From de4f791e30be4e4239b381c11745ffa4d87ddb8b Mon Sep 17 00:00:00 2001
From: Simon Hausmann <simon.hausmann@digia.com>
Date: Fri, 9 Nov 2012 12:15:52 +0100
Subject: Imported WebKit commit e2c32e2f53e02d388e70b9db88b91d8d9d28fc84
 (http://svn.webkit.org/repository/webkit/trunk@133952)

Revert back to an older snapshot that should build on ARM
---
 Source/JavaScriptCore/API/JSObjectRef.cpp          |    8 +-
 Source/JavaScriptCore/CMakeLists.txt               |    1 -
 Source/JavaScriptCore/ChangeLog                    |  656 ------------
 Source/JavaScriptCore/DerivedSources.pri           |    2 +-
 Source/JavaScriptCore/GNUmakefile.list.am          |   18 +-
 Source/JavaScriptCore/JavaScriptCore.pro           |    4 +-
 .../JavaScriptCore/JavaScriptCore.def              |    6 +-
 .../JavaScriptCore/JavaScriptCore.vcproj           |   22 +-
 .../JavaScriptCore.xcodeproj/project.pbxproj       |   76 +-
 Source/JavaScriptCore/Target.pri                   |    1 -
 .../assembler/AbstractMacroAssembler.h             |    7 -
 .../assembler/MacroAssemblerX86Common.h            |    4 -
 Source/JavaScriptCore/assembler/X86Assembler.h     |    9 -
 .../bytecode/ArrayAllocationProfile.cpp            |   40 -
 .../bytecode/ArrayAllocationProfile.h              |   80 --
 Source/JavaScriptCore/bytecode/ArrayProfile.cpp    |    7 -
 Source/JavaScriptCore/bytecode/ArrayProfile.h      |   48 +-
 Source/JavaScriptCore/bytecode/ByValInfo.h         |    8 -
 Source/JavaScriptCore/bytecode/CodeBlock.cpp       |   55 +-
 Source/JavaScriptCore/bytecode/CodeBlock.h         |   12 -
 Source/JavaScriptCore/bytecode/DFGExitProfile.h    |    2 -
 Source/JavaScriptCore/bytecode/Instruction.h       |    5 +-
 Source/JavaScriptCore/bytecode/Opcode.h            |    6 +-
 Source/JavaScriptCore/bytecode/SpeculatedType.h    |   26 -
 .../JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp  |   19 +-
 Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h |   11 +-
 .../bytecompiler/BytecodeGenerator.cpp             |   13 -
 .../bytecompiler/BytecodeGenerator.h               |    1 -
 Source/JavaScriptCore/debugger/Debugger.cpp        |    2 +-
 Source/JavaScriptCore/dfg/DFGAbstractState.cpp     |  136 +--
 Source/JavaScriptCore/dfg/DFGAbstractState.h       |   43 +-
 Source/JavaScriptCore/dfg/DFGArrayMode.cpp         |  241 ++---
 Source/JavaScriptCore/dfg/DFGArrayMode.h           |   29 +-
 Source/JavaScriptCore/dfg/DFGBasicBlock.h          |    3 -
 Source/JavaScriptCore/dfg/DFGBranchDirection.h     |   88 --
 Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp    |   39 +-
 Source/JavaScriptCore/dfg/DFGCCallHelpers.h        |   78 --
 .../dfg/DFGCFGSimplificationPhase.cpp              |    6 +-
 .../dfg/DFGCallArrayAllocatorSlowPathGenerator.h   |    4 +-
 Source/JavaScriptCore/dfg/DFGFixupPhase.cpp        |   64 +-
 Source/JavaScriptCore/dfg/DFGGraph.cpp             |    5 -
 Source/JavaScriptCore/dfg/DFGGraph.h               |   12 +-
 Source/JavaScriptCore/dfg/DFGNode.h                |   67 --
 Source/JavaScriptCore/dfg/DFGOperations.cpp        |   69 +-
 Source/JavaScriptCore/dfg/DFGOperations.h          |    8 +-
 .../dfg/DFGPredictionPropagationPhase.cpp          |   75 +-
 Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp    |  162 +--
 Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h      |   46 -
 .../JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp  |  511 ++-------
 Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp  |  348 +-----
 Source/JavaScriptCore/heap/ConservativeRoots.cpp   |    4 +-
 Source/JavaScriptCore/heap/CopiedBlock.h           |    2 +-
 Source/JavaScriptCore/heap/CopiedSpace.cpp         |    2 +-
 .../JavaScriptCore/heap/CopiedSpaceInlineMethods.h |  185 ++++
 Source/JavaScriptCore/heap/CopiedSpaceInlines.h    |  186 ----
 Source/JavaScriptCore/heap/CopyVisitor.cpp         |    2 +-
 .../JavaScriptCore/heap/CopyVisitorInlineMethods.h |  119 +++
 Source/JavaScriptCore/heap/CopyVisitorInlines.h    |  120 ---
 Source/JavaScriptCore/heap/GCThread.cpp            |    2 +-
 Source/JavaScriptCore/heap/GCThreadSharedData.cpp  |    4 +-
 Source/JavaScriptCore/heap/HandleStack.cpp         |    2 +-
 Source/JavaScriptCore/heap/Heap.cpp                |    4 +-
 Source/JavaScriptCore/heap/HeapRootVisitor.h       |    2 +-
 Source/JavaScriptCore/heap/HeapStatistics.cpp      |   12 +-
 Source/JavaScriptCore/heap/HeapStatistics.h        |    4 +-
 Source/JavaScriptCore/heap/MarkStack.cpp           |    8 +-
 .../JavaScriptCore/heap/MarkStackInlineMethods.h   |  113 ++
 Source/JavaScriptCore/heap/MarkStackInlines.h      |  114 --
 Source/JavaScriptCore/heap/SlotVisitor.cpp         |    2 +-
 Source/JavaScriptCore/heap/SlotVisitor.h           |    2 +-
 .../JavaScriptCore/heap/SlotVisitorInlineMethods.h |  174 +++
 Source/JavaScriptCore/heap/SlotVisitorInlines.h    |  174 ---
 Source/JavaScriptCore/jit/HostCallReturnValue.cpp  |    2 +-
 Source/JavaScriptCore/jit/JIT.cpp                  |    2 +-
 Source/JavaScriptCore/jit/JIT.h                    |   19 +-
 Source/JavaScriptCore/jit/JITArithmetic.cpp        |   12 +-
 Source/JavaScriptCore/jit/JITArithmetic32_64.cpp   |    2 +-
 Source/JavaScriptCore/jit/JITCall.cpp              |    2 +-
 Source/JavaScriptCore/jit/JITCall32_64.cpp         |    2 +-
 Source/JavaScriptCore/jit/JITExceptions.cpp        |    2 +-
 Source/JavaScriptCore/jit/JITInlineMethods.h       | 1001 ++++++++++++++++++
 Source/JavaScriptCore/jit/JITInlines.h             | 1013 ------------------
 Source/JavaScriptCore/jit/JITOpcodes.cpp           |    7 +-
 Source/JavaScriptCore/jit/JITOpcodes32_64.cpp      |    2 +-
 Source/JavaScriptCore/jit/JITPropertyAccess.cpp    |   91 +-
 .../JavaScriptCore/jit/JITPropertyAccess32_64.cpp  |   74 +-
 Source/JavaScriptCore/jit/JITStubs.cpp             |   13 +-
 Source/JavaScriptCore/jit/JITStubs.h               |    2 -
 Source/JavaScriptCore/jsc.cpp                      |    6 +-
 Source/JavaScriptCore/llint/LLIntSlowPaths.cpp     |    8 +-
 .../JavaScriptCore/llint/LowLevelInterpreter.asm   |   17 +-
 .../llint/LowLevelInterpreter32_64.asm             |   83 +-
 .../JavaScriptCore/llint/LowLevelInterpreter64.asm |   79 +-
 Source/JavaScriptCore/offlineasm/x86.rb            |   34 +-
 Source/JavaScriptCore/runtime/Arguments.h          |  446 ++++----
 Source/JavaScriptCore/runtime/ArrayConstructor.cpp |   14 +-
 Source/JavaScriptCore/runtime/ArrayConstructor.h   |   54 +-
 Source/JavaScriptCore/runtime/ArrayPrototype.cpp   |   16 +-
 Source/JavaScriptCore/runtime/ArrayPrototype.h     |   32 +-
 Source/JavaScriptCore/runtime/Butterfly.h          |    6 -
 .../runtime/ButterflyInlineMethods.h               |  179 ++++
 Source/JavaScriptCore/runtime/ButterflyInlines.h   |  180 ----
 Source/JavaScriptCore/runtime/CodeCache.cpp        |   37 +-
 Source/JavaScriptCore/runtime/CodeCache.h          |   50 +-
 Source/JavaScriptCore/runtime/Executable.cpp       |    5 +-
 Source/JavaScriptCore/runtime/Executable.h         |    2 +-
 .../JavaScriptCore/runtime/FunctionPrototype.cpp   |    2 +-
 .../runtime/IndexingHeaderInlineMethods.h          |   61 ++
 .../JavaScriptCore/runtime/IndexingHeaderInlines.h |   64 --
 Source/JavaScriptCore/runtime/IndexingType.cpp     |   55 -
 Source/JavaScriptCore/runtime/IndexingType.h       |   46 +-
 Source/JavaScriptCore/runtime/JSActivation.h       |    2 +-
 Source/JavaScriptCore/runtime/JSArray.cpp          |  454 +-------
 Source/JavaScriptCore/runtime/JSArray.h            |   36 +-
 Source/JavaScriptCore/runtime/JSCell.h             |    4 +-
 Source/JavaScriptCore/runtime/JSGlobalObject.cpp   |   28 +-
 Source/JavaScriptCore/runtime/JSGlobalObject.h     |   56 +-
 Source/JavaScriptCore/runtime/JSObject.cpp         |  661 ++----------
 Source/JavaScriptCore/runtime/JSObject.h           |  229 +---
 Source/JavaScriptCore/runtime/JSValue.cpp          |    4 +-
 .../JavaScriptCore/runtime/JSValueInlineMethods.h  |  496 +++++++++
 Source/JavaScriptCore/runtime/JSValueInlines.h     |  497 ---------
 Source/JavaScriptCore/runtime/LiteralParser.cpp    |    6 +-
 .../JavaScriptCore/runtime/ObjectConstructor.cpp   |    8 +-
 Source/JavaScriptCore/runtime/Operations.h         |    2 +-
 .../JavaScriptCore/runtime/RegExpMatchesArray.cpp  |    2 +-
 Source/JavaScriptCore/runtime/RegExpObject.cpp     |    4 +-
 Source/JavaScriptCore/runtime/StringPrototype.cpp  |   26 +-
 Source/JavaScriptCore/runtime/Structure.cpp        |   13 +-
 .../runtime/StructureTransitionTable.h             |   20 +-
 Source/WTF/wtf/Platform.h                          |    2 +-
 Source/WebCore/ChangeLog                           | 1110 --------------------
 Source/WebCore/GNUmakefile.list.am                 |    4 +-
 .../WebCore/Modules/battery/BatteryController.cpp  |    2 +-
 .../WebCore/Modules/battery/NavigatorBattery.cpp   |    2 +-
 .../chromium/DraggedIsolatedFileSystem.cpp         |    2 +-
 .../WebCore/Modules/gamepad/NavigatorGamepad.cpp   |    2 +-
 .../Modules/geolocation/GeolocationController.cpp  |    2 +-
 .../Modules/geolocation/NavigatorGeolocation.cpp   |    2 +-
 .../Modules/indexeddb/DOMWindowIndexedDatabase.cpp |    2 +-
 Source/WebCore/Modules/indexeddb/IDBCursor.cpp     |    8 +-
 Source/WebCore/Modules/indexeddb/IDBRequest.cpp    |    4 +-
 .../WebCore/Modules/indexeddb/IDBTransaction.cpp   |   10 +-
 .../Modules/indexeddb/PageGroupIndexedDatabase.cpp |    2 +-
 .../WebCore/Modules/intents/DOMWindowIntents.cpp   |    2 +-
 .../Modules/mediastream/UserMediaController.cpp    |    2 +-
 .../NavigatorContentUtils.cpp                      |    2 +-
 .../networkinfo/NavigatorNetworkInfoConnection.cpp |    2 +-
 .../Modules/networkinfo/NetworkInfoController.cpp  |    2 +-
 .../notifications/DOMWindowNotifications.cpp       |    2 +-
 .../notifications/NotificationController.cpp       |    2 +-
 Source/WebCore/Modules/quota/DOMWindowQuota.cpp    |    2 +-
 .../Modules/speech/SpeechRecognitionController.cpp |    2 +-
 Source/WebCore/Modules/vibration/Vibration.cpp     |    2 +-
 Source/WebCore/Target.pri                          |    4 +-
 Source/WebCore/WebCore.exp.in                      |    7 -
 Source/WebCore/WebCore.gypi                        |    4 +-
 Source/WebCore/WebCore.vcproj/WebCore.vcproj       |    4 +-
 Source/WebCore/WebCore.xcodeproj/project.pbxproj   |   16 +-
 .../WebCore/accessibility/AccessibilityObject.cpp  |    2 +-
 .../accessibility/AccessibilityRenderObject.cpp    |    8 +-
 .../js/JSCanvasRenderingContext2DCustom.cpp        |    2 +-
 Source/WebCore/bindings/js/JSClipboardCustom.cpp   |    2 +-
 Source/WebCore/bindings/js/JSDOMBinding.cpp        |    2 +-
 Source/WebCore/bindings/js/JSDOMBinding.h          |    2 +-
 .../bindings/js/JSInjectedScriptHostCustom.cpp     |    2 +-
 .../bindings/js/JSJavaScriptCallFrameCustom.cpp    |    2 +-
 .../WebCore/bindings/js/JSMessageEventCustom.cpp   |    4 +-
 .../bindings/js/JSMutationCallbackCustom.cpp       |    2 +-
 .../bindings/js/JSWebGLRenderingContextCustom.cpp  |    6 +-
 .../WebCore/bindings/js/SerializedScriptValue.cpp  |    2 +-
 Source/WebCore/bindings/scripts/CodeGeneratorV8.pm |    2 +-
 .../bindings/scripts/test/V8/V8Float64Array.h      |    2 +-
 .../scripts/test/V8/V8TestActiveDOMObject.h        |    2 +-
 .../scripts/test/V8/V8TestCustomNamedGetter.h      |    2 +-
 .../scripts/test/V8/V8TestEventConstructor.h       |    2 +-
 .../bindings/scripts/test/V8/V8TestEventTarget.h   |    2 +-
 .../bindings/scripts/test/V8/V8TestException.h     |    2 +-
 .../bindings/scripts/test/V8/V8TestInterface.h     |    2 +-
 .../scripts/test/V8/V8TestMediaQueryListListener.h |    2 +-
 .../scripts/test/V8/V8TestNamedConstructor.h       |    2 +-
 .../WebCore/bindings/scripts/test/V8/V8TestNode.h  |    2 +-
 .../WebCore/bindings/scripts/test/V8/V8TestObj.h   |    2 +-
 .../test/V8/V8TestSerializedScriptValueInterface.h |    2 +-
 Source/WebCore/bindings/v8/NPV8Object.cpp          |    4 +-
 Source/WebCore/bindings/v8/V8Collection.h          |    2 +-
 Source/WebCore/bindings/v8/V8DOMWindowShell.cpp    |    4 +-
 Source/WebCore/bindings/v8/V8DOMWrapper.cpp        |    2 +-
 Source/WebCore/bindings/v8/V8DOMWrapper.h          |    8 +-
 Source/WebCore/bindings/v8/WrapperTypeInfo.h       |    4 +-
 .../bindings/v8/custom/V8DOMWindowCustom.cpp       |    2 +-
 .../bindings/v8/custom/V8NodeListCustom.cpp        |    2 +-
 Source/WebCore/css/RuleFeature.cpp                 |   22 -
 Source/WebCore/css/RuleFeature.h                   |    5 -
 Source/WebCore/css/RuleSet.cpp                     |   25 +-
 Source/WebCore/dom/ContextFeatures.cpp             |    2 +-
 Source/WebCore/dom/DeviceMotionController.cpp      |    2 +-
 Source/WebCore/dom/DeviceOrientationController.cpp |    2 +-
 Source/WebCore/dom/Element.cpp                     |    8 +-
 Source/WebCore/dom/MutationRecord.cpp              |    6 +-
 Source/WebCore/html/FileInputType.cpp              |    2 +-
 Source/WebCore/html/FormController.cpp             |    4 +-
 Source/WebCore/html/HTMLButtonElement.cpp          |    6 +-
 Source/WebCore/html/HTMLDetailsElement.cpp         |    2 +-
 Source/WebCore/html/HTMLFieldSetElement.cpp        |    2 +-
 Source/WebCore/html/HTMLKeygenElement.cpp          |    4 +-
 Source/WebCore/html/HTMLOptGroupElement.cpp        |    2 +-
 Source/WebCore/html/HTMLOutputElement.cpp          |    2 +-
 Source/WebCore/html/HTMLSelectElement.cpp          |    4 +-
 Source/WebCore/html/HTMLTextAreaElement.cpp        |    2 +-
 Source/WebCore/html/HTMLTextFormControlElement.cpp |    6 +-
 Source/WebCore/html/parser/HTMLEntityParser.cpp    |    2 +-
 Source/WebCore/html/parser/HTMLTokenizer.cpp       |    2 +-
 .../WebCore/html/shadow/ContentSelectorQuery.cpp   |  104 +-
 Source/WebCore/html/shadow/ContentSelectorQuery.h  |    8 +-
 .../WebCore/html/shadow/DateTimeFieldElements.cpp  |   20 +-
 .../WebCore/html/shadow/DetailsMarkerControl.cpp   |    2 +-
 Source/WebCore/html/shadow/HTMLContentElement.cpp  |  109 +-
 Source/WebCore/html/shadow/HTMLContentElement.h    |   24 +-
 Source/WebCore/html/shadow/HTMLShadowElement.cpp   |    6 -
 Source/WebCore/html/shadow/HTMLShadowElement.h     |    7 +-
 Source/WebCore/html/shadow/ImageInnerElement.cpp   |    2 +-
 Source/WebCore/html/shadow/InsertionPoint.h        |    4 +-
 .../WebCore/html/shadow/MediaControlElements.cpp   |   44 +-
 .../html/shadow/MediaControlRootElement.cpp        |    2 +-
 .../shadow/MediaControlRootElementChromium.cpp     |    4 +-
 .../MediaControlRootElementChromiumAndroid.cpp     |    2 +-
 Source/WebCore/html/shadow/MeterShadowElement.cpp  |   10 +-
 .../WebCore/html/shadow/ProgressShadowElement.cpp  |    6 +-
 Source/WebCore/html/shadow/SliderThumbElement.cpp  |    8 +-
 Source/WebCore/html/shadow/SpinButtonElement.cpp   |    2 +-
 .../html/shadow/TextControlInnerElements.cpp       |   10 +-
 Source/WebCore/html/track/TextTrackCue.cpp         |    8 +-
 Source/WebCore/html/track/TextTrackCue.h           |    1 +
 Source/WebCore/html/track/WebVTTTokenizer.cpp      |    2 +-
 .../WebCore/inspector/InspectorTimelineAgent.cpp   |   13 +-
 .../inspector/front-end/CodeMirrorTextEditor.js    |   12 +-
 .../front-end/NativeMemorySnapshotView.js          |    2 +-
 .../front-end/TimelinePresentationModel.js         |    3 -
 Source/WebCore/loader/CrossOriginAccessControl.cpp |    4 +-
 Source/WebCore/loader/DocumentLoader.cpp           |    1 -
 Source/WebCore/loader/MainResourceLoader.cpp       |    3 +-
 Source/WebCore/loader/PrerendererClient.cpp        |    2 +-
 Source/WebCore/loader/ResourceBuffer.h             |   12 +-
 Source/WebCore/loader/cache/CachedResource.cpp     |    2 +-
 Source/WebCore/page/DOMWindowPagePopup.cpp         |    2 +-
 Source/WebCore/page/EventHandler.cpp               |   10 +-
 Source/WebCore/page/FrameView.cpp                  |   33 +-
 Source/WebCore/page/SpeechInput.cpp                |    2 +-
 .../WebCore/page/animation/CompositeAnimation.cpp  |    2 +-
 .../page/scrolling/ScrollingCoordinator.cpp        |   38 +-
 .../WebCore/page/scrolling/ScrollingCoordinator.h  |    3 -
 .../scrolling/mac/ScrollingTreeScrollingNodeMac.mm |    7 +-
 .../WebCore/platform/blackberry/CookieManager.cpp  |   30 +-
 Source/WebCore/platform/graphics/FontCache.cpp     |   20 +-
 Source/WebCore/platform/graphics/MediaPlayer.cpp   |    6 +-
 .../blackberry/MediaPlayerPrivateBlackBerry.cpp    |    2 +-
 .../graphics/chromium/DeferredImageDecoder.cpp     |    5 +-
 .../graphics/chromium/DeferredImageDecoder.h       |    1 -
 .../graphics/chromium/FontCacheAndroid.cpp         |    6 +-
 .../platform/graphics/filters/SourceAlpha.cpp      |    2 +-
 .../platform/graphics/filters/SourceGraphic.cpp    |    2 +-
 .../graphics/harfbuzz/ng/HarfBuzzShaper.cpp        |   20 +-
 .../platform/graphics/harfbuzz/ng/HarfBuzzShaper.h |   12 +-
 .../WebCore/platform/graphics/mac/FontCacheMac.mm  |    6 +-
 .../platform/graphics/skia/FontCacheSkia.cpp       |    8 +-
 .../graphics/texmap/GraphicsLayerTextureMapper.h   |    3 +-
 .../graphics/texmap/TextureMapperLayer.cpp         |   10 +-
 .../WebCore/platform/graphics/win/FontCacheWin.cpp |   10 +-
 .../WebCore/platform/graphics/wx/FontCacheWx.cpp   |    2 +-
 .../WebCore/platform/leveldb/LevelDBDatabase.cpp   |   17 +-
 Source/WebCore/platform/leveldb/LevelDBDatabase.h  |   19 +-
 .../platform/leveldb/LevelDBTransaction.cpp        |   12 +-
 .../WebCore/platform/leveldb/LevelDBTransaction.h  |    3 +-
 .../platform/network/ResourceResponseBase.cpp      |   40 +-
 .../platform/text/enchant/TextCheckerEnchant.cpp   |    6 +-
 .../platform/text/enchant/TextCheckerEnchant.h     |    1 -
 Source/WebCore/rendering/ExclusionPolygon.cpp      |   28 +-
 Source/WebCore/rendering/ExclusionPolygon.h        |    4 +-
 Source/WebCore/rendering/FixedTableLayout.cpp      |    2 +-
 Source/WebCore/rendering/RenderLayerCompositor.cpp |    2 -
 .../rendering/RenderTextControlMultiLine.cpp       |    2 +-
 .../rendering/RenderTextControlSingleLine.cpp      |    4 +-
 .../rendering/RenderThemeChromiumCommon.cpp        |    6 +-
 Source/WebCore/svg/SVGAnimateColorElement.cpp      |    2 +-
 Source/WebCore/svg/SVGAnimateMotionElement.cpp     |    4 +-
 Source/WebCore/svg/SVGAnimationElement.cpp         |   18 +-
 Source/WebCore/svg/SVGFEConvolveMatrixElement.cpp  |    8 +-
 Source/WebCore/svg/SVGFEDiffuseLightingElement.cpp |    4 +-
 Source/WebCore/svg/SVGFEDropShadowElement.cpp      |    4 +-
 Source/WebCore/svg/SVGFEGaussianBlurElement.cpp    |    4 +-
 Source/WebCore/svg/SVGFEMorphologyElement.cpp      |    4 +-
 .../WebCore/svg/SVGFESpecularLightingElement.cpp   |    4 +-
 Source/WebCore/svg/SVGFETurbulenceElement.cpp      |    4 +-
 Source/WebCore/svg/SVGFilterElement.cpp            |    4 +-
 Source/WebCore/svg/SVGLangSpace.cpp                |    4 +-
 Source/WebCore/svg/SVGMarkerElement.cpp            |    6 +-
 Source/WebCore/svg/SVGSVGElement.cpp               |    4 +-
 Source/WebCore/svg/SVGStyleElement.cpp             |    4 +-
 Source/WebCore/svg/SVGTextContentElement.cpp       |    2 +-
 Source/WebCore/svg/SVGViewSpec.cpp                 |    6 +-
 Source/WebCore/svg/animation/SVGSMILElement.cpp    |   10 +-
 Source/WebCore/testing/InternalSettings.cpp        |    2 +-
 .../parser/CharacterReferenceParserInlineMethods.h |  173 +++
 .../xml/parser/CharacterReferenceParserInlines.h   |  173 ---
 .../xml/parser/MarkupTokenizerInlineMethods.h      |   95 ++
 Source/WebCore/xml/parser/MarkupTokenizerInlines.h |   95 --
 .../xml/parser/XMLCharacterReferenceParser.cpp     |    2 +-
 Source/WebCore/xml/parser/XMLTokenizer.cpp         |    2 +-
 Source/WebCore/xml/parser/XMLTreeBuilder.cpp       |   26 +-
 Source/WebKit/blackberry/Api/BackingStore.cpp      |   30 -
 Source/WebKit/blackberry/Api/BackingStore_p.h      |    6 -
 Source/WebKit/blackberry/Api/WebPage.cpp           |   10 -
 Source/WebKit/blackberry/ChangeLog                 |   47 -
 .../WebCoreSupport/SelectPopupClient.cpp           |    5 +-
 Source/WebKit/chromium/ChangeLog                   |  165 ---
 Source/WebKit/chromium/DEPS                        |    2 +-
 Source/WebKit/chromium/src/WebElement.cpp          |    7 +-
 Source/WebKit/chromium/src/WebPagePopupImpl.cpp    |    1 -
 Source/WebKit/chromium/tests/LevelDBTest.cpp       |   95 +-
 Source/WebKit/mac/ChangeLog                        |   27 -
 Source/WebKit/mac/History/WebHistory.mm            |    2 -
 .../mac/WebCoreSupport/WebInspectorClient.mm       |   17 +-
 Source/WebKit2/ChangeLog                           |  223 ----
 Source/WebKit2/NetworkProcess/HostRecord.cpp       |    3 -
 Source/WebKit2/NetworkProcess/NetworkRequest.cpp   |  127 ---
 Source/WebKit2/NetworkProcess/NetworkRequest.h     |   63 +-
 .../NetworkResourceLoadScheduler.cpp               |   61 +-
 .../NetworkProcess/NetworkResourceLoadScheduler.h  |   10 -
 Source/WebKit2/Platform/Logging.cpp                |   17 +-
 Source/WebKit2/Platform/Logging.h                  |    1 -
 Source/WebKit2/Shared/ShareableResource.cpp        |  105 --
 Source/WebKit2/Shared/ShareableResource.h          |   84 --
 Source/WebKit2/Shared/WebResourceBuffer.cpp        |   54 -
 Source/WebKit2/Shared/WebResourceBuffer.h          |   52 -
 Source/WebKit2/UIProcess/API/efl/EwkViewImpl.cpp   |    5 +-
 .../UIProcess/API/efl/ewk_security_origin.cpp      |    9 -
 .../API/efl/ewk_security_origin_private.h          |    7 -
 Source/WebKit2/UIProcess/API/efl/ewk_settings.cpp  |    2 +-
 .../WebKit2/UIProcess/API/efl/ewk_text_checker.cpp |    5 -
 .../UIProcess/API/efl/ewk_text_checker_private.h   |    1 -
 Source/WebKit2/UIProcess/API/efl/ewk_view.cpp      |   14 -
 Source/WebKit2/UIProcess/API/efl/ewk_view.h        |   12 +-
 .../UIProcess/API/efl/tests/test_ewk2_view.cpp     |   10 +-
 .../CoordinatedBackingStore.cpp                    |   13 +-
 .../CoordinatedGraphics/CoordinatedBackingStore.h  |    4 +-
 .../LayerTreeCoordinatorProxy.cpp                  |    1 -
 .../CoordinatedGraphics/LayerTreeRenderer.cpp      |   11 -
 .../CoordinatedGraphics/LayerTreeRenderer.h        |    7 +-
 .../WebKit2/UIProcess/mac/WebInspectorProxyMac.mm  |   16 +-
 Source/WebKit2/WebKit2.xcodeproj/project.pbxproj   |   16 -
 .../Network/NetworkProcessConnection.cpp           |   26 +-
 .../WebProcess/Network/NetworkProcessConnection.h  |   10 +-
 .../Network/NetworkProcessConnection.messages.in   |    7 +-
 .../Network/WebResourceLoadScheduler.cpp           |   54 +-
 .../WebProcess/Network/WebResourceLoadScheduler.h  |    9 +-
 .../CoordinatedGraphicsLayer.cpp                   |    2 +-
 .../CoordinatedGraphics/LayerTreeCoordinator.cpp   |   14 +-
 .../CoordinatedGraphics/LayerTreeCoordinator.h     |    2 -
 Tools/ChangeLog                                    |   47 -
 Tools/EWebLauncher/url_utils.c                     |    2 +-
 Tools/MiniBrowser/efl/main.c                       |   94 +-
 Tools/Scripts/webkitdirs.pm                        |    8 +-
 VERSION                                            |    4 +-
 364 files changed, 4420 insertions(+), 10798 deletions(-)
 delete mode 100644 Source/JavaScriptCore/bytecode/ArrayAllocationProfile.cpp
 delete mode 100644 Source/JavaScriptCore/bytecode/ArrayAllocationProfile.h
 delete mode 100644 Source/JavaScriptCore/dfg/DFGBranchDirection.h
 create mode 100644 Source/JavaScriptCore/heap/CopiedSpaceInlineMethods.h
 delete mode 100644 Source/JavaScriptCore/heap/CopiedSpaceInlines.h
 create mode 100644 Source/JavaScriptCore/heap/CopyVisitorInlineMethods.h
 delete mode 100644 Source/JavaScriptCore/heap/CopyVisitorInlines.h
 create mode 100644 Source/JavaScriptCore/heap/MarkStackInlineMethods.h
 delete mode 100644 Source/JavaScriptCore/heap/MarkStackInlines.h
 create mode 100644 Source/JavaScriptCore/heap/SlotVisitorInlineMethods.h
 delete mode 100644 Source/JavaScriptCore/heap/SlotVisitorInlines.h
 create mode 100644 Source/JavaScriptCore/jit/JITInlineMethods.h
 delete mode 100644 Source/JavaScriptCore/jit/JITInlines.h
 create mode 100644 Source/JavaScriptCore/runtime/ButterflyInlineMethods.h
 delete mode 100644 Source/JavaScriptCore/runtime/ButterflyInlines.h
 create mode 100644 Source/JavaScriptCore/runtime/IndexingHeaderInlineMethods.h
 delete mode 100644 Source/JavaScriptCore/runtime/IndexingHeaderInlines.h
 create mode 100644 Source/JavaScriptCore/runtime/JSValueInlineMethods.h
 delete mode 100644 Source/JavaScriptCore/runtime/JSValueInlines.h
 create mode 100644 Source/WebCore/xml/parser/CharacterReferenceParserInlineMethods.h
 delete mode 100644 Source/WebCore/xml/parser/CharacterReferenceParserInlines.h
 create mode 100644 Source/WebCore/xml/parser/MarkupTokenizerInlineMethods.h
 delete mode 100644 Source/WebCore/xml/parser/MarkupTokenizerInlines.h
 delete mode 100644 Source/WebKit2/Shared/ShareableResource.cpp
 delete mode 100644 Source/WebKit2/Shared/ShareableResource.h
 delete mode 100644 Source/WebKit2/Shared/WebResourceBuffer.cpp
 delete mode 100644 Source/WebKit2/Shared/WebResourceBuffer.h

diff --git a/Source/JavaScriptCore/API/JSObjectRef.cpp b/Source/JavaScriptCore/API/JSObjectRef.cpp
index c62efc60d..491fa988f 100644
--- a/Source/JavaScriptCore/API/JSObjectRef.cpp
+++ b/Source/JavaScriptCore/API/JSObjectRef.cpp
@@ -29,9 +29,9 @@
 #include "JSObjectRefPrivate.h"
 
 #include "APICast.h"
-#include "ButterflyInlines.h"
+#include "ButterflyInlineMethods.h"
 #include "CodeBlock.h"
-#include "CopiedSpaceInlines.h"
+#include "CopiedSpaceInlineMethods.h"
 #include "DateConstructor.h"
 #include "ErrorConstructor.h"
 #include "FunctionConstructor.h"
@@ -144,9 +144,9 @@ JSObjectRef JSObjectMakeArray(JSContextRef ctx, size_t argumentCount, const JSVa
         for (size_t i = 0; i < argumentCount; ++i)
             argList.append(toJS(exec, arguments[i]));
 
-        result = constructArray(exec, static_cast<ArrayAllocationProfile*>(0), argList);
+        result = constructArray(exec, argList);
     } else
-        result = constructEmptyArray(exec, 0);
+        result = constructEmptyArray(exec);
 
     if (exec->hadException()) {
         if (exception)
diff --git a/Source/JavaScriptCore/CMakeLists.txt b/Source/JavaScriptCore/CMakeLists.txt
index bfaca5673..393db67c3 100644
--- a/Source/JavaScriptCore/CMakeLists.txt
+++ b/Source/JavaScriptCore/CMakeLists.txt
@@ -40,7 +40,6 @@ SET(JavaScriptCore_SOURCES
     assembler/MacroAssembler.cpp
     assembler/LinkBuffer.cpp
 
