><ins>+    ExecutableBase(VM& vm, Structure* structure)
</ins><span class="cx">         : JSCell(vm, structure)
</span><del>-        , m_numParametersForCall(numParameters)
-        , m_numParametersForConstruct(numParameters)
-        , m_intrinsic(intrinsic)
</del><span class="cx">     {
</span><span class="cx">     }
</span><span class="cx"> 
</span><span class="lines">@@ -105,39 +99,29 @@
</span><span class="cx">     {
</span><span class="cx">         return type() == ModuleProgramExecutableType;
</span><span class="cx">     }
</span><del>-
-
</del><span class="cx">     bool isHostFunction() const
</span><span class="cx">     {
</span><del>-        ASSERT((m_numParametersForCall == NUM_PARAMETERS_IS_HOST) == (m_numParametersForConstruct == NUM_PARAMETERS_IS_HOST));
-        return m_numParametersForCall == NUM_PARAMETERS_IS_HOST;
</del><ins>+        return type() == NativeExecutableType;
</ins><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue proto) { return Structure::create(vm, globalObject, proto, TypeInfo(CellType, StructureFlags), info()); }
</span><span class="cx"> 
</span><del>-    bool hasClearableCode() const;
-    void clearCode();
-
</del><span class="cx">     DECLARE_EXPORT_INFO;
</span><span class="cx"> 
</span><del>-protected:
-    int m_numParametersForCall;
-    int m_numParametersForConstruct;
-
</del><span class="cx"> public:
</span><del>-    Ref<JITCode> generatedJITCodeForCall()
</del><ins>+    Ref<JITCode> generatedJITCodeForCall() const
</ins><span class="cx">     {
</span><span class="cx">         ASSERT(m_jitCodeForCall);
</span><span class="cx">         return *m_jitCodeForCall;
</span><span class="cx">     }
</span><span class="cx"> 
</span><del>-    Ref<JITCode> generatedJITCodeForConstruct()
</del><ins>+    Ref<JITCode> generatedJITCodeForConstruct() const
</ins><span class="cx">     {
</span><span class="cx">         ASSERT(m_jitCodeForConstruct);
</span><span class="cx">         return *m_jitCodeForConstruct;
</span><span class="cx">     }
</span><span class="cx">         
</span><del>-    Ref<JITCode> generatedJITCodeFor(CodeSpecializationKind kind)
</del><ins>+    Ref<JITCode> generatedJITCodeFor(CodeSpecializationKind kind) const
</ins><span class="cx">     {
</span><span class="cx">         if (kind == CodeForCall)
</span><span class="cx">             return generatedJITCodeForCall();
</span><span class="lines">@@ -190,24 +174,9 @@
</span><span class="cx">         return 0;
</span><span class="cx">     }
</span><span class="cx">     
</span><del>-    static ptrdiff_t offsetOfNumParametersFor(CodeSpecializationKind kind)
-    {
-        if (kind == CodeForCall)
-            return OBJECT_OFFSETOF(ExecutableBase, m_numParametersForCall);
-        ASSERT(kind == CodeForConstruct);
-        return OBJECT_OFFSETOF(ExecutableBase, m_numParametersForConstruct);
-    }
</del><ins>+    bool hasJITCodeForCall() const;
+    bool hasJITCodeForConstruct() const;
</ins><span class="cx"> 
</span><del>-    bool hasJITCodeForCall() const
-    {
-        return m_numParametersForCall >= 0;
-    }
-        
-    bool hasJITCodeForConstruct() const
-    {
-        return m_numParametersForConstruct >= 0;
-    }
-        
</del><span class="cx">     bool hasJITCodeFor(CodeSpecializationKind kind) const
</span><span class="cx">     {
</span><span class="cx">         if (kind == CodeForCall)
</span><span class="lines">@@ -217,7 +186,7 @@
</span><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     // Intrinsics are only for calls, currently.