-    bytecode/ArrayAllocationProfile.cpp
     bytecode/ArrayProfile.cpp
     bytecode/CallLinkInfo.cpp
     bytecode/CallLinkStatus.cpp
diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog
index dbe22d11e..320b1cfbe 100644
--- a/Source/JavaScriptCore/ChangeLog
+++ b/Source/JavaScriptCore/ChangeLog
@@ -1,659 +1,3 @@
-2012-11-09  Csaba Osztrogonác  <ossy@webkit.org>
-
-        [Qt] Fix the LLINT build from ARMv7 platform
-        https://bugs.webkit.org/show_bug.cgi?id=101712
-
-        Reviewed by Simon Hausmann.
-
-        Enable generating of LLIntAssembly.h on ARM platforms.
-
-        * DerivedSources.pri:
-        * JavaScriptCore.pro:
-
-2012-11-08  Filip Pizlo  <fpizlo@apple.com>
-
-        ArrayPrototype.h should have correct indentation
-
-        Rubber stamped by Sam Weinig.
-
-        * runtime/ArrayPrototype.h:
-
-2012-11-08  Mark Lam  <mark.lam@apple.com>
-
-        Renamed ...InlineMethods.h files to ...Inlines.h.
-        https://bugs.webkit.org/show_bug.cgi?id=101145.
-
-        Reviewed by Geoffrey Garen.
-
-        This is only a refactoring effort to rename the files. There are no
-        functionality changes.
-
-        * API/JSObjectRef.cpp:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/CodeBlock.cpp:
-        * dfg/DFGOperations.cpp:
-        * heap/ConservativeRoots.cpp:
-        * heap/CopiedBlock.h:
-        * heap/CopiedSpace.cpp:
-        * heap/CopiedSpaceInlineMethods.h: Removed.
-        * heap/CopiedSpaceInlines.h: Copied from Source/JavaScriptCore/heap/CopiedSpaceInlineMethods.h.
-        * heap/CopyVisitor.cpp:
-        * heap/CopyVisitorInlineMethods.h: Removed.
-        * heap/CopyVisitorInlines.h: Copied from Source/JavaScriptCore/heap/CopyVisitorInlineMethods.h.
-        * heap/GCThread.cpp:
-        * heap/GCThreadSharedData.cpp:
-        * heap/HandleStack.cpp:
-        * heap/Heap.cpp:
-        * heap/HeapRootVisitor.h:
-        * heap/MarkStack.cpp:
-        * heap/MarkStackInlineMethods.h: Removed.
-        * heap/MarkStackInlines.h: Copied from Source/JavaScriptCore/heap/MarkStackInlineMethods.h.
-        * heap/SlotVisitor.cpp:
-        * heap/SlotVisitor.h:
-        * heap/SlotVisitorInlineMethods.h: Removed.
-        * heap/SlotVisitorInlines.h: Copied from Source/JavaScriptCore/heap/SlotVisitorInlineMethods.h.
-        * jit/HostCallReturnValue.cpp:
-        * jit/JIT.cpp:
-        * jit/JITArithmetic.cpp:
-        * jit/JITArithmetic32_64.cpp:
-        * jit/JITCall.cpp:
-        * jit/JITCall32_64.cpp:
-        * jit/JITInlineMethods.h: Removed.
-        * jit/JITInlines.h: Copied from Source/JavaScriptCore/jit/JITInlineMethods.h.
-        * jit/JITOpcodes.cpp:
-        * jit/JITOpcodes32_64.cpp:
-        * jit/JITPropertyAccess.cpp:
-        * jit/JITPropertyAccess32_64.cpp:
-        * jsc.cpp:
-        * runtime/ArrayConstructor.cpp:
-        * runtime/ArrayPrototype.cpp:
-        * runtime/ButterflyInlineMethods.h: Removed.
-        * runtime/ButterflyInlines.h: Copied from Source/JavaScriptCore/runtime/ButterflyInlineMethods.h.
-        * runtime/IndexingHeaderInlineMethods.h: Removed.
-        * runtime/IndexingHeaderInlines.h: Copied from Source/JavaScriptCore/runtime/IndexingHeaderInlineMethods.h.
-        * runtime/JSActivation.h:
-        * runtime/JSArray.cpp:
-        * runtime/JSArray.h:
-        * runtime/JSCell.h:
-        * runtime/JSObject.cpp:
-        * runtime/JSValueInlineMethods.h: Removed.
-        * runtime/JSValueInlines.h: Copied from Source/JavaScriptCore/runtime/JSValueInlineMethods.h.
-        * runtime/LiteralParser.cpp:
-        * runtime/ObjectConstructor.cpp:
-        * runtime/Operations.h:
-        * runtime/RegExpMatchesArray.cpp:
-        * runtime/RegExpObject.cpp:
-        * runtime/StringPrototype.cpp:
-
-2012-11-08  Filip Pizlo  <fpizlo@apple.com>
-
-        ArrayConstructor.h should have correct indentation
-
-        Rubber stamped by Sam Weinig.
-
-        * runtime/ArrayConstructor.h:
-
-2012-11-08  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should know that int == null is always false
-        https://bugs.webkit.org/show_bug.cgi?id=101665
-
-        Reviewed by Oliver Hunt.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-
-2012-11-08  Filip Pizlo  <fpizlo@apple.com>
-
-        Arguments.h should have correct indentation
-
-        Rubber stamped by Sam Weinig.
-
-        * runtime/Arguments.h:
-
-2012-11-08  Filip Pizlo  <fpizlo@apple.com>
-
-        It should be possible to JIT compile get_by_vals and put_by_vals even if the DFG is disabled.
-
-        Reviewed by Oliver Hunt.
-
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::chooseArrayMode):
-
-2012-11-08  Filip Pizlo  <fpizlo@apple.com>
-
-        op_call should have LLInt call link info even if the DFG is disabled
-        https://bugs.webkit.org/show_bug.cgi?id=101672
-
-        Reviewed by Oliver Hunt.
-
-        Get rid of the evil uses of fall-through.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::CodeBlock):
-
-2012-11-08  Oliver Hunt  <oliver@apple.com>
-
-        Improve effectiveness of function-level caching
-        https://bugs.webkit.org/show_bug.cgi?id=101667
-
-        Reviewed by Filip Pizlo.
-
-        Added a random-eviction based cache for unlinked functions, and switch
-        UnlinkedFunctionExecutable's code references to Weak<>, thereby letting
-        us remove the explicit UnlinkedFunctionExecutable::clearCode() calls that
-        were being triggered by GC.
-
-        Refactored the random eviction part of the CodeCache into a separate data
-        structure so that I didn't have to duplicate the code again, and then used
-        that for the new function cache.
-
-        * bytecode/UnlinkedCodeBlock.cpp:
-        (JSC::UnlinkedFunctionExecutable::visitChildren):
-        (JSC::UnlinkedFunctionExecutable::codeBlockFor):
-        * bytecode/UnlinkedCodeBlock.h:
-        (JSC::UnlinkedFunctionExecutable::clearCodeForRecompilation):
-        (UnlinkedFunctionExecutable):
-        * debugger/Debugger.cpp:
-        * runtime/CodeCache.cpp:
-        (JSC::CodeCache::getCodeBlock):
-        (JSC::CodeCache::generateFunctionCodeBlock):
-        (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
-        (JSC::CodeCache::usedFunctionCode):
-        (JSC):
-        * runtime/Executable.cpp:
-        (JSC::FunctionExecutable::clearUnlinkedCodeForRecompilationIfNotCompiling):
-        (JSC::FunctionExecutable::clearCode):
-        * runtime/Executable.h:
-        (FunctionExecutable):
-
-2012-11-07  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG constant folding and CFG simplification should be smart enough to know that if a logical op's operand is proven to have a non-masquerading structure then it always evaluates to true
-        https://bugs.webkit.org/show_bug.cgi?id=101511
-
-        Reviewed by Oliver Hunt.
-
-        To make life easier, this moves BranchDirection into BasicBlock so that after
-        running the CFA, we always know, for each block, what direction the CFA
-        proved. CFG simplification now both uses and preserves cfaBranchDirection in
-        its transformations.
-        
-        Also made both LogicalNot and Branch check whether the operand is a known cell
-        with a known structure, and if so, made them do the appropriate folding.
-        
-        5% speed-up on V8/raytrace because it makes raytrace's own null checks
-        evaporate (i.e. idioms like 'if (!x) throw "unhappiness"') thanks to the fact
-        that we were already doing structure check hoisting.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::endBasicBlock):
-        (JSC::DFG::AbstractState::execute):
-        (JSC::DFG::AbstractState::mergeToSuccessors):
-        * dfg/DFGAbstractState.h:
-        (AbstractState):
-        * dfg/DFGBasicBlock.h:
-        (JSC::DFG::BasicBlock::BasicBlock):
-        (BasicBlock):
-        * dfg/DFGBranchDirection.h: Added.
-        (DFG):
-        (JSC::DFG::branchDirectionToString):
-        (JSC::DFG::isKnownDirection):
-        (JSC::DFG::branchCondition):
-        * dfg/DFGCFGSimplificationPhase.cpp:
-        (JSC::DFG::CFGSimplificationPhase::run):
-        (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
-
-2012-11-08  Christophe Dumez  <christophe.dumez@intel.com>
-
-        [JSC] HTML extensions to String.prototype should escape " as &quot; in argument values
-        https://bugs.webkit.org/show_bug.cgi?id=90667
-
-        Reviewed by Benjamin Poulain.
-
-        Escape quotation mark as &quot; in argument values to:
-        - String.prototype.anchor(name)
-        - String.prototype.fontcolor(color)
-        - String.prototype.fontsize(size)
-        - String.prototype.link(href)
-
-        This behavior matches Chromium/V8 and Firefox/Spidermonkey
-        implementations and is requited by:
-        http://mathias.html5.org/specs/javascript/#escapeattributevalue
-
-        This also fixes a potential security risk (XSS vector).
-
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncFontcolor):
-        (JSC::stringProtoFuncFontsize):
-        (JSC::stringProtoFuncAnchor):
-        (JSC::stringProtoFuncLink):
-
-2012-11-08  Anders Carlsson  <andersca@apple.com>
-
-        HeapStatistics::s_pauseTimeStarts and s_pauseTimeEnds should be Vectors
-        https://bugs.webkit.org/show_bug.cgi?id=101651
-
-        Reviewed by Andreas Kling.
-
-        HeapStatistics uses Deques when Vectors would work just as good.
-
-        * heap/HeapStatistics.cpp:
-        * heap/HeapStatistics.h:
-        (HeapStatistics):
-
-2012-11-07  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should not assume that something is a double just because it might be undefined
-        https://bugs.webkit.org/show_bug.cgi?id=101438
-
-        Reviewed by Oliver Hunt.
-
-        This changes all non-bitop arithmetic to (a) statically expect that variables are
-        defined prior to use in arithmetic and (b) not fall off into double paths just
-        because a value may not be a number. This is accomplished with two new notions of
-        speculation:
-        
-        shouldSpeculateIntegerExpectingDefined: Should we speculate that the value is an
-        integer if we ignore undefined (i.e. SpecOther) predictions?
-        
-        shouldSpeculateIntegerForArithmetic: Should we speculate that the value is an
-        integer if we ignore non-numeric predictions?
-        
-        This is a ~2x speed-up on programs that seem to our prediction propagator to have
-        paths in which otherwise numeric variables are undefined.
-
-        * bytecode/SpeculatedType.h:
-        (JSC::isInt32SpeculationForArithmetic):
-        (JSC):
-        (JSC::isInt32SpeculationExpectingDefined):
-        (JSC::isDoubleSpeculationForArithmetic):
-        (JSC::isNumberSpeculationExpectingDefined):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::addShouldSpeculateInteger):
-        (JSC::DFG::Graph::mulShouldSpeculateInteger):
-        (JSC::DFG::Graph::negateShouldSpeculateInteger):
-        (JSC::DFG::Graph::addImmediateShouldSpeculateInteger):
-        (JSC::DFG::Graph::mulImmediateShouldSpeculateInteger):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::shouldSpeculateIntegerForArithmetic):
-        (Node):
-        (JSC::DFG::Node::shouldSpeculateIntegerExpectingDefined):
-        (JSC::DFG::Node::shouldSpeculateDoubleForArithmetic):
-        (JSC::DFG::Node::shouldSpeculateNumberExpectingDefined):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileAdd):
-        (JSC::DFG::SpeculativeJIT::compileArithMod):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_div):
-
-2012-11-06  Filip Pizlo  <fpizlo@apple.com>
-
-        JSC should infer when indexed storage contains only integers or doubles
-        https://bugs.webkit.org/show_bug.cgi?id=98606
-
-        Reviewed by Oliver Hunt.
-
-        This adds two new indexing types: int32 and double. It also adds array allocation profiling,
-        which allows array allocations to converge to allocating arrays using those types to which
-        those arrays would have been converted.
-        
-        20% speed-up on navier-stokes. 40% speed-up on various Kraken DSP tests. Some slow-downs too,
-        but a performance win overall on all benchmarks we track.
-
-        * API/JSObjectRef.cpp:
-        (JSObjectMakeArray):
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * assembler/AbstractMacroAssembler.h:
-        (JumpList):
-        (JSC::AbstractMacroAssembler::JumpList::JumpList):
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::branchDouble):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::jnp):
-        (X86Assembler):
-        (JSC::X86Assembler::X86InstructionFormatter::emitRex):
-        * bytecode/ArrayAllocationProfile.cpp: Added.
-        (JSC):
-        (JSC::ArrayAllocationProfile::updateIndexingType):
-        * bytecode/ArrayAllocationProfile.h: Added.
-        (JSC):
-        (ArrayAllocationProfile):
-        (JSC::ArrayAllocationProfile::ArrayAllocationProfile):
-        (JSC::ArrayAllocationProfile::selectIndexingType):
-        (JSC::ArrayAllocationProfile::updateLastAllocation):
-        (JSC::ArrayAllocationProfile::selectIndexingTypeFor):
-        (JSC::ArrayAllocationProfile::updateLastAllocationFor):
-        * bytecode/ArrayProfile.cpp:
-        (JSC::ArrayProfile::updatedObservedArrayModes):
-        (JSC):
-        * bytecode/ArrayProfile.h:
-        (JSC):
-        (JSC::arrayModesInclude):
-        (JSC::shouldUseSlowPutArrayStorage):
-        (JSC::shouldUseFastArrayStorage):
-        (JSC::shouldUseContiguous):
-        (JSC::shouldUseDouble):
-        (JSC::shouldUseInt32):
-        (ArrayProfile):
-        * bytecode/ByValInfo.h:
-        (JSC::isOptimizableIndexingType):
-        (JSC::jitArrayModeForIndexingType):
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::CodeBlock):
-        (JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
-        (JSC):
-        (JSC::CodeBlock::updateAllValueProfilePredictions):
-        (JSC::CodeBlock::updateAllArrayPredictions):
-        (JSC::CodeBlock::updateAllPredictions):
-        (JSC::CodeBlock::shouldOptimizeNow):
-        * bytecode/CodeBlock.h:
-        (CodeBlock):
-        (JSC::CodeBlock::numberOfArrayAllocationProfiles):
-        (JSC::CodeBlock::addArrayAllocationProfile):
-        (JSC::CodeBlock::updateAllValueProfilePredictions):
-        (JSC::CodeBlock::updateAllArrayPredictions):
-        * bytecode/DFGExitProfile.h:
-        (JSC::DFG::exitKindToString):
-        * bytecode/Instruction.h:
-        (JSC):
-        (JSC::Instruction::Instruction):
-        * bytecode/Opcode.h:
-        (JSC):
-        (JSC::padOpcodeName):
-        * bytecode/SpeculatedType.h:
-        (JSC):
-        (JSC::isRealNumberSpeculation):
-        * bytecode/UnlinkedCodeBlock.cpp:
-        (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
-        * bytecode/UnlinkedCodeBlock.h:
-        (JSC):
-        (JSC::UnlinkedCodeBlock::addArrayAllocationProfile):
-        (JSC::UnlinkedCodeBlock::numberOfArrayAllocationProfiles):
-        (UnlinkedCodeBlock):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::newArrayAllocationProfile):
-        (JSC):
-        (JSC::BytecodeGenerator::emitNewArray):
-        (JSC::BytecodeGenerator::emitExpectedFunctionSnippet):
-        * bytecompiler/BytecodeGenerator.h:
-        (BytecodeGenerator):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGArrayMode.cpp:
-        (JSC::DFG::ArrayMode::fromObserved):
-        (JSC::DFG::ArrayMode::refine):
-        (DFG):
-        (JSC::DFG::ArrayMode::alreadyChecked):
-        (JSC::DFG::arrayTypeToString):
-        * dfg/DFGArrayMode.h:
-        (JSC::DFG::ArrayMode::withType):
-        (ArrayMode):
-        (JSC::DFG::ArrayMode::withTypeAndConversion):
-        (JSC::DFG::ArrayMode::usesButterfly):
-        (JSC::DFG::ArrayMode::isSpecific):
-        (JSC::DFG::ArrayMode::supportsLength):
-        (JSC::DFG::ArrayMode::arrayModesThatPassFiltering):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::getArrayMode):
-        (ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::handleIntrinsic):
-        (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCCallHelpers.h:
-        (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
-        (CCallHelpers):
-        * dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
-        (JSC::DFG::CallArrayAllocatorSlowPathGenerator::generateInternal):
-        (JSC::DFG::CallArrayAllocatorWithVariableSizeSlowPathGenerator::generateInternal):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        (JSC::DFG::FixupPhase::checkArray):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::byValIsPure):
-        * dfg/DFGNode.h:
-        (NewArrayBufferData):
-        (JSC::DFG::Node::hasIndexingType):
-        (Node):
-        (JSC::DFG::Node::indexingType):
-        (JSC::DFG::Node::setIndexingType):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::emitAllocateJSArray):
-        (JSC::DFG::SpeculativeJIT::jumpSlowForUnwantedArrayMode):
-        (DFG):
-        (JSC::DFG::SpeculativeJIT::checkArray):
-        (JSC::DFG::SpeculativeJIT::arrayify):
-        (JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
-        (JSC::DFG::SpeculativeJIT::compileGetArrayLength):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        (SpeculativeJIT):
-        (SpeculateIntegerOperand):
-        (JSC::DFG::SpeculateIntegerOperand::use):
-        (SpeculateDoubleOperand):
-        (JSC::DFG::SpeculateDoubleOperand::use):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (DFG):
-        (JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * jit/JIT.h:
-        (JSC::JIT::emitInt32GetByVal):
-        (JIT):
-        (JSC::JIT::emitInt32PutByVal):
-        (JSC::JIT::emitDoublePutByVal):
-        (JSC::JIT::emitContiguousPutByVal):
-        * jit/JITExceptions.cpp:
-        (JSC::genericThrow):
-        * jit/JITInlineMethods.h:
-        (JSC::arrayProfileSaw):
-        (JSC::JIT::chooseArrayMode):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_new_array):
-        (JSC::JIT::emit_op_new_array_with_size):
-        (JSC::JIT::emit_op_new_array_buffer):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC::JIT::emitDoubleGetByVal):
-        (JSC):
-        (JSC::JIT::emitContiguousGetByVal):
-        (JSC::JIT::emit_op_put_by_val):
-        (JSC::JIT::emitGenericContiguousPutByVal):
-        (JSC::JIT::emitSlow_op_put_by_val):
-        (JSC::JIT::privateCompileGetByVal):
-        (JSC::JIT::privateCompilePutByVal):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC::JIT::emitContiguousGetByVal):
-        (JSC::JIT::emitDoubleGetByVal):
-        (JSC):
-        (JSC::JIT::emit_op_put_by_val):
-        (JSC::JIT::emitGenericContiguousPutByVal):
-        (JSC::JIT::emitSlow_op_put_by_val):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jit/JITStubs.h:
-        (JSC):
-        * jsc.cpp:
-        (GlobalObject::finishCreation):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::jitCompileAndSetHeuristics):
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        * llint/LowLevelInterpreter.asm:
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-        * offlineasm/x86.rb:
-        * runtime/ArrayConstructor.cpp:
-        (JSC::constructArrayWithSizeQuirk):
-        * runtime/ArrayConstructor.h:
-        (JSC):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncConcat):
-        (JSC::arrayProtoFuncSlice):
-        (JSC::arrayProtoFuncSplice):
-        (JSC::arrayProtoFuncFilter):
-        (JSC::arrayProtoFuncMap):
-        * runtime/Butterfly.h:
-        (JSC::Butterfly::contiguousInt32):
-        (JSC::Butterfly::contiguousDouble):
-        (JSC::Butterfly::fromContiguous):
-        * runtime/ButterflyInlineMethods.h:
-        (JSC::Butterfly::createUninitializedDuringCollection):
-        * runtime/FunctionPrototype.cpp:
-        (JSC::functionProtoFuncBind):
-        * runtime/IndexingHeaderInlineMethods.h:
-        (JSC::IndexingHeader::indexingPayloadSizeInBytes):
-        * runtime/IndexingType.cpp:
-        (JSC::leastUpperBoundOfIndexingTypes):
-        (JSC):
-        (JSC::leastUpperBoundOfIndexingTypeAndType):
-        (JSC::leastUpperBoundOfIndexingTypeAndValue):
-        (JSC::indexingTypeToString):
-        * runtime/IndexingType.h:
-        (JSC):
-        (JSC::hasUndecided):
-        (JSC::hasInt32):
-        (JSC::hasDouble):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::setLength):
-        (JSC::JSArray::pop):
-        (JSC::JSArray::push):
-        (JSC::JSArray::shiftCountWithAnyIndexingType):
-        (JSC::JSArray::unshiftCountWithAnyIndexingType):
-        (JSC::compareNumbersForQSortWithInt32):
-        (JSC):
-        (JSC::compareNumbersForQSortWithDouble):
-        (JSC::JSArray::sortNumericVector):
-        (JSC::JSArray::sortNumeric):
-        (JSC::JSArray::sortCompactedVector):
-        (JSC::JSArray::sort):
-        (JSC::JSArray::sortVector):
-        (JSC::JSArray::fillArgList):
-        (JSC::JSArray::copyToArguments):
-        (JSC::JSArray::compactForSorting):
-        * runtime/JSArray.h:
-        (JSArray):
-        (JSC::createContiguousArrayButterfly):
-        (JSC::JSArray::create):
-        (JSC::JSArray::tryCreateUninitialized):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        (JSC):
-        (JSC::JSGlobalObject::haveABadTime):
-        (JSC::JSGlobalObject::visitChildren):
-        * runtime/JSGlobalObject.h:
-        (JSGlobalObject):
-        (JSC::JSGlobalObject::originalArrayStructureForIndexingType):
-        (JSC::JSGlobalObject::arrayStructureForIndexingTypeDuringAllocation):
-        (JSC::JSGlobalObject::arrayStructureForProfileDuringAllocation):
-        (JSC::JSGlobalObject::isOriginalArrayStructure):
-        (JSC::constructEmptyArray):
-        (JSC::constructArray):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::copyButterfly):
-        (JSC::JSObject::getOwnPropertySlotByIndex):
-        (JSC::JSObject::putByIndex):
-        (JSC::JSObject::enterDictionaryIndexingMode):
-        (JSC::JSObject::createInitialIndexedStorage):
-        (JSC):
-        (JSC::JSObject::createInitialUndecided):
-        (JSC::JSObject::createInitialInt32):
-        (JSC::JSObject::createInitialDouble):
-        (JSC::JSObject::createInitialContiguous):
-        (JSC::JSObject::convertUndecidedToInt32):
-        (JSC::JSObject::convertUndecidedToDouble):
-        (JSC::JSObject::convertUndecidedToContiguous):
-        (JSC::JSObject::constructConvertedArrayStorageWithoutCopyingElements):
-        (JSC::JSObject::convertUndecidedToArrayStorage):
-        (JSC::JSObject::convertInt32ToDouble):
-        (JSC::JSObject::convertInt32ToContiguous):
-        (JSC::JSObject::convertInt32ToArrayStorage):
-        (JSC::JSObject::convertDoubleToContiguous):
-        (JSC::JSObject::convertDoubleToArrayStorage):
-        (JSC::JSObject::convertContiguousToArrayStorage):
-        (JSC::JSObject::convertUndecidedForValue):
-        (JSC::JSObject::convertInt32ForValue):
-        (JSC::JSObject::setIndexQuicklyToUndecided):
-        (JSC::JSObject::convertInt32ToDoubleOrContiguousWhilePerformingSetIndex):
-        (JSC::JSObject::convertDoubleToContiguousWhilePerformingSetIndex):
-        (JSC::JSObject::ensureInt32Slow):
-        (JSC::JSObject::ensureDoubleSlow):
-        (JSC::JSObject::ensureContiguousSlow):
-        (JSC::JSObject::ensureArrayStorageSlow):
-        (JSC::JSObject::ensureArrayStorageExistsAndEnterDictionaryIndexingMode):
-        (JSC::JSObject::switchToSlowPutArrayStorage):
-        (JSC::JSObject::deletePropertyByIndex):
-        (JSC::JSObject::getOwnPropertyNames):
-        (JSC::JSObject::putByIndexBeyondVectorLengthWithoutAttributes):
-        (JSC::JSObject::putByIndexBeyondVectorLength):
-        (JSC::JSObject::putDirectIndexBeyondVectorLength):
-        (JSC::JSObject::getNewVectorLength):
-        (JSC::JSObject::countElements):
-        (JSC::JSObject::ensureLengthSlow):
-        (JSC::JSObject::getOwnPropertyDescriptor):
-        * runtime/JSObject.h:
-        (JSC::JSObject::getArrayLength):
-        (JSC::JSObject::getVectorLength):
-        (JSC::JSObject::canGetIndexQuickly):
-        (JSC::JSObject::getIndexQuickly):
-        (JSC::JSObject::tryGetIndexQuickly):
-        (JSC::JSObject::canSetIndexQuickly):
-        (JSC::JSObject::canSetIndexQuicklyForPutDirect):
-        (JSC::JSObject::setIndexQuickly):
-        (JSC::JSObject::initializeIndex):
-        (JSC::JSObject::hasSparseMap):
-        (JSC::JSObject::inSparseIndexingMode):
-        (JSObject):
-        (JSC::JSObject::ensureInt32):
-        (JSC::JSObject::ensureDouble):
-        (JSC::JSObject::ensureLength):
-        (JSC::JSObject::indexingData):
-        (JSC::JSObject::currentIndexingData):
-        (JSC::JSObject::getHolyIndexQuickly):
-        (JSC::JSObject::relevantLength):
-        (JSC::JSObject::currentRelevantLength):
-        * runtime/JSValue.cpp:
-        (JSC::JSValue::description):
-        * runtime/LiteralParser.cpp:
-        (JSC::::parse):
-        * runtime/ObjectConstructor.cpp:
-        (JSC::objectConstructorGetOwnPropertyNames):
-        (JSC::objectConstructorKeys):
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncMatch):
-        (JSC::stringProtoFuncSplit):
-        * runtime/Structure.cpp:
-        (JSC::Structure::nonPropertyTransition):
-        * runtime/StructureTransitionTable.h:
-        (JSC::newIndexingType):
-
 2012-11-08  Balazs Kilvady  <kilvadyb@homejinni.com>
 
         ASSERT problem on MIPS
diff --git a/Source/JavaScriptCore/DerivedSources.pri b/Source/JavaScriptCore/DerivedSources.pri
index f9bbbf67c..03a935575 100644
--- a/Source/JavaScriptCore/DerivedSources.pri
+++ b/Source/JavaScriptCore/DerivedSources.pri
@@ -102,7 +102,7 @@ for(dir, DIRS) {
     exists($$file): LLINT_FILES += $$file
 }
 
-if(linux-*|win32) {
+if(linux-*|win32):!equals(QT_ARCH, "arm") {
     #GENERATOR: LLInt
     llint.output = ${QMAKE_FILE_IN_PATH}$${QMAKE_DIR_SEP}LLIntAssembly.h
     llint.script = $$PWD/offlineasm/asm.rb
diff --git a/Source/JavaScriptCore/GNUmakefile.list.am b/Source/JavaScriptCore/GNUmakefile.list.am
index 6c7eac9e3..d68a22b9f 100644
--- a/Source/JavaScriptCore/GNUmakefile.list.am
+++ b/Source/JavaScriptCore/GNUmakefile.list.am
@@ -83,8 +83,6 @@ javascriptcore_sources += \
 	Source/JavaScriptCore/assembler/RepatchBuffer.h \
 	Source/JavaScriptCore/assembler/SH4Assembler.h \
 	Source/JavaScriptCore/assembler/X86Assembler.h \
-	Source/JavaScriptCore/bytecode/ArrayAllocationProfile.cpp \
-	Source/JavaScriptCore/bytecode/ArrayAllocationProfile.h \
 	Source/JavaScriptCore/bytecode/ArrayProfile.cpp \
 	Source/JavaScriptCore/bytecode/ArrayProfile.h \
 	Source/JavaScriptCore/bytecode/ByValInfo.h \
@@ -256,9 +254,9 @@ javascriptcore_sources += \
 	Source/JavaScriptCore/heap/CopiedBlock.h \
 	Source/JavaScriptCore/heap/CopiedSpace.cpp \
 	Source/JavaScriptCore/heap/CopiedSpace.h \
-	Source/JavaScriptCore/heap/CopiedSpaceInlines.h \
+	Source/JavaScriptCore/heap/CopiedSpaceInlineMethods.h \
     Source/JavaScriptCore/heap/CopyVisitor.h \
-    Source/JavaScriptCore/heap/CopyVisitorInlines.h \
+    Source/JavaScriptCore/heap/CopyVisitorInlineMethods.h \
     Source/JavaScriptCore/heap/CopyVisitor.cpp \
 	Source/JavaScriptCore/heap/CardSet.h \
 	Source/JavaScriptCore/heap/ConservativeRoots.cpp \
@@ -276,7 +274,7 @@ javascriptcore_sources += \
 	Source/JavaScriptCore/heap/IncrementalSweeper.cpp \
     Source/JavaScriptCore/heap/SlotVisitor.cpp \
 	Source/JavaScriptCore/heap/SlotVisitor.h \
-	Source/JavaScriptCore/heap/SlotVisitorInlines.h \
+	Source/JavaScriptCore/heap/SlotVisitorInlineMethods.h \
 	Source/JavaScriptCore/heap/HandleStack.cpp \
 	Source/JavaScriptCore/heap/HandleStack.h \
 	Source/JavaScriptCore/heap/HandleTypes.h \
@@ -299,7 +297,7 @@ javascriptcore_sources += \
 	Source/JavaScriptCore/heap/MachineStackMarker.h \
 	Source/JavaScriptCore/heap/MarkStack.cpp \
 	Source/JavaScriptCore/heap/MarkStack.h \
-    Source/JavaScriptCore/heap/MarkStackInlines.h \
+    Source/JavaScriptCore/heap/MarkStackInlineMethods.h \
 	Source/JavaScriptCore/heap/HeapRootVisitor.h \
 	Source/JavaScriptCore/heap/MarkedAllocator.cpp \
 	Source/JavaScriptCore/heap/MarkedAllocator.h \
@@ -400,7 +398,7 @@ javascriptcore_sources += \
 	Source/JavaScriptCore/jit/JIT.h \
 	Source/JavaScriptCore/jit/JITExceptions.cpp \
 	Source/JavaScriptCore/jit/JITExceptions.h \
-	Source/JavaScriptCore/jit/JITInlines.h \
+	Source/JavaScriptCore/jit/JITInlineMethods.h \
 	Source/JavaScriptCore/jit/JITOpcodes32_64.cpp \
 	Source/JavaScriptCore/jit/JITOpcodes.cpp \
 	Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp \
@@ -483,7 +481,7 @@ javascriptcore_sources += \
 	Source/JavaScriptCore/runtime/BooleanObject.h \
 	Source/JavaScriptCore/runtime/BooleanPrototype.cpp \
 	Source/JavaScriptCore/runtime/BooleanPrototype.h \
-	Source/JavaScriptCore/runtime/ButterflyInlines.h \
+	Source/JavaScriptCore/runtime/ButterflyInlineMethods.h \
 	Source/JavaScriptCore/runtime/Butterfly.h \
 	Source/JavaScriptCore/runtime/CachedTranscendentalFunction.h \
 	Source/JavaScriptCore/runtime/CallData.cpp \
@@ -531,7 +529,7 @@ javascriptcore_sources += \
 	Source/JavaScriptCore/runtime/GetterSetter.h \
 	Source/JavaScriptCore/runtime/Identifier.cpp \
 	Source/JavaScriptCore/runtime/Identifier.h \
-	Source/JavaScriptCore/runtime/IndexingHeaderInlines.h \
+	Source/JavaScriptCore/runtime/IndexingHeaderInlineMethods.h \
 	Source/JavaScriptCore/runtime/IndexingHeader.h \
 	Source/JavaScriptCore/runtime/IndexingType.cpp \
 	Source/JavaScriptCore/runtime/IndexingType.h \
@@ -592,7 +590,7 @@ javascriptcore_sources += \
 	Source/JavaScriptCore/runtime/JSTypeInfo.h \
 	Source/JavaScriptCore/runtime/JSValue.cpp \
 	Source/JavaScriptCore/runtime/JSValue.h \
-	Source/JavaScriptCore/runtime/JSValueInlines.h \
+	Source/JavaScriptCore/runtime/JSValueInlineMethods.h \
 	Source/JavaScriptCore/runtime/JSVariableObject.cpp \
 	Source/JavaScriptCore/runtime/JSVariableObject.h \
 	Source/JavaScriptCore/runtime/JSWithScope.h \
diff --git a/Source/JavaScriptCore/JavaScriptCore.pro b/Source/JavaScriptCore/JavaScriptCore.pro
index 924261d4f..c86ca8e3d 100644
--- a/Source/JavaScriptCore/JavaScriptCore.pro
+++ b/Source/JavaScriptCore/JavaScriptCore.pro
@@ -7,7 +7,7 @@
 TEMPLATE = subdirs
 CONFIG += ordered
 
-if(linux-*|win32*) {
+if(linux-*|win32*):!equals(QT_ARCH, "arm") {
     LLIntOffsetsExtractor.file = LLIntOffsetsExtractor.pro
     LLIntOffsetsExtractor.makefile = Makefile.LLIntOffsetsExtractor
     SUBDIRS += LLIntOffsetsExtractor
@@ -18,7 +18,7 @@ target.file = Target.pri
 
 SUBDIRS += derived_sources target
 
-if(linux-*|win32*):addStrictSubdirOrderBetween(LLIntOffsetsExtractor, derived_sources)
+if(linux-*|win32*):!equals(QT_ARCH, "arm"):addStrictSubdirOrderBetween(LLIntOffsetsExtractor, derived_sources)
 addStrictSubdirOrderBetween(derived_sources, target)
 
 jsc.file = jsc.pro
diff --git a/Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def b/Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def
index e57335015..b23100547 100755
--- a/Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def
+++ b/Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def
@@ -54,7 +54,6 @@ EXPORTS
     ?absoluteTimeToWaitTimeoutInterval@WTF@@YAKN@Z
     ?activityCallback@Heap@JSC@@QAEPAVGCActivityCallback@2@XZ
     ?add@AtomicString@WTF@@CA?AV?$PassRefPtr@VStringImpl@WTF@@@2@PBD@Z
-    ?addFromLiteralData@AtomicString@WTF@@CA?AV?$PassRefPtr@VStringImpl@WTF@@@2@PBDI@Z
     ?add@Identifier@JSC@@CA?AV?$PassRefPtr@VStringImpl@WTF@@@WTF@@PAVJSGlobalData@2@PAVStringImpl@4@@Z
     ?add@Identifier@JSC@@SA?AV?$PassRefPtr@VStringImpl@WTF@@@WTF@@PAVExecState@2@PBD@Z
     ?add@PropertyNameArray@JSC@@QAEXPAVStringImpl@WTF@@@Z
@@ -111,12 +110,11 @@ EXPORTS
     ?computeHash@SHA1@WTF@@QAEXAAV?$Vector@E$0BE@@2@@Z
     ?configurable@PropertyDescriptor@JSC@@QBE_NXZ
     ?construct@JSC@@YAPAVJSObject@1@PAVExecState@1@VJSValue@1@W4ConstructType@1@ABTConstructData@1@ABVArgList@1@@Z
+    ?constructArray@JSC@@YAPAVJSArray@1@PAVExecState@1@ABVArgList@1@@Z
     ?constructEmptyObject@JSC@@YAPAVJSObject@1@PAVExecState@1@@Z
     ?constructFunctionSkippingEvalEnabledCheck@JSC@@YAPAVJSObject@1@PAVExecState@1@PAVJSGlobalObject@1@ABVArgList@1@ABVIdentifier@1@ABVString@WTF@@ABVTextPosition@8@@Z
     ?constructNumber@JSC@@YAPAVNumberObject@1@PAVExecState@1@PAVJSGlobalObject@1@VJSValue@1@@Z
     ?constructString@JSC@@YAPAVStringObject@1@PAVExecState@1@PAVJSGlobalObject@1@VJSValue@1@@Z
-    ?convertDoubleToContiguousWhilePerformingSetIndex@JSObject@JSC@@AAEXAAVJSGlobalData@2@IVJSValue@2@@Z
-    ?convertInt32ToDoubleOrContiguousWhilePerformingSetIndex@JSObject@JSC@@AAEXAAVJSGlobalData@2@IVJSValue@2@@Z
     ?convertLatin1ToUTF8@Unicode@WTF@@YA?AW4ConversionResult@12@PAPBEPBEPAPADPAD@Z
     ?convertUTF16ToUTF8@Unicode@WTF@@YA?AW4ConversionResult@12@PAPB_WPB_WPAPADPAD_N@Z
     ?convertUTF8ToUTF16@Unicode@WTF@@YA?AW4ConversionResult@12@PAPBDPBDPAPA_WPA_WPA_N_N@Z
@@ -335,7 +333,6 @@ EXPORTS
     ?setGarbageCollectionTimerEnabled@Heap@JSC@@QAEX_N@Z
     ?setGetter@PropertyDescriptor@JSC@@QAEXVJSValue@2@@Z
     ?setGlobalThis@JSGlobalObject@JSC@@IAEXAAVJSGlobalData@2@PAVJSObject@2@@Z
-    ?setIndexQuicklyToUndecided@JSObject@JSC@@AAEXAAVJSGlobalData@2@IVJSValue@2@@Z
     ?setLoc@StatementNode@JSC@@QAEXHH@Z
     ?setMainThreadCallbacksPaused@WTF@@YAX_N@Z
     ?setOption@Options@JSC@@SA_NPBD@Z
@@ -405,7 +402,6 @@ EXPORTS
     ?unlock@Mutex@WTF@@QAEXXZ
     ?unlockAtomicallyInitializedStaticMutex@WTF@@YAXXZ
     ?unprotect@Heap@JSC@@QAE_NVJSValue@2@@Z
-    ?updateIndexingType@ArrayAllocationProfile@JSC@@QAEXXZ
     ?validate@SlotVisitor@JSC@@CAXPAVJSCell@2@@Z
     ?visitChildren@JSGlobalObject@JSC@@SAXPAVJSCell@2@AAVSlotVisitor@2@@Z
     ?visitChildren@JSObject@JSC@@SAXPAVJSCell@2@AAVSlotVisitor@2@@Z
diff --git a/Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj b/Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj
index 0e732d187..b1567e2cd 100644
--- a/Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj
+++ b/Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj
@@ -538,7 +538,7 @@
 				>
 			</File>
 			<File
-				RelativePath="..\..\runtime\ButterflyInlines.h"
+				RelativePath="..\..\runtime\ButterflyInlineMethods.h"
 				>
 			</File>
 			<File
@@ -546,7 +546,7 @@
 				>
 			</File>
 			<File
-				RelativePath="..\..\runtime\IndexingHeaderInlines.h"
+				RelativePath="..\..\runtime\IndexingHeaderInlineMethods.h"
 				>
 			</File>
 			<File
@@ -1010,7 +1010,7 @@
 				>
 			</File>
 			<File
-				RelativePath="..\..\runtime\JSValueInlines.h"
+				RelativePath="..\..\runtime\JSValueInlineMethods.h"
 				>
 			</File>
 			<File
@@ -1581,14 +1581,6 @@
 		<Filter
 			Name="bytecode"
 			>
-			<File
-				RelativePath="..\..\bytecode\ArrayAllocationProfile.cpp"
-				>
-			</File>
-			<File
-				RelativePath="..\..\bytecode\ArrayAllocationProfile.h"
-				>
-			</File>
 			<File
 				RelativePath="..\..\bytecode\ArrayProfile.cpp"
 				>
@@ -1986,7 +1978,7 @@
 				>
 			</File>
 			<File
-				RelativePath="..\..\jit\JITInlines.h"
+				RelativePath="..\..\jit\JITInlineMethods.h"
 				>
 			</File>
 			<File
@@ -2362,7 +2354,7 @@
 				>
 			</File>
 			<File
-				RelativePath="..\..\heap\CopiedSpaceInlines.h"
+				RelativePath="..\..\heap\CopiedSpaceInlineMethods.h"
 				>
 			</File>
 			<File
@@ -2374,7 +2366,7 @@
 				>
 			</File>
 			<File
-				RelativePath="..\..\heap\CopyVisitorInlines.h"
+				RelativePath="..\..\heap\CopyVisitorInlineMethods.h"
 				>
 			</File>
 			<File
@@ -2562,7 +2554,7 @@
 				>
 			</File>
 			<File
-				RelativePath="..\..\heap\MarkStackInlines.h"
+				RelativePath="..\..\heap\MarkStackInlineMethods.h"
 				>
 			</File>
 			<File
diff --git a/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj b/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
index 87747ca6d..3cada1cd7 100644
--- a/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
+++ b/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
@@ -165,9 +165,6 @@
 		0F7B294C14C3CD43007C3DB1 /* DFGByteCodeCache.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F5F08CC146BE602000472A9 /* DFGByteCodeCache.h */; settings = {ATTRIBUTES = (Private, ); }; };
 		0F7B294D14C3CD4C007C3DB1 /* DFGCommon.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FC0977E1469EBC400CF2442 /* DFGCommon.h */; settings = {ATTRIBUTES = (Private, ); }; };
 		0F8023EA1613832B00A0BA45 /* ByValInfo.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F8023E91613832300A0BA45 /* ByValInfo.h */; settings = {ATTRIBUTES = (Private, ); }; };
-		0F8364B7164B0C110053329A /* DFGBranchDirection.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F8364B5164B0C0E0053329A /* DFGBranchDirection.h */; settings = {ATTRIBUTES = (Private, ); }; };
-		0F8335B71639C1E6001443B5 /* ArrayAllocationProfile.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F8335B41639C1E3001443B5 /* ArrayAllocationProfile.cpp */; };
-		0F8335B81639C1EA001443B5 /* ArrayAllocationProfile.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F8335B51639C1E3001443B5 /* ArrayAllocationProfile.h */; settings = {ATTRIBUTES = (Private, ); }; };
 		0F919D0C157EE09F004A4E7D /* JSSymbolTableObject.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F919D09157EE09D004A4E7D /* JSSymbolTableObject.cpp */; };
 		0F919D0D157EE0A2004A4E7D /* JSSymbolTableObject.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F919D0A157EE09D004A4E7D /* JSSymbolTableObject.h */; settings = {ATTRIBUTES = (Private, ); }; };
 		0F919D10157F3329004A4E7D /* JSSegmentedVariableObject.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F919D0E157F3327004A4E7D /* JSSegmentedVariableObject.cpp */; };
@@ -196,9 +193,9 @@
 		0FB7F39515ED8E4600F167B2 /* ArrayConventions.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FB7F38915ED8E3800F167B2 /* ArrayConventions.h */; settings = {ATTRIBUTES = (Private, ); }; };
 		0FB7F39615ED8E4600F167B2 /* ArrayStorage.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FB7F38A15ED8E3800F167B2 /* ArrayStorage.h */; settings = {ATTRIBUTES = (Private, ); }; };
 		0FB7F39715ED8E4600F167B2 /* Butterfly.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FB7F38B15ED8E3800F167B2 /* Butterfly.h */; settings = {ATTRIBUTES = (Private, ); }; };
-		0FB7F39815ED8E4600F167B2 /* ButterflyInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FB7F38C15ED8E3800F167B2 /* ButterflyInlines.h */; settings = {ATTRIBUTES = (Private, ); }; };
+		0FB7F39815ED8E4600F167B2 /* ButterflyInlineMethods.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FB7F38C15ED8E3800F167B2 /* ButterflyInlineMethods.h */; settings = {ATTRIBUTES = (Private, ); }; };
 		0FB7F39915ED8E4600F167B2 /* IndexingHeader.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FB7F38D15ED8E3800F167B2 /* IndexingHeader.h */; settings = {ATTRIBUTES = (Private, ); }; };
-		0FB7F39A15ED8E4600F167B2 /* IndexingHeaderInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FB7F38E15ED8E3800F167B2 /* IndexingHeaderInlines.h */; settings = {ATTRIBUTES = (Private, ); }; };
+		0FB7F39A15ED8E4600F167B2 /* IndexingHeaderInlineMethods.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FB7F38E15ED8E3800F167B2 /* IndexingHeaderInlineMethods.h */; settings = {ATTRIBUTES = (Private, ); }; };
 		0FB7F39B15ED8E4600F167B2 /* IndexingType.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FB7F38F15ED8E3800F167B2 /* IndexingType.h */; settings = {ATTRIBUTES = (Private, ); }; };
 		0FB7F39C15ED8E4600F167B2 /* PropertyStorage.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FB7F39015ED8E3800F167B2 /* PropertyStorage.h */; settings = {ATTRIBUTES = (Private, ); }; };
 		0FB7F39D15ED8E4600F167B2 /* Reject.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FB7F39115ED8E3800F167B2 /* Reject.h */; settings = {ATTRIBUTES = (Private, ); }; };
@@ -453,7 +450,7 @@
 		863C6D9C1521111A00585E4E /* YarrCanonicalizeUCS2.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 863C6D981521111200585E4E /* YarrCanonicalizeUCS2.cpp */; };
 		8642C510151C06A90046D4EF /* RegExpCachedResult.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 86F75EFB151C062F007C9BA3 /* RegExpCachedResult.cpp */; };
 		8642C512151C083D0046D4EF /* RegExpMatchesArray.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 86F75EFD151C062F007C9BA3 /* RegExpMatchesArray.cpp */; };
-		865A30F1135007E100CDB49E /* JSValueInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = 865A30F0135007E100CDB49E /* JSValueInlines.h */; settings = {ATTRIBUTES = (Private, ); }; };
+		865A30F1135007E100CDB49E /* JSValueInlineMethods.h in Headers */ = {isa = PBXBuildFile; fileRef = 865A30F0135007E100CDB49E /* JSValueInlineMethods.h */; settings = {ATTRIBUTES = (Private, ); }; };
 		865F408810E7D56300947361 /* APIShims.h in Headers */ = {isa = PBXBuildFile; fileRef = 865F408710E7D56300947361 /* APIShims.h */; settings = {ATTRIBUTES = (Private, ); }; };
 		866739D213BFDE710023D87C /* BigInteger.h in Headers */ = {isa = PBXBuildFile; fileRef = 866739D013BFDE710023D87C /* BigInteger.h */; };
 		866739D313BFDE710023D87C /* Uint16WithFraction.h in Headers */ = {isa = PBXBuildFile; fileRef = 866739D113BFDE710023D87C /* Uint16WithFraction.h */; };
@@ -489,7 +486,7 @@
 		86C568E211A213EE0007F7F0 /* MIPSAssembler.h in Headers */ = {isa = PBXBuildFile; fileRef = 86C568DF11A213EE0007F7F0 /* MIPSAssembler.h */; settings = {ATTRIBUTES = (Private, ); }; };
 		86CA032E1038E8440028A609 /* Executable.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 86CA032D1038E8440028A609 /* Executable.cpp */; };
 		86CAFEE31035DDE60028A609 /* Executable.h in Headers */ = {isa = PBXBuildFile; fileRef = 86CAFEE21035DDE60028A609 /* Executable.h */; settings = {ATTRIBUTES = (Private, ); }; };
-		86CC85A10EE79A4700288682 /* JITInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = 86CC85A00EE79A4700288682 /* JITInlines.h */; };
+		86CC85A10EE79A4700288682 /* JITInlineMethods.h in Headers */ = {isa = PBXBuildFile; fileRef = 86CC85A00EE79A4700288682 /* JITInlineMethods.h */; };
 		86CC85A30EE79B7400288682 /* JITCall.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 86CC85A20EE79B7400288682 /* JITCall.cpp */; };
 		86CC85C40EE7A89400288682 /* JITPropertyAccess.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 86CC85C30EE7A89400288682 /* JITPropertyAccess.cpp */; };
 		86CCEFDE0F413F8900FD7F9E /* JITCode.h in Headers */ = {isa = PBXBuildFile; fileRef = 86CCEFDD0F413F8900FD7F9E /* JITCode.h */; settings = {ATTRIBUTES = (Private, ); }; };
@@ -714,11 +711,11 @@
 		BCFD8C930EEB2EE700283848 /* JumpTable.h in Headers */ = {isa = PBXBuildFile; fileRef = BCFD8C910EEB2EE700283848 /* JumpTable.h */; };
 		C21122E115DD9AB300790E3A /* GCThreadSharedData.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C21122DE15DD9AB300790E3A /* GCThreadSharedData.cpp */; };
 		C21122E215DD9AB300790E3A /* GCThreadSharedData.h in Headers */ = {isa = PBXBuildFile; fileRef = C21122DF15DD9AB300790E3A /* GCThreadSharedData.h */; settings = {ATTRIBUTES = (Private, ); }; };
-		C21122E315DD9AB300790E3A /* MarkStackInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = C21122E015DD9AB300790E3A /* MarkStackInlines.h */; settings = {ATTRIBUTES = (Private, ); }; };
-		C2160FE715F7E95E00942DFC /* SlotVisitorInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FCB408515C0A3C30048932B /* SlotVisitorInlines.h */; settings = {ATTRIBUTES = (Private, ); }; };
+		C21122E315DD9AB300790E3A /* MarkStackInlineMethods.h in Headers */ = {isa = PBXBuildFile; fileRef = C21122E015DD9AB300790E3A /* MarkStackInlineMethods.h */; settings = {ATTRIBUTES = (Private, ); }; };
+		C2160FE715F7E95E00942DFC /* SlotVisitorInlineMethods.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FCB408515C0A3C30048932B /* SlotVisitorInlineMethods.h */; settings = {ATTRIBUTES = (Private, ); }; };
 		C2239D1716262BDD005AC5FD /* CopyVisitor.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2239D1216262BDD005AC5FD /* CopyVisitor.cpp */; };
 		C2239D1816262BDD005AC5FD /* CopyVisitor.h in Headers */ = {isa = PBXBuildFile; fileRef = C2239D1316262BDD005AC5FD /* CopyVisitor.h */; settings = {ATTRIBUTES = (Private, ); }; };
-		C2239D1916262BDD005AC5FD /* CopyVisitorInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = C2239D1416262BDD005AC5FD /* CopyVisitorInlines.h */; settings = {ATTRIBUTES = (Private, ); }; };
+		C2239D1916262BDD005AC5FD /* CopyVisitorInlineMethods.h in Headers */ = {isa = PBXBuildFile; fileRef = C2239D1416262BDD005AC5FD /* CopyVisitorInlineMethods.h */; settings = {ATTRIBUTES = (Private, ); }; };
 		C2239D1A16262BDD005AC5FD /* GCThread.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2239D1516262BDD005AC5FD /* GCThread.cpp */; };
 		C2239D1B16262BDD005AC5FD /* GCThread.h in Headers */ = {isa = PBXBuildFile; fileRef = C2239D1616262BDD005AC5FD /* GCThread.h */; };
 		C225494315F7DBAA0065E898 /* SlotVisitor.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C225494215F7DBAA0065E898 /* SlotVisitor.cpp */; };
@@ -731,7 +728,7 @@
 		C2A7F688160432D400F76B98 /* JSDestructibleObject.h in Headers */ = {isa = PBXBuildFile; fileRef = C2A7F687160432D400F76B98 /* JSDestructibleObject.h */; settings = {ATTRIBUTES = (Private, ); }; };
 		C2B916C214DA014E00CBAC86 /* MarkedAllocator.h in Headers */ = {isa = PBXBuildFile; fileRef = C2B916C114DA014E00CBAC86 /* MarkedAllocator.h */; settings = {ATTRIBUTES = (Private, ); }; };
 		C2B916C514DA040C00CBAC86 /* MarkedAllocator.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2B916C414DA040C00CBAC86 /* MarkedAllocator.cpp */; };
-		C2C8D02D14A3C6E000578E65 /* CopiedSpaceInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = C2C8D02B14A3C6B200578E65 /* CopiedSpaceInlines.h */; settings = {ATTRIBUTES = (Private, ); }; };
+		C2C8D02D14A3C6E000578E65 /* CopiedSpaceInlineMethods.h in Headers */ = {isa = PBXBuildFile; fileRef = C2C8D02B14A3C6B200578E65 /* CopiedSpaceInlineMethods.h */; settings = {ATTRIBUTES = (Private, ); }; };
 		C2C8D03014A3CEFC00578E65 /* CopiedBlock.h in Headers */ = {isa = PBXBuildFile; fileRef = C2C8D02E14A3CEFC00578E65 /* CopiedBlock.h */; settings = {ATTRIBUTES = (Private, ); }; };
 		C2C8D03114A3CEFC00578E65 /* HeapBlock.h in Headers */ = {isa = PBXBuildFile; fileRef = C2C8D02F14A3CEFC00578E65 /* HeapBlock.h */; settings = {ATTRIBUTES = (Private, ); }; };
 		C2D58C3415912FEE0021A844 /* GCActivityCallback.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2D58C3315912FEE0021A844 /* GCActivityCallback.cpp */; };
@@ -954,9 +951,6 @@
 		0F7700911402FF280078EB39 /* SamplingCounter.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SamplingCounter.cpp; sourceTree = "<group>"; };
 		0F7B294814C3CD23007C3DB1 /* DFGCCallHelpers.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGCCallHelpers.h; path = dfg/DFGCCallHelpers.h; sourceTree = "<group>"; };
 		0F8023E91613832300A0BA45 /* ByValInfo.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ByValInfo.h; sourceTree = "<group>"; };
-		0F8364B5164B0C0E0053329A /* DFGBranchDirection.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGBranchDirection.h; path = dfg/DFGBranchDirection.h; sourceTree = "<group>"; };
-		0F8335B41639C1E3001443B5 /* ArrayAllocationProfile.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ArrayAllocationProfile.cpp; sourceTree = "<group>"; };
-		0F8335B51639C1E3001443B5 /* ArrayAllocationProfile.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ArrayAllocationProfile.h; sourceTree = "<group>"; };
 		0F919D09157EE09D004A4E7D /* JSSymbolTableObject.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSSymbolTableObject.cpp; sourceTree = "<group>"; };
 		0F919D0A157EE09D004A4E7D /* JSSymbolTableObject.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSSymbolTableObject.h; sourceTree = "<group>"; };
 		0F919D0E157F3327004A4E7D /* JSSegmentedVariableObject.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSSegmentedVariableObject.cpp; sourceTree = "<group>"; };
@@ -985,9 +979,9 @@
 		0FB7F38915ED8E3800F167B2 /* ArrayConventions.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ArrayConventions.h; sourceTree = "<group>"; };
 		0FB7F38A15ED8E3800F167B2 /* ArrayStorage.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ArrayStorage.h; sourceTree = "<group>"; };
 		0FB7F38B15ED8E3800F167B2 /* Butterfly.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Butterfly.h; sourceTree = "<group>"; };
-		0FB7F38C15ED8E3800F167B2 /* ButterflyInlines.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ButterflyInlines.h; sourceTree = "<group>"; };
+		0FB7F38C15ED8E3800F167B2 /* ButterflyInlineMethods.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ButterflyInlineMethods.h; sourceTree = "<group>"; };
 		0FB7F38D15ED8E3800F167B2 /* IndexingHeader.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = IndexingHeader.h; sourceTree = "<group>"; };
-		0FB7F38E15ED8E3800F167B2 /* IndexingHeaderInlines.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = IndexingHeaderInlines.h; sourceTree = "<group>"; };
+		0FB7F38E15ED8E3800F167B2 /* IndexingHeaderInlineMethods.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = IndexingHeaderInlineMethods.h; sourceTree = "<group>"; };
 		0FB7F38F15ED8E3800F167B2 /* IndexingType.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = IndexingType.h; sourceTree = "<group>"; };
 		0FB7F39015ED8E3800F167B2 /* PropertyStorage.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PropertyStorage.h; sourceTree = "<group>"; };
 		0FB7F39115ED8E3800F167B2 /* Reject.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Reject.h; sourceTree = "<group>"; };
@@ -1012,7 +1006,7 @@
 		0FC8150914043BD200CFA603 /* WriteBarrierSupport.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WriteBarrierSupport.h; sourceTree = "<group>"; };
 		0FC815121405118600CFA603 /* VTableSpectrum.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = VTableSpectrum.cpp; sourceTree = "<group>"; };
 		0FC815141405118D00CFA603 /* VTableSpectrum.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = VTableSpectrum.h; sourceTree = "<group>"; };
-		0FCB408515C0A3C30048932B /* SlotVisitorInlines.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SlotVisitorInlines.h; sourceTree = "<group>"; };
+		0FCB408515C0A3C30048932B /* SlotVisitorInlineMethods.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SlotVisitorInlineMethods.h; sourceTree = "<group>"; };
 		0FD3C82014115CF800FD81CB /* DFGDriver.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGDriver.cpp; path = dfg/DFGDriver.cpp; sourceTree = "<group>"; };
 		0FD3C82214115D0E00FD81CB /* DFGDriver.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGDriver.h; path = dfg/DFGDriver.h; sourceTree = "<group>"; };
 		0FD81ACF154FB4EB00983E72 /* DFGDominators.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGDominators.cpp; path = dfg/DFGDominators.cpp; sourceTree = "<group>"; };
@@ -1232,7 +1226,7 @@
 		863C6D981521111200585E4E /* YarrCanonicalizeUCS2.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = YarrCanonicalizeUCS2.cpp; path = yarr/YarrCanonicalizeUCS2.cpp; sourceTree = "<group>"; };
 		863C6D991521111200585E4E /* YarrCanonicalizeUCS2.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = YarrCanonicalizeUCS2.h; path = yarr/YarrCanonicalizeUCS2.h; sourceTree = "<group>"; };
 		863C6D9A1521111200585E4E /* YarrCanonicalizeUCS2.js */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.javascript; name = YarrCanonicalizeUCS2.js; path = yarr/YarrCanonicalizeUCS2.js; sourceTree = "<group>"; };
-		865A30F0135007E100CDB49E /* JSValueInlines.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSValueInlines.h; sourceTree = "<group>"; };
+		865A30F0135007E100CDB49E /* JSValueInlineMethods.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSValueInlineMethods.h; sourceTree = "<group>"; };
 		865F408710E7D56300947361 /* APIShims.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = APIShims.h; sourceTree = "<group>"; };
 		866739D013BFDE710023D87C /* BigInteger.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BigInteger.h; sourceTree = "<group>"; };
 		866739D113BFDE710023D87C /* Uint16WithFraction.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Uint16WithFraction.h; sourceTree = "<group>"; };
@@ -1274,7 +1268,7 @@
 		86C568DF11A213EE0007F7F0 /* MIPSAssembler.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MIPSAssembler.h; sourceTree = "<group>"; };
 		86CA032D1038E8440028A609 /* Executable.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Executable.cpp; sourceTree = "<group>"; };
 		86CAFEE21035DDE60028A609 /* Executable.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Executable.h; sourceTree = "<group>"; };
-		86CC85A00EE79A4700288682 /* JITInlines.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JITInlines.h; sourceTree = "<group>"; };
+		86CC85A00EE79A4700288682 /* JITInlineMethods.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JITInlineMethods.h; sourceTree = "<group>"; };
 		86CC85A20EE79B7400288682 /* JITCall.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JITCall.cpp; sourceTree = "<group>"; };
 		86CC85C30EE7A89400288682 /* JITPropertyAccess.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JITPropertyAccess.cpp; sourceTree = "<group>"; };
 		86CCEFDD0F413F8900FD7F9E /* JITCode.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JITCode.h; sourceTree = "<group>"; };
@@ -1507,10 +1501,10 @@
 		BCFD8C910EEB2EE700283848 /* JumpTable.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JumpTable.h; sourceTree = "<group>"; };
 		C21122DE15DD9AB300790E3A /* GCThreadSharedData.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = GCThreadSharedData.cpp; sourceTree = "<group>"; };
 		C21122DF15DD9AB300790E3A /* GCThreadSharedData.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = GCThreadSharedData.h; sourceTree = "<group>"; };
-		C21122E015DD9AB300790E3A /* MarkStackInlines.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MarkStackInlines.h; sourceTree = "<group>"; };
+		C21122E015DD9AB300790E3A /* MarkStackInlineMethods.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MarkStackInlineMethods.h; sourceTree = "<group>"; };
 		C2239D1216262BDD005AC5FD /* CopyVisitor.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CopyVisitor.cpp; sourceTree = "<group>"; };
 		C2239D1316262BDD005AC5FD /* CopyVisitor.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CopyVisitor.h; sourceTree = "<group>"; };
-		C2239D1416262BDD005AC5FD /* CopyVisitorInlines.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CopyVisitorInlines.h; sourceTree = "<group>"; };
+		C2239D1416262BDD005AC5FD /* CopyVisitorInlineMethods.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CopyVisitorInlineMethods.h; sourceTree = "<group>"; };
 		C2239D1516262BDD005AC5FD /* GCThread.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = GCThread.cpp; sourceTree = "<group>"; };
 		C2239D1616262BDD005AC5FD /* GCThread.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = GCThread.h; sourceTree = "<group>"; };
 		C225494215F7DBAA0065E898 /* SlotVisitor.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SlotVisitor.cpp; sourceTree = "<group>"; };
@@ -1522,7 +1516,7 @@
 		C2A7F687160432D400F76B98 /* JSDestructibleObject.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSDestructibleObject.h; sourceTree = "<group>"; };
 		C2B916C114DA014E00CBAC86 /* MarkedAllocator.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MarkedAllocator.h; sourceTree = "<group>"; };
 		C2B916C414DA040C00CBAC86 /* MarkedAllocator.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = MarkedAllocator.cpp; sourceTree = "<group>"; };
-		C2C8D02B14A3C6B200578E65 /* CopiedSpaceInlines.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CopiedSpaceInlines.h; sourceTree = "<group>"; };
+		C2C8D02B14A3C6B200578E65 /* CopiedSpaceInlineMethods.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CopiedSpaceInlineMethods.h; sourceTree = "<group>"; };
 		C2C8D02E14A3CEFC00578E65 /* CopiedBlock.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CopiedBlock.h; sourceTree = "<group>"; };
 		C2C8D02F14A3CEFC00578E65 /* HeapBlock.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = HeapBlock.h; sourceTree = "<group>"; };
 		C2D58C3315912FEE0021A844 /* GCActivityCallback.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = GCActivityCallback.cpp; sourceTree = "<group>"; };
@@ -1822,7 +1816,7 @@
 				0F21C26614BE5F5E00ADC64B /* JITDriver.h */,
 				0F46807F14BA572700BFE272 /* JITExceptions.cpp */,
 				0F46808014BA572700BFE272 /* JITExceptions.h */,
-				86CC85A00EE79A4700288682 /* JITInlines.h */,
+				86CC85A00EE79A4700288682 /* JITInlineMethods.h */,
 				BCDD51E90FB8DF74004A8BDC /* JITOpcodes.cpp */,
 				A71236E41195F33C00BD2174 /* JITOpcodes32_64.cpp */,
 				86CC85C30EE7A89400288682 /* JITPropertyAccess.cpp */,
@@ -1848,7 +1842,7 @@
 			children = (
 				C2239D1216262BDD005AC5FD /* CopyVisitor.cpp */,
 				C2239D1316262BDD005AC5FD /* CopyVisitor.h */,
-				C2239D1416262BDD005AC5FD /* CopyVisitorInlines.h */,
+				C2239D1416262BDD005AC5FD /* CopyVisitorInlineMethods.h */,
 				C2239D1516262BDD005AC5FD /* GCThread.cpp */,
 				C2239D1616262BDD005AC5FD /* GCThread.h */,
 				C24D31E0161CD695002AA4DB /* HeapStatistics.cpp */,
@@ -1856,7 +1850,7 @@
 				C225494215F7DBAA0065E898 /* SlotVisitor.cpp */,
 				C21122DE15DD9AB300790E3A /* GCThreadSharedData.cpp */,
 				C21122DF15DD9AB300790E3A /* GCThreadSharedData.h */,
-				C21122E015DD9AB300790E3A /* MarkStackInlines.h */,
+				C21122E015DD9AB300790E3A /* MarkStackInlineMethods.h */,
 				C2E526BB1590EF000054E48D /* HeapTimer.cpp */,
 				C2E526BC1590EF000054E48D /* HeapTimer.h */,
 				C25F8BCB157544A900245B71 /* IncrementalSweeper.cpp */,
@@ -1870,7 +1864,7 @@
 				C2C8D02E14A3CEFC00578E65 /* CopiedBlock.h */,
 				C240305314B404C90079EB64 /* CopiedSpace.cpp */,
 				C2EAA3F8149A830800FCE112 /* CopiedSpace.h */,
-				C2C8D02B14A3C6B200578E65 /* CopiedSpaceInlines.h */,
+				C2C8D02B14A3C6B200578E65 /* CopiedSpaceInlineMethods.h */,
 				0F2C556D14738F2E00121E4F /* DFGCodeBlocks.cpp */,
 				0F2C556E14738F2E00121E4F /* DFGCodeBlocks.h */,
 				BCBE2CAD14E985AA000593AD /* GCAssertions.h */,
@@ -1902,7 +1896,7 @@
 				142D6F0F13539A4100B02E86 /* MarkStack.h */,
 				1497209014EB831500FEB1B7 /* PassWeak.h */,
 				14BA78F013AAB88F005B7C2C /* SlotVisitor.h */,
-				0FCB408515C0A3C30048932B /* SlotVisitorInlines.h */,
+				0FCB408515C0A3C30048932B /* SlotVisitorInlineMethods.h */,
 				142E3132134FF0A600AFADB5 /* Strong.h */,
 				145722851437E140005FDE26 /* StrongInlines.h */,
 				141448CC13A1783700F5BA1A /* TinyBloomFilter.h */,
@@ -2106,7 +2100,7 @@
 				BC7952340E15EB5600A898AB /* BooleanPrototype.cpp */,
 				BC7952350E15EB5600A898AB /* BooleanPrototype.h */,
 				0FB7F38B15ED8E3800F167B2 /* Butterfly.h */,
-				0FB7F38C15ED8E3800F167B2 /* ButterflyInlines.h */,
+				0FB7F38C15ED8E3800F167B2 /* ButterflyInlineMethods.h */,
 				869D04AE1193B54D00803475 /* CachedTranscendentalFunction.h */,
 				BCA62DFE0E2826230004F30D /* CallData.cpp */,
 				145C507F0D9DF63B0088F6B9 /* CallData.h */,
@@ -2152,7 +2146,7 @@
 				933A349D038AE80F008635CE /* Identifier.cpp */,
 				933A349A038AE7C6008635CE /* Identifier.h */,
 				0FB7F38D15ED8E3800F167B2 /* IndexingHeader.h */,
-				0FB7F38E15ED8E3800F167B2 /* IndexingHeaderInlines.h */,
+				0FB7F38E15ED8E3800F167B2 /* IndexingHeaderInlineMethods.h */,
 				0F13E04C16164A1B00DC8DE7 /* IndexingType.cpp */,
 				0FB7F38F15ED8E3800F167B2 /* IndexingType.h */,
 				E178636C0D9BEEC300D74E75 /* InitializeThreading.cpp */,
@@ -2209,7 +2203,7 @@
 				6507D2970E871E4A00D7D896 /* JSTypeInfo.h */,
 				F692A8870255597D01FF60F7 /* JSValue.cpp */,
 				14ABB36E099C076400E2A24F /* JSValue.h */,
-				865A30F0135007E100CDB49E /* JSValueInlines.h */,
+				865A30F0135007E100CDB49E /* JSValueInlineMethods.h */,
 				BC22A39A0E16E14800AF21C8 /* JSVariableObject.cpp */,
 				14F252560D08DD8D004ECFFF /* JSVariableObject.h */,
 				1442565F15EDE98D0066A49B /* JSWithScope.cpp */,
@@ -2368,7 +2362,6 @@
 				0FC0976B1468AB4A00CF2442 /* DFGAssemblyHelpers.cpp */,
 				0FC0976C1468AB4A00CF2442 /* DFGAssemblyHelpers.h */,
 				0F620170143FCD2F0068B77C /* DFGBasicBlock.h */,
-				0F8364B5164B0C0E0053329A /* DFGBranchDirection.h */,
 				0F5F08CC146BE602000472A9 /* DFGByteCodeCache.h */,
 				86EC9DB41328DF82002B2AD7 /* DFGByteCodeParser.cpp */,
 				86EC9DB51328DF82002B2AD7 /* DFGByteCodeParser.h */,
@@ -2522,8 +2515,6 @@
 		969A078F0ED1D3AE00F1F681 /* bytecode */ = {
 			isa = PBXGroup;
 			children = (
-				0F8335B41639C1E3001443B5 /* ArrayAllocationProfile.cpp */,
-				0F8335B51639C1E3001443B5 /* ArrayAllocationProfile.h */,
 				0F63945115D07051006A597C /* ArrayProfile.cpp */,
 				0F63945215D07051006A597C /* ArrayProfile.h */,
 				0F21C27E14BEAA8000ADC64B /* BytecodeConventions.h */,
@@ -2625,14 +2616,14 @@
 				C2B916C214DA014E00CBAC86 /* MarkedAllocator.h in Headers */,
 				FE4A332015BD2E07006F54F3 /* VMInspector.h in Headers */,
 				C2239D1816262BDD005AC5FD /* CopyVisitor.h in Headers */,
-				C2239D1916262BDD005AC5FD /* CopyVisitorInlines.h in Headers */,
+				C2239D1916262BDD005AC5FD /* CopyVisitorInlineMethods.h in Headers */,
 				C24D31E3161CD695002AA4DB /* HeapStatistics.h in Headers */,
 				C2A7F688160432D400F76B98 /* JSDestructibleObject.h in Headers */,
 				FE20CE9E15F04A9500DF3430 /* LLIntCLoop.h in Headers */,
 				C21122E215DD9AB300790E3A /* GCThreadSharedData.h in Headers */,
-				C2160FE715F7E95E00942DFC /* SlotVisitorInlines.h in Headers */,
+				C2160FE715F7E95E00942DFC /* SlotVisitorInlineMethods.h in Headers */,
 				C2E526BE1590EF000054E48D /* HeapTimer.h in Headers */,
-				C21122E315DD9AB300790E3A /* MarkStackInlines.h in Headers */,
+				C21122E315DD9AB300790E3A /* MarkStackInlineMethods.h in Headers */,
 				C25F8BCE157544A900245B71 /* IncrementalSweeper.h in Headers */,
 				BC18C3E60E16F5CD00B34460 /* ArrayConstructor.h in Headers */,
 				BC18C3E70E16F5CD00B34460 /* ArrayPrototype.h in Headers */,
@@ -2645,7 +2636,7 @@
 				BC18C3EC0E16F5CD00B34460 /* BooleanObject.h in Headers */,
 				C2C8D03014A3CEFC00578E65 /* CopiedBlock.h in Headers */,
 				C2EAA3FA149A835E00FCE112 /* CopiedSpace.h in Headers */,
-				C2C8D02D14A3C6E000578E65 /* CopiedSpaceInlines.h in Headers */,
+				C2C8D02D14A3C6E000578E65 /* CopiedSpaceInlineMethods.h in Headers */,
 				969A07230ED1CE3300F1F681 /* BytecodeGenerator.h in Headers */,
 				869D04AF1193B54D00803475 /* CachedTranscendentalFunction.h in Headers */,
 				BC18C3ED0E16F5CD00B34460 /* CallData.h in Headers */,
@@ -2727,7 +2718,7 @@
 				BC18C4150E16F5CD00B34460 /* JavaScriptCorePrefix.h in Headers */,
 				1429D9300ED22D7000B89619 /* JIT.h in Headers */,
 				86CCEFDE0F413F8900FD7F9E /* JITCode.h in Headers */,
-				86CC85A10EE79A4700288682 /* JITInlines.h in Headers */,
+				86CC85A10EE79A4700288682 /* JITInlineMethods.h in Headers */,
 				960626960FB8EC02009798AB /* JITStubCall.h in Headers */,
 				14C5242B0F5355E900BA3D04 /* JITStubs.h in Headers */,
 				A76F54A313B28AAB00EF2BCE /* JITWriteBarrier.h in Headers */,
@@ -2769,7 +2760,7 @@
 				BC18C42A0E16F5CD00B34460 /* JSType.h in Headers */,
 				6507D29E0E871E5E00D7D896 /* JSTypeInfo.h in Headers */,
 				BC18C42B0E16F5CD00B34460 /* JSValue.h in Headers */,
-				865A30F1135007E100CDB49E /* JSValueInlines.h in Headers */,
+				865A30F1135007E100CDB49E /* JSValueInlineMethods.h in Headers */,
 				BC18C42C0E16F5CD00B34460 /* JSValueRef.h in Headers */,
 				BC18C42D0E16F5CD00B34460 /* JSVariableObject.h in Headers */,
 				A7482E93116A7CAD003B0712 /* JSWeakObjectMapRefInternal.h in Headers */,
@@ -3003,9 +2994,9 @@
 				0FB7F39515ED8E4600F167B2 /* ArrayConventions.h in Headers */,
 				0FB7F39615ED8E4600F167B2 /* ArrayStorage.h in Headers */,
 				0FB7F39715ED8E4600F167B2 /* Butterfly.h in Headers */,
-				0FB7F39815ED8E4600F167B2 /* ButterflyInlines.h in Headers */,
+				0FB7F39815ED8E4600F167B2 /* ButterflyInlineMethods.h in Headers */,
 				0FB7F39915ED8E4600F167B2 /* IndexingHeader.h in Headers */,
-				0FB7F39A15ED8E4600F167B2 /* IndexingHeaderInlines.h in Headers */,
+				0FB7F39A15ED8E4600F167B2 /* IndexingHeaderInlineMethods.h in Headers */,
 				0FB7F39B15ED8E4600F167B2 /* IndexingType.h in Headers */,
 				0FB7F39C15ED8E4600F167B2 /* PropertyStorage.h in Headers */,
 				0FB7F39D15ED8E4600F167B2 /* Reject.h in Headers */,
@@ -3017,8 +3008,6 @@
 				0FEB3ECD16237F4D00AB67AD /* TypedArrayDescriptor.h in Headers */,
 				0F256C361627B0AD007F2783 /* DFGCallArrayAllocatorSlowPathGenerator.h in Headers */,
 				C2239D1B16262BDD005AC5FD /* GCThread.h in Headers */,
-				0F8364B7164B0C110053329A /* DFGBranchDirection.h in Headers */,
-				0F8335B81639C1EA001443B5 /* ArrayAllocationProfile.h in Headers */,
 				A7B601821639FD2A00372BA3 /* UnlinkedCodeBlock.h in Headers */,
 				A77F1822164088B200640A47 /* CodeCache.h in Headers */,
 				A77F1825164192C700640A47 /* ParserModes.h in Headers */,
@@ -3598,7 +3587,6 @@
 				C24D31E2161CD695002AA4DB /* HeapStatistics.cpp in Sources */,
 				C2239D1716262BDD005AC5FD /* CopyVisitor.cpp in Sources */,
 				C2239D1A16262BDD005AC5FD /* GCThread.cpp in Sources */,
-				0F8335B71639C1E6001443B5 /* ArrayAllocationProfile.cpp in Sources */,
 				A76F279415F13C9600517D67 /* UnlinkedCodeBlock.cpp in Sources */,
 				A77F1821164088B200640A47 /* CodeCache.cpp in Sources */,
 			);
diff --git a/Source/JavaScriptCore/Target.pri b/Source/JavaScriptCore/Target.pri
index f978fb46b..b0fcc16e7 100644
--- a/Source/JavaScriptCore/Target.pri
+++ b/Source/JavaScriptCore/Target.pri
@@ -50,7 +50,6 @@ SOURCES += \
     assembler/MacroAssembler.cpp \
     assembler/MacroAssemblerARM.cpp \
     assembler/MacroAssemblerSH4.cpp \
-    bytecode/ArrayAllocationProfile.cpp \
     bytecode/ArrayProfile.cpp \
     bytecode/CallLinkInfo.cpp \
     bytecode/CallLinkStatus.cpp \
diff --git a/Source/JavaScriptCore/assembler/AbstractMacroAssembler.h b/Source/JavaScriptCore/assembler/AbstractMacroAssembler.h
index 673031b7a..c75adb7e9 100644
--- a/Source/JavaScriptCore/assembler/AbstractMacroAssembler.h
+++ b/Source/JavaScriptCore/assembler/AbstractMacroAssembler.h
@@ -586,13 +586,6 @@ public:
 
     public:
         typedef Vector<Jump, 16> JumpVector;
-        
-        JumpList() { }
-        
-        JumpList(Jump jump)
-        {
-            append(jump);
-        }
 
         void link(AbstractMacroAssembler<AssemblerType>* masm)
         {
diff --git a/Source/JavaScriptCore/assembler/MacroAssemblerX86Common.h b/Source/JavaScriptCore/assembler/MacroAssemblerX86Common.h
index 53cb80c21..66db26acb 100644
--- a/Source/JavaScriptCore/assembler/MacroAssemblerX86Common.h
+++ b/Source/JavaScriptCore/assembler/MacroAssemblerX86Common.h
@@ -826,15 +826,11 @@ public:
             m_assembler.ucomisd_rr(right, left);
 
         if (cond == DoubleEqual) {
-            if (left == right)
-                return Jump(m_assembler.jnp());
             Jump isUnordered(m_assembler.jp());
             Jump result = Jump(m_assembler.je());
             isUnordered.link(this);
             return result;
         } else if (cond == DoubleNotEqualOrUnordered) {
-            if (left == right)
-                return Jump(m_assembler.jp());
             Jump isUnordered(m_assembler.jp());
             Jump isEqual(m_assembler.je());
             isUnordered.link(this);
diff --git a/Source/JavaScriptCore/assembler/X86Assembler.h b/Source/JavaScriptCore/assembler/X86Assembler.h
index 4d08b70ce..ecb178e88 100644
--- a/Source/JavaScriptCore/assembler/X86Assembler.h
+++ b/Source/JavaScriptCore/assembler/X86Assembler.h
@@ -1475,12 +1475,6 @@ public:
         return m_formatter.immediateRel32();
     }
 
-    AssemblerLabel jnp()
-    {
-        m_formatter.twoByteOp(jccRel32(ConditionNP));
-        return m_formatter.immediateRel32();
-    }
-
     AssemblerLabel jp()
     {
         m_formatter.twoByteOp(jccRel32(ConditionP));
@@ -2320,9 +2314,6 @@ private:
         // Format a REX prefix byte.
         inline void emitRex(bool w, int r, int x, int b)
         {
-            ASSERT(r >= 0);
-            ASSERT(x >= 0);
-            ASSERT(b >= 0);
             m_buffer.putByteUnchecked(PRE_REX | ((int)w << 3) | ((r>>3)<<2) | ((x>>3)<<1) | (b>>3));
         }
 
diff --git a/Source/JavaScriptCore/bytecode/ArrayAllocationProfile.cpp b/Source/JavaScriptCore/bytecode/ArrayAllocationProfile.cpp
deleted file mode 100644
index aa682da86..000000000
--- a/Source/JavaScriptCore/bytecode/ArrayAllocationProfile.cpp
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Copyright (C) 2012 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
- */
-
-#include "config.h"
-#include "ArrayAllocationProfile.h"
-
-namespace JSC {
-
-void ArrayAllocationProfile::updateIndexingType()
-{
-    if (!m_lastArray)
-        return;
-    m_currentIndexingType = leastUpperBoundOfIndexingTypes(m_currentIndexingType, m_lastArray->structure()->indexingType());
-    m_lastArray = 0;
-}
-
-} // namespace JSC
-
diff --git a/Source/JavaScriptCore/bytecode/ArrayAllocationProfile.h b/Source/JavaScriptCore/bytecode/ArrayAllocationProfile.h
deleted file mode 100644
index a1647fad4..000000000
--- a/Source/JavaScriptCore/bytecode/ArrayAllocationProfile.h
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * Copyright (C) 2012 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
- */
-
-#ifndef ArrayAllocationProfile_h
-#define ArrayAllocationProfile_h
-
-#include "IndexingType.h"
-#include "JSArray.h"
-
-namespace JSC {
-
-class ArrayAllocationProfile {
-public:
-    ArrayAllocationProfile()
-        : m_currentIndexingType(ArrayWithUndecided)
-        , m_lastArray(0)
-    {
-    }
-    
-    IndexingType selectIndexingType()
-    {
-        if (m_lastArray && UNLIKELY(m_lastArray->structure()->indexingType() != m_currentIndexingType))
-            updateIndexingType();
-        return m_currentIndexingType;
-    }
-    
-    JSArray* updateLastAllocation(JSArray* lastArray)
-    {
-        m_lastArray = lastArray;
-        return lastArray;
-    }
-    
-    JS_EXPORT_PRIVATE void updateIndexingType();
-    
-    static IndexingType selectIndexingTypeFor(ArrayAllocationProfile* profile)
-    {
-        if (!profile)
-            return ArrayWithUndecided;
-        return profile->selectIndexingType();
-    }
-    
-    static JSArray* updateLastAllocationFor(ArrayAllocationProfile* profile, JSArray* lastArray)
-    {
-        if (profile)
-            profile->updateLastAllocation(lastArray);
-        return lastArray;
-    }
-
-private:
-    
-    IndexingType m_currentIndexingType;
-    JSArray* m_lastArray;
-};
-
-} // namespace JSC
-
-#endif // ArrayAllocationProfile_h
-
diff --git a/Source/JavaScriptCore/bytecode/ArrayProfile.cpp b/Source/JavaScriptCore/bytecode/ArrayProfile.cpp
index 51baf332f..5a87380fd 100644
--- a/Source/JavaScriptCore/bytecode/ArrayProfile.cpp
+++ b/Source/JavaScriptCore/bytecode/ArrayProfile.cpp
@@ -65,13 +65,6 @@ const char* arrayModesToString(ArrayModes arrayModes)
     return result;
 }
 
-ArrayModes ArrayProfile::updatedObservedArrayModes() const
-{
-    if (m_lastSeenStructure)
-        return m_observedArrayModes | arrayModeFromStructure(m_lastSeenStructure);
-    return m_observedArrayModes;
-}
-
 void ArrayProfile::computeUpdatedPrediction(CodeBlock* codeBlock, OperationInProgress operation)
 {
     if (m_lastSeenStructure) {
diff --git a/Source/JavaScriptCore/bytecode/ArrayProfile.h b/Source/JavaScriptCore/bytecode/ArrayProfile.h
index 5116cd36f..376684fc1 100644
--- a/Source/JavaScriptCore/bytecode/ArrayProfile.h
+++ b/Source/JavaScriptCore/bytecode/ArrayProfile.h
@@ -45,20 +45,15 @@ typedef unsigned ArrayModes;
 
 #define ALL_NON_ARRAY_ARRAY_MODES                       \
     (asArrayModes(NonArray)                             \
-    | asArrayModes(NonArrayWithInt32)                   \
-    | asArrayModes(NonArrayWithDouble)                  \
-    | asArrayModes(NonArrayWithContiguous)              \
-    | asArrayModes(NonArrayWithArrayStorage)            \
-    | asArrayModes(NonArrayWithSlowPutArrayStorage))
+     | asArrayModes(NonArrayWithContiguous)             \
+     | asArrayModes(NonArrayWithArrayStorage)           \
+     | asArrayModes(NonArrayWithSlowPutArrayStorage))
 
 #define ALL_ARRAY_ARRAY_MODES                           \
     (asArrayModes(ArrayClass)                           \
-    | asArrayModes(ArrayWithUndecided)                  \
-    | asArrayModes(ArrayWithInt32)                      \
-    | asArrayModes(ArrayWithDouble)                     \
-    | asArrayModes(ArrayWithContiguous)                 \
-    | asArrayModes(ArrayWithArrayStorage)               \
-    | asArrayModes(ArrayWithSlowPutArrayStorage))
+     | asArrayModes(ArrayWithContiguous)                \
+     | asArrayModes(ArrayWithArrayStorage)              \
+     | asArrayModes(ArrayWithSlowPutArrayStorage))
 
 #define ALL_ARRAY_MODES (ALL_NON_ARRAY_ARRAY_MODES | ALL_ARRAY_ARRAY_MODES)
 
@@ -84,36 +79,6 @@ inline bool arrayModesAlreadyChecked(ArrayModes proven, ArrayModes expected)
     return (expected | proven) == expected;
 }
 
-inline bool arrayModesInclude(ArrayModes arrayModes, IndexingType shape)
-{
-    return !!(arrayModes & (asArrayModes(NonArray | shape) | asArrayModes(ArrayClass | shape)));
-}
-
-inline bool shouldUseSlowPutArrayStorage(ArrayModes arrayModes)
-{
-    return arrayModesInclude(arrayModes, SlowPutArrayStorageShape);
-}
-
-inline bool shouldUseFastArrayStorage(ArrayModes arrayModes)
-{
-    return arrayModesInclude(arrayModes, ArrayStorageShape);
-}
-
-inline bool shouldUseContiguous(ArrayModes arrayModes)
-{
-    return arrayModesInclude(arrayModes, ContiguousShape);
-}
-
-inline bool shouldUseDouble(ArrayModes arrayModes)
-{
-    return arrayModesInclude(arrayModes, DoubleShape);
-}
-
-inline bool shouldUseInt32(ArrayModes arrayModes)
-{
-    return arrayModesInclude(arrayModes, Int32Shape);
-}
-
 class ArrayProfile {
 public:
     ArrayProfile()
@@ -163,7 +128,6 @@ public:
         return !structureIsPolymorphic() && m_expectedStructure;
     }
     ArrayModes observedArrayModes() const { return m_observedArrayModes; }
-    ArrayModes updatedObservedArrayModes() const; // Computes the observed array modes without updating the profile.
     bool mayInterceptIndexedAccesses() const { return m_mayInterceptIndexedAccesses; }
     
     bool mayStoreToHole() const { return m_mayStoreToHole; }
diff --git a/Source/JavaScriptCore/bytecode/ByValInfo.h b/Source/JavaScriptCore/bytecode/ByValInfo.h
index 3f79967df..8cba4463d 100644
--- a/Source/JavaScriptCore/bytecode/ByValInfo.h
+++ b/Source/JavaScriptCore/bytecode/ByValInfo.h
@@ -39,8 +39,6 @@
 namespace JSC {
 
 enum JITArrayMode {
-    JITInt32,
-    JITDouble,
     JITContiguous,
     JITArrayStorage,
     JITInt8Array,
@@ -57,8 +55,6 @@ enum JITArrayMode {
 inline bool isOptimizableIndexingType(IndexingType indexingType)
 {
     switch (indexingType) {
-    case ALL_INT32_INDEXING_TYPES:
-    case ALL_DOUBLE_INDEXING_TYPES:
     case ALL_CONTIGUOUS_INDEXING_TYPES:
     case ARRAY_WITH_ARRAY_STORAGE_INDEXING_TYPES:
         return true;
@@ -81,10 +77,6 @@ inline bool hasOptimizableIndexing(Structure* structure)
 inline JITArrayMode jitArrayModeForIndexingType(IndexingType indexingType)
 {
     switch (indexingType) {
-    case ALL_INT32_INDEXING_TYPES:
-        return JITInt32;
-    case ALL_DOUBLE_INDEXING_TYPES:
-        return JITDouble;
     case ALL_CONTIGUOUS_INDEXING_TYPES:
         return JITContiguous;
     case ARRAY_WITH_ARRAY_STORAGE_INDEXING_TYPES:
diff --git a/Source/JavaScriptCore/bytecode/CodeBlock.cpp b/Source/JavaScriptCore/bytecode/CodeBlock.cpp
index 83833c6ec..5686d5d2c 100644
--- a/Source/JavaScriptCore/bytecode/CodeBlock.cpp
+++ b/Source/JavaScriptCore/bytecode/CodeBlock.cpp
@@ -44,7 +44,7 @@
 #include "JSValue.h"
 #include "LowLevelInterpreter.h"
 #include "RepatchBuffer.h"
-#include "SlotVisitorInlines.h"
+#include "SlotVisitorInlineMethods.h"
 #include <stdio.h>
 #include <wtf/StringExtras.h>
 #include <wtf/UnusedParam.h>
@@ -654,7 +654,6 @@ void CodeBlock::dump(ExecState* exec, const Vector<Instruction>::const_iterator&
             int argc = (++it)->u.operand;
             dataLog("[%4d] new_array\t %s, %s, %d", location, registerName(exec, dst).data(), registerName(exec, argv).data(), argc);
             dumpBytecodeCommentAndNewLine(location);
-            ++it; // Skip array allocation profile.
             break;
         }
         case op_new_array_with_size: {
@@ -662,7 +661,6 @@ void CodeBlock::dump(ExecState* exec, const Vector<Instruction>::const_iterator&
             int length = (++it)->u.operand;
             dataLog("[%4d] new_array_with_size\t %s, %s", location, registerName(exec, dst).data(), registerName(exec, length).data());
             dumpBytecodeCommentAndNewLine(location);
-            ++it; // Skip array allocation profile.
             break;
         }
         case op_new_array_buffer: {
@@ -671,7 +669,6 @@ void CodeBlock::dump(ExecState* exec, const Vector<Instruction>::const_iterator&
             int argc = (++it)->u.operand;
             dataLog("[%4d] new_array_buffer\t %s, %d, %d", location, registerName(exec, dst).data(), argv, argc);
             dumpBytecodeCommentAndNewLine(location);
-            ++it; // Skip array allocation profile.
             break;
         }
         case op_new_regexp: {
@@ -1749,8 +1746,6 @@ CodeBlock::CodeBlock(ScriptExecutable* ownerExecutable, UnlinkedCodeBlock* unlin
 #if ENABLE(DFG_JIT)
     if (size_t size = unlinkedCodeBlock->numberOfArrayProfiles())
         m_arrayProfiles.grow(size);
-    if (size_t size = unlinkedCodeBlock->numberOfArrayAllocationProfiles())
-        m_arrayAllocationProfiles.grow(size);
     if (size_t size = unlinkedCodeBlock->numberOfValueProfiles())
         m_valueProfiles.grow(size);
 #endif
@@ -1805,32 +1800,22 @@ CodeBlock::CodeBlock(ScriptExecutable* ownerExecutable, UnlinkedCodeBlock* unlin
             break;
         }
 
-        case op_new_array:
-        case op_new_array_buffer:
-        case op_new_array_with_size: {
-            int arrayAllocationProfileIndex = pc[i + opLength - 1].u.operand;
-            instructions[i + opLength - 1] = &m_arrayAllocationProfiles[arrayAllocationProfileIndex];
-            break;
-        }
-#endif
-
         case op_call:
         case op_call_eval: {
-#if ENABLE(DFG_JIT)
             int arrayProfileIndex = pc[i + opLength - 1].u.operand;
             m_arrayProfiles[arrayProfileIndex] = ArrayProfile(i);
             instructions[i + opLength - 1] = &m_arrayProfiles[arrayProfileIndex];
-#endif
-#if ENABLE(LLINT)
-            instructions[i + 4] = &m_llintCallLinkInfos[pc[i + 4].u.operand];
-#endif
+            // fallthrough
+#if !ENABLE(LLINT)
             break;
+#endif
         }
-        case op_construct:
+#endif
 #if ENABLE(LLINT)
+        case op_construct:
             instructions[i + 4] = &m_llintCallLinkInfos[pc[i + 4].u.operand];
-#endif
             break;
+#endif
         case op_get_by_id_out_of_line:
         case op_get_by_id_self:
         case op_get_by_id_proto:
@@ -2805,28 +2790,18 @@ void CodeBlock::updateAllPredictionsAndCountLiveness(
 #if ENABLE(DFG_JIT)
     m_lazyOperandValueProfiles.computeUpdatedPredictions(operation);
 #endif
-}
-
-void CodeBlock::updateAllValueProfilePredictions(OperationInProgress operation)
-{
-    unsigned ignoredValue1, ignoredValue2;
-    updateAllPredictionsAndCountLiveness(operation, ignoredValue1, ignoredValue2);
-}
-
-void CodeBlock::updateAllArrayPredictions(OperationInProgress operation)
-{
+    
+    // Don't count the array profiles towards statistics, since each array profile
+    // site also has a value profile site - so we already know whether or not it's
+    // live.
     for (unsigned i = m_arrayProfiles.size(); i--;)
         m_arrayProfiles[i].computeUpdatedPrediction(this, operation);
-    
-    // Don't count these either, for similar reasons.
-    for (unsigned i = m_arrayAllocationProfiles.size(); i--;)
-        m_arrayAllocationProfiles[i].updateIndexingType();
 }
 
 void CodeBlock::updateAllPredictions(OperationInProgress operation)
 {
-    updateAllValueProfilePredictions(operation);
-    updateAllArrayPredictions(operation);
+    unsigned ignoredValue1, ignoredValue2;
+    updateAllPredictionsAndCountLiveness(operation, ignoredValue1, ignoredValue2);
 }
 
 bool CodeBlock::shouldOptimizeNow()
@@ -2842,14 +2817,12 @@ bool CodeBlock::shouldOptimizeNow()
     if (m_optimizationDelayCounter >= Options::maximumOptimizationDelay())
         return true;
     
-    updateAllArrayPredictions();
-    
     unsigned numberOfLiveNonArgumentValueProfiles;
     unsigned numberOfSamplesInProfiles;
     updateAllPredictionsAndCountLiveness(NoOperation, numberOfLiveNonArgumentValueProfiles, numberOfSamplesInProfiles);
 
 #if ENABLE(JIT_VERBOSE_OSR)
-    dataLog("Profile hotness: %lf (%u / %u), %lf (%u / %u)\n", (double)numberOfLiveNonArgumentValueProfiles / numberOfValueProfiles(), numberOfLiveNonArgumentValueProfiles, numberOfValueProfiles(), (double)numberOfSamplesInProfiles / ValueProfile::numberOfBuckets / numberOfValueProfiles(), numberOfSamplesInProfiles, ValueProfile::numberOfBuckets * numberOfValueProfiles());
+    dataLog("Profile hotness: %lf, %lf\n", (double)numberOfLiveNonArgumentValueProfiles / numberOfValueProfiles(), (double)numberOfSamplesInProfiles / ValueProfile::numberOfBuckets / numberOfValueProfiles());
 #endif
 
     if ((!numberOfValueProfiles() || (double)numberOfLiveNonArgumentValueProfiles / numberOfValueProfiles() >= Options::desiredProfileLivenessRate())
diff --git a/Source/JavaScriptCore/bytecode/CodeBlock.h b/Source/JavaScriptCore/bytecode/CodeBlock.h
index 0199935bb..a28064940 100644
--- a/Source/JavaScriptCore/bytecode/CodeBlock.h
+++ b/Source/JavaScriptCore/bytecode/CodeBlock.h
@@ -755,13 +755,6 @@ namespace JSC {
         }
         ArrayProfile* getArrayProfile(unsigned bytecodeOffset);
         ArrayProfile* getOrAddArrayProfile(unsigned bytecodeOffset);
-        
-        unsigned numberOfArrayAllocationProfiles() const { return m_arrayAllocationProfiles.size(); }
-        ArrayAllocationProfile* addArrayAllocationProfile()
-        {
-            m_arrayAllocationProfiles.append(ArrayAllocationProfile());
-            return &m_arrayAllocationProfiles.last();
-        }
 #endif
 
         // Exception handling support
@@ -1152,13 +1145,9 @@ namespace JSC {
 
 #if ENABLE(VALUE_PROFILER)
         bool shouldOptimizeNow();
-        void updateAllValueProfilePredictions(OperationInProgress = NoOperation);
-        void updateAllArrayPredictions(OperationInProgress = NoOperation);
         void updateAllPredictions(OperationInProgress = NoOperation);
 #else
         bool shouldOptimizeNow() { return false; }
-        void updateAllValueProfilePredictions(OperationInProgress = NoOperation) { }
-        void updateAllArrayPredictions(OperationInProgress = NoOperation) { }
         void updateAllPredictions(OperationInProgress = NoOperation) { }
 #endif
         
@@ -1341,7 +1330,6 @@ namespace JSC {
         SegmentedVector<ValueProfile, 8> m_valueProfiles;
         SegmentedVector<RareCaseProfile, 8> m_rareCaseProfiles;
         SegmentedVector<RareCaseProfile, 8> m_specialFastCaseProfiles;
-        SegmentedVector<ArrayAllocationProfile, 8> m_arrayAllocationProfiles;
         ArrayProfileVector m_arrayProfiles;
         unsigned m_executionEntryCount;
 #endif
diff --git a/Source/JavaScriptCore/bytecode/DFGExitProfile.h b/Source/JavaScriptCore/bytecode/DFGExitProfile.h
index 7132adfd4..60d313ad4 100644
--- a/Source/JavaScriptCore/bytecode/DFGExitProfile.h
+++ b/Source/JavaScriptCore/bytecode/DFGExitProfile.h
@@ -58,8 +58,6 @@ inline const char* exitKindToString(ExitKind kind)
         return "BadCache";
     case BadWeakConstantCache:
         return "BadWeakConstantCache";
-    case BadIndexingType:
-        return "BadIndexingType";
     case Overflow:
         return "Overflow";
     case NegativeZero:
diff --git a/Source/JavaScriptCore/bytecode/Instruction.h b/Source/JavaScriptCore/bytecode/Instruction.h
index 50b80e03c..9fcf509f6 100644
--- a/Source/JavaScriptCore/bytecode/Instruction.h
+++ b/Source/JavaScriptCore/bytecode/Instruction.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2008, 2012 Apple Inc. All rights reserved.
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -47,7 +47,6 @@ namespace JSC {
     // curently actually use PolymorphicAccessStructureLists, which we should).  Anyway, this seems like the best
     // solution for now - will need to something smarter if/when we actually want mixed-mode operation.
 