</span><del>-    Intrinsic intrinsic() const { return m_intrinsic; }
</del><ins>+    Intrinsic intrinsic() const;
</ins><span class="cx">         
</span><span class="cx">     Intrinsic intrinsicFor(CodeSpecializationKind kind) const
</span><span class="cx">     {
</span><span class="lines">@@ -233,7 +202,6 @@
</span><span class="cx">     RefPtr<JITCode> m_jitCodeForConstruct;
</span><span class="cx">     MacroAssemblerCodePtr<JSEntryPtrTag> m_jitCodeForCallWithArityCheck;
</span><span class="cx">     MacroAssemblerCodePtr<JSEntryPtrTag> m_jitCodeForConstructWithArityCheck;
</span><del>-    Intrinsic m_intrinsic;
</del><span class="cx"> };
</span><span class="cx"> 
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeExecutableBaseInlinesh"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/runtime/ExecutableBaseInlines.h (0 => 241037)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/ExecutableBaseInlines.h                              (rev 0)
+++ trunk/Source/JavaScriptCore/runtime/ExecutableBaseInlines.h 2019-02-06 19:49:04 UTC (rev 241037)
</span><span class="lines">@@ -0,0 +1,55 @@
</span><ins>+/*
+ * Copyright (C) 2019 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#include "ExecutableBase.h"
+#include "NativeExecutable.h"
+#include "ScriptExecutable.h"
+
+namespace JSC {
+
+inline Intrinsic ExecutableBase::intrinsic() const
+{
+    if (isHostFunction())
+        return jsCast<const NativeExecutable*>(this)->intrinsic();
+    return jsCast<const ScriptExecutable*>(this)->intrinsic();
+}
+
+inline bool ExecutableBase::hasJITCodeForCall() const
+{
+    if (isHostFunction())
+        return true;
+    return jsCast<const ScriptExecutable*>(this)->hasJITCodeForCall();
+}
+
+inline bool ExecutableBase::hasJITCodeForConstruct() const
+{
+    if (isHostFunction())
+        return true;
+    return jsCast<const ScriptExecutable*>(this)->hasJITCodeForConstruct();
+}
+
+} // namespace JSC
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSBoundFunctioncpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSBoundFunction.cpp (241036 => 241037)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSBoundFunction.cpp  2019-02-06 19:40:29 UTC (rev 241036)
+++ trunk/Source/JavaScriptCore/runtime/JSBoundFunction.cpp     2019-02-06 19:49:04 UTC (rev 241037)
</span><span class="lines">@@ -26,6 +26,7 @@
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "JSBoundFunction.h"
</span><span class="cx"> 
</span><ins>+#include "ExecutableBaseInlines.h"
</ins><span class="cx"> #include "GetterSetter.h"
</span><span class="cx"> #include "JSGlobalObject.h"
</span><span class="cx"> #include "JSCInlines.h"
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSTypecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSType.cpp (241036 => 241037)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSType.cpp   2019-02-06 19:40:29 UTC (rev 241036)
+++ trunk/Source/JavaScriptCore/runtime/JSType.cpp      2019-02-06 19:49:04 UTC (rev 241037)
</span><span class="lines">@@ -46,6 +46,7 @@
</span><span class="cx">     CASE(BigIntType)
</span><span class="cx">     CASE(CustomGetterSetterType)
</span><span class="cx">     CASE(APIValueWrapperType)
</span><ins>+    CASE(NativeExecutableType)
</ins><span class="cx">     CASE(ProgramExecutableType)
</span><span class="cx">     CASE(ModuleProgramExecutableType)
</span><span class="cx">     CASE(EvalExecutableType)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSTypeh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSType.h (241036 => 241037)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSType.h     2019-02-06 19:40:29 UTC (rev 241036)
+++ trunk/Source/JavaScriptCore/runtime/JSType.h        2019-02-06 19:49:04 UTC (rev 241037)
</span><span class="lines">@@ -32,6 +32,8 @@
</span><span class="cx">     CustomGetterSetterType,
</span><span class="cx">     APIValueWrapperType,
</span><span class="cx"> 
</span><ins>+    NativeExecutableType,
+
</ins><span class="cx">     ProgramExecutableType,
</span><span class="cx">     ModuleProgramExecutableType,
</span><span class="cx">     EvalExecutableType,