-    class ArrayAllocationProfile;
     class ArrayProfile;
     class JSCell;
     class Structure;
@@ -194,7 +193,6 @@ namespace JSC {
         
         Instruction(ValueProfile* profile) { u.profile = profile; }
         Instruction(ArrayProfile* profile) { u.arrayProfile = profile; }
-        Instruction(ArrayAllocationProfile* profile) { u.arrayAllocationProfile = profile; }
         
         Instruction(WriteBarrier<Unknown>* registerPointer) { u.registerPointer = registerPointer; }
         
@@ -214,7 +212,6 @@ namespace JSC {
             LLIntCallLinkInfo* callLinkInfo;
             ValueProfile* profile;
             ArrayProfile* arrayProfile;
-            ArrayAllocationProfile* arrayAllocationProfile;
             void* pointer;
             bool* predicatePointer;
         } u;
diff --git a/Source/JavaScriptCore/bytecode/Opcode.h b/Source/JavaScriptCore/bytecode/Opcode.h
index 38d314d78..8979d0b7b 100644
--- a/Source/JavaScriptCore/bytecode/Opcode.h
+++ b/Source/JavaScriptCore/bytecode/Opcode.h
@@ -48,9 +48,9 @@ namespace JSC {
         macro(op_convert_this, 3) \
         \
         macro(op_new_object, 2) \
-        macro(op_new_array, 5) \
-        macro(op_new_array_with_size, 4) \
-        macro(op_new_array_buffer, 5) \
+        macro(op_new_array, 4) \
+        macro(op_new_array_with_size, 3) \
+        macro(op_new_array_buffer, 4) \
         macro(op_new_regexp, 3) \
         macro(op_mov, 3) \
         \
diff --git a/Source/JavaScriptCore/bytecode/SpeculatedType.h b/Source/JavaScriptCore/bytecode/SpeculatedType.h
index 656bc79ee..09ba9fdfa 100644
--- a/Source/JavaScriptCore/bytecode/SpeculatedType.h
+++ b/Source/JavaScriptCore/bytecode/SpeculatedType.h
@@ -61,7 +61,6 @@ static const SpeculatedType SpecInt32             = 0x00800000; // It's definite
 static const SpeculatedType SpecDoubleReal        = 0x01000000; // It's definitely a non-NaN double.
 static const SpeculatedType SpecDoubleNaN         = 0x02000000; // It's definitely a NaN.
 static const SpeculatedType SpecDouble            = 0x03000000; // It's either a non-NaN or a NaN double.
-static const SpeculatedType SpecRealNumber        = 0x01800000; // It's either an Int32 or a DoubleReal.
 static const SpeculatedType SpecNumber            = 0x03800000; // It's either an Int32 or a Double.
 static const SpeculatedType SpecBoolean           = 0x04000000; // It's definitely a Boolean.
 static const SpeculatedType SpecOther             = 0x08000000; // It's definitely none of the above.
@@ -229,16 +228,6 @@ inline bool isInt32Speculation(SpeculatedType value)
     return value == SpecInt32;
 }
 
-inline bool isInt32SpeculationForArithmetic(SpeculatedType value)
-{
-    return !(value & SpecDouble);
-}
-
-inline bool isInt32SpeculationExpectingDefined(SpeculatedType value)
-{
-    return isInt32Speculation(value & ~SpecOther);
-}
-
 inline bool isDoubleRealSpeculation(SpeculatedType value)
 {
     return value == SpecDoubleReal;
@@ -249,26 +238,11 @@ inline bool isDoubleSpeculation(SpeculatedType value)
     return !!value && (value & SpecDouble) == value;
 }
 
-inline bool isDoubleSpeculationForArithmetic(SpeculatedType value)
-{
-    return !!(value & SpecDouble);
-}
-
-inline bool isRealNumberSpeculation(SpeculatedType value)
-{
-    return !!(value & SpecRealNumber) && !(value & ~SpecRealNumber);
-}
-
 inline bool isNumberSpeculation(SpeculatedType value)
 {
     return !!(value & SpecNumber) && !(value & ~SpecNumber);
 }
 
-inline bool isNumberSpeculationExpectingDefined(SpeculatedType value)
-{
-    return isNumberSpeculation(value & ~SpecOther);
-}
-
 inline bool isBooleanSpeculation(SpeculatedType value)
 {
     return value == SpecBoolean;
diff --git a/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp b/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp
index e98d4de0a..8aa48404a 100644
--- a/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp
+++ b/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp
@@ -80,6 +80,8 @@ void UnlinkedFunctionExecutable::visitChildren(JSCell* cell, SlotVisitor& visito
     COMPILE_ASSERT(StructureFlags & OverridesVisitChildren, OverridesVisitChildrenWithoutSettingFlag);
     ASSERT(thisObject->structure()->typeInfo().overridesVisitChildren());
     Base::visitChildren(thisObject, visitor);
+    visitor.append(&thisObject->m_codeBlockForCall);
+    visitor.append(&thisObject->m_codeBlockForConstruct);
     visitor.append(&thisObject->m_nameValue);
     visitor.append(&thisObject->m_symbolTableForCall);
     visitor.append(&thisObject->m_symbolTableForConstruct);
@@ -110,16 +112,12 @@ UnlinkedFunctionCodeBlock* UnlinkedFunctionExecutable::codeBlockFor(JSGlobalData
 {
     switch (specializationKind) {
     case CodeForCall:
-        if (UnlinkedFunctionCodeBlock* codeBlock = m_codeBlockForCall.get()) {
-            globalData.codeCache()->usedFunctionCode(globalData, codeBlock);
-            return codeBlock;
-        }
+        if (m_codeBlockForCall)
+            return m_codeBlockForCall.get();
         break;
     case CodeForConstruct:
-        if (UnlinkedFunctionCodeBlock* codeBlock = m_codeBlockForConstruct.get()) {
-            globalData.codeCache()->usedFunctionCode(globalData, codeBlock);
-            return codeBlock;
-        }
+        if (m_codeBlockForConstruct)
+            return m_codeBlockForConstruct.get();
         break;
     }
 
@@ -130,11 +128,11 @@ UnlinkedFunctionCodeBlock* UnlinkedFunctionExecutable::codeBlockFor(JSGlobalData
 
     switch (specializationKind) {
     case CodeForCall:
-        m_codeBlockForCall = PassWeak<UnlinkedFunctionCodeBlock>(result);
+        m_codeBlockForCall.set(globalData, this, result);
         m_symbolTableForCall.set(globalData, this, result->symbolTable());
         break;
     case CodeForConstruct:
-        m_codeBlockForConstruct = PassWeak<UnlinkedFunctionCodeBlock>(result);
+        m_codeBlockForConstruct.set(globalData, this, result);
         m_symbolTableForConstruct.set(globalData, this, result->symbolTable());
         break;
     }
@@ -173,7 +171,6 @@ UnlinkedCodeBlock::UnlinkedCodeBlock(JSGlobalData* globalData, Structure* struct
     , m_resolveOperationCount(0)
     , m_putToBaseOperationCount(1)
     , m_arrayProfileCount(0)
-    , m_arrayAllocationProfileCount(0)
     , m_valueProfileCount(0)
     , m_llintCallLinkInfoCount(0)
 #if ENABLE(BYTECODE_COMMENTS)
diff --git a/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h b/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h
index 23937d773..bf3f5fdff 100644
--- a/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h
+++ b/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h
@@ -36,7 +36,6 @@
 #include "Nodes.h"
 #include "RegExp.h"
 #include "SpecialPointer.h"
-#include "Weak.h"
 
 #include <wtf/RefCountedArray.h>
 #include <wtf/Vector.h>
@@ -57,7 +56,6 @@ class UnlinkedFunctionCodeBlock;
 
 typedef unsigned UnlinkedValueProfile;
 typedef unsigned UnlinkedArrayProfile;
-typedef unsigned UnlinkedArrayAllocationProfile;
 typedef unsigned UnlinkedLLIntCallLinkInfo;
 
 struct ExecutableInfo {
@@ -109,7 +107,7 @@ public:
 
     FunctionExecutable* link(JSGlobalData&, const SourceCode&, size_t lineOffset, size_t sourceOffset);
 
-    void clearCodeForRecompilation()
+    void clearCode()
     {
         m_symbolTableForCall.clear();
         m_symbolTableForConstruct.clear();
@@ -137,8 +135,8 @@ public:
 
 private:
     UnlinkedFunctionExecutable(JSGlobalData*, Structure*, const SourceCode&, FunctionBodyNode*);
-    Weak<UnlinkedFunctionCodeBlock> m_codeBlockForCall;
-    Weak<UnlinkedFunctionCodeBlock> m_codeBlockForConstruct;
+    WriteBarrier<UnlinkedFunctionCodeBlock> m_codeBlockForCall;
+    WriteBarrier<UnlinkedFunctionCodeBlock> m_codeBlockForConstruct;
 
     unsigned m_numCapturedVariables : 29;
     bool m_forceUsesArguments : 1;
@@ -394,8 +392,6 @@ public:
 
     UnlinkedArrayProfile addArrayProfile() { return m_arrayProfileCount++; }
     unsigned numberOfArrayProfiles() { return m_arrayProfileCount; }
-    UnlinkedArrayAllocationProfile addArrayAllocationProfile() { return m_arrayAllocationProfileCount++; }
-    unsigned numberOfArrayAllocationProfiles() { return m_arrayAllocationProfileCount; }
     UnlinkedValueProfile addValueProfile() { return m_valueProfileCount++; }
     unsigned numberOfValueProfiles() { return m_valueProfileCount; }
 
@@ -522,7 +518,6 @@ private:
     unsigned m_resolveOperationCount;
     unsigned m_putToBaseOperationCount;
     unsigned m_arrayProfileCount;
-    unsigned m_arrayAllocationProfileCount;
     unsigned m_valueProfileCount;
     unsigned m_llintCallLinkInfoCount;
 
diff --git a/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp b/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp
index b1b9de6c1..b11872551 100644
--- a/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp
+++ b/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp
@@ -716,15 +716,6 @@ UnlinkedArrayProfile BytecodeGenerator::newArrayProfile()
 #endif
 }
 
-UnlinkedArrayAllocationProfile BytecodeGenerator::newArrayAllocationProfile()
-{
-#if ENABLE(VALUE_PROFILER)
-    return m_codeBlock->addArrayAllocationProfile();
-#else
-    return 0;
-#endif
-}
-
 UnlinkedValueProfile BytecodeGenerator::emitProfiledOpcode(OpcodeID opcodeID)
 {
 #if ENABLE(VALUE_PROFILER)
@@ -1614,7 +1605,6 @@ RegisterID* BytecodeGenerator::emitNewArray(RegisterID* dst, ElementNode* elemen
             instructions().append(dst->index());
             instructions().append(constantBufferIndex);
             instructions().append(length);
-            instructions().append(newArrayAllocationProfile());
             return dst;
         }
     }
@@ -1632,7 +1622,6 @@ RegisterID* BytecodeGenerator::emitNewArray(RegisterID* dst, ElementNode* elemen
     instructions().append(dst->index());
     instructions().append(argv.size() ? argv[0]->index() : 0); // argv
     instructions().append(argv.size()); // argc
-    instructions().append(newArrayAllocationProfile());
     return dst;
 }
 
@@ -1768,14 +1757,12 @@ ExpectedFunction BytecodeGenerator::emitExpectedFunctionSnippet(RegisterID* dst,
                 emitOpcode(op_new_array_with_size);
                 instructions().append(dst->index());
                 instructions().append(callArguments.argumentRegister(0)->index());
-                instructions().append(newArrayAllocationProfile());
             } else {
                 ASSERT(callArguments.argumentCountIncludingThis() == 1);
                 emitOpcode(op_new_array);
                 instructions().append(dst->index());
                 instructions().append(0);
                 instructions().append(0);
-                instructions().append(newArrayAllocationProfile());
             }
         }
         break;
diff --git a/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h b/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h
index 2e7aa2035..828726dee 100644
--- a/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h
+++ b/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h
@@ -523,7 +523,6 @@ namespace JSC {
 #endif
 
         void emitOpcode(OpcodeID);
-        UnlinkedArrayAllocationProfile newArrayAllocationProfile();
         UnlinkedArrayProfile newArrayProfile();
         UnlinkedValueProfile emitProfiledOpcode(OpcodeID);
         void retrieveLastBinaryOp(int& dstIndex, int& src1Index, int& src2Index);
diff --git a/Source/JavaScriptCore/debugger/Debugger.cpp b/Source/JavaScriptCore/debugger/Debugger.cpp
index 7eda52dc8..b14729146 100644
--- a/Source/JavaScriptCore/debugger/Debugger.cpp
+++ b/Source/JavaScriptCore/debugger/Debugger.cpp
@@ -80,7 +80,7 @@ inline void Recompiler::operator()(JSCell* cell)
 
     ExecState* exec = function->scope()->globalObject()->JSGlobalObject::globalExec();
     executable->clearCodeIfNotCompiling();
-    executable->clearUnlinkedCodeForRecompilationIfNotCompiling();
+    executable->clearUnlinkedCodeIfNotCompiling();
     if (m_debugger == function->scope()->globalObject()->debugger())
         m_sourceProviders.add(executable->source().provider(), exec);
 }
diff --git a/Source/JavaScriptCore/dfg/DFGAbstractState.cpp b/Source/JavaScriptCore/dfg/DFGAbstractState.cpp
index 02e578b29..e518c24a8 100644
--- a/Source/JavaScriptCore/dfg/DFGAbstractState.cpp
+++ b/Source/JavaScriptCore/dfg/DFGAbstractState.cpp
@@ -159,7 +159,7 @@ void AbstractState::initialize(Graph& graph)
     }
 }
 
-bool AbstractState::endBasicBlock(MergeMode mergeMode)
+bool AbstractState::endBasicBlock(MergeMode mergeMode, BranchDirection* branchDirectionPtr)
 {
     ASSERT(m_block);
     
@@ -167,7 +167,6 @@ bool AbstractState::endBasicBlock(MergeMode mergeMode)
     
     block->cfaFoundConstants = m_foundConstants;
     block->cfaDidFinish = m_isValid;
-    block->cfaBranchDirection = m_branchDirection;
     
     if (!m_isValid) {
         reset();
@@ -196,8 +195,12 @@ bool AbstractState::endBasicBlock(MergeMode mergeMode)
     
     ASSERT(mergeMode != DontMerge || !changed);
     
+    BranchDirection branchDirection = m_branchDirection;
+    if (branchDirectionPtr)
+        *branchDirectionPtr = branchDirection;
+    
 #if DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE)
-    dataLog("        Branch direction = %s\n", branchDirectionToString(m_branchDirection));
+    dataLog("        Branch direction = %s\n", branchDirectionToString(branchDirection));
 #endif
     
     reset();
@@ -205,7 +208,7 @@ bool AbstractState::endBasicBlock(MergeMode mergeMode)
     if (mergeMode != MergeToSuccessors)
         return changed;
     
-    return mergeToSuccessors(m_graph, block);
+    return mergeToSuccessors(m_graph, block, branchDirection);
 }
 
 void AbstractState::reset()
@@ -421,10 +424,7 @@ bool AbstractState::execute(unsigned indexInBlock)
             break;
         }
         speculateNumberUnary(node);
-        if (isInt32Speculation(forNode(node.child1()).m_type))
-            forNode(nodeIndex).set(SpecDoubleReal);
-        else
-            forNode(nodeIndex).set(SpecDouble);
+        forNode(nodeIndex).set(SpecDouble);
         break;
     }
         
@@ -448,13 +448,9 @@ bool AbstractState::execute(unsigned indexInBlock)
             forNode(nodeIndex).set(SpecInt32);
             break;
         }
-        if (Node::shouldSpeculateNumberExpectingDefined(m_graph[node.child1()], m_graph[node.child2()])) {
+        if (Node::shouldSpeculateNumber(m_graph[node.child1()], m_graph[node.child2()])) {
             speculateNumberBinary(node);
-            if (isRealNumberSpeculation(forNode(node.child1()).m_type)
-                && isRealNumberSpeculation(forNode(node.child2()).m_type))
-                forNode(nodeIndex).set(SpecDoubleReal);
-            else
-                forNode(nodeIndex).set(SpecDouble);
+            forNode(nodeIndex).set(SpecDouble);
             break;
         }
         if (node.op() == ValueAdd) {
@@ -526,11 +522,7 @@ bool AbstractState::execute(unsigned indexInBlock)
             break;
         }
         speculateNumberBinary(node);
-        if (isRealNumberSpeculation(forNode(node.child1()).m_type)
-            || isRealNumberSpeculation(forNode(node.child2()).m_type))
-            forNode(nodeIndex).set(SpecDoubleReal);
-        else
-            forNode(nodeIndex).set(SpecDouble);
+        forNode(nodeIndex).set(SpecDouble);
         break;
     }
         
@@ -568,7 +560,7 @@ bool AbstractState::execute(unsigned indexInBlock)
                 break;
             }
         }
-        if (Node::shouldSpeculateIntegerForArithmetic(
+        if (Node::shouldSpeculateInteger(
                 m_graph[node.child1()], m_graph[node.child2()])
             && node.canSpeculateInteger()) {
             speculateInt32Binary(node, true); // forcing can-exit, which is a bit on the conservative side.
@@ -588,7 +580,7 @@ bool AbstractState::execute(unsigned indexInBlock)
             node.setCanExit(false);
             break;
         }
-        if (m_graph[node.child1()].shouldSpeculateIntegerForArithmetic()
+        if (m_graph[node.child1()].shouldSpeculateInteger()
             && node.canSpeculateInteger()) {
             speculateInt32Unary(node, true);
             forNode(nodeIndex).set(SpecInt32);
@@ -613,22 +605,12 @@ bool AbstractState::execute(unsigned indexInBlock)
     }
             
     case LogicalNot: {
-        // First check if we can fold because the source is a constant.
         JSValue childConst = forNode(node.child1()).value();
         if (childConst && trySetConstant(nodeIndex, jsBoolean(!childConst.toBoolean(m_codeBlock->globalObjectFor(node.codeOrigin)->globalExec())))) {
             m_foundConstants = true;
             node.setCanExit(false);
             break;
         }
-        // Next check if we can fold because we know that the source is an object or string and does not equal undefined.
-        if (isCellSpeculation(forNode(node.child1()).m_type)
-            && forNode(node.child1()).m_currentKnownStructure.hasSingleton()
-            && !forNode(node.child1()).m_currentKnownStructure.singleton()->masqueradesAsUndefined(m_codeBlock->globalObjectFor(node.codeOrigin))
-            && trySetConstant(nodeIndex, jsBoolean(false))) {
-            m_foundConstants = true;
-            node.setCanExit(false);
-            break;
-        }
         Node& child = m_graph[node.child1()];
         if (isBooleanSpeculation(child.prediction()))
             speculateBooleanUnary(node);
@@ -696,13 +678,12 @@ bool AbstractState::execute(unsigned indexInBlock)
     case CompareGreater:
     case CompareGreaterEq:
     case CompareEq: {
-        bool constantWasSet = false;
-
         JSValue leftConst = forNode(node.child1()).value();
         JSValue rightConst = forNode(node.child2()).value();
         if (leftConst && rightConst && leftConst.isNumber() && rightConst.isNumber()) {
             double a = leftConst.asNumber();
             double b = rightConst.asNumber();
+            bool constantWasSet;
             switch (node.op()) {
             case CompareLess:
                 constantWasSet = trySetConstant(nodeIndex, jsBoolean(a < b));
@@ -724,20 +705,11 @@ bool AbstractState::execute(unsigned indexInBlock)
                 constantWasSet = false;
                 break;
             }
-        }
-        
-        if (!constantWasSet && node.op() == CompareEq) {
-            SpeculatedType leftType = forNode(node.child1()).m_type;
-            SpeculatedType rightType = forNode(node.child2()).m_type;
-            if ((isInt32Speculation(leftType) && isOtherSpeculation(rightType))
-                || (isOtherSpeculation(leftType) && isInt32Speculation(rightType)))
-                constantWasSet = trySetConstant(nodeIndex, jsBoolean(false));
-        }
-        
-        if (constantWasSet) {
-            m_foundConstants = true;
-            node.setCanExit(false);
-            break;
+            if (constantWasSet) {
+                m_foundConstants = true;
+                node.setCanExit(false);
+                break;
+            }
         }
         
         forNode(nodeIndex).set(SpecBoolean);
@@ -870,7 +842,6 @@ bool AbstractState::execute(unsigned indexInBlock)
         switch (node.arrayMode().type()) {
         case Array::SelectUsingPredictions:
         case Array::Unprofiled:
-        case Array::Undecided:
             ASSERT_NOT_REACHED();
             break;
         case Array::ForceExit:
@@ -888,22 +859,6 @@ bool AbstractState::execute(unsigned indexInBlock)
             forNode(node.child2()).filter(SpecInt32);
             forNode(nodeIndex).makeTop();
             break;
-        case Array::Int32:
-            forNode(node.child2()).filter(SpecInt32);
-            if (node.arrayMode().isOutOfBounds()) {
-                clobberWorld(node.codeOrigin, indexInBlock);
-                forNode(nodeIndex).makeTop();
-            } else
-                forNode(nodeIndex).set(SpecInt32);
-            break;
-        case Array::Double:
-            forNode(node.child2()).filter(SpecInt32);
-            if (node.arrayMode().isOutOfBounds()) {
-                clobberWorld(node.codeOrigin, indexInBlock);
-                forNode(nodeIndex).makeTop();
-            } else
-                forNode(nodeIndex).set(SpecDoubleReal);
-            break;
         case Array::Contiguous:
         case Array::ArrayStorage:
         case Array::SlowPutArrayStorage:
@@ -971,20 +926,6 @@ bool AbstractState::execute(unsigned indexInBlock)
         case Array::Generic:
             clobberWorld(node.codeOrigin, indexInBlock);
             break;
-        case Array::Int32:
-            forNode(child1).filter(SpecCell);
-            forNode(child2).filter(SpecInt32);
-            forNode(child3).filter(SpecInt32);
-            if (node.arrayMode().isOutOfBounds())
-                clobberWorld(node.codeOrigin, indexInBlock);
-            break;
-        case Array::Double:
-            forNode(child1).filter(SpecCell);
-            forNode(child2).filter(SpecInt32);
-            forNode(child3).filter(SpecRealNumber);
-            if (node.arrayMode().isOutOfBounds())
-                clobberWorld(node.codeOrigin, indexInBlock);
-            break;
         case Array::Contiguous:
         case Array::ArrayStorage:
             forNode(child1).filter(SpecCell);
@@ -1077,16 +1018,6 @@ bool AbstractState::execute(unsigned indexInBlock)
             
     case ArrayPush:
         node.setCanExit(true);
-        switch (node.arrayMode().type()) {
-        case Array::Int32:
-            forNode(node.child2()).filter(SpecInt32);
-            break;
-        case Array::Double:
-            forNode(node.child2()).filter(SpecRealNumber);
-            break;
-        default:
-            break;
-        }
         clobberWorld(node.codeOrigin, indexInBlock);
         forNode(nodeIndex).set(SpecNumber);
         break;
@@ -1112,7 +1043,6 @@ bool AbstractState::execute(unsigned indexInBlock)
         break;
             
     case Branch: {
-        // First check if we can fold because the source is a constant.
         JSValue value = forNode(node.child1()).value();
         if (value) {
             bool booleanValue = value.toBoolean(m_codeBlock->globalObjectFor(node.codeOrigin)->globalExec());
@@ -1123,14 +1053,6 @@ bool AbstractState::execute(unsigned indexInBlock)
             node.setCanExit(false);
             break;
         }
-        // Next check if we can fold because we know that the source is an object or string and does not equal undefined.
-        if (isCellSpeculation(forNode(node.child1()).m_type)
-            && forNode(node.child1()).m_currentKnownStructure.hasSingleton()
-            && !forNode(node.child1()).m_currentKnownStructure.singleton()->masqueradesAsUndefined(m_codeBlock->globalObjectFor(node.codeOrigin))) {
-            m_branchDirection = TakeTrue;
-            node.setCanExit(false);
-            break;
-        }
         // FIXME: The above handles the trivial cases of sparse conditional
         // constant propagation, but we can do better:
         // 1) If the abstract value does not have a concrete value but describes
@@ -1200,13 +1122,13 @@ bool AbstractState::execute(unsigned indexInBlock)
             
     case NewArray:
         node.setCanExit(true);
-        forNode(nodeIndex).set(m_graph.globalObjectFor(node.codeOrigin)->arrayStructureForIndexingTypeDuringAllocation(node.indexingType()));
+        forNode(nodeIndex).set(m_graph.globalObjectFor(node.codeOrigin)->arrayStructure());
         m_haveStructures = true;
         break;
         
     case NewArrayBuffer:
         node.setCanExit(true);
-        forNode(nodeIndex).set(m_graph.globalObjectFor(node.codeOrigin)->arrayStructureForIndexingTypeDuringAllocation(node.indexingType()));
+        forNode(nodeIndex).set(m_graph.globalObjectFor(node.codeOrigin)->arrayStructure());
         m_haveStructures = true;
         break;
 
@@ -1462,11 +1384,11 @@ bool AbstractState::execute(unsigned indexInBlock)
         case Array::String:
             forNode(node.child1()).filter(SpecString);
             break;
-        case Array::Int32:
-        case Array::Double:
         case Array::Contiguous:
         case Array::ArrayStorage:
         case Array::SlowPutArrayStorage:
+            // This doesn't filter anything meaningful right now. We may want to add
+            // CFA tracking of array mode speculations, but we don't have that, yet.
             forNode(node.child1()).filter(SpecCell);
             break;
         case Array::Arguments:
@@ -1800,7 +1722,7 @@ inline bool AbstractState::merge(BasicBlock* from, BasicBlock* to)
 }
 
 inline bool AbstractState::mergeToSuccessors(
-    Graph& graph, BasicBlock* basicBlock)
+    Graph& graph, BasicBlock* basicBlock, BranchDirection branchDirection)
 {
     Node& terminal = graph[basicBlock->last()];
     
@@ -1808,7 +1730,7 @@ inline bool AbstractState::mergeToSuccessors(
     
     switch (terminal.op()) {
     case Jump: {
-        ASSERT(basicBlock->cfaBranchDirection == InvalidBranchDirection);
+        ASSERT(branchDirection == InvalidBranchDirection);
 #if DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE)
         dataLog("        Merging to block #%u.\n", terminal.takenBlockIndex());
 #endif
@@ -1816,17 +1738,17 @@ inline bool AbstractState::mergeToSuccessors(
     }
         
     case Branch: {
-        ASSERT(basicBlock->cfaBranchDirection != InvalidBranchDirection);
+        ASSERT(branchDirection != InvalidBranchDirection);
         bool changed = false;
 #if DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE)
         dataLog("        Merging to block #%u.\n", terminal.takenBlockIndex());
 #endif
-        if (basicBlock->cfaBranchDirection != TakeFalse)
+        if (branchDirection != TakeFalse)
             changed |= merge(basicBlock, graph.m_blocks[terminal.takenBlockIndex()].get());
 #if DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE)
         dataLog("        Merging to block #%u.\n", terminal.notTakenBlockIndex());
 #endif
-        if (basicBlock->cfaBranchDirection != TakeTrue)
+        if (branchDirection != TakeTrue)
             changed |= merge(basicBlock, graph.m_blocks[terminal.notTakenBlockIndex()].get());
         return changed;
     }
@@ -1834,7 +1756,7 @@ inline bool AbstractState::mergeToSuccessors(
     case Return:
     case Throw:
     case ThrowReferenceError:
-        ASSERT(basicBlock->cfaBranchDirection == InvalidBranchDirection);
+        ASSERT(branchDirection == InvalidBranchDirection);
         return false;
         
     default:
diff --git a/Source/JavaScriptCore/dfg/DFGAbstractState.h b/Source/JavaScriptCore/dfg/DFGAbstractState.h
index 0e33140c0..ec1a06231 100644
--- a/Source/JavaScriptCore/dfg/DFGAbstractState.h
+++ b/Source/JavaScriptCore/dfg/DFGAbstractState.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011, 2012 Apple Inc. All rights reserved.
+ * Copyright (C) 2011 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,6 @@
 #if ENABLE(DFG_JIT)
 
 #include "DFGAbstractValue.h"
-#include "DFGBranchDirection.h"
 #include "DFGGraph.h"
 #include "DFGNode.h"
 #include <wtf/Vector.h>
@@ -93,6 +92,36 @@ public:
         MergeToSuccessors
     };
     
+    enum BranchDirection {
+        // This is not a branch and so there is no branch direction, or
+        // the branch direction has yet to be set.
+        InvalidBranchDirection,
+        
+        // The branch takes the true case.
+        TakeTrue,
+        
+        // The branch takes the false case.
+        TakeFalse,
+        
+        // For all we know, the branch could go either direction, so we
+        // have to assume the worst.
+        TakeBoth
+    };
+    
+    static const char* branchDirectionToString(BranchDirection branchDirection)
+    {
+        switch (branchDirection) {
+        case InvalidBranchDirection:
+            return "Invalid";
+        case TakeTrue:
+            return "TakeTrue";
+        case TakeFalse:
+            return "TakeFalse";
+        case TakeBoth:
+            return "TakeBoth";
+        }
+    }
+
     AbstractState(Graph&);
     
     ~AbstractState();
@@ -145,7 +174,11 @@ public:
     //    A true return means that you must revisit (at least) the successor
     //    blocks. This also sets cfaShouldRevisit to true for basic blocks
     //    that must be visited next.
-    bool endBasicBlock(MergeMode);
+    //
+    // If you'd like to know what direction the branch at the end of the
+    // basic block is thought to have taken, you can pass a non-0 pointer
+    // for BranchDirection.
+    bool endBasicBlock(MergeMode, BranchDirection* = 0);
     
     // Reset the AbstractState. This throws away any results, and at this point
     // you can safely call beginBasicBlock() on any basic block.
@@ -178,8 +211,8 @@ public:
     // successors. Returns true if any of the successors' states changed. Note
     // that this is automatically called in endBasicBlock() if MergeMode is
     // MergeToSuccessors.
-    bool mergeToSuccessors(Graph&, BasicBlock*);
-    
+    bool mergeToSuccessors(Graph&, BasicBlock*, BranchDirection);
+
     void dump(FILE* out);
     
 private:
diff --git a/Source/JavaScriptCore/dfg/DFGArrayMode.cpp b/Source/JavaScriptCore/dfg/DFGArrayMode.cpp
index 0d15b9a30..699902a16 100644
--- a/Source/JavaScriptCore/dfg/DFGArrayMode.cpp
+++ b/Source/JavaScriptCore/dfg/DFGArrayMode.cpp
@@ -34,46 +34,19 @@ namespace JSC { namespace DFG {
 
 ArrayMode ArrayMode::fromObserved(ArrayProfile* profile, Array::Action action, bool makeSafe)
 {
-    ArrayModes observed = profile->observedArrayModes();
-    switch (observed) {
+    switch (profile->observedArrayModes()) {
     case 0:
         return ArrayMode(Array::Unprofiled);
     case asArrayModes(NonArray):
         if (action == Array::Write && !profile->mayInterceptIndexedAccesses())
-            return ArrayMode(Array::Undecided, Array::NonArray, Array::OutOfBounds, Array::Convert);
+            return ArrayMode(Array::Contiguous, Array::NonArray, Array::OutOfBounds, Array::Convert); // FIXME: we don't know whether to go to contiguous or array storage. We're making a static guess here. In future we should use exit profiling for this.
         return ArrayMode(Array::SelectUsingPredictions);
-
-    case asArrayModes(ArrayWithUndecided):
-        if (action == Array::Write)
-            return ArrayMode(Array::Undecided, Array::Array, Array::OutOfBounds, Array::Convert);
-        return ArrayMode(Array::Generic);
-        
-    case asArrayModes(NonArray) | asArrayModes(ArrayWithUndecided):
-        if (action == Array::Write && !profile->mayInterceptIndexedAccesses())
-            return ArrayMode(Array::Undecided, Array::PossiblyArray, Array::OutOfBounds, Array::Convert);
-        return ArrayMode(Array::SelectUsingPredictions);
-
-    case asArrayModes(NonArrayWithInt32):
-        return ArrayMode(Array::Int32, Array::NonArray, Array::AsIs).withProfile(profile, makeSafe);
-    case asArrayModes(ArrayWithInt32):
-        return ArrayMode(Array::Int32, Array::Array, Array::AsIs).withProfile(profile, makeSafe);
-    case asArrayModes(NonArrayWithInt32) | asArrayModes(ArrayWithInt32):
-        return ArrayMode(Array::Int32, Array::PossiblyArray, Array::AsIs).withProfile(profile, makeSafe);
-
-    case asArrayModes(NonArrayWithDouble):
-        return ArrayMode(Array::Double, Array::NonArray, Array::AsIs).withProfile(profile, makeSafe);
-    case asArrayModes(ArrayWithDouble):
-        return ArrayMode(Array::Double, Array::Array, Array::AsIs).withProfile(profile, makeSafe);
-    case asArrayModes(NonArrayWithDouble) | asArrayModes(ArrayWithDouble):
-        return ArrayMode(Array::Double, Array::PossiblyArray, Array::AsIs).withProfile(profile, makeSafe);
-
     case asArrayModes(NonArrayWithContiguous):
         return ArrayMode(Array::Contiguous, Array::NonArray, Array::AsIs).withProfile(profile, makeSafe);
     case asArrayModes(ArrayWithContiguous):
         return ArrayMode(Array::Contiguous, Array::Array, Array::AsIs).withProfile(profile, makeSafe);
     case asArrayModes(NonArrayWithContiguous) | asArrayModes(ArrayWithContiguous):
         return ArrayMode(Array::Contiguous, Array::PossiblyArray, Array::AsIs).withProfile(profile, makeSafe);
-
     case asArrayModes(NonArrayWithArrayStorage):
         return ArrayMode(Array::ArrayStorage, Array::NonArray, Array::AsIs).withProfile(profile, makeSafe);
     case asArrayModes(NonArrayWithSlowPutArrayStorage):
@@ -89,39 +62,36 @@ ArrayMode ArrayMode::fromObserved(ArrayProfile* profile, Array::Action action, b
     case asArrayModes(NonArrayWithSlowPutArrayStorage) | asArrayModes(ArrayWithSlowPutArrayStorage):
     case asArrayModes(NonArrayWithArrayStorage) | asArrayModes(ArrayWithArrayStorage) | asArrayModes(NonArrayWithSlowPutArrayStorage) | asArrayModes(ArrayWithSlowPutArrayStorage):
         return ArrayMode(Array::SlowPutArrayStorage, Array::PossiblyArray, Array::AsIs).withProfile(profile, makeSafe);
-
+    case asArrayModes(NonArrayWithContiguous) | asArrayModes(NonArrayWithArrayStorage):
+        return ArrayMode(Array::ArrayStorage, Array::NonArray, Array::Convert).withProfile(profile, makeSafe);
+    case asArrayModes(ArrayWithContiguous) | asArrayModes(ArrayWithArrayStorage):
+        return ArrayMode(Array::ArrayStorage, Array::Array, Array::Convert).withProfile(profile, makeSafe);
+    case asArrayModes(NonArrayWithContiguous) | asArrayModes(NonArrayWithArrayStorage) | asArrayModes(ArrayWithContiguous) | asArrayModes(ArrayWithArrayStorage):
+        return ArrayMode(Array::ArrayStorage, Array::PossiblyArray, Array::Convert).withProfile(profile, makeSafe);
+    case asArrayModes(NonArray) | asArrayModes(NonArrayWithContiguous):
+        if (action == Array::Write && !profile->mayInterceptIndexedAccesses())
+            return ArrayMode(Array::Contiguous, Array::NonArray, Array::OutOfBounds, Array::Convert);
+        return ArrayMode(Array::SelectUsingPredictions);
+    case asArrayModes(NonArray) | asArrayModes(NonArrayWithContiguous) | asArrayModes(NonArrayWithArrayStorage):
+    case asArrayModes(NonArray) | asArrayModes(NonArrayWithArrayStorage):
+        if (action == Array::Write && !profile->mayInterceptIndexedAccesses())
+            return ArrayMode(Array::ArrayStorage, Array::NonArray, Array::OutOfBounds, Array::Convert);
+        return ArrayMode(Array::SelectUsingPredictions);
+    case asArrayModes(NonArray) | asArrayModes(NonArrayWithSlowPutArrayStorage):
+    case asArrayModes(NonArray) | asArrayModes(NonArrayWithArrayStorage) | asArrayModes(NonArrayWithSlowPutArrayStorage):
+        if (action == Array::Write && !profile->mayInterceptIndexedAccesses())
+            return ArrayMode(Array::SlowPutArrayStorage, Array::NonArray, Array::OutOfBounds, Array::Convert);
+        return ArrayMode(Array::SelectUsingPredictions);
     default:
-        if ((observed & asArrayModes(NonArray)) && profile->mayInterceptIndexedAccesses())
-            return ArrayMode(Array::SelectUsingPredictions);
-        
-        Array::Type type;
-        Array::Class arrayClass;
-        
-        if (shouldUseSlowPutArrayStorage(observed))
-            type = Array::SlowPutArrayStorage;
-        else if (shouldUseFastArrayStorage(observed))
-            type = Array::ArrayStorage;
-        else if (shouldUseContiguous(observed))
-            type = Array::Contiguous;
-        else if (shouldUseDouble(observed))
-            type = Array::Double;
-        else if (shouldUseInt32(observed))
-            type = Array::Int32;
-        else
-            type = Array::Undecided;
-        
-        if (observed & (asArrayModes(ArrayWithUndecided) | asArrayModes(ArrayWithInt32) | asArrayModes(ArrayWithDouble) | asArrayModes(ArrayWithContiguous) | asArrayModes(ArrayWithArrayStorage) | asArrayModes(ArrayWithSlowPutArrayStorage)))
-            arrayClass = Array::Array;
-        else if (observed & (asArrayModes(NonArray) | asArrayModes(NonArrayWithInt32) | asArrayModes(NonArrayWithDouble) | asArrayModes(NonArrayWithContiguous) | asArrayModes(NonArrayWithArrayStorage) | asArrayModes(NonArrayWithSlowPutArrayStorage)))
-            arrayClass = Array::NonArray;
-        else
-            arrayClass = Array::PossiblyArray;
-        
-        return ArrayMode(type, arrayClass, Array::Convert).withProfile(profile, makeSafe);
+        // We know that this is possibly a kind of array for which, though there is no
+        // useful data in the array profile, we may be able to extract useful data from
+        // the value profiles of the inputs. Hence, we leave it as undecided, and let
+        // the predictions propagator decide later.
+        return ArrayMode(Array::SelectUsingPredictions);
     }
 }
 
-ArrayMode ArrayMode::refine(SpeculatedType base, SpeculatedType index, SpeculatedType value) const
+ArrayMode ArrayMode::refine(SpeculatedType base, SpeculatedType index) const
 {
     if (!base || !index) {
         // It can be that we had a legitimate arrayMode but no incoming predictions. That'll
@@ -134,85 +104,49 @@ ArrayMode ArrayMode::refine(SpeculatedType base, SpeculatedType index, Speculate
     if (!isInt32Speculation(index) || !isCellSpeculation(base))
         return ArrayMode(Array::Generic);
     
-    switch (type()) {
-    case Array::Unprofiled:
+    if (type() == Array::Unprofiled) {
+        // If the indexing type wasn't recorded in the array profile but the values are
+        // base=cell property=int, then we know that this access didn't execute.
         return ArrayMode(Array::ForceExit);
-        
-    case Array::Undecided:
-        if (!value)
-            return withType(Array::ForceExit);
-        if (isInt32Speculation(value))
-            return withTypeAndConversion(Array::Int32, Array::Convert);
-        if (isNumberSpeculation(value))
-            return withTypeAndConversion(Array::Double, Array::Convert);
-        return withTypeAndConversion(Array::Contiguous, Array::Convert);
-        
-    case Array::Int32:
-        if (!value || isInt32Speculation(value))
-            return *this;
-        if (isNumberSpeculation(value))
-            return withTypeAndConversion(Array::Double, Array::Convert);
-        return withTypeAndConversion(Array::Contiguous, Array::Convert);
-        
-    case Array::Double:
-        if (!value || isNumberSpeculation(value))
-            return *this;
-        return withTypeAndConversion(Array::Contiguous, Array::Convert);
-        
-    case Array::SelectUsingPredictions:
-        if (isStringSpeculation(base))
-            return ArrayMode(Array::String);
-        
-        if (isArgumentsSpeculation(base))
-            return ArrayMode(Array::Arguments);
-        
-        if (isInt8ArraySpeculation(base))
-            return ArrayMode(Array::Int8Array);
-        
-        if (isInt16ArraySpeculation(base))
-            return ArrayMode(Array::Int16Array);
-        
-        if (isInt32ArraySpeculation(base))
-            return ArrayMode(Array::Int32Array);
-        
-        if (isUint8ArraySpeculation(base))
-            return ArrayMode(Array::Uint8Array);
-        
-        if (isUint8ClampedArraySpeculation(base))
-            return ArrayMode(Array::Uint8ClampedArray);
-        
-        if (isUint16ArraySpeculation(base))
-            return ArrayMode(Array::Uint16Array);
-        
-        if (isUint32ArraySpeculation(base))
-            return ArrayMode(Array::Uint32Array);
-        
-        if (isFloat32ArraySpeculation(base))
-            return ArrayMode(Array::Float32Array);
-        
-        if (isFloat64ArraySpeculation(base))
-            return ArrayMode(Array::Float64Array);
-
-        return ArrayMode(Array::Generic);
-
-    default:
-        return *this;
-    }
-}
-
-bool ArrayMode::alreadyChecked(AbstractValue& value, IndexingType shape) const
-{
-    if (isJSArray()) {
-        if (arrayModesAlreadyChecked(value.m_arrayModes, asArrayModes(shape | IsArray)))
-            return true;
-        return value.m_currentKnownStructure.hasSingleton()
-            && (value.m_currentKnownStructure.singleton()->indexingType() & IndexingShapeMask) == shape
-            && (value.m_currentKnownStructure.singleton()->indexingType() & IsArray);
     }
-    if (arrayModesAlreadyChecked(value.m_arrayModes, asArrayModes(shape) | asArrayModes(shape | IsArray)))
-        return true;
-    return value.m_currentKnownStructure.hasSingleton()
-        && (value.m_currentKnownStructure.singleton()->indexingType() & IndexingShapeMask) == shape;
+    
+    if (type() != Array::SelectUsingPredictions)
+        return *this;
+    
+    if (isStringSpeculation(base))
+        return ArrayMode(Array::String);
+    
+    if (isArgumentsSpeculation(base))
+        return ArrayMode(Array::Arguments);
+    
+    if (isInt8ArraySpeculation(base))
+        return ArrayMode(Array::Int8Array);
+    
+    if (isInt16ArraySpeculation(base))
+        return ArrayMode(Array::Int16Array);
+    
+    if (isInt32ArraySpeculation(base))
+        return ArrayMode(Array::Int32Array);
+    
+    if (isUint8ArraySpeculation(base))
+        return ArrayMode(Array::Uint8Array);
+    
+    if (isUint8ClampedArraySpeculation(base))
+        return ArrayMode(Array::Uint8ClampedArray);
+    
+    if (isUint16ArraySpeculation(base))
+        return ArrayMode(Array::Uint16Array);
+    
+    if (isUint32ArraySpeculation(base))
+        return ArrayMode(Array::Uint32Array);
+    
+    if (isFloat32ArraySpeculation(base))
+        return ArrayMode(Array::Float32Array);
+    
+    if (isFloat64ArraySpeculation(base))
+        return ArrayMode(Array::Float64Array);
+    
+    return ArrayMode(Array::Generic);
 }
 
 bool ArrayMode::alreadyChecked(AbstractValue& value) const
@@ -227,17 +161,31 @@ bool ArrayMode::alreadyChecked(AbstractValue& value) const
     case Array::String:
         return speculationChecked(value.m_type, SpecString);
         
-    case Array::Int32:
-        return alreadyChecked(value, Int32Shape);
-        
-    case Array::Double:
-        return alreadyChecked(value, DoubleShape);
-        
     case Array::Contiguous:
-        return alreadyChecked(value, ContiguousShape);
+        if (isJSArray()) {
+            if (arrayModesAlreadyChecked(value.m_arrayModes, asArrayModes(ArrayWithContiguous)))
+                return true;
+            return value.m_currentKnownStructure.hasSingleton()
+                && hasContiguous(value.m_currentKnownStructure.singleton()->indexingType())
+                && (value.m_currentKnownStructure.singleton()->indexingType() & IsArray);
+        }
+        if (arrayModesAlreadyChecked(value.m_arrayModes, asArrayModes(NonArrayWithContiguous) | asArrayModes(ArrayWithContiguous)))
+            return true;
+        return value.m_currentKnownStructure.hasSingleton()
+            && hasContiguous(value.m_currentKnownStructure.singleton()->indexingType());
         
     case Array::ArrayStorage:
-        return alreadyChecked(value, ArrayStorageShape);
+        if (isJSArray()) {
+            if (arrayModesAlreadyChecked(value.m_arrayModes, asArrayModes(ArrayWithArrayStorage)))
+                return true;
+            return value.m_currentKnownStructure.hasSingleton()
+                && hasFastArrayStorage(value.m_currentKnownStructure.singleton()->indexingType())
+                && (value.m_currentKnownStructure.singleton()->indexingType() & IsArray);
+        }
+        if (arrayModesAlreadyChecked(value.m_arrayModes, asArrayModes(NonArrayWithArrayStorage) | asArrayModes(ArrayWithArrayStorage)))
+            return true;
+        return value.m_currentKnownStructure.hasSingleton()
+            && hasFastArrayStorage(value.m_currentKnownStructure.singleton()->indexingType());
         
     case Array::SlowPutArrayStorage:
         if (isJSArray()) {
@@ -284,7 +232,6 @@ bool ArrayMode::alreadyChecked(AbstractValue& value) const
         
     case Array::SelectUsingPredictions:
     case Array::Unprofiled:
-    case Array::Undecided:
         break;
     }
     
@@ -305,12 +252,6 @@ const char* arrayTypeToString(Array::Type type)
         return "ForceExit";
     case Array::String:
         return "String";
-    case Array::Undecided:
-        return "Undecided";
-    case Array::Int32:
-        return "Int32";
-    case Array::Double:
-        return "Double";
     case Array::Contiguous:
         return "Contiguous";
     case Array::ArrayStorage:
diff --git a/Source/JavaScriptCore/dfg/DFGArrayMode.h b/Source/JavaScriptCore/dfg/DFGArrayMode.h
index 206d689f2..615965c92 100644
--- a/Source/JavaScriptCore/dfg/DFGArrayMode.h
+++ b/Source/JavaScriptCore/dfg/DFGArrayMode.h
@@ -52,10 +52,7 @@ enum Type {
     ForceExit, // Implies that we have no idea how to execute this operation, so we should just give up.
     Generic,
     String,
-
-    Undecided,
-    Int32,
-    Double,
+    
     Contiguous,
     ArrayStorage,
     SlowPutArrayStorage,
@@ -84,6 +81,7 @@ enum Speculation {
     ToHole,
     OutOfBounds
 };
+
 enum Conversion {
     AsIs,
     Convert
@@ -171,17 +169,7 @@ public:
         return ArrayMode(type(), myArrayClass, mySpeculation, conversion());
     }
     
-    ArrayMode withType(Array::Type type) const
-    {
-        return ArrayMode(type, arrayClass(), speculation(), conversion());
-    }
-    
-    ArrayMode withTypeAndConversion(Array::Type type, Array::Conversion conversion) const
-    {
-        return ArrayMode(type, arrayClass(), speculation(), conversion);
-    }
-    
-    ArrayMode refine(SpeculatedType base, SpeculatedType index, SpeculatedType value = SpecNone) const;
+    ArrayMode refine(SpeculatedType base, SpeculatedType index) const;
     
     bool alreadyChecked(AbstractValue&) const;
     
@@ -190,8 +178,6 @@ public:
     bool usesButterfly() const
     {
         switch (type()) {
-        case Array::Int32:
-        case Array::Double:
         case Array::Contiguous:
         case Array::ArrayStorage:
         case Array::SlowPutArrayStorage:
@@ -277,7 +263,6 @@ public:
         case Array::Unprofiled:
         case Array::ForceExit:
         case Array::Generic:
-        case Array::Undecided:
             return false;
         default:
             return true;
@@ -292,8 +277,6 @@ public:
         case Array::ForceExit:
         case Array::Generic:
             return false;
-        case Array::Int32:
-        case Array::Double:
         case Array::Contiguous:
         case Array::ArrayStorage:
         case Array::SlowPutArrayStorage:
@@ -326,10 +309,6 @@ public:
         switch (type()) {
         case Array::Generic:
             return ALL_ARRAY_MODES;
-        case Array::Int32:
-            return arrayModesWithIndexingShape(Int32Shape);
-        case Array::Double:
-            return arrayModesWithIndexingShape(DoubleShape);
         case Array::Contiguous:
             return arrayModesWithIndexingShape(ContiguousShape);
         case Array::ArrayStorage:
@@ -375,8 +354,6 @@ private:
         }
     }
     
-    bool alreadyChecked(AbstractValue&, IndexingType shape) const;
-    
     union {
         struct {
             uint8_t type;
diff --git a/Source/JavaScriptCore/dfg/DFGBasicBlock.h b/Source/JavaScriptCore/dfg/DFGBasicBlock.h
index 6f348f2e1..441e2e75e 100644
--- a/Source/JavaScriptCore/dfg/DFGBasicBlock.h
+++ b/Source/JavaScriptCore/dfg/DFGBasicBlock.h
@@ -29,7 +29,6 @@
 #if ENABLE(DFG_JIT)
 
 #include "DFGAbstractValue.h"
-#include "DFGBranchDirection.h"
 #include "DFGNode.h"
 #include "Operands.h"
 #include <wtf/OwnPtr.h>
@@ -47,7 +46,6 @@ struct BasicBlock : Vector<NodeIndex, 8> {
         , cfaShouldRevisit(false)
         , cfaFoundConstants(false)
         , cfaDidFinish(true)
-        , cfaBranchDirection(InvalidBranchDirection)
 #if !ASSERT_DISABLED
         , isLinked(false)
 #endif
@@ -107,7 +105,6 @@ struct BasicBlock : Vector<NodeIndex, 8> {
     bool cfaShouldRevisit;
     bool cfaFoundConstants;
     bool cfaDidFinish;
-    BranchDirection cfaBranchDirection;
 #if !ASSERT_DISABLED
     bool isLinked;
 #endif
diff --git a/Source/JavaScriptCore/dfg/DFGBranchDirection.h b/Source/JavaScriptCore/dfg/DFGBranchDirection.h
deleted file mode 100644
index 8bbe3c635..000000000
--- a/Source/JavaScriptCore/dfg/DFGBranchDirection.h
+++ /dev/null
@@ -1,88 +0,0 @@
-/*
- * Copyright (C) 2012 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
- */
-
-#ifndef DFGBranchDirection_h
-#define DFGBranchDirection_h
-
-#include <wtf/Platform.h>
-
-#if ENABLE(DFG_JIT)
-
-namespace JSC { namespace DFG {
-
-enum BranchDirection {
-    // This is not a branch and so there is no branch direction, or
-    // the branch direction has yet to be set.
-    InvalidBranchDirection,
-        
-    // The branch takes the true case.
-    TakeTrue,
-        
-    // The branch takes the false case.
-    TakeFalse,
-        
-    // For all we know, the branch could go either direction, so we
-    // have to assume the worst.
-    TakeBoth
-};
-    
-static inline const char* branchDirectionToString(BranchDirection branchDirection)
-{
-    switch (branchDirection) {
-    case InvalidBranchDirection:
-        return "Invalid";
-    case TakeTrue:
-        return "TakeTrue";
-    case TakeFalse:
-        return "TakeFalse";
-    case TakeBoth:
-        return "TakeBoth";
-    }
-}
-    
-static inline bool isKnownDirection(BranchDirection branchDirection)
-{
-    switch (branchDirection) {
-    case TakeTrue:
-    case TakeFalse:
-        return true;
-    default:
-        return false;
-    }
-}
-
-static inline bool branchCondition(BranchDirection branchDirection)
-{
-    if (branchDirection == TakeTrue)
-        return true;
-    ASSERT(branchDirection == TakeFalse);
-    return false;
-}
-
-} } // namespace JSC::DFG
-
-#endif // ENABLE(DFG_JIT)
-
-#endif // DFGBranchDirection_h
diff --git a/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp b/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
index 142b8ab95..70aa2b637 100644
--- a/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
+++ b/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
@@ -905,15 +905,10 @@ private:
         return getPrediction(m_graph.size(), m_currentProfilingIndex);
     }
     
-    ArrayMode getArrayMode(ArrayProfile* profile, Array::Action action)
-    {
-        profile->computeUpdatedPrediction(m_inlineStackTop->m_codeBlock);
-        return ArrayMode::fromObserved(profile, action, false);
-    }
-    
     ArrayMode getArrayMode(ArrayProfile* profile)
     {
-        return getArrayMode(profile, Array::Read);
+        profile->computeUpdatedPrediction(m_inlineStackTop->m_codeBlock);
+        return ArrayMode::fromObserved(profile, Array::Read, false);
     }
     
     ArrayMode getArrayModeAndEmitChecks(ArrayProfile* profile, Array::Action action, NodeIndex base)
@@ -1654,12 +1649,7 @@ bool ByteCodeParser::handleIntrinsic(bool usesResult, int resultOperand, Intrins
             return false;
         
         ArrayMode arrayMode = getArrayMode(m_currentInstruction[5].u.arrayProfile);
-        if (!arrayMode.isJSArray())
-            return false;
         switch (arrayMode.type()) {
-        case Array::Undecided:
-        case Array::Int32:
-        case Array::Double:
         case Array::Contiguous:
         case Array::ArrayStorage: {
             NodeIndex arrayPush = addToGraph(ArrayPush, OpInfo(arrayMode.asWord()), OpInfo(prediction), get(registerOffset + argumentToOperand(0)), get(registerOffset + argumentToOperand(1)));
@@ -1679,11 +1669,7 @@ bool ByteCodeParser::handleIntrinsic(bool usesResult, int resultOperand, Intrins
             return false;
         
         ArrayMode arrayMode = getArrayMode(m_currentInstruction[5].u.arrayProfile);
-        if (!arrayMode.isJSArray())
-            return false;
         switch (arrayMode.type()) {
-        case Array::Int32:
-        case Array::Double:
         case Array::Contiguous:
         case Array::ArrayStorage: {
             NodeIndex arrayPop = addToGraph(ArrayPop, OpInfo(arrayMode.asWord()), OpInfo(prediction), get(registerOffset + argumentToOperand(0)));
@@ -1768,7 +1754,7 @@ bool ByteCodeParser::handleConstantInternalFunction(
         if (argumentCountIncludingThis == 2) {
             setIntrinsicResult(
                 usesResult, resultOperand,
-                addToGraph(NewArrayWithSize, OpInfo(ArrayWithUndecided), get(registerOffset + argumentToOperand(1))));
+                addToGraph(NewArrayWithSize, get(registerOffset + argumentToOperand(1))));
             return true;
         }
         
@@ -1776,7 +1762,7 @@ bool ByteCodeParser::handleConstantInternalFunction(
             addVarArgChild(get(registerOffset + argumentToOperand(i)));
         setIntrinsicResult(
             usesResult, resultOperand,
-            addToGraph(Node::VarArg, NewArray, OpInfo(ArrayWithUndecided), OpInfo(0)));
+            addToGraph(Node::VarArg, NewArray, OpInfo(0), OpInfo(0)));
         return true;
     }
     
@@ -2136,37 +2122,24 @@ bool ByteCodeParser::parseBlock(unsigned limit)
         case op_new_array: {
             int startOperand = currentInstruction[2].u.operand;
             int numOperands = currentInstruction[3].u.operand;
-            ArrayAllocationProfile* profile = currentInstruction[4].u.arrayAllocationProfile;
             for (int operandIdx = startOperand; operandIdx < startOperand + numOperands; ++operandIdx)
                 addVarArgChild(get(operandIdx));
-            set(currentInstruction[1].u.operand, addToGraph(Node::VarArg, NewArray, OpInfo(profile->selectIndexingType()), OpInfo(0)));
+            set(currentInstruction[1].u.operand, addToGraph(Node::VarArg, NewArray, OpInfo(0), OpInfo(0)));
             NEXT_OPCODE(op_new_array);
         }
             
         case op_new_array_with_size: {
             int lengthOperand = currentInstruction[2].u.operand;
-            ArrayAllocationProfile* profile = currentInstruction[3].u.arrayAllocationProfile;
-            set(currentInstruction[1].u.operand, addToGraph(NewArrayWithSize, OpInfo(profile->selectIndexingType()), get(lengthOperand)));
+            set(currentInstruction[1].u.operand, addToGraph(NewArrayWithSize, get(lengthOperand)));
             NEXT_OPCODE(op_new_array_with_size);
         }
             
         case op_new_array_buffer: {
             int startConstant = currentInstruction[2].u.operand;
             int numConstants = currentInstruction[3].u.operand;
-            ArrayAllocationProfile* profile = currentInstruction[4].u.arrayAllocationProfile;
             NewArrayBufferData data;
             data.startConstant = m_inlineStackTop->m_constantBufferRemap[startConstant];
             data.numConstants = numConstants;
-            data.indexingType = profile->selectIndexingType();
-
-            // If this statement has never executed, we'll have the wrong indexing type in the profile.
-            for (int i = 0; i < numConstants; ++i) {
-                data.indexingType =
-                    leastUpperBoundOfIndexingTypeAndValue(
-                        data.indexingType,
-                        m_codeBlock->constantBuffer(data.startConstant)[i]);
-            }
-            
             m_graph.m_newArrayBufferData.append(data);
             set(currentInstruction[1].u.operand, addToGraph(NewArrayBuffer, OpInfo(&m_graph.m_newArrayBufferData.last())));
             NEXT_OPCODE(op_new_array_buffer);
diff --git a/Source/JavaScriptCore/dfg/DFGCCallHelpers.h b/Source/JavaScriptCore/dfg/DFGCCallHelpers.h
index 308dde5a6..a2570b7ea 100644
--- a/Source/JavaScriptCore/dfg/DFGCCallHelpers.h
+++ b/Source/JavaScriptCore/dfg/DFGCCallHelpers.h
@@ -210,15 +210,6 @@ public:
         addCallArgument(arg3);
     }
 
-    ALWAYS_INLINE void setupArgumentsWithExecState(GPRReg arg1, TrustedImm32 arg2, GPRReg arg3)
-    {
-        resetCallArguments();
-        addCallArgument(GPRInfo::callFrameRegister);
-        addCallArgument(arg1);
-        addCallArgument(arg2);
-        addCallArgument(arg3);
-    }
-
     ALWAYS_INLINE void setupArgumentsWithExecState(GPRReg arg1, TrustedImm32 arg2, TrustedImmPtr arg3)
     {
         resetCallArguments();
@@ -277,16 +268,6 @@ public:
         addCallArgument(arg4);
     }
 
-    ALWAYS_INLINE void setupArgumentsWithExecState(GPRReg arg1, GPRReg arg2, GPRReg arg3, TrustedImm32 arg4)
-    {
-        resetCallArguments();
-        addCallArgument(GPRInfo::callFrameRegister);
-        addCallArgument(arg1);
-        addCallArgument(arg2);
-        addCallArgument(arg3);
-        addCallArgument(arg4);
-    }
-
     ALWAYS_INLINE void setupArgumentsWithExecState(TrustedImm32 arg1, TrustedImmPtr arg2, GPRReg arg3)
     {
         resetCallArguments();
@@ -336,23 +317,6 @@ public:
         addCallArgument(arg4);
         addCallArgument(arg5);
     }
-
-    ALWAYS_INLINE void setupArgumentsWithExecState(FPRReg arg1, GPRReg arg2)
-    {
-        resetCallArguments();
-        addCallArgument(GPRInfo::callFrameRegister);
-        addCallArgument(arg1);
-        addCallArgument(arg2);
-    }
-
-    ALWAYS_INLINE void setupArgumentsWithExecState(GPRReg arg1, GPRReg arg2, FPRReg arg3)
-    {
-        resetCallArguments();
-        addCallArgument(GPRInfo::callFrameRegister);
-        addCallArgument(arg1);
-        addCallArgument(arg2);
-        addCallArgument(arg3);
-    }
 #endif // !NUMBER_OF_ARGUMENT_REGISTERS
     // These methods are suitable for any calling convention that provides for
     // at least 4 argument registers, e.g. X86_64, ARMv7.
@@ -499,20 +463,6 @@ public:
     {
         setupTwoStubArgs<FPRInfo::argumentFPR0, FPRInfo::argumentFPR1>(arg1, arg2);
     }
-    
-    ALWAYS_INLINE void setupArgumentsWithExecState(FPRReg arg1, GPRReg arg2)
-    {
-        moveDouble(arg1, FPRInfo::argumentFPR0);
-        move(arg2, GPRInfo::argumentGPR1);
-        move(GPRInfo::callFrameRegister, GPRInfo::argumentGPR0);
-    }
-
-    ALWAYS_INLINE void setupArgumentsWithExecState(GPRReg arg1, GPRReg arg2, FPRReg arg3)
-    {
-        moveDouble(arg3, FPRInfo::argumentFPR0);
-        setupStubArguments(arg1, arg2);
-        move(GPRInfo::callFrameRegister, GPRInfo::argumentGPR0);
-    }
 #elif CPU(ARM)
 #if CPU(ARM_HARDFP)
     ALWAYS_INLINE void setupArguments(FPRReg arg1)
@@ -546,21 +496,6 @@ public:
         assembler().vmov(GPRInfo::argumentGPR0, GPRInfo::argumentGPR1, arg1);
         assembler().vmov(GPRInfo::argumentGPR2, GPRInfo::argumentGPR3, arg2);
     }
-
-    ALWAYS_INLINE void setupArgumentsWithExecState(FPRReg arg1, GPRReg arg2)
-    {
-        move(arg2, GPRInfo::argumentGPR3);
-        assembler().vmov(GPRInfo::argumentGPR1, GPRInfo::argumentGPR2, arg1);
-        move(GPRInfo::callFrameRegister, GPRInfo::argumentGPR0);
-    }
-
-    ALWAYS_INLINE void setupArgumentsWithExecState(GPRReg arg1, GPRReg arg2, FPRReg arg3)
-    {
-        setupStubArguments(arg1, arg2);
-        move(GPRInfo::callFrameRegister, GPRInfo::argumentGPR0);
-        assembler().vmov(GPRInfo::argumentGPR3, GPRInfo::nonArgGPR0, arg3);
-        poke(GPRInfo::nonArgGPR0);
-    }
 #endif // CPU(ARM_HARDFP)
 #else
 #error "DFG JIT not supported on this platform."
@@ -700,13 +635,6 @@ public:
         move(GPRInfo::callFrameRegister, GPRInfo::argumentGPR0);
     }
 
-    ALWAYS_INLINE void setupArgumentsWithExecState(GPRReg arg1, TrustedImm32 arg2, GPRReg arg3)
-    {
-        setupTwoStubArgs<GPRInfo::argumentGPR1, GPRInfo::argumentGPR3>(arg1, arg3);
-        move(arg2, GPRInfo::argumentGPR2);
-        move(GPRInfo::callFrameRegister, GPRInfo::argumentGPR0);
-    }
-
     ALWAYS_INLINE void setupArgumentsWithExecState(GPRReg arg1, TrustedImm32 arg2, TrustedImmPtr arg3)
     {
         move(arg1, GPRInfo::argumentGPR1);
@@ -795,12 +723,6 @@ public:
         setupArgumentsWithExecState(arg1, arg2, arg3);
     }
 
-    ALWAYS_INLINE void setupArgumentsWithExecState(GPRReg arg1, GPRReg arg2, GPRReg arg3, TrustedImm32 arg4)
-    {
-        poke(arg4);
-        setupArgumentsWithExecState(arg1, arg2, arg3);
-    }
-
     ALWAYS_INLINE void setupArgumentsWithExecState(GPRReg arg1, TrustedImmPtr arg2, TrustedImm32 arg3, GPRReg arg4)
     {
         poke(arg4);
diff --git a/Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.cpp b/Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.cpp
index e3827d8ad..e0d973992 100644
--- a/Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.cpp
+++ b/Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.cpp
@@ -99,8 +99,9 @@ public:
                 
                 case Branch: {
                     // Branch on constant -> jettison the not-taken block and merge.
-                    if (isKnownDirection(block->cfaBranchDirection)) {
-                        bool condition = branchCondition(block->cfaBranchDirection);
+                    if (m_graph[m_graph[block->last()].child1()].hasConstant()) {
+                        bool condition =
+                            m_graph.valueOfJSConstant(m_graph[block->last()].child1().index()).toBoolean(m_graph.globalObjectFor(m_graph[block->last()].codeOrigin)->globalExec());
                         BasicBlock* targetBlock = m_graph.m_blocks[
                             m_graph.successorForCondition(block, condition)].get();
                         if (targetBlock->m_predecessors.size() == 1) {
@@ -729,7 +730,6 @@ private:
         }
         
         firstBlock->valuesAtTail = secondBlock->valuesAtTail;
-        firstBlock->cfaBranchDirection = secondBlock->cfaBranchDirection;
         
         m_graph.m_blocks[secondBlockIndex].clear();
     }
diff --git a/Source/JavaScriptCore/dfg/DFGCallArrayAllocatorSlowPathGenerator.h b/Source/JavaScriptCore/dfg/DFGCallArrayAllocatorSlowPathGenerator.h
index 03713b6c5..46d5f44cb 100644
--- a/Source/JavaScriptCore/dfg/DFGCallArrayAllocatorSlowPathGenerator.h
+++ b/Source/JavaScriptCore/dfg/DFGCallArrayAllocatorSlowPathGenerator.h
@@ -61,7 +61,7 @@ protected:
             jit->silentSpill(m_plans[i]);
         jit->callOperation(m_function, m_resultGPR, m_structure, m_size);
         GPRReg canTrample = SpeculativeJIT::pickCanTrample(m_resultGPR);
-        for (unsigned i = m_plans.size(); i--;)
+        for (unsigned i = 0; i < m_plans.size(); ++i)
             jit->silentFill(m_plans[i], canTrample);
         jit->m_jit.loadPtr(MacroAssembler::Address(m_resultGPR, JSObject::butterflyOffset()), m_storageGPR);
         jumpTo(jit);
@@ -106,7 +106,7 @@ protected:
         done.link(&jit->m_jit);
         jit->callOperation(m_function, m_resultGPR, scratchGPR, m_sizeGPR);
         GPRReg canTrample = SpeculativeJIT::pickCanTrample(m_resultGPR);
-        for (unsigned i = m_plans.size(); i--;)
+        for (unsigned i = 0; i < m_plans.size(); ++i)
             jit->silentFill(m_plans[i], canTrample);
         jumpTo(jit);
     }
diff --git a/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp b/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
index 621d6e96a..5a76aa8df 100644
--- a/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
+++ b/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
@@ -145,30 +145,7 @@ private:
         }
             
         case ArrayPush: {
-            // May need to refine the array mode in case the value prediction contravenes
-            // the array prediction. For example, we may have evidence showing that the
-            // array is in Int32 mode, but the value we're storing is likely to be a double.
-            // Then we should turn this into a conversion to Double array followed by the
-            // push. On the other hand, we absolutely don't want to refine based on the
-            // base prediction. If it has non-cell garbage in it, then we want that to be
-            // ignored. That's because ArrayPush can't handle any array modes that aren't
-            // array-related - so if refine() turned this into a "Generic" ArrayPush then
-            // that would break things.
-            node.setArrayMode(
-                node.arrayMode().refine(
-                    m_graph[node.child1()].prediction() & SpecCell,
-                    SpecInt32,
-                    m_graph[node.child2()].prediction()));
             blessArrayOperation(node.child1(), node.child2(), 2);
-            
-            Node* nodePtr = &m_graph[m_compileIndex];
-            switch (nodePtr->arrayMode().type()) {
-            case Array::Double:
-                fixDoubleEdge(1);
-                break;
-            default:
-                break;
-            }
             break;
         }
             
@@ -259,7 +236,7 @@ private:
         case ValueAdd: {
             if (m_graph.addShouldSpeculateInteger(node))
                 break;
-            if (!Node::shouldSpeculateNumberExpectingDefined(m_graph[node.child1()], m_graph[node.child2()]))
+            if (!Node::shouldSpeculateNumber(m_graph[node.child1()], m_graph[node.child2()]))
                 break;
             fixDoubleEdge(0);
             fixDoubleEdge(1);
@@ -285,7 +262,7 @@ private:
         case ArithMin:
         case ArithMax:
         case ArithMod: {
-            if (Node::shouldSpeculateIntegerForArithmetic(m_graph[node.child1()], m_graph[node.child2()])
+            if (Node::shouldSpeculateInteger(m_graph[node.child1()], m_graph[node.child2()])
                 && node.canSpeculateInteger())
                 break;
             fixDoubleEdge(0);
@@ -302,7 +279,7 @@ private:
         }
 
         case ArithDiv: {
-            if (Node::shouldSpeculateIntegerForArithmetic(m_graph[node.child1()], m_graph[node.child2()])
+            if (Node::shouldSpeculateInteger(m_graph[node.child1()], m_graph[node.child2()])
                 && node.canSpeculateInteger()) {
                 if (isX86())
                     break;
@@ -330,7 +307,7 @@ private:
         }
             
         case ArithAbs: {
-            if (m_graph[node.child1()].shouldSpeculateIntegerForArithmetic()
+            if (m_graph[node.child1()].shouldSpeculateInteger()
                 && node.canSpeculateInteger())
                 break;
             fixDoubleEdge(0);
@@ -351,17 +328,13 @@ private:
             node.setArrayMode(
                 node.arrayMode().refine(
                     m_graph[child1].prediction(),
-                    m_graph[child2].prediction(),
-                    m_graph[child3].prediction()));
+                    m_graph[child2].prediction()));
             
             blessArrayOperation(child1, child2, 3);
             
             Node* nodePtr = &m_graph[m_compileIndex];
             
             switch (nodePtr->arrayMode().modeForPut().type()) {
-            case Array::Double:
-                fixDoubleEdge(2);
-                break;
             case Array::Int8Array:
             case Array::Int16Array:
             case Array::Int32Array:
@@ -382,19 +355,6 @@ private:
             break;
         }
             
-        case NewArray: {
-            for (unsigned i = m_graph.varArgNumChildren(node); i--;) {
-                node.setIndexingType(
-                    leastUpperBoundOfIndexingTypeAndType(
-                        node.indexingType(), m_graph[m_graph.varArgChild(node, i)].prediction()));
-            }
-            if (node.indexingType() == ArrayWithDouble) {
-                for (unsigned i = m_graph.varArgNumChildren(node); i--;)
-                    fixDoubleEdge(i);
-            }
-            break;
-        }
-            
         default:
             break;
         }
@@ -432,17 +392,15 @@ private:
             if (arrayMode.isJSArrayWithOriginalStructure()) {
                 JSGlobalObject* globalObject = m_graph.baselineCodeBlockFor(codeOrigin)->globalObject();
                 switch (arrayMode.type()) {
-                case Array::Int32:
-                    structure = globalObject->originalArrayStructureForIndexingType(ArrayWithInt32);
-                    break;
-                case Array::Double:
-                    structure = globalObject->originalArrayStructureForIndexingType(ArrayWithDouble);
-                    break;
                 case Array::Contiguous:
-                    structure = globalObject->originalArrayStructureForIndexingType(ArrayWithContiguous);
+                    structure = globalObject->arrayStructure();
+                    if (structure->indexingType() != ArrayWithContiguous)
+                        structure = 0;
                     break;
                 case Array::ArrayStorage:
-                    structure = globalObject->originalArrayStructureForIndexingType(ArrayWithArrayStorage);
+                    structure = globalObject->arrayStructureWithArrayStorage();
+                    if (structure->indexingType() != ArrayWithArrayStorage)
+                        structure = 0;
                     break;
                 default:
                     break;
diff --git a/Source/JavaScriptCore/dfg/DFGGraph.cpp b/Source/JavaScriptCore/dfg/DFGGraph.cpp
index 38079f020..8e8817f81 100644
--- a/Source/JavaScriptCore/dfg/DFGGraph.cpp
+++ b/Source/JavaScriptCore/dfg/DFGGraph.cpp
@@ -287,11 +287,6 @@ void Graph::dump(const char* prefix, NodeIndex nodeIndex)
         dataLog("]");
         hasPrinted = true;
     }
-    if (node.hasIndexingType()) {
-        if (hasPrinted)
-            dataLog(", ");
-        dataLog("%s", indexingTypeToString(node.indexingType()));
-    }
     if (op == JSConstant) {
         dataLog("%s$%u", hasPrinted ? ", " : "", node.constantNumber());
         JSValue value = valueOfJSConstant(nodeIndex);
diff --git a/Source/JavaScriptCore/dfg/DFGGraph.h b/Source/JavaScriptCore/dfg/DFGGraph.h
index 4de2e0e26..9fbb2df07 100644
--- a/Source/JavaScriptCore/dfg/DFGGraph.h
+++ b/Source/JavaScriptCore/dfg/DFGGraph.h
@@ -220,7 +220,7 @@ public:
         if (right.hasConstant())
             return addImmediateShouldSpeculateInteger(add, left, right);
         
-        return Node::shouldSpeculateIntegerExpectingDefined(left, right) && add.canSpeculateInteger();
+        return Node::shouldSpeculateInteger(left, right) && add.canSpeculateInteger();
     }
     
     bool mulShouldSpeculateInteger(Node& mul)
@@ -235,13 +235,13 @@ public:
         if (right.hasConstant())
             return mulImmediateShouldSpeculateInteger(mul, left, right);
         
-        return Node::shouldSpeculateIntegerForArithmetic(left, right) && mul.canSpeculateInteger() && !nodeMayOverflow(mul.arithNodeFlags());
+        return Node::shouldSpeculateInteger(left, right) && mul.canSpeculateInteger() && !nodeMayOverflow(mul.arithNodeFlags());
     }
     
     bool negateShouldSpeculateInteger(Node& negate)
     {
         ASSERT(negate.op() == ArithNegate);
-        return at(negate.child1()).shouldSpeculateIntegerForArithmetic() && negate.canSpeculateInteger();
+        return at(negate.child1()).shouldSpeculateInteger() && negate.canSpeculateInteger();
     }
     
     bool addShouldSpeculateInteger(NodeIndex nodeIndex)
@@ -493,8 +493,6 @@ public:
         switch (node.arrayMode().type()) {
         case Array::Generic:
             return false;
-        case Array::Int32:
-        case Array::Double:
         case Array::Contiguous:
         case Array::ArrayStorage:
             return !node.arrayMode().isOutOfBounds();
@@ -714,7 +712,7 @@ private:
         if (!immediateValue.isNumber())
             return false;
         
-        if (!variable.shouldSpeculateIntegerExpectingDefined())
+        if (!variable.shouldSpeculateInteger())
             return false;
         
         if (immediateValue.isInt32())
@@ -736,7 +734,7 @@ private:
         if (!immediateValue.isInt32())
             return false;
         
-        if (!variable.shouldSpeculateIntegerForArithmetic())
+        if (!variable.shouldSpeculateInteger())
             return false;
         
         int32_t intImmediate = immediateValue.asInt32();
diff --git a/Source/JavaScriptCore/dfg/DFGNode.h b/Source/JavaScriptCore/dfg/DFGNode.h
index bff7fe65f..e66629ec4 100644
--- a/Source/JavaScriptCore/dfg/DFGNode.h
+++ b/Source/JavaScriptCore/dfg/DFGNode.h
@@ -62,7 +62,6 @@ struct StructureTransitionData {
 struct NewArrayBufferData {
     unsigned startConstant;
     unsigned numConstants;
-    IndexingType indexingType;
 };
 
 // This type used in passing an immediate argument to Node constructor;
@@ -434,32 +433,6 @@ struct Node {
         return newArrayBufferData()->numConstants;
     }
     
-    bool hasIndexingType()
-    {
-        switch (op()) {
-        case NewArray:
-        case NewArrayWithSize:
-        case NewArrayBuffer:
-            return true;
-        default:
-            return false;
-        }
-    }
-    
-    IndexingType indexingType()
-    {
-        ASSERT(hasIndexingType());
-        if (op() == NewArrayBuffer)
-            return newArrayBufferData()->indexingType;
-        return m_opInfo;
-    }
-    
-    void setIndexingType(IndexingType indexingType)
-    {
-        ASSERT(hasIndexingType());
-        m_opInfo = indexingType;
-    }
-    
     bool hasRegexpIndex()
     {
         return op() == NewRegexp;
@@ -949,36 +922,16 @@ struct Node {
         return isInt32Speculation(prediction());
     }
     
-    bool shouldSpeculateIntegerForArithmetic()
-    {
-        return isInt32SpeculationForArithmetic(prediction());
-    }
-    
-    bool shouldSpeculateIntegerExpectingDefined()
-    {
-        return isInt32SpeculationExpectingDefined(prediction());
-    }
-    
     bool shouldSpeculateDouble()
     {
         return isDoubleSpeculation(prediction());
     }
     
-    bool shouldSpeculateDoubleForArithmetic()
-    {
-        return isDoubleSpeculationForArithmetic(prediction());
-    }
-    
     bool shouldSpeculateNumber()
     {
         return isNumberSpeculation(prediction());
     }
     
-    bool shouldSpeculateNumberExpectingDefined()
-    {
-        return isNumberSpeculationExpectingDefined(prediction());
-    }
-    
     bool shouldSpeculateBoolean()
     {
         return isBooleanSpeculation(prediction());
@@ -1084,31 +1037,11 @@ struct Node {
         return op1.shouldSpeculateInteger() && op2.shouldSpeculateInteger();
     }
     
-    static bool shouldSpeculateIntegerForArithmetic(Node& op1, Node& op2)
-    {
-        return op1.shouldSpeculateIntegerForArithmetic() && op2.shouldSpeculateIntegerForArithmetic();
-    }
-    
-    static bool shouldSpeculateIntegerExpectingDefined(Node& op1, Node& op2)
-    {
-        return op1.shouldSpeculateIntegerExpectingDefined() && op2.shouldSpeculateIntegerExpectingDefined();
-    }
-    
-    static bool shouldSpeculateDoubleForArithmetic(Node& op1, Node& op2)
-    {
-        return op1.shouldSpeculateDoubleForArithmetic() && op2.shouldSpeculateDoubleForArithmetic();
-    }
-    
     static bool shouldSpeculateNumber(Node& op1, Node& op2)
     {
         return op1.shouldSpeculateNumber() && op2.shouldSpeculateNumber();
     }
     
-    static bool shouldSpeculateNumberExpectingDefined(Node& op1, Node& op2)
-    {
-        return op1.shouldSpeculateNumberExpectingDefined() && op2.shouldSpeculateNumberExpectingDefined();
-    }
-    
     static bool shouldSpeculateFinalObject(Node& op1, Node& op2)
     {
         return op1.shouldSpeculateFinalObject() && op2.shouldSpeculateFinalObject();
diff --git a/Source/JavaScriptCore/dfg/DFGOperations.cpp b/Source/JavaScriptCore/dfg/DFGOperations.cpp
index 8356d22f9..0e45e230c 100644
--- a/Source/JavaScriptCore/dfg/DFGOperations.cpp
+++ b/Source/JavaScriptCore/dfg/DFGOperations.cpp
@@ -27,9 +27,9 @@
 #include "DFGOperations.h"
 
 #include "Arguments.h"
-#include "ButterflyInlines.h"
+#include "ButterflyInlineMethods.h"
 #include "CodeBlock.h"
-#include "CopiedSpaceInlines.h"
+#include "CopiedSpaceInlineMethods.h"
 #include "DFGOSRExit.h"
 #include "DFGRepatch.h"
 #include "DFGThunks.h"
@@ -580,40 +580,6 @@ void DFG_OPERATION operationPutByValBeyondArrayBoundsNonStrict(ExecState* exec,
         array, exec, Identifier::from(exec, index), JSValue::decode(encodedValue), slot);
 }
 
-void DFG_OPERATION operationPutDoubleByValBeyondArrayBoundsStrict(ExecState* exec, JSObject* array, int32_t index, double value)
-{
-    JSGlobalData* globalData = &exec->globalData();
-    NativeCallFrameTracer tracer(globalData, exec);
-    
-    JSValue jsValue = JSValue(JSValue::EncodeAsDouble, value);
-    
-    if (index >= 0) {
-        array->putByIndexInline(exec, index, jsValue, true);
-        return;
-    }
-    
-    PutPropertySlot slot(true);
-    array->methodTable()->put(
-        array, exec, Identifier::from(exec, index), jsValue, slot);
-}
-
-void DFG_OPERATION operationPutDoubleByValBeyondArrayBoundsNonStrict(ExecState* exec, JSObject* array, int32_t index, double value)
-{
-    JSGlobalData* globalData = &exec->globalData();
-    NativeCallFrameTracer tracer(globalData, exec);
-    
-    JSValue jsValue = JSValue(JSValue::EncodeAsDouble, value);
-    
-    if (index >= 0) {
-        array->putByIndexInline(exec, index, jsValue, false);
-        return;
-    }
-    
-    PutPropertySlot slot(false);
-    array->methodTable()->put(
-        array, exec, Identifier::from(exec, index), jsValue, slot);
-}
-
 EncodedJSValue DFG_OPERATION operationArrayPush(ExecState* exec, EncodedJSValue encodedValue, JSArray* array)
 {
     JSGlobalData* globalData = &exec->globalData();
@@ -623,15 +589,6 @@ EncodedJSValue DFG_OPERATION operationArrayPush(ExecState* exec, EncodedJSValue
     return JSValue::encode(jsNumber(array->length()));
 }
 
-EncodedJSValue DFG_OPERATION operationArrayPushDouble(ExecState* exec, double value, JSArray* array)
-{
-    JSGlobalData* globalData = &exec->globalData();
-    NativeCallFrameTracer tracer(globalData, exec);
-    
-    array->push(exec, JSValue(JSValue::EncodeAsDouble, value));
-    return JSValue::encode(jsNumber(array->length()));
-}
-
 EncodedJSValue DFG_OPERATION operationArrayPop(ExecState* exec, JSArray* array)
 {
     JSGlobalData* globalData = &exec->globalData();
@@ -1370,36 +1327,30 @@ char* DFG_OPERATION operationReallocateButterflyToGrowPropertyStorage(ExecState*
     return reinterpret_cast<char*>(result);
 }
 
-char* DFG_OPERATION operationEnsureInt32(ExecState* exec, JSObject* object)
+char* DFG_OPERATION operationEnsureContiguous(ExecState* exec, JSObject* object)
 {
     JSGlobalData& globalData = exec->globalData();
     NativeCallFrameTracer tracer(&globalData, exec);
     
-    return reinterpret_cast<char*>(object->ensureInt32(globalData));
+    return reinterpret_cast<char*>(object->ensureContiguous(globalData));
 }
 
-char* DFG_OPERATION operationEnsureDouble(ExecState* exec, JSObject* object)
+char* DFG_OPERATION operationEnsureArrayStorage(ExecState* exec, JSObject* object)
 {
     JSGlobalData& globalData = exec->globalData();
     NativeCallFrameTracer tracer(&globalData, exec);
-    
-    return reinterpret_cast<char*>(object->ensureDouble(globalData));
-}
 
-char* DFG_OPERATION operationEnsureContiguous(ExecState* exec, JSObject* object)
-{
-    JSGlobalData& globalData = exec->globalData();
-    NativeCallFrameTracer tracer(&globalData, exec);
-    
-    return reinterpret_cast<char*>(object->ensureContiguous(globalData));
+    return reinterpret_cast<char*>(object->ensureArrayStorage(globalData));
 }
 
-char* DFG_OPERATION operationEnsureArrayStorage(ExecState* exec, JSObject* object)
+char* DFG_OPERATION operationEnsureContiguousOrArrayStorage(ExecState* exec, JSObject* object, int32_t index)
 {
     JSGlobalData& globalData = exec->globalData();
     NativeCallFrameTracer tracer(&globalData, exec);
 
-    return reinterpret_cast<char*>(object->ensureArrayStorage(globalData));
+    if (static_cast<unsigned>(index) >= MIN_SPARSE_ARRAY_INDEX)
+        return reinterpret_cast<char*>(object->ensureArrayStorage(globalData));
+    return reinterpret_cast<char*>(object->ensureIndexedStorage(globalData));
 }
 
 double DFG_OPERATION operationFModOnInts(int32_t a, int32_t b)
diff --git a/Source/JavaScriptCore/dfg/DFGOperations.h b/Source/JavaScriptCore/dfg/DFGOperations.h
index b99c214e9..8d2beacec 100644
--- a/Source/JavaScriptCore/dfg/DFGOperations.h
+++ b/Source/JavaScriptCore/dfg/DFGOperations.h
@@ -64,7 +64,6 @@ typedef EncodedJSValue DFG_OPERATION (*J_DFGOperation_EAZ)(ExecState*, JSArray*,
 typedef EncodedJSValue DFG_OPERATION (*J_DFGOperation_ECC)(ExecState*, JSCell*, JSCell*);
 typedef EncodedJSValue DFG_OPERATION (*J_DFGOperation_ECI)(ExecState*, JSCell*, Identifier*);
 typedef EncodedJSValue DFG_OPERATION (*J_DFGOperation_ECJ)(ExecState*, JSCell*, EncodedJSValue);
-typedef EncodedJSValue DFG_OPERATION (*J_DFGOperation_EDA)(ExecState*, double, JSArray*);
 typedef EncodedJSValue DFG_OPERATION (*J_DFGOperation_EGriJsgI)(ExecState*, ResolveOperation*, JSGlobalObject*, Identifier*);
 typedef EncodedJSValue DFG_OPERATION (*J_DFGOperation_EI)(ExecState*, Identifier*);
 typedef EncodedJSValue DFG_OPERATION (*J_DFGOperation_EIRo)(ExecState*, Identifier*, ResolveOperations*);
@@ -93,7 +92,6 @@ typedef size_t DFG_OPERATION (*S_DFGOperation_ECC)(ExecState*, JSCell*, JSCell*)
 typedef size_t DFG_OPERATION (*S_DFGOperation_EJ)(ExecState*, EncodedJSValue);
 typedef size_t DFG_OPERATION (*S_DFGOperation_EJJ)(ExecState*, EncodedJSValue, EncodedJSValue);
 typedef size_t DFG_OPERATION (*S_DFGOperation_J)(EncodedJSValue);
-typedef void DFG_OPERATION (*V_DFGOperation_EOZD)(ExecState*, JSObject*, int32_t, double);
 typedef void DFG_OPERATION (*V_DFGOperation_EOZJ)(ExecState*, JSObject*, int32_t, EncodedJSValue);
 typedef void DFG_OPERATION (*V_DFGOperation_EC)(ExecState*, JSCell*);
 typedef void DFG_OPERATION (*V_DFGOperation_ECIcf)(ExecState*, JSCell*, InlineCallFrame*);
@@ -150,10 +148,7 @@ void DFG_OPERATION operationPutByValCellStrict(ExecState*, JSCell*, EncodedJSVal
 void DFG_OPERATION operationPutByValCellNonStrict(ExecState*, JSCell*, EncodedJSValue encodedProperty, EncodedJSValue encodedValue) WTF_INTERNAL;
 void DFG_OPERATION operationPutByValBeyondArrayBoundsStrict(ExecState*, JSObject*, int32_t index, EncodedJSValue encodedValue) WTF_INTERNAL;
 void DFG_OPERATION operationPutByValBeyondArrayBoundsNonStrict(ExecState*, JSObject*, int32_t index, EncodedJSValue encodedValue) WTF_INTERNAL;
-void DFG_OPERATION operationPutDoubleByValBeyondArrayBoundsStrict(ExecState*, JSObject*, int32_t index, double value) WTF_INTERNAL;
-void DFG_OPERATION operationPutDoubleByValBeyondArrayBoundsNonStrict(ExecState*, JSObject*, int32_t index, double value) WTF_INTERNAL;
 EncodedJSValue DFG_OPERATION operationArrayPush(ExecState*, EncodedJSValue encodedValue, JSArray*) WTF_INTERNAL;
-EncodedJSValue DFG_OPERATION operationArrayPushDouble(ExecState*, double value, JSArray*) WTF_INTERNAL;
 EncodedJSValue DFG_OPERATION operationArrayPop(ExecState*, JSArray*) WTF_INTERNAL;
 EncodedJSValue DFG_OPERATION operationArrayPopAndRecoverLength(ExecState*, JSArray*) WTF_INTERNAL;
 EncodedJSValue DFG_OPERATION operationRegExpExec(ExecState*, JSCell*, JSCell*) WTF_INTERNAL;
@@ -200,10 +195,9 @@ char* DFG_OPERATION operationAllocatePropertyStorageWithInitialCapacity(ExecStat
 char* DFG_OPERATION operationAllocatePropertyStorage(ExecState*, size_t newSize) WTF_INTERNAL;
 char* DFG_OPERATION operationReallocateButterflyToHavePropertyStorageWithInitialCapacity(ExecState*, JSObject*) WTF_INTERNAL;
 char* DFG_OPERATION operationReallocateButterflyToGrowPropertyStorage(ExecState*, JSObject*, size_t newSize) WTF_INTERNAL;
-char* DFG_OPERATION operationEnsureInt32(ExecState*, JSObject*);
-char* DFG_OPERATION operationEnsureDouble(ExecState*, JSObject*);
 char* DFG_OPERATION operationEnsureContiguous(ExecState*, JSObject*);
 char* DFG_OPERATION operationEnsureArrayStorage(ExecState*, JSObject*);
+char* DFG_OPERATION operationEnsureContiguousOrArrayStorage(ExecState*, JSObject*, int32_t);
 
 // This method is used to lookup an exception hander, keyed by faultLocation, which is
 // the return location from one of the calls out to one of the helper operations above.
diff --git a/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp b/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp
index b5fde4eee..3e8ead5c6 100644
--- a/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp
+++ b/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp
@@ -225,6 +225,24 @@ private:
             break;
         }
 
+        case ArithMod: {
+            SpeculatedType left = m_graph[node.child1()].prediction();
+            SpeculatedType right = m_graph[node.child2()].prediction();
+            
+            if (left && right) {
+                if (isInt32Speculation(mergeSpeculations(left, right))
+                    && nodeCanSpeculateInteger(node.arithNodeFlags()))
+                    changed |= mergePrediction(SpecInt32);
+                else
+                    changed |= mergePrediction(SpecDouble);
+            }
+            
+            flags |= NodeUsedAsValue;
+            changed |= m_graph[node.child1()].mergeFlags(flags);
+            changed |= m_graph[node.child2()].mergeFlags(flags);
+            break;
+        }
+            
         case UInt32ToNumber: {
             if (nodeCanSpeculateInteger(node.arithNodeFlags()))
                 changed |= mergePrediction(SpecInt32);
@@ -240,7 +258,7 @@ private:
             SpeculatedType right = m_graph[node.child2()].prediction();
             
             if (left && right) {
-                if (isNumberSpeculationExpectingDefined(left) && isNumberSpeculationExpectingDefined(right)) {
+                if (isNumberSpeculation(left) && isNumberSpeculation(right)) {
                     if (m_graph.addShouldSpeculateInteger(node))
                         changed |= mergePrediction(SpecInt32);
                     else
@@ -315,7 +333,7 @@ private:
             SpeculatedType right = m_graph[node.child2()].prediction();
             
             if (left && right) {
-                if (Node::shouldSpeculateIntegerForArithmetic(m_graph[node.child1()], m_graph[node.child2()])
+                if (isInt32Speculation(mergeSpeculations(left, right))
                     && nodeCanSpeculateInteger(node.arithNodeFlags()))
                     changed |= mergePrediction(SpecInt32);
                 else
@@ -355,7 +373,7 @@ private:
             SpeculatedType right = m_graph[node.child2()].prediction();
             
             if (left && right) {
-                if (Node::shouldSpeculateIntegerForArithmetic(m_graph[node.child1()], m_graph[node.child2()])
+                if (isInt32Speculation(mergeSpeculations(left, right))
                     && nodeCanSpeculateInteger(node.arithNodeFlags()))
                     changed |= mergePrediction(SpecInt32);
                 else
@@ -364,7 +382,7 @@ private:
 
             // As soon as a multiply happens, we can easily end up in the part
             // of the double domain where the point at which you do truncation
-            // can change the outcome. So, ArithDiv always checks for overflow
+            // can change the outcome. So, ArithMul always checks for overflow
             // no matter what, and always forces its inputs to check as well.
             
             flags |= NodeUsedAsNumber | NodeNeedsNegZero;
@@ -373,24 +391,6 @@ private:
             break;
         }
             
-        case ArithMod: {
-            SpeculatedType left = m_graph[node.child1()].prediction();
-            SpeculatedType right = m_graph[node.child2()].prediction();
-            
-            if (left && right) {
-                if (Node::shouldSpeculateIntegerForArithmetic(m_graph[node.child1()], m_graph[node.child2()])
-                    && nodeCanSpeculateInteger(node.arithNodeFlags()))
-                    changed |= mergePrediction(SpecInt32);
-                else
-                    changed |= mergePrediction(SpecDouble);
-            }
-            
-            flags |= NodeUsedAsValue;
-            changed |= m_graph[node.child1()].mergeFlags(flags);
-            changed |= m_graph[node.child2()].mergeFlags(flags);
-            break;
-        }
-            
         case ArithSqrt: {
             changed |= setPrediction(SpecDouble);
             changed |= m_graph[node.child1()].mergeFlags(flags | NodeUsedAsValue);
@@ -399,11 +399,10 @@ private:
             
         case ArithAbs: {
             SpeculatedType child = m_graph[node.child1()].prediction();
-            if (isInt32SpeculationForArithmetic(child)
-                && nodeCanSpeculateInteger(node.arithNodeFlags()))
-                changed |= mergePrediction(SpecInt32);
+            if (nodeCanSpeculateInteger(node.arithNodeFlags()))
+                changed |= mergePrediction(child);
             else
-                changed |= mergePrediction(speculatedDoubleTypeForPrediction(child));
+                changed |= setPrediction(speculatedDoubleTypeForPrediction(child));
 
             flags &= ~NodeNeedsNegZero;
             changed |= m_graph[node.child1()].mergeFlags(flags);
@@ -777,7 +776,7 @@ private:
                 
                 DoubleBallot ballot;
                 
-                if (isNumberSpeculationExpectingDefined(left) && isNumberSpeculationExpectingDefined(right)
+                if (isNumberSpeculation(left) && isNumberSpeculation(right)
                     && !m_graph.addShouldSpeculateInteger(node))
                     ballot = VoteDouble;
                 else
@@ -815,7 +814,7 @@ private:
                 DoubleBallot ballot;
                 
                 if (isNumberSpeculation(left) && isNumberSpeculation(right)
-                    && !(Node::shouldSpeculateIntegerForArithmetic(m_graph[node.child1()], m_graph[node.child1()])
+                    && !(Node::shouldSpeculateInteger(m_graph[node.child1()], m_graph[node.child1()])
                          && node.canSpeculateInteger()))
                     ballot = VoteDouble;
                 else
@@ -828,7 +827,7 @@ private:
                 
             case ArithAbs:
                 DoubleBallot ballot;
-                if (!(m_graph[node.child1()].shouldSpeculateIntegerForArithmetic()
+                if (!(m_graph[node.child1()].shouldSpeculateInteger()
                       && node.canSpeculateInteger()))
                     ballot = VoteDouble;
                 else
@@ -850,24 +849,6 @@ private:
                 break;
             }
                 
-            case PutByVal:
-            case PutByValAlias: {
-                Edge child1 = m_graph.varArgChild(node, 0);
-                Edge child2 = m_graph.varArgChild(node, 1);
-                Edge child3 = m_graph.varArgChild(node, 2);
-                m_graph.vote(child1, VoteValue);
-                m_graph.vote(child2, VoteValue);
-                switch (node.arrayMode().type()) {
-                case Array::Double:
-                    m_graph.vote(child3, VoteDouble);
-                    break;
-                default:
-                    m_graph.vote(child3, VoteValue);
-                    break;
-                }
-                break;
-            }
-                
             default:
                 m_graph.vote(node, VoteValue);
                 break;
diff --git a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
index 829bc14ff..6bedd6d68 100644
--- a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
+++ b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
@@ -59,7 +59,7 @@ SpeculativeJIT::~SpeculativeJIT()
 
 void SpeculativeJIT::emitAllocateJSArray(Structure* structure, GPRReg resultGPR, GPRReg storageGPR, unsigned numElements)
 {
-    ASSERT(hasUndecided(structure->indexingType()) || hasInt32(structure->indexingType()) || hasDouble(structure->indexingType()) || hasContiguous(structure->indexingType()));
+    ASSERT(hasContiguous(structure->indexingType()));
     
     GPRTemporary scratch(this);
     GPRReg scratchGPR = scratch.gpr();
@@ -67,7 +67,6 @@ void SpeculativeJIT::emitAllocateJSArray(Structure* structure, GPRReg resultGPR,
     unsigned vectorLength = std::max(BASE_VECTOR_LEN, numElements);
     
     JITCompiler::JumpList slowCases;
-    
     slowCases.append(
         emitAllocateBasicStorage(TrustedImm32(vectorLength * sizeof(JSValue) + sizeof(IndexingHeader)), storageGPR));
     m_jit.subPtr(TrustedImm32(vectorLength * sizeof(JSValue)), storageGPR);
@@ -80,21 +79,6 @@ void SpeculativeJIT::emitAllocateJSArray(Structure* structure, GPRReg resultGPR,
     m_jit.store32(TrustedImm32(numElements), MacroAssembler::Address(storageGPR, Butterfly::offsetOfPublicLength()));
     m_jit.store32(TrustedImm32(vectorLength), MacroAssembler::Address(storageGPR, Butterfly::offsetOfVectorLength()));
     