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeNativeExecutablecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/NativeExecutable.cpp (241036 => 241037)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/NativeExecutable.cpp 2019-02-06 19:40:29 UTC (rev 241036)
+++ trunk/Source/JavaScriptCore/runtime/NativeExecutable.cpp    2019-02-06 19:49:04 UTC (rev 241037)
</span><span class="lines">@@ -40,10 +40,10 @@
</span><span class="cx"> 
</span><span class="cx"> const ClassInfo NativeExecutable::s_info = { "NativeExecutable", &ExecutableBase::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(NativeExecutable) };
</span><span class="cx"> 
</span><del>-NativeExecutable* NativeExecutable::create(VM& vm, Ref<JITCode>&& callThunk, TaggedNativeFunction function, Ref<JITCode>&& constructThunk, TaggedNativeFunction constructor, Intrinsic intrinsic, const DOMJIT::Signature* signature, const String& name)
</del><ins>+NativeExecutable* NativeExecutable::create(VM& vm, Ref<JITCode>&& callThunk, TaggedNativeFunction function, Ref<JITCode>&& constructThunk, TaggedNativeFunction constructor, const String& name)
</ins><span class="cx"> {
</span><span class="cx">     NativeExecutable* executable;
</span><del>-    executable = new (NotNull, allocateCell<NativeExecutable>(vm.heap)) NativeExecutable(vm, function, constructor, intrinsic, signature);
</del><ins>+    executable = new (NotNull, allocateCell<NativeExecutable>(vm.heap)) NativeExecutable(vm, function, constructor);
</ins><span class="cx">     executable->finishCreation(vm, WTFMove(callThunk), WTFMove(constructThunk), name);
</span><span class="cx">     return executable;
</span><span class="cx"> }
</span><span class="lines">@@ -55,7 +55,7 @@
</span><span class="cx"> 
</span><span class="cx"> Structure* NativeExecutable::createStructure(VM& vm, JSGlobalObject* globalObject, JSValue proto)
</span><span class="cx"> {
</span><del>-    return Structure::create(vm, globalObject, proto, TypeInfo(CellType, StructureFlags), info());
</del><ins>+    return Structure::create(vm, globalObject, proto, TypeInfo(NativeExecutableType, StructureFlags), info());
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void NativeExecutable::finishCreation(VM& vm, Ref<JITCode>&& callThunk, Ref<JITCode>&& constructThunk, const String& name)
</span><span class="lines">@@ -73,14 +73,24 @@
</span><span class="cx">     assertIsTaggedWith(m_jitCodeForConstructWithArityCheck.executableAddress(), JSEntryPtrTag);
</span><span class="cx"> }
</span><span class="cx"> 
</span><del>-NativeExecutable::NativeExecutable(VM& vm, TaggedNativeFunction function, TaggedNativeFunction constructor, Intrinsic intrinsic, const DOMJIT::Signature* signature)
-    : ExecutableBase(vm, vm.nativeExecutableStructure.get(), NUM_PARAMETERS_IS_HOST, intrinsic)
</del><ins>+NativeExecutable::NativeExecutable(VM& vm, TaggedNativeFunction function, TaggedNativeFunction constructor)
+    : ExecutableBase(vm, vm.nativeExecutableStructure.get())
</ins><span class="cx">     , m_function(function)
</span><span class="cx">     , m_constructor(constructor)
</span><del>-    , m_signature(signature)
</del><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx"> 
</span><ins>+const DOMJIT::Signature* NativeExecutable::signatureFor(CodeSpecializationKind kind) const
+{
+    ASSERT(hasJITCodeFor(kind));
+    return generatedJITCodeFor(kind)->signature();
+}
+
+Intrinsic NativeExecutable::intrinsic() const
+{
+    return generatedJITCodeFor(CodeForCall)->intrinsic();
+}
+
</ins><span class="cx"> CodeBlockHash NativeExecutable::hashFor(CodeSpecializationKind kind) const
</span><span class="cx"> {
</span><span class="cx">     if (kind == CodeForCall)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeNativeExecutableh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/NativeExecutable.h (241036 => 241037)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/NativeExecutable.h   2019-02-06 19:40:29 UTC (rev 241036)
+++ trunk/Source/JavaScriptCore/runtime/NativeExecutable.h      2019-02-06 19:49:04 UTC (rev 241037)
</span><span class="lines">@@ -29,9 +29,6 @@
</span><span class="cx"> #include "JSCPoison.h"
</span><span class="cx"> 
</span><span class="cx"> namespace JSC {
</span><del>-namespace DOMJIT {
-class Signature;
-}
</del><span class="cx"> 