-    if (hasDouble(structure->indexingType()) && numElements < vectorLength) {
-#if USE(JSVALUE64)
-        m_jit.move(TrustedImm64(bitwise_cast<int64_t>(QNaN)), scratchGPR);
-        for (unsigned i = numElements; i < vectorLength; ++i)
-            m_jit.store64(scratchGPR, MacroAssembler::Address(storageGPR, sizeof(double) * i));
-#else
-        EncodedValueDescriptor value;
-        value.asInt64 = JSValue::encode(JSValue(JSValue::EncodeAsDouble, QNaN));
-        for (unsigned i = numElements; i < vectorLength; ++i) {
-            m_jit.store32(TrustedImm32(value.asBits.tag), MacroAssembler::Address(storageGPR, sizeof(double) * i + OBJECT_OFFSETOF(JSValue, u.asBits.tag)));
-            m_jit.store32(TrustedImm32(value.asBits.payload), MacroAssembler::Address(storageGPR, sizeof(double) * i + OBJECT_OFFSETOF(JSValue, u.asBits.payload)));
-        }
-#endif
-    }
-    
     // I want a slow path that also loads out the storage pointer, and that's
     // what this custom CallArrayAllocatorSlowPathGenerator gives me. It's a lot
     // of work for a very small piece of functionality. :-/
@@ -359,31 +343,24 @@ const TypedArrayDescriptor* SpeculativeJIT::typedArrayDescriptor(ArrayMode array
     }
 }
 
-JITCompiler::Jump SpeculativeJIT::jumpSlowForUnwantedArrayMode(GPRReg tempGPR, ArrayMode arrayMode, IndexingType shape, bool invert)
-{
-    if (arrayMode.isJSArray()) {
-        m_jit.and32(TrustedImm32(IsArray | IndexingShapeMask), tempGPR);
-        return m_jit.branch32(
-            invert ? MacroAssembler::Equal : MacroAssembler::NotEqual, tempGPR, TrustedImm32(IsArray | shape));
-    }
-    m_jit.and32(TrustedImm32(IndexingShapeMask), tempGPR);
-    return m_jit.branch32(invert ? MacroAssembler::Equal : MacroAssembler::NotEqual, tempGPR, TrustedImm32(shape));
-}
-
 JITCompiler::JumpList SpeculativeJIT::jumpSlowForUnwantedArrayMode(GPRReg tempGPR, ArrayMode arrayMode, bool invert)
 {
     JITCompiler::JumpList result;
     
     switch (arrayMode.type()) {
-    case Array::Int32:
-        return jumpSlowForUnwantedArrayMode(tempGPR, arrayMode, Int32Shape, invert);
-
-    case Array::Double:
-        return jumpSlowForUnwantedArrayMode(tempGPR, arrayMode, DoubleShape, invert);
-
-    case Array::Contiguous:
-        return jumpSlowForUnwantedArrayMode(tempGPR, arrayMode, ContiguousShape, invert);
-
+    case Array::Contiguous: {
+        if (arrayMode.isJSArray()) {
+            m_jit.and32(TrustedImm32(IsArray | IndexingShapeMask), tempGPR);
+            result.append(
+                m_jit.branch32(
+                    invert ? MacroAssembler::Equal : MacroAssembler::NotEqual, tempGPR, TrustedImm32(IsArray | ContiguousShape)));
+            break;
+        }
+        m_jit.and32(TrustedImm32(IndexingShapeMask), tempGPR);
+        result.append(
+            m_jit.branch32(invert ? MacroAssembler::Equal : MacroAssembler::NotEqual, tempGPR, TrustedImm32(ContiguousShape)));
+        break;
+    }
     case Array::ArrayStorage:
     case Array::SlowPutArrayStorage: {
         if (arrayMode.isJSArray()) {
@@ -460,8 +437,6 @@ void SpeculativeJIT::checkArray(Node& node)
     case Array::String:
         expectedClassInfo = &JSString::s_info;
         break;
-    case Array::Int32:
-    case Array::Double:
     case Array::Contiguous:
     case Array::ArrayStorage:
     case Array::SlowPutArrayStorage: {
@@ -553,30 +528,16 @@ void SpeculativeJIT::arrayify(Node& node, GPRReg baseReg, GPRReg propertyReg)
         
     // If we're allegedly creating contiguous storage and the index is bogus, then
     // just don't.
-    if (propertyReg != InvalidGPRReg) {
-        switch (node.arrayMode().type()) {
-        case Array::Int32:
-        case Array::Double:
-        case Array::Contiguous:
-            speculationCheck(
-                Uncountable, JSValueRegs(), NoNode,
-                m_jit.branch32(
-                    MacroAssembler::AboveOrEqual, propertyReg, TrustedImm32(MIN_SPARSE_ARRAY_INDEX)));
-            break;
-        default:
-            break;
-        }
+    if (node.arrayMode().type() == Array::Contiguous && propertyReg != InvalidGPRReg) {
+        speculationCheck(
+            Uncountable, JSValueRegs(), NoNode,
+            m_jit.branch32(
+                MacroAssembler::AboveOrEqual, propertyReg, TrustedImm32(MIN_SPARSE_ARRAY_INDEX)));
     }
     
     // Now call out to create the array storage.
     silentSpillAllRegisters(tempGPR);
     switch (node.arrayMode().type()) {
-    case Array::Int32:
-        callOperation(operationEnsureInt32, tempGPR, baseReg);
-        break;
-    case Array::Double:
-        callOperation(operationEnsureDouble, tempGPR, baseReg);
-        break;
     case Array::Contiguous:
         callOperation(operationEnsureContiguous, tempGPR, baseReg);
         break;
@@ -1836,85 +1797,6 @@ ValueRecovery SpeculativeJIT::computeValueRecoveryFor(const ValueSource& valueSo
     return ValueRecovery();
 }
 
-void SpeculativeJIT::compileDoublePutByVal(Node& node, SpeculateCellOperand& base, SpeculateStrictInt32Operand& property)
-{
-    Edge child3 = m_jit.graph().varArgChild(node, 2);
-    Edge child4 = m_jit.graph().varArgChild(node, 3);
-
-    ArrayMode arrayMode = node.arrayMode();
-    
-    GPRReg baseReg = base.gpr();
-    GPRReg propertyReg = property.gpr();
-    
-    SpeculateDoubleOperand value(this, child3);
-
-    FPRReg valueReg = value.fpr();
-    
-    if (!isRealNumberSpeculation(m_state.forNode(child3).m_type)) {
-        // FIXME: We need a way of profiling these, and we need to hoist them into
-        // SpeculateDoubleOperand.
-        speculationCheck(
-            BadType, JSValueRegs(), NoNode,
-            m_jit.branchDouble(MacroAssembler::DoubleNotEqualOrUnordered, valueReg, valueReg));
-    }
-    
-    if (!m_compileOkay)
-        return;
-    
-    StorageOperand storage(this, child4);
-    GPRReg storageReg = storage.gpr();
-
-    if (node.op() == PutByValAlias) {
-        // Store the value to the array.
-        GPRReg propertyReg = property.gpr();
-        FPRReg valueReg = value.fpr();
-        m_jit.storeDouble(valueReg, MacroAssembler::BaseIndex(storageReg, propertyReg, MacroAssembler::TimesEight));
-        
-        noResult(m_compileIndex);
-        return;
-    }
-    
-    GPRTemporary temporary;
-    GPRReg temporaryReg = temporaryRegisterForPutByVal(temporary, node);
-
-    MacroAssembler::JumpList slowCases;
-    
-    if (arrayMode.isInBounds()) {
-        speculationCheck(
-            Uncountable, JSValueRegs(), NoNode,
-            m_jit.branch32(MacroAssembler::AboveOrEqual, propertyReg, MacroAssembler::Address(storageReg, Butterfly::offsetOfPublicLength())));
-    } else {
-        MacroAssembler::Jump inBounds = m_jit.branch32(MacroAssembler::Below, propertyReg, MacroAssembler::Address(storageReg, Butterfly::offsetOfPublicLength()));
-        
-        slowCases.append(m_jit.branch32(MacroAssembler::AboveOrEqual, propertyReg, MacroAssembler::Address(storageReg, Butterfly::offsetOfVectorLength())));
-        
-        if (!arrayMode.isOutOfBounds())
-            speculationCheck(Uncountable, JSValueRegs(), NoNode, slowCases);
-        
-        m_jit.add32(TrustedImm32(1), propertyReg, temporaryReg);
-        m_jit.store32(temporaryReg, MacroAssembler::Address(storageReg, Butterfly::offsetOfPublicLength()));
-        
-        inBounds.link(&m_jit);
-    }
-    
-    m_jit.storeDouble(valueReg, MacroAssembler::BaseIndex(storageReg, propertyReg, MacroAssembler::TimesEight));
-
-    base.use();
-    property.use();
-    value.use();
-    storage.use();
-    
-    if (arrayMode.isOutOfBounds()) {
-        addSlowPathGenerator(
-            slowPathCall(
-                slowCases, this,
-                m_jit.codeBlock()->isStrictMode() ? operationPutDoubleByValBeyondArrayBoundsStrict : operationPutDoubleByValBeyondArrayBoundsNonStrict,
-                NoResult, baseReg, propertyReg, valueReg));
-    }
-
-    noResult(m_compileIndex, UseChildrenCalledExplicitly);
-}
-
 void SpeculativeJIT::compileGetCharCodeAt(Node& node)
 {
     SpeculateCellOperand string(this, node.child1());
@@ -2881,7 +2763,7 @@ void SpeculativeJIT::compileAdd(Node& node)
         return;
     }
         
-    if (Node::shouldSpeculateNumberExpectingDefined(at(node.child1()), at(node.child2()))) {
+    if (Node::shouldSpeculateNumber(at(node.child1()), at(node.child2()))) {
         SpeculateDoubleOperand op1(this, node.child1());
         SpeculateDoubleOperand op2(this, node.child2());
         FPRTemporary result(this, op1, op2);
@@ -3119,7 +3001,7 @@ void SpeculativeJIT::compileIntegerArithDivForX86(Node& node)
 
 void SpeculativeJIT::compileArithMod(Node& node)
 {
-    if (Node::shouldSpeculateIntegerForArithmetic(at(node.child1()), at(node.child2()))
+    if (Node::shouldSpeculateInteger(at(node.child1()), at(node.child2()))
         && node.canSpeculateInteger()) {
         compileSoftModulo(node);
         return;
@@ -3454,8 +3336,6 @@ void SpeculativeJIT::compileGetArrayLength(Node& node)
     const TypedArrayDescriptor* descriptor = typedArrayDescriptor(node.arrayMode());
 
     switch (node.arrayMode().type()) {
-    case Array::Int32:
-    case Array::Double:
     case Array::Contiguous: {
         StorageOperand storage(this, node.child2());
         GPRTemporary result(this, storage);
diff --git a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
index 059d3a6c6..446ea7dbe 100644
--- a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
+++ b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
@@ -1308,11 +1308,6 @@ public:
         m_jit.setupArgumentsWithExecState(arg1, TrustedImmPtr(identifier));
         return appendCallWithExceptionCheckSetResult(operation, result);
     }
-    JITCompiler::Call callOperation(J_DFGOperation_EDA operation, GPRReg result, FPRReg arg1, GPRReg arg2)
-    {
-        m_jit.setupArgumentsWithExecState(arg1, arg2);
-        return appendCallWithExceptionCheckSetResult(operation, result);
-    }
     JITCompiler::Call callOperation(J_DFGOperation_EJA operation, GPRReg result, GPRReg arg1, GPRReg arg2)
     {
         m_jit.setupArgumentsWithExecState(arg1, arg2);
@@ -1458,11 +1453,6 @@ public:
         m_jit.setupArgumentsWithExecState(arg1, arg2, arg3);
         return appendCallWithExceptionCheck(operation);
     }
-    JITCompiler::Call callOperation(V_DFGOperation_EOZD operation, GPRReg arg1, GPRReg arg2, FPRReg arg3)
-    {
-        m_jit.setupArgumentsWithExecState(arg1, arg2, arg3);
-        return appendCallWithExceptionCheck(operation);
-    }
     JITCompiler::Call callOperation(V_DFGOperation_EOZJ operation, GPRReg arg1, GPRReg arg2, GPRReg arg3)
     {
         m_jit.setupArgumentsWithExecState(arg1, arg2, arg3);
@@ -1671,21 +1661,11 @@ public:
         m_jit.setupArgumentsWithExecState(EABI_32BIT_DUMMY_ARG arg1Payload, TrustedImm32(arg1Tag), TrustedImmPtr(identifier));
         return appendCallWithExceptionCheckSetResult(operation, resultPayload, resultTag);
     }
-    JITCompiler::Call callOperation(J_DFGOperation_EDA operation, GPRReg resultTag, GPRReg resultPayload, FPRReg arg1, GPRReg arg2)
-    {
-        m_jit.setupArgumentsWithExecState(arg1, arg2);
-        return appendCallWithExceptionCheckSetResult(operation, resultPayload, resultTag);
-    }
     JITCompiler::Call callOperation(J_DFGOperation_EJA operation, GPRReg resultTag, GPRReg resultPayload, GPRReg arg1Tag, GPRReg arg1Payload, GPRReg arg2)
     {
         m_jit.setupArgumentsWithExecState(EABI_32BIT_DUMMY_ARG arg1Payload, arg1Tag, arg2);
         return appendCallWithExceptionCheckSetResult(operation, resultPayload, resultTag);
     }
-    JITCompiler::Call callOperation(J_DFGOperation_EJA operation, GPRReg resultTag, GPRReg resultPayload, TrustedImm32 arg1Tag, GPRReg arg1Payload, GPRReg arg2)
-    {
-        m_jit.setupArgumentsWithExecState(EABI_32BIT_DUMMY_ARG arg1Payload, arg1Tag, arg2);
-        return appendCallWithExceptionCheckSetResult(operation, resultPayload, resultTag);
-    }
     JITCompiler::Call callOperation(J_DFGOperation_EJ operation, GPRReg resultTag, GPRReg resultPayload, GPRReg arg1Tag, GPRReg arg1Payload)
     {
         m_jit.setupArgumentsWithExecState(EABI_32BIT_DUMMY_ARG arg1Payload, arg1Tag);
@@ -1839,21 +1819,11 @@ public:
         m_jit.setupArgumentsWithExecState(arg1, arg2, EABI_32BIT_DUMMY_ARG arg3Payload, arg3Tag);
         return appendCallWithExceptionCheck(operation);
     }
-    JITCompiler::Call callOperation(V_DFGOperation_EOZD operation, GPRReg arg1, GPRReg arg2, FPRReg arg3)
-    {
-        m_jit.setupArgumentsWithExecState(arg1, arg2, arg3);
-        return appendCallWithExceptionCheck(operation);
-    }
     JITCompiler::Call callOperation(V_DFGOperation_EOZJ operation, GPRReg arg1, GPRReg arg2, GPRReg arg3Tag, GPRReg arg3Payload)
     {
         m_jit.setupArgumentsWithExecState(arg1, arg2, EABI_32BIT_DUMMY_ARG arg3Payload, arg3Tag);
         return appendCallWithExceptionCheck(operation);
     }
-    JITCompiler::Call callOperation(V_DFGOperation_EOZJ operation, GPRReg arg1, GPRReg arg2, TrustedImm32 arg3Tag, GPRReg arg3Payload)
-    {
-        m_jit.setupArgumentsWithExecState(arg1, arg2, EABI_32BIT_DUMMY_ARG arg3Payload, arg3Tag);
-        return appendCallWithExceptionCheck(operation);
-    }
     JITCompiler::Call callOperation(V_DFGOperation_W operation, WatchpointSet* watchpointSet)
     {
         m_jit.setupArguments(TrustedImmPtr(watchpointSet));
@@ -2300,11 +2270,6 @@ public:
     void compileAllocatePropertyStorage(Node&);
     void compileReallocatePropertyStorage(Node&);
     
-#if USE(JSVALUE32_64)
-    template<typename BaseOperandType, typename PropertyOperandType, typename ValueOperandType, typename TagType>
-    void compileContiguousPutByVal(Node&, BaseOperandType&, PropertyOperandType&, ValueOperandType&, GPRReg valuePayloadReg, TagType valueTag);
-#endif
-    void compileDoublePutByVal(Node&, SpeculateCellOperand& base, SpeculateStrictInt32Operand& property);
     bool putByValWillNeedExtraRegister(ArrayMode arrayMode)
     {
         return arrayMode.mayStoreToHole();
@@ -2450,7 +2415,6 @@ public:
     
     const TypedArrayDescriptor* typedArrayDescriptor(ArrayMode);
     
-    JITCompiler::Jump jumpSlowForUnwantedArrayMode(GPRReg tempWithIndexingTypeReg, ArrayMode, IndexingType, bool invert);
     JITCompiler::JumpList jumpSlowForUnwantedArrayMode(GPRReg tempWithIndexingTypeReg, ArrayMode, bool invert = false);
     void checkArray(Node&);
     void arrayify(Node&, GPRReg baseReg, GPRReg propertyReg);
@@ -2991,11 +2955,6 @@ public:
             m_gprOrInvalid = m_jit->fillSpeculateInt(index(), m_format);
         return m_gprOrInvalid;
     }
-    
-    void use()
-    {
-        m_jit->use(m_index);
-    }
 
 private:
     SpeculativeJIT* m_jit;
@@ -3076,11 +3035,6 @@ public:
             m_fprOrInvalid = m_jit->fillSpeculateDouble(index());
         return m_fprOrInvalid;
     }
-    
-    void use()
-    {
-        m_jit->use(m_index);
-    }
 
 private:
     SpeculativeJIT* m_jit;
diff --git a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
index 694f1452e..65fdf5593 100644
--- a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
+++ b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
@@ -2046,69 +2046,6 @@ void SpeculativeJIT::emitBranch(Node& node)
     }
 }
 
-template<typename BaseOperandType, typename PropertyOperandType, typename ValueOperandType, typename TagType>
-void SpeculativeJIT::compileContiguousPutByVal(Node& node, BaseOperandType& base, PropertyOperandType& property, ValueOperandType& value, GPRReg valuePayloadReg, TagType valueTag)
-{
-    Edge child4 = m_jit.graph().varArgChild(node, 3);
-
-    ArrayMode arrayMode = node.arrayMode();
-    
-    GPRReg baseReg = base.gpr();
-    GPRReg propertyReg = property.gpr();
-    
-    StorageOperand storage(this, child4);
-    GPRReg storageReg = storage.gpr();
-
-    if (node.op() == PutByValAlias) {
-        // Store the value to the array.
-        GPRReg propertyReg = property.gpr();
-        m_jit.store32(valueTag, MacroAssembler::BaseIndex(storageReg, propertyReg, MacroAssembler::TimesEight, OBJECT_OFFSETOF(JSValue, u.asBits.tag)));
-        m_jit.store32(valuePayloadReg, MacroAssembler::BaseIndex(storageReg, propertyReg, MacroAssembler::TimesEight, OBJECT_OFFSETOF(JSValue, u.asBits.payload)));
-        
-        noResult(m_compileIndex);
-        return;
-    }
-    
-    MacroAssembler::JumpList slowCases;
-
-    if (arrayMode.isInBounds()) {
-        speculationCheck(
-            Uncountable, JSValueRegs(), NoNode,
-            m_jit.branch32(MacroAssembler::AboveOrEqual, propertyReg, MacroAssembler::Address(storageReg, Butterfly::offsetOfPublicLength())));
-    } else {
-        MacroAssembler::Jump inBounds = m_jit.branch32(MacroAssembler::Below, propertyReg, MacroAssembler::Address(storageReg, Butterfly::offsetOfPublicLength()));
-        
-        slowCases.append(m_jit.branch32(MacroAssembler::AboveOrEqual, propertyReg, MacroAssembler::Address(storageReg, Butterfly::offsetOfVectorLength())));
-        
-        if (!arrayMode.isOutOfBounds())
-            speculationCheck(Uncountable, JSValueRegs(), NoNode, slowCases);
-        
-        m_jit.add32(TrustedImm32(1), propertyReg);
-        m_jit.store32(propertyReg, MacroAssembler::Address(storageReg, Butterfly::offsetOfPublicLength()));
-        m_jit.sub32(TrustedImm32(1), propertyReg);
-        
-        inBounds.link(&m_jit);
-    }
-    
-    m_jit.store32(valueTag, MacroAssembler::BaseIndex(storageReg, propertyReg, MacroAssembler::TimesEight, OBJECT_OFFSETOF(JSValue, u.asBits.tag)));
-    m_jit.store32(valuePayloadReg, MacroAssembler::BaseIndex(storageReg, propertyReg, MacroAssembler::TimesEight, OBJECT_OFFSETOF(JSValue, u.asBits.payload)));
-    
-    base.use();
-    property.use();
-    value.use();
-    storage.use();
-    
-    if (arrayMode.isOutOfBounds()) {
-        addSlowPathGenerator(
-            slowPathCall(
-                slowCases, this,
-                m_jit.codeBlock()->isStrictMode() ? operationPutByValBeyondArrayBoundsStrict : operationPutByValBeyondArrayBoundsNonStrict,
-                NoResult, baseReg, propertyReg, valueTag, valuePayloadReg));
-    }
-
-    noResult(m_compileIndex, UseChildrenCalledExplicitly);    
-}
-
 void SpeculativeJIT::compile(Node& node)
 {
     NodeType op = node.op();
@@ -2429,8 +2366,7 @@ void SpeculativeJIT::compile(Node& node)
         break;
 
     case ArithDiv: {
-        if (Node::shouldSpeculateIntegerForArithmetic(at(node.child1()), at(node.child2()))
-            && node.canSpeculateInteger()) {
+        if (Node::shouldSpeculateInteger(at(node.child1()), at(node.child2())) && node.canSpeculateInteger()) {
 #if CPU(X86)
             compileIntegerArithDivForX86(node);
 #else // CPU(X86) -> so non-X86 code follows
@@ -2457,8 +2393,7 @@ void SpeculativeJIT::compile(Node& node)
     }
 
     case ArithAbs: {
-        if (at(node.child1()).shouldSpeculateIntegerForArithmetic()
-            && node.canSpeculateInteger()) {
+        if (at(node.child1()).shouldSpeculateInteger() && node.canSpeculateInteger()) {
             SpeculateIntegerOperand op1(this, node.child1());
             GPRTemporary result(this, op1);
             GPRTemporary scratch(this);
@@ -2482,8 +2417,7 @@ void SpeculativeJIT::compile(Node& node)
         
     case ArithMin:
     case ArithMax: {
-        if (Node::shouldSpeculateIntegerForArithmetic(at(node.child1()), at(node.child2()))
-            && node.canSpeculateInteger()) {
+        if (Node::shouldSpeculateInteger(at(node.child1()), at(node.child2())) && node.canSpeculateInteger()) {
             SpeculateStrictInt32Operand op1(this, node.child1());
             SpeculateStrictInt32Operand op2(this, node.child2());
             GPRTemporary result(this, op1);
@@ -2633,7 +2567,6 @@ void SpeculativeJIT::compile(Node& node)
             jsValueResult(resultTag.gpr(), resultPayload.gpr(), m_compileIndex);
             break;
         }
-        case Array::Int32:
         case Array::Contiguous: {
             if (node.arrayMode().isInBounds()) {
                 SpeculateStrictInt32Operand property(this, node.child2());
@@ -2647,20 +2580,8 @@ void SpeculativeJIT::compile(Node& node)
             
                 speculationCheck(OutOfBounds, JSValueRegs(), NoNode, m_jit.branch32(MacroAssembler::AboveOrEqual, propertyReg, MacroAssembler::Address(storageReg, Butterfly::offsetOfPublicLength())));
             
-                GPRTemporary resultPayload(this);
-                if (node.arrayMode().type() == Array::Int32) {
-                    speculationCheck(
-                        OutOfBounds, JSValueRegs(), NoNode,
-                        m_jit.branch32(
-                            MacroAssembler::Equal,
-                            MacroAssembler::BaseIndex(storageReg, propertyReg, MacroAssembler::TimesEight, OBJECT_OFFSETOF(JSValue, u.asBits.tag)),
-                            TrustedImm32(JSValue::EmptyValueTag)));
-                    m_jit.load32(MacroAssembler::BaseIndex(storageReg, propertyReg, MacroAssembler::TimesEight, OBJECT_OFFSETOF(JSValue, u.asBits.payload)), resultPayload.gpr());
-                    integerResult(resultPayload.gpr(), m_compileIndex);
-                    break;
-                }
-                
                 GPRTemporary resultTag(this);
+                GPRTemporary resultPayload(this);
                 m_jit.load32(MacroAssembler::BaseIndex(storageReg, propertyReg, MacroAssembler::TimesEight, OBJECT_OFFSETOF(JSValue, u.asBits.tag)), resultTag.gpr());
                 speculationCheck(OutOfBounds, JSValueRegs(), NoNode, m_jit.branch32(MacroAssembler::Equal, resultTag.gpr(), TrustedImm32(JSValue::EmptyValueTag)));
                 m_jit.load32(MacroAssembler::BaseIndex(storageReg, propertyReg, MacroAssembler::TimesEight, OBJECT_OFFSETOF(JSValue, u.asBits.payload)), resultPayload.gpr());
@@ -2700,60 +2621,6 @@ void SpeculativeJIT::compile(Node& node)
             jsValueResult(resultTagReg, resultPayloadReg, m_compileIndex);
             break;
         }
-        case Array::Double: {
-            if (node.arrayMode().isInBounds()) {
-                SpeculateStrictInt32Operand property(this, node.child2());
-                StorageOperand storage(this, node.child3());
-            
-                GPRReg propertyReg = property.gpr();
-                GPRReg storageReg = storage.gpr();
-            
-                if (!m_compileOkay)
-                    return;
-            
-                speculationCheck(OutOfBounds, JSValueRegs(), NoNode, m_jit.branch32(MacroAssembler::AboveOrEqual, propertyReg, MacroAssembler::Address(storageReg, Butterfly::offsetOfPublicLength())));
-            
-                FPRTemporary result(this);
-                m_jit.loadDouble(MacroAssembler::BaseIndex(storageReg, propertyReg, MacroAssembler::TimesEight), result.fpr());
-                speculationCheck(OutOfBounds, JSValueRegs(), NoNode, m_jit.branchDouble(MacroAssembler::DoubleNotEqualOrUnordered, result.fpr(), result.fpr()));
-                doubleResult(result.fpr(), m_compileIndex);
-                break;
-            }
-
-            SpeculateCellOperand base(this, node.child1());
-            SpeculateStrictInt32Operand property(this, node.child2());
-            StorageOperand storage(this, node.child3());
-            
-            GPRReg baseReg = base.gpr();
-            GPRReg propertyReg = property.gpr();
-            GPRReg storageReg = storage.gpr();
-            
-            if (!m_compileOkay)
-                return;
-            
-            GPRTemporary resultTag(this);
-            GPRTemporary resultPayload(this);
-            FPRTemporary temp(this);
-            GPRReg resultTagReg = resultTag.gpr();
-            GPRReg resultPayloadReg = resultPayload.gpr();
-            FPRReg tempReg = temp.fpr();
-            
-            MacroAssembler::JumpList slowCases;
-            
-            slowCases.append(m_jit.branch32(MacroAssembler::AboveOrEqual, propertyReg, MacroAssembler::Address(storageReg, Butterfly::offsetOfPublicLength())));
-            
-            m_jit.loadDouble(MacroAssembler::BaseIndex(storageReg, propertyReg, MacroAssembler::TimesEight), tempReg);
-            slowCases.append(m_jit.branchDouble(MacroAssembler::DoubleNotEqualOrUnordered, tempReg, tempReg));
-            boxDouble(tempReg, resultTagReg, resultPayloadReg);
-
-            addSlowPathGenerator(
-                slowPathCall(
-                    slowCases, this, operationGetByValArrayInt,
-                    JSValueRegs(resultTagReg, resultPayloadReg), baseReg, propertyReg));
-            
-            jsValueResult(resultTagReg, resultPayloadReg, m_compileIndex);
-            break;
-        }
         case Array::ArrayStorage:
         case Array::SlowPutArrayStorage: {
             if (node.arrayMode().isInBounds()) {
@@ -2904,17 +2771,6 @@ void SpeculativeJIT::compile(Node& node)
         GPRReg propertyReg = property.gpr();
 
         switch (arrayMode.type()) {
-        case Array::Int32: {
-            SpeculateIntegerOperand value(this, child3);
-
-            GPRReg valuePayloadReg = value.gpr();
-        
-            if (!m_compileOkay)
-                return;
-            
-            compileContiguousPutByVal(node, base, property, value, valuePayloadReg, TrustedImm32(JSValue::Int32Tag));
-            break;
-        }
         case Array::Contiguous: {
             JSValueOperand value(this, child3);
 
@@ -2928,14 +2784,61 @@ void SpeculativeJIT::compile(Node& node)
                 GPRTemporary scratch(this);
                 writeBarrier(baseReg, valueTagReg, child3, WriteBarrierForPropertyAccess, scratch.gpr());
             }
+
+            StorageOperand storage(this, child4);
+            GPRReg storageReg = storage.gpr();
+
+            if (node.op() == PutByValAlias) {
+                // Store the value to the array.
+                GPRReg propertyReg = property.gpr();
+                m_jit.store32(valueTagReg, MacroAssembler::BaseIndex(storageReg, propertyReg, MacroAssembler::TimesEight, OBJECT_OFFSETOF(JSValue, u.asBits.tag)));
+                m_jit.store32(valuePayloadReg, MacroAssembler::BaseIndex(storageReg, propertyReg, MacroAssembler::TimesEight, OBJECT_OFFSETOF(JSValue, u.asBits.payload)));
+                
+                noResult(m_compileIndex);
+                break;
+            }
             
-            compileContiguousPutByVal(node, base, property, value, valuePayloadReg, valueTagReg);
-            break;
-        }
-        case Array::Double: {
-            compileDoublePutByVal(node, base, property);
+            MacroAssembler::JumpList slowCases;
+
+            if (arrayMode.isInBounds()) {
+                speculationCheck(
+                    Uncountable, JSValueRegs(), NoNode,
+                    m_jit.branch32(MacroAssembler::AboveOrEqual, propertyReg, MacroAssembler::Address(storageReg, Butterfly::offsetOfPublicLength())));
+            } else {
+                MacroAssembler::Jump inBounds = m_jit.branch32(MacroAssembler::Below, propertyReg, MacroAssembler::Address(storageReg, Butterfly::offsetOfPublicLength()));
+                
+                slowCases.append(m_jit.branch32(MacroAssembler::AboveOrEqual, propertyReg, MacroAssembler::Address(storageReg, Butterfly::offsetOfVectorLength())));
+                
+                if (!arrayMode.isOutOfBounds())
+                    speculationCheck(Uncountable, JSValueRegs(), NoNode, slowCases);
+                
+                m_jit.add32(TrustedImm32(1), propertyReg);
+                m_jit.store32(propertyReg, MacroAssembler::Address(storageReg, Butterfly::offsetOfPublicLength()));
+                m_jit.sub32(TrustedImm32(1), propertyReg);
+                
+                inBounds.link(&m_jit);
+            }
+            
+            m_jit.store32(valueTagReg, MacroAssembler::BaseIndex(storageReg, propertyReg, MacroAssembler::TimesEight, OBJECT_OFFSETOF(JSValue, u.asBits.tag)));
+            m_jit.store32(valuePayloadReg, MacroAssembler::BaseIndex(storageReg, propertyReg, MacroAssembler::TimesEight, OBJECT_OFFSETOF(JSValue, u.asBits.payload)));
+            
+            base.use();
+            property.use();
+            value.use();
+            storage.use();
+            
+            if (arrayMode.isOutOfBounds()) {
+                addSlowPathGenerator(
+                    slowPathCall(
+                        slowCases, this,
+                        m_jit.codeBlock()->isStrictMode() ? operationPutByValBeyondArrayBoundsStrict : operationPutByValBeyondArrayBoundsNonStrict,
+                        NoResult, baseReg, propertyReg, valueTagReg, valuePayloadReg));
+            }
+
+            noResult(m_compileIndex, UseChildrenCalledExplicitly);
             break;
         }
+            
         case Array::ArrayStorage:
         case Array::SlowPutArrayStorage: {
             JSValueOperand value(this, child3);
@@ -3125,47 +3028,24 @@ void SpeculativeJIT::compile(Node& node)
         ASSERT(node.arrayMode().isJSArray());
         
         SpeculateCellOperand base(this, node.child1());
+        JSValueOperand value(this, node.child2());
         GPRTemporary storageLength(this);
         
         GPRReg baseGPR = base.gpr();
+        GPRReg valueTagGPR = value.tagGPR();
+        GPRReg valuePayloadGPR = value.payloadGPR();
         GPRReg storageLengthGPR = storageLength.gpr();
         
+        if (Heap::isWriteBarrierEnabled()) {
+            GPRTemporary scratch(this);
+            writeBarrier(baseGPR, valueTagGPR, node.child2(), WriteBarrierForPropertyAccess, scratch.gpr(), storageLengthGPR);
+        }
+
         StorageOperand storage(this, node.child3());
         GPRReg storageGPR = storage.gpr();
         
         switch (node.arrayMode().type()) {
-        case Array::Int32: {
-            SpeculateIntegerOperand value(this, node.child2());
-            GPRReg valuePayloadGPR = value.gpr();
-            
-            m_jit.load32(MacroAssembler::Address(storageGPR, Butterfly::offsetOfPublicLength()), storageLengthGPR);
-            MacroAssembler::Jump slowPath = m_jit.branch32(MacroAssembler::AboveOrEqual, storageLengthGPR, MacroAssembler::Address(storageGPR, Butterfly::offsetOfVectorLength()));
-            m_jit.store32(TrustedImm32(JSValue::Int32Tag), MacroAssembler::BaseIndex(storageGPR, storageLengthGPR, MacroAssembler::TimesEight, OBJECT_OFFSETOF(JSValue, u.asBits.tag)));
-            m_jit.store32(valuePayloadGPR, MacroAssembler::BaseIndex(storageGPR, storageLengthGPR, MacroAssembler::TimesEight, OBJECT_OFFSETOF(JSValue, u.asBits.payload)));
-            m_jit.add32(TrustedImm32(1), storageLengthGPR);
-            m_jit.store32(storageLengthGPR, MacroAssembler::Address(storageGPR, Butterfly::offsetOfPublicLength()));
-            m_jit.move(TrustedImm32(JSValue::Int32Tag), storageGPR);
-            
-            addSlowPathGenerator(
-                slowPathCall(
-                    slowPath, this, operationArrayPush,
-                    JSValueRegs(storageGPR, storageLengthGPR),
-                    TrustedImm32(JSValue::Int32Tag), valuePayloadGPR, baseGPR));
-        
-            jsValueResult(storageGPR, storageLengthGPR, m_compileIndex);
-            break;
-        }
-            
         case Array::Contiguous: {
-            JSValueOperand value(this, node.child2());
-            GPRReg valueTagGPR = value.tagGPR();
-            GPRReg valuePayloadGPR = value.payloadGPR();
-
-            if (Heap::isWriteBarrierEnabled()) {
-                GPRTemporary scratch(this);
-                writeBarrier(baseGPR, valueTagGPR, node.child2(), WriteBarrierForPropertyAccess, scratch.gpr(), storageLengthGPR);
-            }
-
             m_jit.load32(MacroAssembler::Address(storageGPR, Butterfly::offsetOfPublicLength()), storageLengthGPR);
             MacroAssembler::Jump slowPath = m_jit.branch32(MacroAssembler::AboveOrEqual, storageLengthGPR, MacroAssembler::Address(storageGPR, Butterfly::offsetOfVectorLength()));
             m_jit.store32(valueTagGPR, MacroAssembler::BaseIndex(storageGPR, storageLengthGPR, MacroAssembler::TimesEight, OBJECT_OFFSETOF(JSValue, u.asBits.tag)));
@@ -3184,45 +3064,7 @@ void SpeculativeJIT::compile(Node& node)
             break;
         }
             
-        case Array::Double: {
-            SpeculateDoubleOperand value(this, node.child2());
-            FPRReg valueFPR = value.fpr();
-
-            if (!isRealNumberSpeculation(m_state.forNode(node.child2()).m_type)) {
-                // FIXME: We need a way of profiling these, and we need to hoist them into
-                // SpeculateDoubleOperand.
-                speculationCheck(
-                    BadType, JSValueRegs(), NoNode,
-                    m_jit.branchDouble(MacroAssembler::DoubleNotEqualOrUnordered, valueFPR, valueFPR));
-            }
-            
-            m_jit.load32(MacroAssembler::Address(storageGPR, Butterfly::offsetOfPublicLength()), storageLengthGPR);
-            MacroAssembler::Jump slowPath = m_jit.branch32(MacroAssembler::AboveOrEqual, storageLengthGPR, MacroAssembler::Address(storageGPR, Butterfly::offsetOfVectorLength()));
-            m_jit.storeDouble(valueFPR, MacroAssembler::BaseIndex(storageGPR, storageLengthGPR, MacroAssembler::TimesEight));
-            m_jit.add32(TrustedImm32(1), storageLengthGPR);
-            m_jit.store32(storageLengthGPR, MacroAssembler::Address(storageGPR, Butterfly::offsetOfPublicLength()));
-            m_jit.move(TrustedImm32(JSValue::Int32Tag), storageGPR);
-            
-            addSlowPathGenerator(
-                slowPathCall(
-                    slowPath, this, operationArrayPushDouble,
-                    JSValueRegs(storageGPR, storageLengthGPR),
-                    valueFPR, baseGPR));
-        
-            jsValueResult(storageGPR, storageLengthGPR, m_compileIndex);
-            break;
-        }
-            
         case Array::ArrayStorage: {
-            JSValueOperand value(this, node.child2());
-            GPRReg valueTagGPR = value.tagGPR();
-            GPRReg valuePayloadGPR = value.payloadGPR();
-
-            if (Heap::isWriteBarrierEnabled()) {
-                GPRTemporary scratch(this);
-                writeBarrier(baseGPR, valueTagGPR, node.child2(), WriteBarrierForPropertyAccess, scratch.gpr(), storageLengthGPR);
-            }
-
             m_jit.load32(MacroAssembler::Address(storageGPR, ArrayStorage::lengthOffset()), storageLengthGPR);
         
             // Refuse to handle bizarre lengths.
@@ -3265,7 +3107,6 @@ void SpeculativeJIT::compile(Node& node)
         GPRReg storageGPR = storage.gpr();
         
         switch (node.arrayMode().type()) {
-        case Array::Int32:
         case Array::Contiguous: {
             m_jit.load32(
                 MacroAssembler::Address(storageGPR, Butterfly::offsetOfPublicLength()), valuePayloadGPR);
@@ -3299,44 +3140,6 @@ void SpeculativeJIT::compile(Node& node)
             break;
         }
             
-        case Array::Double: {
-            FPRTemporary temp(this);
-            FPRReg tempFPR = temp.fpr();
-            
-            m_jit.load32(
-                MacroAssembler::Address(storageGPR, Butterfly::offsetOfPublicLength()), valuePayloadGPR);
-            MacroAssembler::Jump undefinedCase =
-                m_jit.branchTest32(MacroAssembler::Zero, valuePayloadGPR);
-            m_jit.sub32(TrustedImm32(1), valuePayloadGPR);
-            m_jit.store32(
-                valuePayloadGPR, MacroAssembler::Address(storageGPR, Butterfly::offsetOfPublicLength()));
-            m_jit.loadDouble(
-                MacroAssembler::BaseIndex(storageGPR, valuePayloadGPR, MacroAssembler::TimesEight),
-                tempFPR);
-            MacroAssembler::Jump slowCase = m_jit.branchDouble(MacroAssembler::DoubleNotEqualOrUnordered, tempFPR, tempFPR);
-            JSValue nan = JSValue(JSValue::EncodeAsDouble, QNaN);
-            m_jit.store32(
-                MacroAssembler::TrustedImm32(nan.u.asBits.tag),
-                MacroAssembler::BaseIndex(storageGPR, valuePayloadGPR, MacroAssembler::TimesEight, OBJECT_OFFSETOF(JSValue, u.asBits.tag)));
-            m_jit.store32(
-                MacroAssembler::TrustedImm32(nan.u.asBits.payload),
-                MacroAssembler::BaseIndex(storageGPR, valuePayloadGPR, MacroAssembler::TimesEight, OBJECT_OFFSETOF(JSValue, u.asBits.payload)));
-            boxDouble(tempFPR, valueTagGPR, valuePayloadGPR);
-
-            addSlowPathGenerator(
-                slowPathMove(
-                    undefinedCase, this,
-                    MacroAssembler::TrustedImm32(jsUndefined().tag()), valueTagGPR,
-                    MacroAssembler::TrustedImm32(jsUndefined().payload()), valuePayloadGPR));
-            addSlowPathGenerator(
-                slowPathCall(
-                    slowCase, this, operationArrayPopAndRecoverLength,
-                    JSValueRegs(valueTagGPR, valuePayloadGPR), baseGPR));
-            
-            jsValueResult(valueTagGPR, valuePayloadGPR, m_compileIndex);
-            break;
-        }
-
         case Array::ArrayStorage: {
             GPRTemporary storageLength(this);
             GPRReg storageLengthGPR = storageLength.gpr();
@@ -3555,17 +3358,11 @@ void SpeculativeJIT::compile(Node& node)
 
     case NewArray: {
         JSGlobalObject* globalObject = m_jit.graph().globalObjectFor(node.codeOrigin);
-        if (!globalObject->isHavingABadTime() && !hasArrayStorage(node.indexingType())) {
+        if (!globalObject->isHavingABadTime()) {
             globalObject->havingABadTimeWatchpoint()->add(speculationWatchpoint());
             
-            Structure* structure = globalObject->arrayStructureForIndexingTypeDuringAllocation(node.indexingType());
-            ASSERT(structure->indexingType() == node.indexingType());
-            ASSERT(
-                hasUndecided(structure->indexingType())
-                || hasInt32(structure->indexingType())
-                || hasDouble(structure->indexingType())
-                || hasContiguous(structure->indexingType()));
-
+            ASSERT(hasContiguous(globalObject->arrayStructure()->indexingType()));
+            
             unsigned numElements = node.numChildren();
             
             GPRTemporary result(this);
@@ -3574,52 +3371,17 @@ void SpeculativeJIT::compile(Node& node)
             GPRReg resultGPR = result.gpr();
             GPRReg storageGPR = storage.gpr();
 
-            emitAllocateJSArray(structure, resultGPR, storageGPR, numElements);
+            emitAllocateJSArray(globalObject->arrayStructure(), resultGPR, storageGPR, numElements);
             
             // At this point, one way or another, resultGPR and storageGPR have pointers to
             // the JSArray and the Butterfly, respectively.
             