</span><span class="cx"> class NativeExecutable final : public ExecutableBase {
</span><span class="cx">     friend class JIT;
</span><span class="lines">@@ -40,7 +37,7 @@
</span><span class="cx">     typedef ExecutableBase Base;
</span><span class="cx">     static const unsigned StructureFlags = Base::StructureFlags | StructureIsImmortal;
</span><span class="cx"> 
</span><del>-    static NativeExecutable* create(VM&, Ref<JITCode>&& callThunk, TaggedNativeFunction, Ref<JITCode>&& constructThunk, TaggedNativeFunction constructor, Intrinsic, const DOMJIT::Signature*, const String& name);
</del><ins>+    static NativeExecutable* create(VM&, Ref<JITCode>&& callThunk, TaggedNativeFunction, Ref<JITCode>&& constructThunk, TaggedNativeFunction constructor, const String& name);
</ins><span class="cx"> 
</span><span class="cx">     static void destroy(JSCell*);
</span><span class="cx">     
</span><span class="lines">@@ -76,14 +73,9 @@
</span><span class="cx">     DECLARE_INFO;
</span><span class="cx"> 
</span><span class="cx">     const String& name() const { return m_name; }
</span><del>-    const DOMJIT::Signature* signature() const { return m_signature; }
</del><span class="cx"> 
</span><del>-    const DOMJIT::Signature* signatureFor(CodeSpecializationKind kind) const
-    {
-        if (isCall(kind))
-            return signature();
-        return nullptr;
-    }
</del><ins>+    const DOMJIT::Signature* signatureFor(CodeSpecializationKind) const;
+    Intrinsic intrinsic() const;
</ins><span class="cx"> 
</span><span class="cx"> protected:
</span><span class="cx">     void finishCreation(VM&, Ref<JITCode>&& callThunk, Ref<JITCode>&& constructThunk, const String& name);
</span><span class="lines">@@ -92,11 +84,10 @@
</span><span class="cx">     friend class ExecutableBase;
</span><span class="cx">     using PoisonedTaggedNativeFunction = Poisoned<NativeCodePoison, TaggedNativeFunction>;
</span><span class="cx"> 
</span><del>-    NativeExecutable(VM&, TaggedNativeFunction, TaggedNativeFunction constructor, Intrinsic, const DOMJIT::Signature*);
</del><ins>+    NativeExecutable(VM&, TaggedNativeFunction, TaggedNativeFunction constructor);
</ins><span class="cx"> 
</span><span class="cx">     PoisonedTaggedNativeFunction m_function;
</span><span class="cx">     PoisonedTaggedNativeFunction m_constructor;
</span><del>-    const DOMJIT::Signature* m_signature;
</del><span class="cx"> 
</span><span class="cx">     String m_name;
</span><span class="cx"> };
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeScriptExecutablecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/ScriptExecutable.cpp (241036 => 241037)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/ScriptExecutable.cpp 2019-02-06 19:40:29 UTC (rev 241036)
+++ trunk/Source/JavaScriptCore/runtime/ScriptExecutable.cpp    2019-02-06 19:49:04 UTC (rev 241037)
</span><span class="lines">@@ -46,7 +46,9 @@
</span><span class="cx"> const ClassInfo ScriptExecutable::s_info = { "ScriptExecutable", &ExecutableBase::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(ScriptExecutable) };
</span><span class="cx"> 
</span><span class="cx"> ScriptExecutable::ScriptExecutable(Structure* structure, VM& vm, const SourceCode& source, bool isInStrictContext, DerivedContextType derivedContextType, bool isInArrowFunctionContext, EvalContextType evalContextType, Intrinsic intrinsic)
</span><del>-    : ExecutableBase(vm, structure, NUM_PARAMETERS_NOT_COMPILED, intrinsic)
</del><ins>+    : ExecutableBase(vm, structure)
+    , m_source(source)
+    , m_intrinsic(intrinsic)
</ins><span class="cx">     , m_features(isInStrictContext ? StrictModeFeature : 0)
</span><span class="cx">     , m_hasCapturedVariables(false)
</span><span class="cx">     , m_neverInline(false)
</span><span class="lines">@@ -56,7 +58,6 @@
</span><span class="cx">     , m_canUseOSRExitFuzzing(true)
</span><span class="cx">     , m_derivedContextType(static_cast<unsigned>(derivedContextType))
</span><span class="cx">     , m_evalContextType(static_cast<unsigned>(evalContextType))
</span><del>-    , m_source(source)
</del><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="lines">@@ -67,7 +68,46 @@
</span><span class="cx"> 
</span><span class="cx"> void ScriptExecutable::clearCode(IsoCellSet& clearableCodeSet)
</span><span class="cx"> {
</span><del>-    Base::clearCode();
</del><ins>+#if ENABLE(JIT)
+    m_jitCodeForCall = nullptr;
+    m_jitCodeForConstruct = nullptr;
+    m_jitCodeForCallWithArityCheck = MacroAssemblerCodePtr<JSEntryPtrTag>();
+    m_jitCodeForConstructWithArityCheck = MacroAssemblerCodePtr<JSEntryPtrTag>();
+#endif
+    m_numParametersForCall = NUM_PARAMETERS_NOT_COMPILED;
+    m_numParametersForConstruct = NUM_PARAMETERS_NOT_COMPILED;
+
+    switch (type()) {
+    case FunctionExecutableType: {
+        FunctionExecutable* executable = static_cast<FunctionExecutable*>(this);
+        executable->m_codeBlockForCall.clear();
+        executable->m_codeBlockForConstruct.clear();
+        break;
+    }
+    case EvalExecutableType: {
+        EvalExecutable* executable = static_cast<EvalExecutable*>(this);
+        executable->m_evalCodeBlock.clear();
+        executable->m_unlinkedEvalCodeBlock.clear();
+        break;
+    }
+    case ProgramExecutableType: {
+        ProgramExecutable* executable = static_cast<ProgramExecutable*>(this);
+        executable->m_programCodeBlock.clear();
+        executable->m_unlinkedProgramCodeBlock.clear();
+        break;
+    }
+    case ModuleProgramExecutableType: {
+        ModuleProgramExecutable* executable = static_cast<ModuleProgramExecutable*>(this);
+        executable->m_moduleProgramCodeBlock.clear();
+        executable->m_unlinkedModuleProgramCodeBlock.clear();
+        executable->m_moduleEnvironmentSymbolTable.clear();
+        break;
+    }
+    default:
+        RELEASE_ASSERT_NOT_REACHED();
+        break;
+    }
+
</ins><span class="cx">     ASSERT(&VM::SpaceAndSet::setFor(*subspace()) == &clearableCodeSet);
</span><span class="cx">     clearableCodeSet.remove(this);
</span><span class="cx"> }
</span><span class="lines">@@ -150,7 +190,7 @@
</span><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     auto& clearableCodeSet = VM::SpaceAndSet::setFor(*subspace());
</span><del>-    if (hasClearableCode())
</del><ins>+    if (hasClearableCode(vm))
</ins><span class="cx">         clearableCodeSet.add(this);
</span><span class="cx">     else
</span><span class="cx">         clearableCodeSet.remove(this);
</span><span class="lines">@@ -176,6 +216,41 @@
</span><span class="cx">     vm.heap.writeBarrier(this);
</span><span class="cx"> }
</span><span class="cx"> 
</span><ins>+bool ScriptExecutable::hasClearableCode(VM& vm) const
+{
+#if ENABLE(JIT)
+    if (m_jitCodeForCall
+        || m_jitCodeForConstruct
+        || m_jitCodeForCallWithArityCheck
+        || m_jitCodeForConstructWithArityCheck)
+        return true;
+#endif
+
+    if (structure(vm)->classInfo() == FunctionExecutable::info()) {
+        auto* executable = static_cast<const FunctionExecutable*>(this);
+        if (executable->m_codeBlockForCall || executable->m_codeBlockForConstruct)
+            return true;
+
+    } else if (structure(vm)->classInfo() == EvalExecutable::info()) {
+        auto* executable = static_cast<const EvalExecutable*>(this);
+        if (executable->m_evalCodeBlock || executable->m_unlinkedEvalCodeBlock)
+            return true;
+
+    } else if (structure(vm)->classInfo() == ProgramExecutable::info()) {
+        auto* executable = static_cast<const ProgramExecutable*>(this);
+        if (executable->m_programCodeBlock || executable->m_unlinkedProgramCodeBlock)
+            return true;
+
+    } else if (structure(vm)->classInfo() == ModuleProgramExecutable::info()) {
+        auto* executable = static_cast<const ModuleProgramExecutable*>(this);
+        if (executable->m_moduleProgramCodeBlock
+            || executable->m_unlinkedModuleProgramCodeBlock
+            || executable->m_moduleEnvironmentSymbolTable)
+            return true;
+    }
+    return false;
+}
+
</ins><span class="cx"> CodeBlock* ScriptExecutable::newCodeBlockFor(
</span><span class="cx">     CodeSpecializationKind kind, JSFunction* function, JSScope* scope, JSObject*& exception)
</span><span class="cx"> {
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeScriptExecutableh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/ScriptExecutable.h (241036 => 241037)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/ScriptExecutable.h   2019-02-06 19:40:29 UTC (rev 241036)