-            ASSERT(!hasUndecided(structure->indexingType()) || !node.numChildren());
-            
             for (unsigned operandIdx = 0; operandIdx < node.numChildren(); ++operandIdx) {
-                Edge use = m_jit.graph().m_varArgChildren[node.firstChild() + operandIdx];
-                switch (node.indexingType()) {
-                case ALL_BLANK_INDEXING_TYPES:
-                case ALL_UNDECIDED_INDEXING_TYPES:
-                    CRASH();
-                    break;
-                case ALL_DOUBLE_INDEXING_TYPES: {
-                    SpeculateDoubleOperand operand(this, use);
-                    FPRReg opFPR = operand.fpr();
-                    if (!isRealNumberSpeculation(m_state.forNode(use).m_type)) {
-                        // FIXME: We need a way of profiling these, and we need to hoist them into
-                        // SpeculateDoubleOperand.
-                        speculationCheck(
-                            BadType, JSValueRegs(), NoNode,
-                            m_jit.branchDouble(MacroAssembler::DoubleNotEqualOrUnordered, opFPR, opFPR));
-                    }
-        
-                    m_jit.storeDouble(opFPR, MacroAssembler::Address(storageGPR, sizeof(double) * operandIdx));
-                    break;
-                }
-                case ALL_INT32_INDEXING_TYPES: {
-                    SpeculateIntegerOperand operand(this, use);
-                    m_jit.store32(TrustedImm32(JSValue::Int32Tag), MacroAssembler::Address(storageGPR, sizeof(JSValue) * operandIdx + OBJECT_OFFSETOF(JSValue, u.asBits.tag)));
-                    m_jit.store32(operand.gpr(), MacroAssembler::Address(storageGPR, sizeof(JSValue) * operandIdx + OBJECT_OFFSETOF(JSValue, u.asBits.payload)));
-                    break;
-                }
-                case ALL_CONTIGUOUS_INDEXING_TYPES: {
-                    JSValueOperand operand(this, m_jit.graph().m_varArgChildren[node.firstChild() + operandIdx]);
-                    GPRReg opTagGPR = operand.tagGPR();
-                    GPRReg opPayloadGPR = operand.payloadGPR();
-                    m_jit.store32(opTagGPR, MacroAssembler::Address(storageGPR, sizeof(JSValue) * operandIdx + OBJECT_OFFSETOF(JSValue, u.asBits.tag)));
-                    m_jit.store32(opPayloadGPR, MacroAssembler::Address(storageGPR, sizeof(JSValue) * operandIdx + OBJECT_OFFSETOF(JSValue, u.asBits.payload)));
-                    break;
-                }
-                default:
-                    CRASH();
-                    break;
-                }
+                JSValueOperand operand(this, m_jit.graph().m_varArgChildren[node.firstChild() + operandIdx]);
+                GPRReg opTagGPR = operand.tagGPR();
+                GPRReg opPayloadGPR = operand.payloadGPR();
+                m_jit.store32(opTagGPR, MacroAssembler::Address(storageGPR, sizeof(JSValue) * operandIdx + OBJECT_OFFSETOF(JSValue, u.asBits.tag)));
+                m_jit.store32(opPayloadGPR, MacroAssembler::Address(storageGPR, sizeof(JSValue) * operandIdx + OBJECT_OFFSETOF(JSValue, u.asBits.payload)));
             }
             
             // Yuck, we should *really* have a way of also returning the storageGPR. But
@@ -3637,7 +3399,7 @@ void SpeculativeJIT::compile(Node& node)
             flushRegisters();
             GPRResult result(this);
             callOperation(
-                operationNewEmptyArray, result.gpr(), globalObject->arrayStructureForIndexingTypeDuringAllocation(node.indexingType()));
+                operationNewEmptyArray, result.gpr(), globalObject->arrayStructure());
             cellResult(result.gpr(), m_compileIndex);
             break;
         }
@@ -3647,61 +3409,13 @@ void SpeculativeJIT::compile(Node& node)
         EncodedJSValue* buffer = scratchBuffer ? static_cast<EncodedJSValue*>(scratchBuffer->dataBuffer()) : 0;
         
         for (unsigned operandIdx = 0; operandIdx < node.numChildren(); ++operandIdx) {
-            // Need to perform the speculations that this node promises to perform. If we're
-            // emitting code here and the indexing type is not array storage then there is
-            // probably something hilarious going on and we're already failing at all the
-            // things, but at least we're going to be sound.
-            Edge use = m_jit.graph().m_varArgChildren[node.firstChild() + operandIdx];
-            switch (node.indexingType()) {
-            case ALL_BLANK_INDEXING_TYPES:
-            case ALL_UNDECIDED_INDEXING_TYPES:
-                CRASH();
-                break;
-            case ALL_DOUBLE_INDEXING_TYPES: {
-                SpeculateDoubleOperand operand(this, use);
-                FPRReg opFPR = operand.fpr();
-                if (!isRealNumberSpeculation(m_state.forNode(use).m_type)) {
-                    // FIXME: We need a way of profiling these, and we need to hoist them into
-                    // SpeculateDoubleOperand.
-                    speculationCheck(
-                        BadType, JSValueRegs(), NoNode,
-                        m_jit.branchDouble(MacroAssembler::DoubleNotEqualOrUnordered, opFPR, opFPR));
-                }
-                
-                m_jit.storeDouble(opFPR, reinterpret_cast<char*>(buffer + operandIdx));
-                break;
-            }
-            case ALL_INT32_INDEXING_TYPES: {
-                SpeculateIntegerOperand operand(this, use);
-                GPRReg opGPR = operand.gpr();
-                m_jit.store32(TrustedImm32(JSValue::Int32Tag), reinterpret_cast<char*>(buffer + operandIdx) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag));
-                m_jit.store32(opGPR, reinterpret_cast<char*>(buffer + operandIdx) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload));
-                break;
-            }
-            case ALL_CONTIGUOUS_INDEXING_TYPES:
-            case ALL_ARRAY_STORAGE_INDEXING_TYPES: {
-                JSValueOperand operand(this, m_jit.graph().m_varArgChildren[node.firstChild() + operandIdx]);
-                GPRReg opTagGPR = operand.tagGPR();
-                GPRReg opPayloadGPR = operand.payloadGPR();
-                
-                m_jit.store32(opTagGPR, reinterpret_cast<char*>(buffer + operandIdx) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag));
-                m_jit.store32(opPayloadGPR, reinterpret_cast<char*>(buffer + operandIdx) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload));
-                operand.use();
-                break;
-            }
-            default:
-                CRASH();
-                break;
-            }
-        }
-        
-        switch (node.indexingType()) {
-        case ALL_DOUBLE_INDEXING_TYPES:
-        case ALL_INT32_INDEXING_TYPES:
-            useChildren(node);
-            break;
-        default:
-            break;
+            JSValueOperand operand(this, m_jit.graph().m_varArgChildren[node.firstChild() + operandIdx]);
+            GPRReg opTagGPR = operand.tagGPR();
+            GPRReg opPayloadGPR = operand.payloadGPR();
+            operand.use();
+            
+            m_jit.store32(opTagGPR, reinterpret_cast<char*>(buffer + operandIdx) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag));
+            m_jit.store32(opPayloadGPR, reinterpret_cast<char*>(buffer + operandIdx) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload));
         }
         
         flushRegisters();
@@ -3717,8 +3431,8 @@ void SpeculativeJIT::compile(Node& node)
         GPRResult result(this);
         
         callOperation(
-            operationNewArray, result.gpr(), globalObject->arrayStructureForIndexingTypeDuringAllocation(node.indexingType()),
-            static_cast<void*>(buffer), node.numChildren());
+            operationNewArray, result.gpr(), globalObject->arrayStructure(),
+            static_cast<void *>(buffer), node.numChildren());
 
         if (scratchSize) {
             GPRTemporary scratch(this);
@@ -3757,30 +3471,17 @@ void SpeculativeJIT::compile(Node& node)
                 emitAllocateBasicStorage(resultGPR, storageGPR));
             m_jit.subPtr(scratchGPR, storageGPR);
             emitAllocateBasicJSObject<JSArray, MarkedBlock::None>(
-                TrustedImmPtr(globalObject->arrayStructureForIndexingTypeDuringAllocation(node.indexingType())), resultGPR, scratchGPR,
+                TrustedImmPtr(globalObject->arrayStructure()), resultGPR, scratchGPR,
                 storageGPR, sizeof(JSArray), slowCases);
             
             m_jit.store32(sizeGPR, MacroAssembler::Address(storageGPR, Butterfly::offsetOfPublicLength()));
             m_jit.store32(sizeGPR, MacroAssembler::Address(storageGPR, Butterfly::offsetOfVectorLength()));
             
-            if (hasDouble(node.indexingType())) {
-                JSValue nan = JSValue(JSValue::EncodeAsDouble, QNaN);
-                
-                m_jit.move(sizeGPR, scratchGPR);
-                MacroAssembler::Jump done = m_jit.branchTest32(MacroAssembler::Zero, scratchGPR);
-                MacroAssembler::Label loop = m_jit.label();
-                m_jit.sub32(TrustedImm32(1), scratchGPR);
-                m_jit.store32(TrustedImm32(nan.u.asBits.tag), MacroAssembler::BaseIndex(storageGPR, scratchGPR, MacroAssembler::TimesEight, OBJECT_OFFSETOF(JSValue, u.asBits.tag)));
-                m_jit.store32(TrustedImm32(nan.u.asBits.payload), MacroAssembler::BaseIndex(storageGPR, scratchGPR, MacroAssembler::TimesEight, OBJECT_OFFSETOF(JSValue, u.asBits.payload)));
-                m_jit.branchTest32(MacroAssembler::NonZero, scratchGPR).linkTo(loop, &m_jit);
-                done.link(&m_jit);
-            }
-            
             addSlowPathGenerator(adoptPtr(
                 new CallArrayAllocatorWithVariableSizeSlowPathGenerator(
                     slowCases, this, operationNewArrayWithSize, resultGPR,
-                    globalObject->arrayStructureForIndexingTypeDuringAllocation(node.indexingType()),
-                    globalObject->arrayStructureForIndexingTypeDuringAllocation(ArrayWithArrayStorage),
+                    globalObject->arrayStructure(),
+                    globalObject->arrayStructureWithArrayStorage(),
                     sizeGPR)));
             
             cellResult(resultGPR, m_compileIndex);
@@ -3791,24 +3492,15 @@ void SpeculativeJIT::compile(Node& node)
         GPRReg sizeGPR = size.gpr();
         flushRegisters();
         GPRResult result(this);
-        GPRReg resultGPR = result.gpr();
-        GPRReg structureGPR = selectScratchGPR(sizeGPR);
-        MacroAssembler::Jump bigLength = m_jit.branch32(MacroAssembler::AboveOrEqual, sizeGPR, TrustedImm32(MIN_SPARSE_ARRAY_INDEX));
-        m_jit.move(TrustedImmPtr(globalObject->arrayStructureForIndexingTypeDuringAllocation(node.indexingType())), structureGPR);
-        MacroAssembler::Jump done = m_jit.jump();
-        bigLength.link(&m_jit);
-        m_jit.move(TrustedImmPtr(globalObject->arrayStructureForIndexingTypeDuringAllocation(ArrayWithArrayStorage)), structureGPR);
-        done.link(&m_jit);
         callOperation(
-            operationNewArrayWithSize, resultGPR, structureGPR, sizeGPR);
-        cellResult(resultGPR, m_compileIndex);
+            operationNewArrayWithSize, result.gpr(), globalObject->arrayStructure(), sizeGPR);
+        cellResult(result.gpr(), m_compileIndex);
         break;
     }
         
     case NewArrayBuffer: {
         JSGlobalObject* globalObject = m_jit.graph().globalObjectFor(node.codeOrigin);
-        IndexingType indexingType = node.indexingType();
-        if (!globalObject->isHavingABadTime() && !hasArrayStorage(indexingType)) {
+        if (!globalObject->isHavingABadTime()) {
             globalObject->havingABadTimeWatchpoint()->add(speculationWatchpoint());
             
             unsigned numElements = node.numConstants();
@@ -3819,25 +3511,12 @@ void SpeculativeJIT::compile(Node& node)
             GPRReg resultGPR = result.gpr();
             GPRReg storageGPR = storage.gpr();
 
-            emitAllocateJSArray(globalObject->arrayStructureForIndexingTypeDuringAllocation(indexingType), resultGPR, storageGPR, numElements);
+            emitAllocateJSArray(globalObject->arrayStructure(), resultGPR, storageGPR, numElements);
             
-            if (node.indexingType() == ArrayWithDouble) {
-                JSValue* data = m_jit.codeBlock()->constantBuffer(node.startConstant());
-                for (unsigned index = 0; index < node.numConstants(); ++index) {
-                    union {
-                        int32_t halves[2];
-                        double value;
-                    } u;
-                    u.value = data[index].asNumber();
-                    m_jit.store32(Imm32(u.halves[0]), MacroAssembler::Address(storageGPR, sizeof(double) * index));
-                    m_jit.store32(Imm32(u.halves[1]), MacroAssembler::Address(storageGPR, sizeof(double) * index + sizeof(int32_t)));
-                }
-            } else {
-                int32_t* data = bitwise_cast<int32_t*>(m_jit.codeBlock()->constantBuffer(node.startConstant()));
-                for (unsigned index = 0; index < node.numConstants() * 2; ++index) {
-                    m_jit.store32(
-                        Imm32(data[index]), MacroAssembler::Address(storageGPR, sizeof(int32_t) * index));
-                }
+            int32_t* data = bitwise_cast<int32_t*>(m_jit.codeBlock()->constantBuffer(node.startConstant()));
+            for (unsigned index = 0; index < node.numConstants() * 2; ++index) {
+                m_jit.store32(
+                    Imm32(data[index]), MacroAssembler::Address(storageGPR, sizeof(int32_t) * index));
             }
             
             cellResult(resultGPR, m_compileIndex);
@@ -3847,7 +3526,7 @@ void SpeculativeJIT::compile(Node& node)
         flushRegisters();
         GPRResult result(this);
         
-        callOperation(operationNewArrayBuffer, result.gpr(), globalObject->arrayStructureForIndexingTypeDuringAllocation(node.indexingType()), node.startConstant(), node.numConstants());
+        callOperation(operationNewArrayBuffer, result.gpr(), globalObject->arrayStructure(), node.startConstant(), node.numConstants());
         
         cellResult(result.gpr(), m_compileIndex);
         break;
diff --git a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
index ecd823e7b..6c066c388 100644
--- a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
+++ b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
@@ -2403,8 +2403,7 @@ void SpeculativeJIT::compile(Node& node)
         break;
 
     case ArithDiv: {
-        if (Node::shouldSpeculateIntegerForArithmetic(at(node.child1()), at(node.child2()))
-            && node.canSpeculateInteger()) {
+        if (Node::shouldSpeculateInteger(at(node.child1()), at(node.child2())) && node.canSpeculateInteger()) {
             compileIntegerArithDivForX86(node);
             break;
         }
@@ -2427,8 +2426,7 @@ void SpeculativeJIT::compile(Node& node)
     }
 
     case ArithAbs: {
-        if (at(node.child1()).shouldSpeculateIntegerForArithmetic()
-            && node.canSpeculateInteger()) {
+        if (at(node.child1()).shouldSpeculateInteger() && node.canSpeculateInteger()) {
             SpeculateIntegerOperand op1(this, node.child1());
             GPRTemporary result(this);
             GPRTemporary scratch(this);
@@ -2452,8 +2450,7 @@ void SpeculativeJIT::compile(Node& node)
         
     case ArithMin:
     case ArithMax: {
-        if (Node::shouldSpeculateIntegerForArithmetic(at(node.child1()), at(node.child2()))
-            && node.canSpeculateInteger()) {
+        if (Node::shouldSpeculateInteger(at(node.child1()), at(node.child2())) && node.canSpeculateInteger()) {
             SpeculateStrictInt32Operand op1(this, node.child1());
             SpeculateStrictInt32Operand op2(this, node.child2());
             GPRTemporary result(this, op1);
@@ -2601,7 +2598,6 @@ void SpeculativeJIT::compile(Node& node)
             jsValueResult(result.gpr(), m_compileIndex);
             break;
         }
-        case Array::Int32:
         case Array::Contiguous: {
             if (node.arrayMode().isInBounds()) {
                 SpeculateStrictInt32Operand property(this, node.child2());
@@ -2618,7 +2614,7 @@ void SpeculativeJIT::compile(Node& node)
                 GPRTemporary result(this);
                 m_jit.load64(MacroAssembler::BaseIndex(storageReg, propertyReg, MacroAssembler::TimesEight), result.gpr());
                 speculationCheck(OutOfBounds, JSValueRegs(), NoNode, m_jit.branchTest64(MacroAssembler::Zero, result.gpr()));
-                jsValueResult(result.gpr(), m_compileIndex, node.arrayMode().type() == Array::Int32 ? DataFormatJSInteger : DataFormatJS);
+                jsValueResult(result.gpr(), m_compileIndex);
                 break;
             }
             
@@ -2651,60 +2647,6 @@ void SpeculativeJIT::compile(Node& node)
             jsValueResult(resultReg, m_compileIndex);
             break;
         }
-
-        case Array::Double: {
-            if (node.arrayMode().isInBounds()) {
-                SpeculateStrictInt32Operand property(this, node.child2());
-                StorageOperand storage(this, node.child3());
-            
-                GPRReg propertyReg = property.gpr();
-                GPRReg storageReg = storage.gpr();
-            
-                if (!m_compileOkay)
-                    return;
-            
-                speculationCheck(OutOfBounds, JSValueRegs(), NoNode, m_jit.branch32(MacroAssembler::AboveOrEqual, propertyReg, MacroAssembler::Address(storageReg, Butterfly::offsetOfPublicLength())));
-            
-                FPRTemporary result(this);
-                m_jit.loadDouble(MacroAssembler::BaseIndex(storageReg, propertyReg, MacroAssembler::TimesEight), result.fpr());
-                speculationCheck(OutOfBounds, JSValueRegs(), NoNode, m_jit.branchDouble(MacroAssembler::DoubleNotEqualOrUnordered, result.fpr(), result.fpr()));
-                doubleResult(result.fpr(), m_compileIndex);
-                break;
-            }
-
-            SpeculateCellOperand base(this, node.child1());
-            SpeculateStrictInt32Operand property(this, node.child2());
-            StorageOperand storage(this, node.child3());
-            
-            GPRReg baseReg = base.gpr();
-            GPRReg propertyReg = property.gpr();
-            GPRReg storageReg = storage.gpr();
-            
-            if (!m_compileOkay)
-                return;
-            
-            GPRTemporary result(this);
-            FPRTemporary temp(this);
-            GPRReg resultReg = result.gpr();
-            FPRReg tempReg = temp.fpr();
-            
-            MacroAssembler::JumpList slowCases;
-            
-            slowCases.append(m_jit.branch32(MacroAssembler::AboveOrEqual, propertyReg, MacroAssembler::Address(storageReg, Butterfly::offsetOfPublicLength())));
-            
-            m_jit.loadDouble(MacroAssembler::BaseIndex(storageReg, propertyReg, MacroAssembler::TimesEight), tempReg);
-            slowCases.append(m_jit.branchDouble(MacroAssembler::DoubleNotEqualOrUnordered, tempReg, tempReg));
-            boxDouble(tempReg, resultReg);
-            
-            addSlowPathGenerator(
-                slowPathCall(
-                    slowCases, this, operationGetByValArrayInt,
-                    result.gpr(), baseReg, propertyReg));
-            
-            jsValueResult(resultReg, m_compileIndex);
-            break;
-        }
-
         case Array::ArrayStorage:
         case Array::SlowPutArrayStorage: {
             if (node.arrayMode().isInBounds()) {
@@ -2847,7 +2789,6 @@ void SpeculativeJIT::compile(Node& node)
         GPRReg propertyReg = property.gpr();
 
         switch (arrayMode.type()) {
-        case Array::Int32:
         case Array::Contiguous: {
             JSValueOperand value(this, child3);
 
@@ -2855,15 +2796,8 @@ void SpeculativeJIT::compile(Node& node)
         
             if (!m_compileOkay)
                 return;
-            
-            if (arrayMode.type() == Array::Int32
-                && !isInt32Speculation(m_state.forNode(child3).m_type)) {
-                speculationCheck(
-                    BadType, JSValueRegs(valueReg), child3,
-                    m_jit.branch64(MacroAssembler::Below, valueReg, GPRInfo::tagTypeNumberRegister));
-            }
         
-            if (arrayMode.type() == Array::Contiguous && Heap::isWriteBarrierEnabled()) {
+            if (Heap::isWriteBarrierEnabled()) {
                 GPRTemporary scratch(this);
                 writeBarrier(baseReg, value.gpr(), child3, WriteBarrierForPropertyAccess, scratch.gpr());
             }
@@ -2923,11 +2857,6 @@ void SpeculativeJIT::compile(Node& node)
             break;
         }
             
-        case Array::Double: {
-            compileDoublePutByVal(node, base, property);
-            break;
-        }
-            
         case Array::ArrayStorage:
         case Array::SlowPutArrayStorage: {
             JSValueOperand value(this, child3);
@@ -3152,31 +3081,23 @@ void SpeculativeJIT::compile(Node& node)
         ASSERT(node.arrayMode().isJSArray());
         
         SpeculateCellOperand base(this, node.child1());
+        JSValueOperand value(this, node.child2());
         GPRTemporary storageLength(this);
         
         GPRReg baseGPR = base.gpr();
+        GPRReg valueGPR = value.gpr();
         GPRReg storageLengthGPR = storageLength.gpr();
         
+        if (Heap::isWriteBarrierEnabled()) {
+            GPRTemporary scratch(this);
+            writeBarrier(baseGPR, valueGPR, node.child2(), WriteBarrierForPropertyAccess, scratch.gpr(), storageLengthGPR);
+        }
+
         StorageOperand storage(this, node.child3());
         GPRReg storageGPR = storage.gpr();
 
         switch (node.arrayMode().type()) {
-        case Array::Int32:
         case Array::Contiguous: {
-            JSValueOperand value(this, node.child2());
-            GPRReg valueGPR = value.gpr();
-
-            if (node.arrayMode().type() == Array::Int32 && !isInt32Speculation(m_state.forNode(node.child2()).m_type)) {
-                speculationCheck(
-                    BadType, JSValueRegs(valueGPR), node.child2(),
-                    m_jit.branch64(MacroAssembler::Below, valueGPR, GPRInfo::tagTypeNumberRegister));
-            }
-
-            if (node.arrayMode().type() != Array::Int32 && Heap::isWriteBarrierEnabled()) {
-                GPRTemporary scratch(this);
-                writeBarrier(baseGPR, valueGPR, node.child2(), WriteBarrierForPropertyAccess, scratch.gpr(), storageLengthGPR);
-            }
-            
             m_jit.load32(MacroAssembler::Address(storageGPR, Butterfly::offsetOfPublicLength()), storageLengthGPR);
             MacroAssembler::Jump slowPath = m_jit.branch32(MacroAssembler::AboveOrEqual, storageLengthGPR, MacroAssembler::Address(storageGPR, Butterfly::offsetOfVectorLength()));
             m_jit.store64(valueGPR, MacroAssembler::BaseIndex(storageGPR, storageLengthGPR, MacroAssembler::TimesEight));
@@ -3193,43 +3114,7 @@ void SpeculativeJIT::compile(Node& node)
             break;
         }
             
-        case Array::Double: {
-            SpeculateDoubleOperand value(this, node.child2());
-            FPRReg valueFPR = value.fpr();
-
-            if (!isRealNumberSpeculation(m_state.forNode(node.child2()).m_type)) {
-                // FIXME: We need a way of profiling these, and we need to hoist them into
-                // SpeculateDoubleOperand.
-                speculationCheck(
-                    BadType, JSValueRegs(), NoNode,
-                    m_jit.branchDouble(MacroAssembler::DoubleNotEqualOrUnordered, valueFPR, valueFPR));
-            }
-            
-            m_jit.load32(MacroAssembler::Address(storageGPR, Butterfly::offsetOfPublicLength()), storageLengthGPR);
-            MacroAssembler::Jump slowPath = m_jit.branch32(MacroAssembler::AboveOrEqual, storageLengthGPR, MacroAssembler::Address(storageGPR, Butterfly::offsetOfVectorLength()));
-            m_jit.storeDouble(valueFPR, MacroAssembler::BaseIndex(storageGPR, storageLengthGPR, MacroAssembler::TimesEight));
-            m_jit.add32(TrustedImm32(1), storageLengthGPR);
-            m_jit.store32(storageLengthGPR, MacroAssembler::Address(storageGPR, Butterfly::offsetOfPublicLength()));
-            m_jit.or64(GPRInfo::tagTypeNumberRegister, storageLengthGPR);
-            
-            addSlowPathGenerator(
-                slowPathCall(
-                    slowPath, this, operationArrayPushDouble, NoResult, storageLengthGPR,
-                    valueFPR, baseGPR));
-        
-            jsValueResult(storageLengthGPR, m_compileIndex);
-            break;
-        }
-            
         case Array::ArrayStorage: {
-            JSValueOperand value(this, node.child2());
-            GPRReg valueGPR = value.gpr();
-
-            if (Heap::isWriteBarrierEnabled()) {
-                GPRTemporary scratch(this);
-                writeBarrier(baseGPR, valueGPR, node.child2(), WriteBarrierForPropertyAccess, scratch.gpr(), storageLengthGPR);
-            }
-
             m_jit.load32(MacroAssembler::Address(storageGPR, ArrayStorage::lengthOffset()), storageLengthGPR);
         
             // Refuse to handle bizarre lengths.
@@ -3267,17 +3152,13 @@ void SpeculativeJIT::compile(Node& node)
         StorageOperand storage(this, node.child2());
         GPRTemporary value(this);
         GPRTemporary storageLength(this);
-        FPRTemporary temp(this); // This is kind of lame, since we don't always need it. I'm relying on the fact that we don't have FPR pressure, especially in code that uses pop().
         
         GPRReg baseGPR = base.gpr();
         GPRReg storageGPR = storage.gpr();
         GPRReg valueGPR = value.gpr();
         GPRReg storageLengthGPR = storageLength.gpr();
-        FPRReg tempFPR = temp.fpr();
         
         switch (node.arrayMode().type()) {
-        case Array::Int32:
-        case Array::Double:
         case Array::Contiguous: {
             m_jit.load32(
                 MacroAssembler::Address(storageGPR, Butterfly::offsetOfPublicLength()), storageLengthGPR);
@@ -3286,27 +3167,14 @@ void SpeculativeJIT::compile(Node& node)
             m_jit.sub32(TrustedImm32(1), storageLengthGPR);
             m_jit.store32(
                 storageLengthGPR, MacroAssembler::Address(storageGPR, Butterfly::offsetOfPublicLength()));
-            MacroAssembler::Jump slowCase;
-            if (node.arrayMode().type() == Array::Double) {
-                m_jit.loadDouble(
-                    MacroAssembler::BaseIndex(storageGPR, storageLengthGPR, MacroAssembler::TimesEight),
-                    tempFPR);
-                // FIXME: This would not have to be here if changing the publicLength also zeroed the values between the old
-                // length and the new length.
-                m_jit.store64(
-                MacroAssembler::TrustedImm64((int64_t)0), MacroAssembler::BaseIndex(storageGPR, storageLengthGPR, MacroAssembler::TimesEight));
-                slowCase = m_jit.branchDouble(MacroAssembler::DoubleNotEqualOrUnordered, tempFPR, tempFPR);
-                boxDouble(tempFPR, valueGPR);
-            } else {
-                m_jit.load64(
-                    MacroAssembler::BaseIndex(storageGPR, storageLengthGPR, MacroAssembler::TimesEight),
-                    valueGPR);
-                // FIXME: This would not have to be here if changing the publicLength also zeroed the values between the old
-                // length and the new length.
-                m_jit.store64(
+            m_jit.load64(
+                MacroAssembler::BaseIndex(storageGPR, storageLengthGPR, MacroAssembler::TimesEight),
+                valueGPR);
+            // FIXME: This would not have to be here if changing the publicLength also zeroed the values between the old
+            // length and the new length.
+            m_jit.store64(
                 MacroAssembler::TrustedImm64((int64_t)0), MacroAssembler::BaseIndex(storageGPR, storageLengthGPR, MacroAssembler::TimesEight));
-                slowCase = m_jit.branchTest64(MacroAssembler::Zero, valueGPR);
-            }
+            MacroAssembler::Jump slowCase = m_jit.branchTest64(MacroAssembler::Zero, valueGPR);
 
             addSlowPathGenerator(
                 slowPathMove(
@@ -3316,7 +3184,6 @@ void SpeculativeJIT::compile(Node& node)
                 slowPathCall(
                     slowCase, this, operationArrayPopAndRecoverLength, valueGPR, baseGPR));
             
-            // We can't know for sure that the result is an int because of the slow paths. :-/
             jsValueResult(valueGPR, m_compileIndex);
             break;
         }
@@ -3471,16 +3338,10 @@ void SpeculativeJIT::compile(Node& node)
         
     case NewArray: {
         JSGlobalObject* globalObject = m_jit.graph().globalObjectFor(node.codeOrigin);
-        if (!globalObject->isHavingABadTime() && !hasArrayStorage(node.indexingType())) {
+        if (!globalObject->isHavingABadTime()) {
             globalObject->havingABadTimeWatchpoint()->add(speculationWatchpoint());
             
-            Structure* structure = globalObject->arrayStructureForIndexingTypeDuringAllocation(node.indexingType());
-            ASSERT(structure->indexingType() == node.indexingType());
-            ASSERT(
-                hasUndecided(structure->indexingType())
-                || hasInt32(structure->indexingType())
-                || hasDouble(structure->indexingType())
-                || hasContiguous(structure->indexingType()));
+            ASSERT(hasContiguous(globalObject->arrayStructure()->indexingType()));
             
             unsigned numElements = node.numChildren();
             
@@ -3490,50 +3351,15 @@ void SpeculativeJIT::compile(Node& node)
             GPRReg resultGPR = result.gpr();
             GPRReg storageGPR = storage.gpr();
 
-            emitAllocateJSArray(structure, resultGPR, storageGPR, numElements);
+            emitAllocateJSArray(globalObject->arrayStructure(), resultGPR, storageGPR, numElements);
             
             // At this point, one way or another, resultGPR and storageGPR have pointers to
             // the JSArray and the Butterfly, respectively.
             
-            ASSERT(!hasUndecided(structure->indexingType()) || !node.numChildren());
-            
             for (unsigned operandIdx = 0; operandIdx < node.numChildren(); ++operandIdx) {
-                Edge use = m_jit.graph().m_varArgChildren[node.firstChild() + operandIdx];
-                switch (node.indexingType()) {
-                case ALL_BLANK_INDEXING_TYPES:
-                case ALL_UNDECIDED_INDEXING_TYPES:
-                    CRASH();
-                    break;
-                case ALL_DOUBLE_INDEXING_TYPES: {
-                    SpeculateDoubleOperand operand(this, use);
-                    FPRReg opFPR = operand.fpr();
-                    if (!isRealNumberSpeculation(m_state.forNode(use).m_type)) {
-                        // FIXME: We need a way of profiling these, and we need to hoist them into
-                        // SpeculateDoubleOperand.
-                        speculationCheck(
-                            BadType, JSValueRegs(), NoNode,
-                            m_jit.branchDouble(MacroAssembler::DoubleNotEqualOrUnordered, opFPR, opFPR));
-                    }
-        
-                    m_jit.storeDouble(opFPR, MacroAssembler::Address(storageGPR, sizeof(double) * operandIdx));
-                    break;
-                }
-                case ALL_INT32_INDEXING_TYPES:
-                case ALL_CONTIGUOUS_INDEXING_TYPES: {
-                    JSValueOperand operand(this, use);
-                    GPRReg opGPR = operand.gpr();
-                    if (hasInt32(node.indexingType()) && !isInt32Speculation(m_state.forNode(use).m_type)) {
-                        speculationCheck(
-                            BadType, JSValueRegs(opGPR), use.index(),
-                            m_jit.branch64(MacroAssembler::Below, opGPR, GPRInfo::tagTypeNumberRegister));
-                    }
-                    m_jit.store64(opGPR, MacroAssembler::Address(storageGPR, sizeof(JSValue) * operandIdx));
-                    break;
-                }
-                default:
-                    CRASH();
-                    break;
-                }
+                JSValueOperand operand(this, m_jit.graph().m_varArgChildren[node.firstChild() + operandIdx]);
+                GPRReg opGPR = operand.gpr();
+                m_jit.store64(opGPR, MacroAssembler::Address(storageGPR, sizeof(JSValue) * operandIdx));
             }
             
             // Yuck, we should *really* have a way of also returning the storageGPR. But
@@ -3550,7 +3376,7 @@ void SpeculativeJIT::compile(Node& node)
         if (!node.numChildren()) {
             flushRegisters();
             GPRResult result(this);
-            callOperation(operationNewEmptyArray, result.gpr(), globalObject->arrayStructureForIndexingTypeDuringAllocation(node.indexingType()));
+            callOperation(operationNewEmptyArray, result.gpr(), globalObject->arrayStructure());
             cellResult(result.gpr(), m_compileIndex);
             break;
         }
@@ -3560,65 +3386,11 @@ void SpeculativeJIT::compile(Node& node)
         EncodedJSValue* buffer = scratchBuffer ? static_cast<EncodedJSValue*>(scratchBuffer->dataBuffer()) : 0;
         
         for (unsigned operandIdx = 0; operandIdx < node.numChildren(); ++operandIdx) {
-            // Need to perform the speculations that this node promises to perform. If we're
-            // emitting code here and the indexing type is not array storage then there is
-            // probably something hilarious going on and we're already failing at all the
-            // things, but at least we're going to be sound.
-            Edge use = m_jit.graph().m_varArgChildren[node.firstChild() + operandIdx];
-            switch (node.indexingType()) {
-            case ALL_BLANK_INDEXING_TYPES:
-            case ALL_UNDECIDED_INDEXING_TYPES:
-                CRASH();
-                break;
-            case ALL_DOUBLE_INDEXING_TYPES: {
-                SpeculateDoubleOperand operand(this, use);
-                GPRTemporary scratch(this);
-                FPRReg opFPR = operand.fpr();
-                GPRReg scratchGPR = scratch.gpr();
-                if (!isRealNumberSpeculation(m_state.forNode(use).m_type)) {
-                    // FIXME: We need a way of profiling these, and we need to hoist them into
-                    // SpeculateDoubleOperand.
-                    speculationCheck(
-                        BadType, JSValueRegs(), NoNode,
-                        m_jit.branchDouble(MacroAssembler::DoubleNotEqualOrUnordered, opFPR, opFPR));
-                }
-                
-                m_jit.boxDouble(opFPR, scratchGPR);
-                m_jit.store64(scratchGPR, buffer + operandIdx);
-                break;
-            }
-            case ALL_INT32_INDEXING_TYPES: {
-                JSValueOperand operand(this, use);
-                GPRReg opGPR = operand.gpr();
-                if (hasInt32(node.indexingType()) && !isInt32Speculation(m_state.forNode(use).m_type)) {
-                    speculationCheck(
-                        BadType, JSValueRegs(opGPR), use.index(),
-                        m_jit.branch64(MacroAssembler::Below, opGPR, GPRInfo::tagTypeNumberRegister));
-                }
-                m_jit.store64(opGPR, buffer + operandIdx);
-                break;
-            }
-            case ALL_CONTIGUOUS_INDEXING_TYPES:
-            case ALL_ARRAY_STORAGE_INDEXING_TYPES: {
-                JSValueOperand operand(this, use);
-                GPRReg opGPR = operand.gpr();
-                m_jit.store64(opGPR, buffer + operandIdx);
-                operand.use();
-                break;
-            }
-            default:
-                CRASH();
-                break;
-            }
-        }
-        
-        switch (node.indexingType()) {
-        case ALL_DOUBLE_INDEXING_TYPES:
-        case ALL_INT32_INDEXING_TYPES:
-            useChildren(node);
-            break;
-        default:
-            break;
+            JSValueOperand operand(this, m_jit.graph().m_varArgChildren[node.firstChild() + operandIdx]);
+            GPRReg opGPR = operand.gpr();
+            operand.use();
+            
+            m_jit.store64(opGPR, buffer + operandIdx);
         }
         
         flushRegisters();
@@ -3634,7 +3406,7 @@ void SpeculativeJIT::compile(Node& node)
         GPRResult result(this);
         
         callOperation(
-            operationNewArray, result.gpr(), globalObject->arrayStructureForIndexingTypeDuringAllocation(node.indexingType()),
+            operationNewArray, result.gpr(), globalObject->arrayStructure(),
             static_cast<void*>(buffer), node.numChildren());
 
         if (scratchSize) {
@@ -3650,26 +3422,18 @@ void SpeculativeJIT::compile(Node& node)
         
     case NewArrayWithSize: {
         JSGlobalObject* globalObject = m_jit.graph().globalObjectFor(node.codeOrigin);
-        if (!globalObject->isHavingABadTime() && !hasArrayStorage(node.indexingType())) {
+        if (!globalObject->isHavingABadTime()) {
             globalObject->havingABadTimeWatchpoint()->add(speculationWatchpoint());
             
             SpeculateStrictInt32Operand size(this, node.child1());
             GPRTemporary result(this);
             GPRTemporary storage(this);
             GPRTemporary scratch(this);
-            GPRTemporary scratch2;
             
             GPRReg sizeGPR = size.gpr();
             GPRReg resultGPR = result.gpr();
             GPRReg storageGPR = storage.gpr();
             GPRReg scratchGPR = scratch.gpr();
-            GPRReg scratch2GPR = InvalidGPRReg;
-            
-            if (hasDouble(node.indexingType())) {
-                GPRTemporary realScratch2(this, size);
-                scratch2.adopt(realScratch2);
-                scratch2GPR = scratch2.gpr();
-            }
             
             MacroAssembler::JumpList slowCases;
             slowCases.append(m_jit.branch32(MacroAssembler::AboveOrEqual, sizeGPR, TrustedImm32(MIN_SPARSE_ARRAY_INDEX)));
@@ -3682,28 +3446,17 @@ void SpeculativeJIT::compile(Node& node)
                 emitAllocateBasicStorage(resultGPR, storageGPR));
             m_jit.subPtr(scratchGPR, storageGPR);
             emitAllocateBasicJSObject<JSArray, MarkedBlock::None>(
-                TrustedImmPtr(globalObject->arrayStructureForIndexingTypeDuringAllocation(node.indexingType())), resultGPR, scratchGPR,
+                TrustedImmPtr(globalObject->arrayStructure()), resultGPR, scratchGPR,
                 storageGPR, sizeof(JSArray), slowCases);
             
             m_jit.store32(sizeGPR, MacroAssembler::Address(storageGPR, Butterfly::offsetOfPublicLength()));
             m_jit.store32(sizeGPR, MacroAssembler::Address(storageGPR, Butterfly::offsetOfVectorLength()));
             
-            if (hasDouble(node.indexingType())) {
-                m_jit.move(TrustedImm64(bitwise_cast<int64_t>(QNaN)), scratchGPR);
-                m_jit.move(sizeGPR, scratch2GPR);
-                MacroAssembler::Jump done = m_jit.branchTest32(MacroAssembler::Zero, scratch2GPR);
-                MacroAssembler::Label loop = m_jit.label();
-                m_jit.sub32(TrustedImm32(1), scratch2GPR);
-                m_jit.store64(scratchGPR, MacroAssembler::BaseIndex(storageGPR, scratch2GPR, MacroAssembler::TimesEight));
-                m_jit.branchTest32(MacroAssembler::NonZero, scratch2GPR).linkTo(loop, &m_jit);
-                done.link(&m_jit);
-            }
-            
             addSlowPathGenerator(adoptPtr(
                 new CallArrayAllocatorWithVariableSizeSlowPathGenerator(
                     slowCases, this, operationNewArrayWithSize, resultGPR,
-                    globalObject->arrayStructureForIndexingTypeDuringAllocation(node.indexingType()),
-                    globalObject->arrayStructureForIndexingTypeDuringAllocation(ArrayWithArrayStorage),
+                    globalObject->arrayStructure(),
+                    globalObject->arrayStructureWithArrayStorage(),
                     sizeGPR)));
             
             cellResult(resultGPR, m_compileIndex);
@@ -3717,10 +3470,10 @@ void SpeculativeJIT::compile(Node& node)
         GPRReg resultGPR = result.gpr();
         GPRReg structureGPR = selectScratchGPR(sizeGPR);
         MacroAssembler::Jump bigLength = m_jit.branch32(MacroAssembler::AboveOrEqual, sizeGPR, TrustedImm32(MIN_SPARSE_ARRAY_INDEX));
-        m_jit.move(TrustedImmPtr(globalObject->arrayStructureForIndexingTypeDuringAllocation(node.indexingType())), structureGPR);
+        m_jit.move(TrustedImmPtr(globalObject->arrayStructure()), structureGPR);
         MacroAssembler::Jump done = m_jit.jump();
         bigLength.link(&m_jit);
-        m_jit.move(TrustedImmPtr(globalObject->arrayStructureForIndexingTypeDuringAllocation(ArrayWithArrayStorage)), structureGPR);
+        m_jit.move(TrustedImmPtr(globalObject->arrayStructureWithArrayStorage()), structureGPR);
         done.link(&m_jit);
         callOperation(operationNewArrayWithSize, resultGPR, structureGPR, sizeGPR);
         cellResult(resultGPR, m_compileIndex);
@@ -3767,8 +3520,7 @@ void SpeculativeJIT::compile(Node& node)
         
     case NewArrayBuffer: {
         JSGlobalObject* globalObject = m_jit.graph().globalObjectFor(node.codeOrigin);
-        IndexingType indexingType = node.indexingType();
-        if (!globalObject->isHavingABadTime() && !hasArrayStorage(indexingType)) {
+        if (!globalObject->isHavingABadTime()) {
             globalObject->havingABadTimeWatchpoint()->add(speculationWatchpoint());
             
             unsigned numElements = node.numConstants();
@@ -3779,23 +3531,13 @@ void SpeculativeJIT::compile(Node& node)
             GPRReg resultGPR = result.gpr();
             GPRReg storageGPR = storage.gpr();
 
-            emitAllocateJSArray(globalObject->arrayStructureForIndexingTypeDuringAllocation(indexingType), resultGPR, storageGPR, numElements);
+            emitAllocateJSArray(globalObject->arrayStructure(), resultGPR, storageGPR, numElements);
             
-            ASSERT(indexingType & IsArray);
             JSValue* data = m_jit.codeBlock()->constantBuffer(node.startConstant());
-            if (indexingType == ArrayWithDouble) {
-                for (unsigned index = 0; index < node.numConstants(); ++index) {
-                    double value = data[index].asNumber();
-                    m_jit.store64(
-                        Imm64(bitwise_cast<int64_t>(value)),
-                        MacroAssembler::Address(storageGPR, sizeof(double) * index));
-                }
-            } else {
-                for (unsigned index = 0; index < node.numConstants(); ++index) {
-                    m_jit.store64(
-                        Imm64(JSValue::encode(data[index])),
-                        MacroAssembler::Address(storageGPR, sizeof(JSValue) * index));
-                }
+            for (unsigned index = 0; index < node.numConstants(); ++index) {
+                m_jit.store64(
+                    Imm64(JSValue::encode(data[index])),
+                    MacroAssembler::Address(storageGPR, sizeof(JSValue) * index));
             }
             
             cellResult(resultGPR, m_compileIndex);
@@ -3805,7 +3547,7 @@ void SpeculativeJIT::compile(Node& node)
         flushRegisters();
         GPRResult result(this);
         
-        callOperation(operationNewArrayBuffer, result.gpr(), globalObject->arrayStructureForIndexingTypeDuringAllocation(node.indexingType()), node.startConstant(), node.numConstants());
+        callOperation(operationNewArrayBuffer, result.gpr(), globalObject->arrayStructure(), node.startConstant(), node.numConstants());
         
         cellResult(result.gpr(), m_compileIndex);
         break;
diff --git a/Source/JavaScriptCore/heap/ConservativeRoots.cpp b/Source/JavaScriptCore/heap/ConservativeRoots.cpp
index 752ce2775..7fe22dfff 100644
--- a/Source/JavaScriptCore/heap/ConservativeRoots.cpp
+++ b/Source/JavaScriptCore/heap/ConservativeRoots.cpp
@@ -26,9 +26,9 @@
 #include "config.h"
 #include "ConservativeRoots.h"
 
-#include "CodeBlock.h"
 #include "CopiedSpace.h"
-#include "CopiedSpaceInlines.h"
+#include "CopiedSpaceInlineMethods.h"
+#include "CodeBlock.h"
 #include "DFGCodeBlocks.h"
 #include "JSCell.h"
 #include "JSObject.h"
diff --git a/Source/JavaScriptCore/heap/CopiedBlock.h b/Source/JavaScriptCore/heap/CopiedBlock.h
index 83fdb08da..af36f55df 100644
--- a/Source/JavaScriptCore/heap/CopiedBlock.h
+++ b/Source/JavaScriptCore/heap/CopiedBlock.h
@@ -29,7 +29,7 @@
 #include "BlockAllocator.h"
 #include "HeapBlock.h"
 #include "JSValue.h"
-#include "JSValueInlines.h"
+#include "JSValueInlineMethods.h"
 #include "Options.h"
 #include <wtf/Atomics.h>
 
diff --git a/Source/JavaScriptCore/heap/CopiedSpace.cpp b/Source/JavaScriptCore/heap/CopiedSpace.cpp
index e4141c1d7..c228f9460 100644
--- a/Source/JavaScriptCore/heap/CopiedSpace.cpp
+++ b/Source/JavaScriptCore/heap/CopiedSpace.cpp
@@ -26,7 +26,7 @@
 #include "config.h"
 #include "CopiedSpace.h"
 