+++ trunk/Source/JavaScriptCore/runtime/ScriptExecutable.h      2019-02-06 19:49:04 UTC (rev 241037)
</span><span class="lines">@@ -97,6 +97,22 @@
</span><span class="cx"> 
</span><span class="cx">     void clearCode(IsoCellSet&);
</span><span class="cx"> 
</span><ins>+    Intrinsic intrinsic() const
+    {
+        return m_intrinsic;
+    }
+
+    static constexpr int NUM_PARAMETERS_NOT_COMPILED = -1;
+
+    bool hasJITCodeForCall() const
+    {
+        return m_numParametersForCall >= 0;
+    }
+    bool hasJITCodeForConstruct() const
+    {
+        return m_numParametersForConstruct >= 0;
+    }
+
</ins><span class="cx">     // This function has an interesting GC story. Callers of this function are asking us to create a CodeBlock
</span><span class="cx">     // that is not jettisoned before this function returns. Callers are essentially asking for a strong reference
</span><span class="cx">     // to the CodeBlock. Because the Executable may be allocating the CodeBlock, we require callers to pass in
</span><span class="lines">@@ -110,6 +126,8 @@
</span><span class="cx">     friend class ExecutableBase;
</span><span class="cx">     JSObject* prepareForExecutionImpl(VM&, JSFunction*, JSScope*, CodeSpecializationKind, CodeBlock*&);
</span><span class="cx"> 
</span><ins>+    bool hasClearableCode(VM&) const;
+
</ins><span class="cx"> protected:
</span><span class="cx">     ScriptExecutable(Structure*, VM&, const SourceCode&, bool isInStrictContext, DerivedContextType, bool isInArrowFunctionContext, EvalContextType, Intrinsic);
</span><span class="cx"> 
</span><span class="lines">@@ -123,6 +141,15 @@
</span><span class="cx"> #endif
</span><span class="cx">     }
</span><span class="cx"> 
</span><ins>+    SourceCode m_source;
+
+    int m_numParametersForCall { NUM_PARAMETERS_NOT_COMPILED };
+    int m_numParametersForConstruct { NUM_PARAMETERS_NOT_COMPILED };
+
+    int m_lastLine { -1 };
+    unsigned m_endColumn { UINT_MAX };
+
+    Intrinsic m_intrinsic { NoIntrinsic };
</ins><span class="cx">     bool m_didTryToEnterInLoop { false };
</span><span class="cx">     CodeFeatures m_features;
</span><span class="cx">     bool m_hasCapturedVariables : 1;
</span><span class="lines">@@ -133,10 +160,6 @@
</span><span class="cx">     bool m_canUseOSRExitFuzzing : 1;
</span><span class="cx">     unsigned m_derivedContextType : 2; // DerivedContextType
</span><span class="cx">     unsigned m_evalContextType : 2; // EvalContextType
</span><del>-
-    int m_lastLine { -1 };
-    unsigned m_endColumn { UINT_MAX };
-    SourceCode m_source;
</del><span class="cx"> };
</span><span class="cx"> 
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeVMcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/VM.cpp (241036 => 241037)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/VM.cpp       2019-02-06 19:40:29 UTC (rev 241036)
+++ trunk/Source/JavaScriptCore/runtime/VM.cpp  2019-02-06 19:49:04 UTC (rev 241037)
</span><span class="lines">@@ -699,10 +699,12 @@
</span><span class="cx">     }
</span><span class="cx"> #endif // ENABLE(JIT)
</span><span class="cx">     UNUSED_PARAM(intrinsic);
</span><ins>+    UNUSED_PARAM(signature);
+
</ins><span class="cx">     return NativeExecutable::create(*this,
</span><del>-        adoptRef(*new NativeJITCode(LLInt::getCodeRef<JSEntryPtrTag>(llint_native_call_trampoline), JITCode::HostCallThunk)), function,
-        adoptRef(*new NativeJITCode(LLInt::getCodeRef<JSEntryPtrTag>(llint_native_construct_trampoline), JITCode::HostCallThunk)), constructor,
-        NoIntrinsic, signature, name);
</del><ins>+        adoptRef(*new NativeJITCode(LLInt::getCodeRef<JSEntryPtrTag>(llint_native_call_trampoline), JITCode::HostCallThunk, NoIntrinsic)), function,
+        adoptRef(*new NativeJITCode(LLInt::getCodeRef<JSEntryPtrTag>(llint_native_construct_trampoline), JITCode::HostCallThunk, NoIntrinsic)), constructor,
+        name);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> MacroAssemblerCodePtr<JSEntryPtrTag> VM::getCTIInternalFunctionTrampolineFor(CodeSpecializationKind kind)
</span></span></pre>
</div>
</div>

</body>
</html>