-#include "CopiedSpaceInlines.h"
+#include "CopiedSpaceInlineMethods.h"
 #include "GCActivityCallback.h"
 #include "Options.h"
 
diff --git a/Source/JavaScriptCore/heap/CopiedSpaceInlineMethods.h b/Source/JavaScriptCore/heap/CopiedSpaceInlineMethods.h
new file mode 100644
index 000000000..c244015e7
--- /dev/null
+++ b/Source/JavaScriptCore/heap/CopiedSpaceInlineMethods.h
@@ -0,0 +1,185 @@
+/*
+ * Copyright (C) 2011 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef CopiedSpaceInlineMethods_h
+#define CopiedSpaceInlineMethods_h
+
+#include "CopiedBlock.h"
+#include "CopiedSpace.h"
+#include "Heap.h"
+#include "HeapBlock.h"
+#include "JSGlobalData.h"
+#include <wtf/CheckedBoolean.h>
+
+namespace JSC {
+
+inline bool CopiedSpace::contains(CopiedBlock* block)
+{
+    return !m_blockFilter.ruleOut(reinterpret_cast<Bits>(block)) && m_blockSet.contains(block);
+}
+
+inline bool CopiedSpace::contains(void* ptr, CopiedBlock*& result)
+{
+    CopiedBlock* block = blockFor(ptr);
+    if (contains(block)) {
+        result = block;
+        return true;
+    }
+    block = oversizeBlockFor(ptr);
+    result = block;
+    return contains(block);
+}
+
+inline void CopiedSpace::pin(CopiedBlock* block)
+{
+    block->m_isPinned = true;
+}
+
+inline void CopiedSpace::pinIfNecessary(void* opaquePointer)
+{
+    // Pointers into the copied space come in the following varieties:
+    // 1)  Pointers to the start of a span of memory. This is the most
+    //     natural though not necessarily the most common.
+    // 2)  Pointers to one value-sized (8 byte) word past the end of
+    //     a span of memory. This currently occurs with semi-butterflies
+    //     and should be fixed soon, once the other half of the
+    //     butterfly lands.
+    // 3)  Pointers to the innards arising from loop induction variable
+    //     optimizations (either manual ones or automatic, by the
+    //     compiler).
+    // 4)  Pointers to the end of a span of memory in arising from
+    //     induction variable optimizations combined with the
+    //     GC-to-compiler contract laid out in the C spec: a pointer to
+    //     the end of a span of memory must be considered to be a
+    //     pointer to that memory.
+    
+    EncodedJSValue* pointer = reinterpret_cast<EncodedJSValue*>(opaquePointer);
+    CopiedBlock* block;
+
+    // Handle (1) and (3).
+    if (contains(pointer, block))
+        pin(block);
+    
+    // Handle (4). We don't have to explicitly check and pin the block under this
+    // pointer because it cannot possibly point to something that cases (1) and
+    // (3) above or case (2) below wouldn't already catch.
+    pointer--;
+    
+    // Handle (2)
+    pointer--;
+    if (contains(pointer, block))
+        pin(block);
+}
+
+inline void CopiedSpace::recycleEvacuatedBlock(CopiedBlock* block)
+{
+    ASSERT(block);
+    ASSERT(block->canBeRecycled());
+    ASSERT(!block->m_isPinned);
+    {
+        SpinLockHolder locker(&m_toSpaceLock);
+        m_blockSet.remove(block);
+        m_fromSpace->remove(block);
+    }
+    m_heap->blockAllocator().deallocate(CopiedBlock::destroy(block));
+}
+
+inline void CopiedSpace::recycleBorrowedBlock(CopiedBlock* block)
+{
+    m_heap->blockAllocator().deallocate(CopiedBlock::destroy(block));
+
+    {
+        MutexLocker locker(m_loanedBlocksLock);
+        ASSERT(m_numberOfLoanedBlocks > 0);
+        ASSERT(m_inCopyingPhase);
+        m_numberOfLoanedBlocks--;
+        if (!m_numberOfLoanedBlocks)
+            m_loanedBlocksCondition.signal();
+    }
+}
+
+inline CopiedBlock* CopiedSpace::allocateBlockForCopyingPhase()
+{
+    ASSERT(m_inCopyingPhase);
+    CopiedBlock* block = CopiedBlock::createNoZeroFill(m_heap->blockAllocator().allocate<CopiedBlock>());
+
+    {
+        MutexLocker locker(m_loanedBlocksLock);
+        m_numberOfLoanedBlocks++;
+    }
+
+    ASSERT(!block->dataSize());
+    return block;
+}
+
+inline void CopiedSpace::allocateBlock()
+{
+    if (m_heap->shouldCollect())
+        m_heap->collect(Heap::DoNotSweep);
+
+    m_allocator.resetCurrentBlock();
+    
+    CopiedBlock* block = CopiedBlock::create(m_heap->blockAllocator().allocate<CopiedBlock>());
+        
+    m_toSpace->push(block);
+    m_blockFilter.add(reinterpret_cast<Bits>(block));
+    m_blockSet.add(block);
+    m_allocator.setCurrentBlock(block);
+}
+
+inline CheckedBoolean CopiedSpace::tryAllocate(size_t bytes, void** outPtr)
+{
+    ASSERT(!m_heap->globalData()->isInitializingObject());
+
+    if (isOversize(bytes) || !m_allocator.tryAllocate(bytes, outPtr))
+        return tryAllocateSlowCase(bytes, outPtr);
+    
+    ASSERT(*outPtr);
+    return true;
+}
+
+inline bool CopiedSpace::isOversize(size_t bytes)
+{
+    return bytes > s_maxAllocationSize;
+}
+
+inline bool CopiedSpace::isPinned(void* ptr)
+{
+    return blockFor(ptr)->m_isPinned;
+}
+
+inline CopiedBlock* CopiedSpace::oversizeBlockFor(void* ptr)
+{
+    return reinterpret_cast<CopiedBlock*>(reinterpret_cast<size_t>(ptr) & WTF::pageMask());
+}
+
+inline CopiedBlock* CopiedSpace::blockFor(void* ptr)
+{
+    return reinterpret_cast<CopiedBlock*>(reinterpret_cast<size_t>(ptr) & s_blockMask);
+}
+
+} // namespace JSC
+
+#endif
diff --git a/Source/JavaScriptCore/heap/CopiedSpaceInlines.h b/Source/JavaScriptCore/heap/CopiedSpaceInlines.h
deleted file mode 100644
index 9d222f549..000000000
--- a/Source/JavaScriptCore/heap/CopiedSpaceInlines.h
+++ /dev/null
@@ -1,186 +0,0 @@
-/*
- * Copyright (C) 2011 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
- */
-
-#ifndef CopiedSpaceInlines_h
-#define CopiedSpaceInlines_h
-
-#include "CopiedBlock.h"
-#include "CopiedSpace.h"
-#include "Heap.h"
-#include "HeapBlock.h"
-#include "JSGlobalData.h"
-#include <wtf/CheckedBoolean.h>
-
-namespace JSC {
-
-inline bool CopiedSpace::contains(CopiedBlock* block)
-{
-    return !m_blockFilter.ruleOut(reinterpret_cast<Bits>(block)) && m_blockSet.contains(block);
-}
-
-inline bool CopiedSpace::contains(void* ptr, CopiedBlock*& result)
-{
-    CopiedBlock* block = blockFor(ptr);
-    if (contains(block)) {
-        result = block;
-        return true;
-    }
-    block = oversizeBlockFor(ptr);
-    result = block;
-    return contains(block);
-}
-
-inline void CopiedSpace::pin(CopiedBlock* block)
-{
-    block->m_isPinned = true;
-}
-
-inline void CopiedSpace::pinIfNecessary(void* opaquePointer)
-{
-    // Pointers into the copied space come in the following varieties:
-    // 1)  Pointers to the start of a span of memory. This is the most
-    //     natural though not necessarily the most common.
-    // 2)  Pointers to one value-sized (8 byte) word past the end of
-    //     a span of memory. This currently occurs with semi-butterflies
-    //     and should be fixed soon, once the other half of the
-    //     butterfly lands.
-    // 3)  Pointers to the innards arising from loop induction variable
-    //     optimizations (either manual ones or automatic, by the
-    //     compiler).
-    // 4)  Pointers to the end of a span of memory in arising from
-    //     induction variable optimizations combined with the
-    //     GC-to-compiler contract laid out in the C spec: a pointer to
-    //     the end of a span of memory must be considered to be a
-    //     pointer to that memory.
-    
-    EncodedJSValue* pointer = reinterpret_cast<EncodedJSValue*>(opaquePointer);
-    CopiedBlock* block;
-
-    // Handle (1) and (3).
-    if (contains(pointer, block))
-        pin(block);
-    
-    // Handle (4). We don't have to explicitly check and pin the block under this
-    // pointer because it cannot possibly point to something that cases (1) and
-    // (3) above or case (2) below wouldn't already catch.
-    pointer--;
-    
-    // Handle (2)
-    pointer--;
-    if (contains(pointer, block))
-        pin(block);
-}
-
-inline void CopiedSpace::recycleEvacuatedBlock(CopiedBlock* block)
-{
-    ASSERT(block);
-    ASSERT(block->canBeRecycled());
-    ASSERT(!block->m_isPinned);
-    {
-        SpinLockHolder locker(&m_toSpaceLock);
-        m_blockSet.remove(block);
-        m_fromSpace->remove(block);
-    }
-    m_heap->blockAllocator().deallocate(CopiedBlock::destroy(block));
-}
-
-inline void CopiedSpace::recycleBorrowedBlock(CopiedBlock* block)
-{
-    m_heap->blockAllocator().deallocate(CopiedBlock::destroy(block));
-
-    {
-        MutexLocker locker(m_loanedBlocksLock);
-        ASSERT(m_numberOfLoanedBlocks > 0);
-        ASSERT(m_inCopyingPhase);
-        m_numberOfLoanedBlocks--;
-        if (!m_numberOfLoanedBlocks)
-            m_loanedBlocksCondition.signal();
-    }
-}
-
-inline CopiedBlock* CopiedSpace::allocateBlockForCopyingPhase()
-{
-    ASSERT(m_inCopyingPhase);
-    CopiedBlock* block = CopiedBlock::createNoZeroFill(m_heap->blockAllocator().allocate<CopiedBlock>());
-
-    {
-        MutexLocker locker(m_loanedBlocksLock);
-        m_numberOfLoanedBlocks++;
-    }
-
-    ASSERT(!block->dataSize());
-    return block;
-}
-
-inline void CopiedSpace::allocateBlock()
-{
-    if (m_heap->shouldCollect())
-        m_heap->collect(Heap::DoNotSweep);
-
-    m_allocator.resetCurrentBlock();
-    
-    CopiedBlock* block = CopiedBlock::create(m_heap->blockAllocator().allocate<CopiedBlock>());
-        
-    m_toSpace->push(block);
-    m_blockFilter.add(reinterpret_cast<Bits>(block));
-    m_blockSet.add(block);
-    m_allocator.setCurrentBlock(block);
-}
-
-inline CheckedBoolean CopiedSpace::tryAllocate(size_t bytes, void** outPtr)
-{
-    ASSERT(!m_heap->globalData()->isInitializingObject());
-
-    if (isOversize(bytes) || !m_allocator.tryAllocate(bytes, outPtr))
-        return tryAllocateSlowCase(bytes, outPtr);
-    
-    ASSERT(*outPtr);
-    return true;
-}
-
-inline bool CopiedSpace::isOversize(size_t bytes)
-{
-    return bytes > s_maxAllocationSize;
-}
-
-inline bool CopiedSpace::isPinned(void* ptr)
-{
-    return blockFor(ptr)->m_isPinned;
-}
-
-inline CopiedBlock* CopiedSpace::oversizeBlockFor(void* ptr)
-{
-    return reinterpret_cast<CopiedBlock*>(reinterpret_cast<size_t>(ptr) & WTF::pageMask());
-}
-
-inline CopiedBlock* CopiedSpace::blockFor(void* ptr)
-{
-    return reinterpret_cast<CopiedBlock*>(reinterpret_cast<size_t>(ptr) & s_blockMask);
-}
-
-} // namespace JSC
-
-#endif // CopiedSpaceInlines_h
-
diff --git a/Source/JavaScriptCore/heap/CopyVisitor.cpp b/Source/JavaScriptCore/heap/CopyVisitor.cpp
index 22ab57882..ae826f0d2 100644
--- a/Source/JavaScriptCore/heap/CopyVisitor.cpp
+++ b/Source/JavaScriptCore/heap/CopyVisitor.cpp
@@ -26,7 +26,7 @@
 #include "config.h"
 #include "CopyVisitor.h"
 
-#include "CopyVisitorInlines.h"
+#include "CopyVisitorInlineMethods.h"
 #include "GCThreadSharedData.h"
 #include "JSCell.h"
 #include "JSObject.h"
diff --git a/Source/JavaScriptCore/heap/CopyVisitorInlineMethods.h b/Source/JavaScriptCore/heap/CopyVisitorInlineMethods.h
new file mode 100644
index 000000000..eb7bd2e82
--- /dev/null
+++ b/Source/JavaScriptCore/heap/CopyVisitorInlineMethods.h
@@ -0,0 +1,119 @@
+/*
+ * Copyright (C) 2012 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef CopyVisitorInlineMethods_h
+#define CopyVisitorInlineMethods_h
+
+#include "ClassInfo.h"
+#include "CopyVisitor.h"
+#include "GCThreadSharedData.h"
+#include "JSCell.h"
+#include "JSDestructibleObject.h"
+
+namespace JSC {
+
+class GCCopyPhaseFunctor : public MarkedBlock::VoidFunctor {
+public:
+    GCCopyPhaseFunctor(CopyVisitor& visitor)
+        : m_visitor(visitor)
+    {
+    }
+
+    void operator()(JSCell* cell)
+    {
+        Structure* structure = cell->structure();
+        if (!structure->outOfLineCapacity() && !hasIndexedProperties(structure->indexingType()))
+            return;
+        ASSERT(structure->classInfo()->methodTable.copyBackingStore == JSObject::copyBackingStore);
+        JSObject::copyBackingStore(cell, m_visitor);
+    }
+
+private:
+    CopyVisitor& m_visitor;
+};
+
+inline bool CopyVisitor::checkIfShouldCopy(void* oldPtr, size_t bytes)
+{
+    if (CopiedSpace::isOversize(bytes))
+        return false;
+
+    if (CopiedSpace::blockFor(oldPtr)->isPinned())
+        return false;
+
+    return true;
+}
+
+inline void* CopyVisitor::allocateNewSpace(size_t bytes)
+{
+    void* result = 0; // Compilers don't realize that this will be assigned.
+    if (LIKELY(m_copiedAllocator.tryAllocate(bytes, &result)))
+        return result;
+    
+    result = allocateNewSpaceSlow(bytes);
+    ASSERT(result);
+    return result;
+}       
+
+inline void* CopyVisitor::allocateNewSpaceSlow(size_t bytes)
+{
+    CopiedBlock* newBlock = 0;
+    m_shared.m_copiedSpace->doneFillingBlock(m_copiedAllocator.resetCurrentBlock(), &newBlock);
+    m_copiedAllocator.setCurrentBlock(newBlock);
+
+    void* result = 0;
+    CheckedBoolean didSucceed = m_copiedAllocator.tryAllocate(bytes, &result);
+    ASSERT(didSucceed);
+    return result;
+}
+
+inline void CopyVisitor::startCopying()
+{
+    ASSERT(!m_copiedAllocator.isValid());
+    CopiedBlock* block = 0;
+    m_shared.m_copiedSpace->doneFillingBlock(m_copiedAllocator.resetCurrentBlock(), &block);
+    m_copiedAllocator.setCurrentBlock(block);
+}
+
+inline void CopyVisitor::doneCopying()
+{
+    if (!m_copiedAllocator.isValid())
+        return;
+
+    m_shared.m_copiedSpace->doneFillingBlock(m_copiedAllocator.resetCurrentBlock(), 0);
+}
+
+inline void CopyVisitor::didCopy(void* ptr, size_t bytes)
+{
+    ASSERT(!CopiedSpace::isOversize(bytes));
+    CopiedBlock* block = CopiedSpace::blockFor(ptr);
+    ASSERT(!block->isPinned());
+
+    if (block->didEvacuateBytes(bytes))
+        m_shared.m_copiedSpace->recycleEvacuatedBlock(block);
+}
+
+} // namespace JSC
+
+#endif
diff --git a/Source/JavaScriptCore/heap/CopyVisitorInlines.h b/Source/JavaScriptCore/heap/CopyVisitorInlines.h
deleted file mode 100644
index bd7879429..000000000
--- a/Source/JavaScriptCore/heap/CopyVisitorInlines.h
+++ /dev/null
@@ -1,120 +0,0 @@
-/*
- * Copyright (C) 2012 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifndef CopyVisitorInlines_h
-#define CopyVisitorInlines_h
-
-#include "ClassInfo.h"
-#include "CopyVisitor.h"
-#include "GCThreadSharedData.h"
-#include "JSCell.h"
-#include "JSDestructibleObject.h"
-
-namespace JSC {
-
-class GCCopyPhaseFunctor : public MarkedBlock::VoidFunctor {
-public:
-    GCCopyPhaseFunctor(CopyVisitor& visitor)
-        : m_visitor(visitor)
-    {
-    }
-
-    void operator()(JSCell* cell)
-    {
-        Structure* structure = cell->structure();
-        if (!structure->outOfLineCapacity() && !hasIndexedProperties(structure->indexingType()))
-            return;
-        ASSERT(structure->classInfo()->methodTable.copyBackingStore == JSObject::copyBackingStore);
-        JSObject::copyBackingStore(cell, m_visitor);
-    }
-
-private:
-    CopyVisitor& m_visitor;
-};
-
-inline bool CopyVisitor::checkIfShouldCopy(void* oldPtr, size_t bytes)
-{
-    if (CopiedSpace::isOversize(bytes))
-        return false;
-
-    if (CopiedSpace::blockFor(oldPtr)->isPinned())
-        return false;
-
-    return true;
-}
-
-inline void* CopyVisitor::allocateNewSpace(size_t bytes)
-{
-    void* result = 0; // Compilers don't realize that this will be assigned.
-    if (LIKELY(m_copiedAllocator.tryAllocate(bytes, &result)))
-        return result;
-    
-    result = allocateNewSpaceSlow(bytes);
-    ASSERT(result);
-    return result;
-}       
-
-inline void* CopyVisitor::allocateNewSpaceSlow(size_t bytes)
-{
-    CopiedBlock* newBlock = 0;
-    m_shared.m_copiedSpace->doneFillingBlock(m_copiedAllocator.resetCurrentBlock(), &newBlock);
-    m_copiedAllocator.setCurrentBlock(newBlock);
-
-    void* result = 0;
-    CheckedBoolean didSucceed = m_copiedAllocator.tryAllocate(bytes, &result);
-    ASSERT(didSucceed);
-    return result;
-}
-
-inline void CopyVisitor::startCopying()
-{
-    ASSERT(!m_copiedAllocator.isValid());
-    CopiedBlock* block = 0;
-    m_shared.m_copiedSpace->doneFillingBlock(m_copiedAllocator.resetCurrentBlock(), &block);
-    m_copiedAllocator.setCurrentBlock(block);
-}
-
-inline void CopyVisitor::doneCopying()
-{
-    if (!m_copiedAllocator.isValid())
-        return;
-
-    m_shared.m_copiedSpace->doneFillingBlock(m_copiedAllocator.resetCurrentBlock(), 0);
-}
-
-inline void CopyVisitor::didCopy(void* ptr, size_t bytes)
-{
-    ASSERT(!CopiedSpace::isOversize(bytes));
-    CopiedBlock* block = CopiedSpace::blockFor(ptr);
-    ASSERT(!block->isPinned());
-
-    if (block->didEvacuateBytes(bytes))
-        m_shared.m_copiedSpace->recycleEvacuatedBlock(block);
-}
-
-} // namespace JSC
-
-#endif // CopyVisitorInlines_h
-
diff --git a/Source/JavaScriptCore/heap/GCThread.cpp b/Source/JavaScriptCore/heap/GCThread.cpp
index 7caa7d588..ce3bbedc9 100644
--- a/Source/JavaScriptCore/heap/GCThread.cpp
+++ b/Source/JavaScriptCore/heap/GCThread.cpp
@@ -27,7 +27,7 @@
 #include "GCThread.h"
 
 #include "CopyVisitor.h"
-#include "CopyVisitorInlines.h"
+#include "CopyVisitorInlineMethods.h"
 #include "GCThreadSharedData.h"
 #include "SlotVisitor.h"
 #include <wtf/MainThread.h>
diff --git a/Source/JavaScriptCore/heap/GCThreadSharedData.cpp b/Source/JavaScriptCore/heap/GCThreadSharedData.cpp
index cf12d4bcd..446b41c2f 100644
--- a/Source/JavaScriptCore/heap/GCThreadSharedData.cpp
+++ b/Source/JavaScriptCore/heap/GCThreadSharedData.cpp
@@ -27,12 +27,12 @@
 #include "GCThreadSharedData.h"
 
 #include "CopyVisitor.h"
-#include "CopyVisitorInlines.h"
+#include "CopyVisitorInlineMethods.h"
 #include "GCThread.h"
 #include "JSGlobalData.h"
 #include "MarkStack.h"
 #include "SlotVisitor.h"
-#include "SlotVisitorInlines.h"
+#include "SlotVisitorInlineMethods.h"
 
 namespace JSC {
 
diff --git a/Source/JavaScriptCore/heap/HandleStack.cpp b/Source/JavaScriptCore/heap/HandleStack.cpp
index a5653c748..42eb326a5 100644
--- a/Source/JavaScriptCore/heap/HandleStack.cpp
+++ b/Source/JavaScriptCore/heap/HandleStack.cpp
@@ -27,8 +27,8 @@
 #include "HandleStack.h"
 
 #include "HeapRootVisitor.h"
+#include "JSValueInlineMethods.h"
 #include "JSObject.h"
-#include "JSValueInlines.h"
 
 namespace JSC {
 
diff --git a/Source/JavaScriptCore/heap/Heap.cpp b/Source/JavaScriptCore/heap/Heap.cpp
index 0fb65e205..c455fc2b1 100644
--- a/Source/JavaScriptCore/heap/Heap.cpp
+++ b/Source/JavaScriptCore/heap/Heap.cpp
@@ -24,8 +24,8 @@
 #include "CodeBlock.h"
 #include "ConservativeRoots.h"
 #include "CopiedSpace.h"
-#include "CopiedSpaceInlines.h"
-#include "CopyVisitorInlines.h"
+#include "CopiedSpaceInlineMethods.h"
+#include "CopyVisitorInlineMethods.h"
 #include "GCActivityCallback.h"
 #include "HeapRootVisitor.h"
 #include "HeapStatistics.h"
diff --git a/Source/JavaScriptCore/heap/HeapRootVisitor.h b/Source/JavaScriptCore/heap/HeapRootVisitor.h
index 5b11a5ead..9849d7c39 100644
--- a/Source/JavaScriptCore/heap/HeapRootVisitor.h
+++ b/Source/JavaScriptCore/heap/HeapRootVisitor.h
@@ -27,7 +27,7 @@
 #define HeapRootVisitor_h
 
 #include "SlotVisitor.h"
-#include "SlotVisitorInlines.h"
+#include "SlotVisitorInlineMethods.h"
 
 namespace JSC {
 
diff --git a/Source/JavaScriptCore/heap/HeapStatistics.cpp b/Source/JavaScriptCore/heap/HeapStatistics.cpp
index 387621558..8340bfa37 100644
--- a/Source/JavaScriptCore/heap/HeapStatistics.cpp
+++ b/Source/JavaScriptCore/heap/HeapStatistics.cpp
@@ -41,8 +41,8 @@ namespace JSC {
 
 double HeapStatistics::s_startTime = 0.0;
 double HeapStatistics::s_endTime = 0.0;
-Vector<double>* HeapStatistics::s_pauseTimeStarts = 0;
-Vector<double>* HeapStatistics::s_pauseTimeEnds = 0;
+Deque<double>* HeapStatistics::s_pauseTimeStarts = 0;
+Deque<double>* HeapStatistics::s_pauseTimeEnds = 0;
 
 #if OS(UNIX) 
 
@@ -50,8 +50,8 @@ void HeapStatistics::initialize()
 {
     ASSERT(Options::recordGCPauseTimes());
     s_startTime = WTF::monotonicallyIncreasingTime();
-    s_pauseTimeStarts = new Vector<double>();
-    s_pauseTimeEnds = new Vector<double>();
+    s_pauseTimeStarts = new Deque<double>();
+    s_pauseTimeEnds = new Deque<double>();
 }
 
 void HeapStatistics::recordGCPauseTime(double start, double end)
@@ -82,8 +82,8 @@ void HeapStatistics::logStatistics()
 
     if (Options::recordGCPauseTimes()) {
         dataLog(", \"pause_times\": [");
-        Vector<double>::iterator startIt = s_pauseTimeStarts->begin();
-        Vector<double>::iterator endIt = s_pauseTimeEnds->begin();
+        Deque<double>::iterator startIt = s_pauseTimeStarts->begin();
+        Deque<double>::iterator endIt = s_pauseTimeEnds->begin();
         if (startIt != s_pauseTimeStarts->end() && endIt != s_pauseTimeEnds->end()) {
             dataLog("[%f, %f]", *startIt, *endIt);
             ++startIt;
diff --git a/Source/JavaScriptCore/heap/HeapStatistics.h b/Source/JavaScriptCore/heap/HeapStatistics.h
index ce7a40a79..0800f0c16 100644
--- a/Source/JavaScriptCore/heap/HeapStatistics.h
+++ b/Source/JavaScriptCore/heap/HeapStatistics.h
@@ -49,8 +49,8 @@ public:
 
 private:
     static void logStatistics();
-    static Vector<double>* s_pauseTimeStarts;
-    static Vector<double>* s_pauseTimeEnds;
+    static Deque<double>* s_pauseTimeStarts;
+    static Deque<double>* s_pauseTimeEnds;
     static double s_startTime;
     static double s_endTime;
 };
diff --git a/Source/JavaScriptCore/heap/MarkStack.cpp b/Source/JavaScriptCore/heap/MarkStack.cpp
index aa8785e9c..582439fd2 100644
--- a/Source/JavaScriptCore/heap/MarkStack.cpp
+++ b/Source/JavaScriptCore/heap/MarkStack.cpp
@@ -25,18 +25,18 @@
 
 #include "config.h"
 #include "MarkStack.h"
-#include "MarkStackInlines.h"
+#include "MarkStackInlineMethods.h"
 
-#include "ConservativeRoots.h"
 #include "CopiedSpace.h"
-#include "CopiedSpaceInlines.h"
+#include "CopiedSpaceInlineMethods.h"
+#include "ConservativeRoots.h"
 #include "Heap.h"
 #include "Options.h"
 #include "JSArray.h"
 #include "JSCell.h"
 #include "JSObject.h"
 
-#include "SlotVisitorInlines.h"
+#include "SlotVisitorInlineMethods.h"
 #include "Structure.h"
 #include "WriteBarrier.h"
 #include <wtf/Atomics.h>
diff --git a/Source/JavaScriptCore/heap/MarkStackInlineMethods.h b/Source/JavaScriptCore/heap/MarkStackInlineMethods.h
new file mode 100644
index 000000000..d3276d7fa
--- /dev/null
+++ b/Source/JavaScriptCore/heap/MarkStackInlineMethods.h
@@ -0,0 +1,113 @@
+/*
+ * Copyright (C) 2009, 2011 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef MarkStackInlineMethods_h
+#define MarkStackInlineMethods_h
+
+#include "GCThreadSharedData.h"
+#include "MarkStack.h"
+
+namespace JSC {
+
+inline size_t MarkStackArray::postIncTop()
+{
+    size_t result = m_top++;
+    ASSERT(result == m_topSegment->m_top++);
+    return result;
+}
+        
+inline size_t MarkStackArray::preDecTop()
+{
+    size_t result = --m_top;
+    ASSERT(result == --m_topSegment->m_top);
+    return result;
+}
+        
+inline void MarkStackArray::setTopForFullSegment()
+{
+    ASSERT(m_topSegment->m_top == m_segmentCapacity);
+    m_top = m_segmentCapacity;
+}
+
+inline void MarkStackArray::setTopForEmptySegment()
+{
+    ASSERT(!m_topSegment->m_top);
+    m_top = 0;
+}
+
+inline size_t MarkStackArray::top()
+{
+    ASSERT(m_top == m_topSegment->m_top);
+    return m_top;
+}
+
+#if ASSERT_DISABLED
+inline void MarkStackArray::validatePrevious() { }
+#else
+inline void MarkStackArray::validatePrevious()
+{
+    unsigned count = 0;
+    for (MarkStackSegment* current = m_topSegment->m_previous; current; current = current->m_previous)
+        count++;
+    ASSERT(count == m_numberOfPreviousSegments);
+}
+#endif
+
+inline void MarkStackArray::append(const JSCell* cell)
+{
+    if (m_top == m_segmentCapacity)
+        expand();
+    m_topSegment->data()[postIncTop()] = cell;
+}
+
+inline bool MarkStackArray::canRemoveLast()
+{
+    return !!m_top;
+}
+
+inline const JSCell* MarkStackArray::removeLast()
+{
+    return m_topSegment->data()[preDecTop()];
+}
+
+inline bool MarkStackArray::isEmpty()
+{
+    if (m_top)
+        return false;
+    if (m_topSegment->m_previous) {
+        ASSERT(m_topSegment->m_previous->m_top == m_segmentCapacity);
+        return false;
+    }
+    return true;
+}
+
+inline size_t MarkStackArray::size()
+{
+    return m_top + m_segmentCapacity * m_numberOfPreviousSegments;
+}
+
+} // namespace JSC
+
+#endif
diff --git a/Source/JavaScriptCore/heap/MarkStackInlines.h b/Source/JavaScriptCore/heap/MarkStackInlines.h
deleted file mode 100644
index 841ac06b8..000000000
--- a/Source/JavaScriptCore/heap/MarkStackInlines.h
+++ /dev/null
@@ -1,114 +0,0 @@
-/*
- * Copyright (C) 2009, 2011 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
- */
-
-#ifndef MarkStackInlines_h
-#define MarkStackInlines_h
-
-#include "GCThreadSharedData.h"
-#include "MarkStack.h"
-
-namespace JSC {
-
-inline size_t MarkStackArray::postIncTop()
-{
-    size_t result = m_top++;
-    ASSERT(result == m_topSegment->m_top++);
-    return result;
-}
-
-inline size_t MarkStackArray::preDecTop()
-{
-    size_t result = --m_top;
-    ASSERT(result == --m_topSegment->m_top);
-    return result;
-}
-
-inline void MarkStackArray::setTopForFullSegment()
-{
-    ASSERT(m_topSegment->m_top == m_segmentCapacity);
-    m_top = m_segmentCapacity;
-}
-
-inline void MarkStackArray::setTopForEmptySegment()
-{
-    ASSERT(!m_topSegment->m_top);
-    m_top = 0;
-}
-
-inline size_t MarkStackArray::top()
-{
-    ASSERT(m_top == m_topSegment->m_top);
-    return m_top;
-}
-
-#if ASSERT_DISABLED
-inline void MarkStackArray::validatePrevious() { }
-#else
-inline void MarkStackArray::validatePrevious()
-{
-    unsigned count = 0;
-    for (MarkStackSegment* current = m_topSegment->m_previous; current; current = current->m_previous)
-        count++;
-    ASSERT(count == m_numberOfPreviousSegments);
-}
-#endif
-
-inline void MarkStackArray::append(const JSCell* cell)
-{
-    if (m_top == m_segmentCapacity)
-        expand();
-    m_topSegment->data()[postIncTop()] = cell;
-}
-
-inline bool MarkStackArray::canRemoveLast()
-{
-    return !!m_top;
-}
-
-inline const JSCell* MarkStackArray::removeLast()
-{
-    return m_topSegment->data()[preDecTop()];
-}
-
-inline bool MarkStackArray::isEmpty()
-{
-    if (m_top)
-        return false;
-    if (m_topSegment->m_previous) {
-        ASSERT(m_topSegment->m_previous->m_top == m_segmentCapacity);
-        return false;
-    }
-    return true;
-}
-
-inline size_t MarkStackArray::size()
-{
-    return m_top + m_segmentCapacity * m_numberOfPreviousSegments;
-}
-
-} // namespace JSC
-
-#endif // MarkStackInlines_h
-
diff --git a/Source/JavaScriptCore/heap/SlotVisitor.cpp b/Source/JavaScriptCore/heap/SlotVisitor.cpp
index 8b4d7397e..3919705d0 100644
--- a/Source/JavaScriptCore/heap/SlotVisitor.cpp
+++ b/Source/JavaScriptCore/heap/SlotVisitor.cpp
@@ -3,7 +3,7 @@
 
 #include "ConservativeRoots.h"
 #include "CopiedSpace.h"
-#include "CopiedSpaceInlines.h"
+#include "CopiedSpaceInlineMethods.h"
 #include "GCThread.h"
 #include "JSArray.h"
 #include "JSDestructibleObject.h"
diff --git a/Source/JavaScriptCore/heap/SlotVisitor.h b/Source/JavaScriptCore/heap/SlotVisitor.h
index 34b1bc80b..dcd4b75ef 100644
--- a/Source/JavaScriptCore/heap/SlotVisitor.h
+++ b/Source/JavaScriptCore/heap/SlotVisitor.h
@@ -27,7 +27,7 @@
 #define SlotVisitor_h
 
 #include "HandleTypes.h"
-#include "MarkStackInlines.h"
+#include "MarkStackInlineMethods.h"
 
 #include <wtf/text/StringHash.h>
 
diff --git a/Source/JavaScriptCore/heap/SlotVisitorInlineMethods.h b/Source/JavaScriptCore/heap/SlotVisitorInlineMethods.h
new file mode 100644
index 000000000..e5908bf36
--- /dev/null
+++ b/Source/JavaScriptCore/heap/SlotVisitorInlineMethods.h
@@ -0,0 +1,174 @@
+/*
+ * Copyright (C) 2012 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef SlotVisitorInlineMethods_h
+#define SlotVisitorInlineMethods_h
+
+#include "CopiedSpaceInlineMethods.h"
+#include "Options.h"
+#include "SlotVisitor.h"
+
+namespace JSC {
+
+ALWAYS_INLINE void SlotVisitor::append(JSValue* slot, size_t count)
+{
+    for (size_t i = 0; i < count; ++i) {
+        JSValue& value = slot[i];
+        internalAppend(value);
+    }
+}
+
+template<typename T>
+inline void SlotVisitor::appendUnbarrieredPointer(T** slot)
+{
+    ASSERT(slot);
+    JSCell* cell = *slot;
+    internalAppend(cell);
+}
+
+ALWAYS_INLINE void SlotVisitor::append(JSValue* slot)
+{
+    ASSERT(slot);
+    internalAppend(*slot);
+}
+
+ALWAYS_INLINE void SlotVisitor::appendUnbarrieredValue(JSValue* slot)
+{
+    ASSERT(slot);
+    internalAppend(*slot);
+}
+
+ALWAYS_INLINE void SlotVisitor::append(JSCell** slot)
+{
+    ASSERT(slot);
+    internalAppend(*slot);
+}
+
+ALWAYS_INLINE void SlotVisitor::internalAppend(JSValue value)
+{
+    if (!value || !value.isCell())
+        return;
+    internalAppend(value.asCell());
+}
+
+inline void SlotVisitor::addWeakReferenceHarvester(WeakReferenceHarvester* weakReferenceHarvester)
+{
+    m_shared.m_weakReferenceHarvesters.addThreadSafe(weakReferenceHarvester);
+}
+
+inline void SlotVisitor::addUnconditionalFinalizer(UnconditionalFinalizer* unconditionalFinalizer)
+{
+    m_shared.m_unconditionalFinalizers.addThreadSafe(unconditionalFinalizer);
+}
+
+inline void SlotVisitor::addOpaqueRoot(void* root)
+{
+#if ENABLE(PARALLEL_GC)
+    if (Options::numberOfGCMarkers() == 1) {
+        // Put directly into the shared HashSet.
+        m_shared.m_opaqueRoots.add(root);
+        return;
+    }
+    // Put into the local set, but merge with the shared one every once in
+    // a while to make sure that the local sets don't grow too large.
+    mergeOpaqueRootsIfProfitable();
+    m_opaqueRoots.add(root);
+#else
+    m_opaqueRoots.add(root);
+#endif
+}
+
+inline bool SlotVisitor::containsOpaqueRoot(void* root)
+{
+    ASSERT(!m_isInParallelMode);
+#if ENABLE(PARALLEL_GC)
+    ASSERT(m_opaqueRoots.isEmpty());
+    return m_shared.m_opaqueRoots.contains(root);
+#else
+    return m_opaqueRoots.contains(root);
+#endif
+}
+
+inline int SlotVisitor::opaqueRootCount()
+{
+    ASSERT(!m_isInParallelMode);
+#if ENABLE(PARALLEL_GC)
+    ASSERT(m_opaqueRoots.isEmpty());
+    return m_shared.m_opaqueRoots.size();
+#else
+    return m_opaqueRoots.size();
+#endif
+}
+
+inline void SlotVisitor::mergeOpaqueRootsIfNecessary()
+{
+    if (m_opaqueRoots.isEmpty())
+        return;
+    mergeOpaqueRoots();
+}
+    
+inline void SlotVisitor::mergeOpaqueRootsIfProfitable()
+{
+    if (static_cast<unsigned>(m_opaqueRoots.size()) < Options::opaqueRootMergeThreshold())
+        return;
+    mergeOpaqueRoots();
+}
+    
+inline void SlotVisitor::donate()
+{
+    ASSERT(m_isInParallelMode);
+    if (Options::numberOfGCMarkers() == 1)
+        return;
+    
+    donateKnownParallel();
+}
+
+inline void SlotVisitor::donateAndDrain()
+{
+    donate();
+    drain();
+}
+
+inline void SlotVisitor::copyLater(void* ptr, size_t bytes)
+{
+    if (CopiedSpace::isOversize(bytes)) {
+        m_shared.m_copiedSpace->pin(CopiedSpace::oversizeBlockFor(ptr));
+        return;
+    }
+
+    CopiedBlock* block = CopiedSpace::blockFor(ptr);
+    if (block->isPinned())
+        return;
+
+    block->reportLiveBytes(bytes);
+
+    if (!block->shouldEvacuate())
+        m_shared.m_copiedSpace->pin(block);
+}
+    
+} // namespace JSC
+
+#endif // SlotVisitorInlineMethods_h
+
diff --git a/Source/JavaScriptCore/heap/SlotVisitorInlines.h b/Source/JavaScriptCore/heap/SlotVisitorInlines.h
deleted file mode 100644
index b0f30b6ca..000000000
--- a/Source/JavaScriptCore/heap/SlotVisitorInlines.h
+++ /dev/null
@@ -1,174 +0,0 @@
-/*
- * Copyright (C) 2012 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifndef SlotVisitorInlines_h
-#define SlotVisitorInlines_h
-
-#include "CopiedSpaceInlines.h"
-#include "Options.h"
-#include "SlotVisitor.h"
-
-namespace JSC {
-
-ALWAYS_INLINE void SlotVisitor::append(JSValue* slot, size_t count)
-{
-    for (size_t i = 0; i < count; ++i) {
-        JSValue& value = slot[i];
-        internalAppend(value);
-    }
-}
-
-template<typename T>
-inline void SlotVisitor::appendUnbarrieredPointer(T** slot)
-{
-    ASSERT(slot);
-    JSCell* cell = *slot;
-    internalAppend(cell);
-}
-
-ALWAYS_INLINE void SlotVisitor::append(JSValue* slot)
-{
-    ASSERT(slot);
-    internalAppend(*slot);
-}
-
-ALWAYS_INLINE void SlotVisitor::appendUnbarrieredValue(JSValue* slot)
-{
-    ASSERT(slot);
-    internalAppend(*slot);
-}
-
-ALWAYS_INLINE void SlotVisitor::append(JSCell** slot)
-{
-    ASSERT(slot);
-    internalAppend(*slot);
-}
-
-ALWAYS_INLINE void SlotVisitor::internalAppend(JSValue value)
-{
-    if (!value || !value.isCell())
-        return;
-    internalAppend(value.asCell());
-}
-
-inline void SlotVisitor::addWeakReferenceHarvester(WeakReferenceHarvester* weakReferenceHarvester)
-{
-    m_shared.m_weakReferenceHarvesters.addThreadSafe(weakReferenceHarvester);
-}
-
-inline void SlotVisitor::addUnconditionalFinalizer(UnconditionalFinalizer* unconditionalFinalizer)
-{
-    m_shared.m_unconditionalFinalizers.addThreadSafe(unconditionalFinalizer);
-}
-
-inline void SlotVisitor::addOpaqueRoot(void* root)
-{
-#if ENABLE(PARALLEL_GC)
-    if (Options::numberOfGCMarkers() == 1) {
-        // Put directly into the shared HashSet.
-        m_shared.m_opaqueRoots.add(root);
-        return;
-    }
-    // Put into the local set, but merge with the shared one every once in
-    // a while to make sure that the local sets don't grow too large.
-    mergeOpaqueRootsIfProfitable();
-    m_opaqueRoots.add(root);
-#else
-    m_opaqueRoots.add(root);
-#endif
-}
-
-inline bool SlotVisitor::containsOpaqueRoot(void* root)
-{
-    ASSERT(!m_isInParallelMode);
-#if ENABLE(PARALLEL_GC)
-    ASSERT(m_opaqueRoots.isEmpty());
-    return m_shared.m_opaqueRoots.contains(root);
-#else
-    return m_opaqueRoots.contains(root);
-#endif
-}
-
-inline int SlotVisitor::opaqueRootCount()
-{
-    ASSERT(!m_isInParallelMode);
-#if ENABLE(PARALLEL_GC)
-    ASSERT(m_opaqueRoots.isEmpty());
-    return m_shared.m_opaqueRoots.size();
-#else
-    return m_opaqueRoots.size();
-#endif
-}
-
-inline void SlotVisitor::mergeOpaqueRootsIfNecessary()
-{
-    if (m_opaqueRoots.isEmpty())
-        return;
-    mergeOpaqueRoots();
-}
-    
-inline void SlotVisitor::mergeOpaqueRootsIfProfitable()
-{
-    if (static_cast<unsigned>(m_opaqueRoots.size()) < Options::opaqueRootMergeThreshold())
-        return;
-    mergeOpaqueRoots();
-}
-    
-inline void SlotVisitor::donate()
-{
-    ASSERT(m_isInParallelMode);
-    if (Options::numberOfGCMarkers() == 1)
-        return;
-    
-    donateKnownParallel();
-}
-
-inline void SlotVisitor::donateAndDrain()
-{
-    donate();
-    drain();
-}
-
-inline void SlotVisitor::copyLater(void* ptr, size_t bytes)
-{
-    if (CopiedSpace::isOversize(bytes)) {
-        m_shared.m_copiedSpace->pin(CopiedSpace::oversizeBlockFor(ptr));
-        return;
-    }
-
-    CopiedBlock* block = CopiedSpace::blockFor(ptr);
-    if (block->isPinned())
-        return;
-
-    block->reportLiveBytes(bytes);
-
-    if (!block->shouldEvacuate())
-        m_shared.m_copiedSpace->pin(block);
-}
-    
-} // namespace JSC
-
-#endif // SlotVisitorInlines_h
-
diff --git a/Source/JavaScriptCore/jit/HostCallReturnValue.cpp b/Source/JavaScriptCore/jit/HostCallReturnValue.cpp
index 967c499b9..c4d2e6ad9 100644
--- a/Source/JavaScriptCore/jit/HostCallReturnValue.cpp
+++ b/Source/JavaScriptCore/jit/HostCallReturnValue.cpp
@@ -29,7 +29,7 @@
 #include "CallFrame.h"
 #include <wtf/InlineASM.h>
 #include "JSObject.h"
-#include "JSValueInlines.h"
+#include "JSValueInlineMethods.h"
 
 
 namespace JSC {
diff --git a/Source/JavaScriptCore/jit/JIT.cpp b/Source/JavaScriptCore/jit/JIT.cpp
index ffd18b571..3102c7693 100644
--- a/Source/JavaScriptCore/jit/JIT.cpp
+++ b/Source/JavaScriptCore/jit/JIT.cpp
@@ -38,7 +38,7 @@ JSC::MacroAssemblerX86Common::SSE2CheckState JSC::MacroAssemblerX86Common::s_sse
 #include <wtf/CryptographicallyRandomNumber.h>
 #include "DFGNode.h" // for DFG_SUCCESS_STATS
 #include "Interpreter.h"
-#include "JITInlines.h"
+#include "JITInlineMethods.h"
 #include "JITStubCall.h"
 #include "JSArray.h"
 #include "JSFunction.h"
diff --git a/Source/JavaScriptCore/jit/JIT.h b/Source/JavaScriptCore/jit/JIT.h
index 9b0879fe2..dcf87d352 100644
--- a/Source/JavaScriptCore/jit/JIT.h
+++ b/Source/JavaScriptCore/jit/JIT.h
@@ -474,9 +474,7 @@ namespace JSC {
         // Property is int-checked and zero extended. Base is cell checked.
         // Structure is already profiled. Returns the slow cases. Fall-through
         // case contains result in regT0, and it is not yet profiled.
-        JumpList emitInt32GetByVal(Instruction* instruction, PatchableJump& badType) { return emitContiguousGetByVal(instruction, badType, Int32Shape); }
-        JumpList emitDoubleGetByVal(Instruction*, PatchableJump& badType);
-        JumpList emitContiguousGetByVal(Instruction*, PatchableJump& badType, IndexingType expectedShape = ContiguousShape);
+        JumpList emitContiguousGetByVal(Instruction*, PatchableJump& badType);
         JumpList emitArrayStorageGetByVal(Instruction*, PatchableJump& badType);
         JumpList emitIntTypedArrayGetByVal(Instruction*, PatchableJump& badType, const TypedArrayDescriptor&, size_t elementSize, TypedArraySignedness);
         JumpList emitFloatTypedArrayGetByVal(Instruction*, PatchableJump& badType, const TypedArrayDescriptor&, size_t elementSize);
@@ -485,20 +483,7 @@ namespace JSC {
         // The value to store is not yet loaded. Property is int-checked and
         // zero-extended. Base is cell checked. Structure is already profiled.
         // returns the slow cases.
-        JumpList emitInt32PutByVal(Instruction* currentInstruction, PatchableJump& badType)
-        {
-            return emitGenericContiguousPutByVal<Int32Shape>(currentInstruction, badType);
-        }
-        JumpList emitDoublePutByVal(Instruction* currentInstruction, PatchableJump& badType)
-        {
-            return emitGenericContiguousPutByVal<DoubleShape>(currentInstruction, badType);
-        }
-        JumpList emitContiguousPutByVal(Instruction* currentInstruction, PatchableJump& badType)
-        {
-            return emitGenericContiguousPutByVal<ContiguousShape>(currentInstruction, badType);
-        }
-        template<IndexingType indexingShape>
-        JumpList emitGenericContiguousPutByVal(Instruction*, PatchableJump& badType);
+        JumpList emitContiguousPutByVal(Instruction*, PatchableJump& badType);
         JumpList emitArrayStoragePutByVal(Instruction*, PatchableJump& badType);
         JumpList emitIntTypedArrayPutByVal(Instruction*, PatchableJump& badType, const TypedArrayDescriptor&, size_t elementSize, TypedArraySignedness, TypedArrayRounding);
         JumpList emitFloatTypedArrayPutByVal(Instruction*, PatchableJump& badType, const TypedArrayDescriptor&, size_t elementSize);
diff --git a/Source/JavaScriptCore/jit/JITArithmetic.cpp b/Source/JavaScriptCore/jit/JITArithmetic.cpp
index bcb3dd74a..21d59bc33 100644
--- a/Source/JavaScriptCore/jit/JITArithmetic.cpp
+++ b/Source/JavaScriptCore/jit/JITArithmetic.cpp
@@ -29,7 +29,7 @@
 #include "JIT.h"
 
 #include "CodeBlock.h"
-#include "JITInlines.h"
+#include "JITInlineMethods.h"
 #include "JITStubCall.h"
 #include "JITStubs.h"
 #include "JSArray.h"
@@ -1090,20 +1090,18 @@ void JIT::emit_op_div(Instruction* currentInstruction)
     // access). So if we are DFG compiling anything in the program, we want this code to
     // ensure that it produces integers whenever possible.
     
+    // FIXME: This will fail to convert to integer if the result is zero. We should
+    // distinguish between positive zero and negative zero here.
+    
     JumpList notInteger;
     branchConvertDoubleToInt32(fpRegT0, regT0, notInteger, fpRegT1);
     // If we've got an integer, we might as well make that the result of the division.
     emitFastArithReTagImmediate(regT0, regT0);
     Jump isInteger = jump();
     notInteger.link(this);
-    moveDoubleTo64(fpRegT0, regT0);
-    Jump doubleZero = branchTest64(Zero, regT0);
     add32(TrustedImm32(1), AbsoluteAddress(&m_codeBlock->addSpecialFastCaseProfile(m_bytecodeOffset)->m_counter));
+    moveDoubleTo64(fpRegT0, regT0);
     sub64(tagTypeNumberRegister, regT0);
-    Jump trueDouble = jump();
-    doubleZero.link(this);
-    move(tagTypeNumberRegister, regT0);
-    trueDouble.link(this);
     isInteger.link(this);
 #else
     // Double result.
diff --git a/Source/JavaScriptCore/jit/JITArithmetic32_64.cpp b/Source/JavaScriptCore/jit/JITArithmetic32_64.cpp
index 960d06091..62a359eeb 100644
--- a/Source/JavaScriptCore/jit/JITArithmetic32_64.cpp
+++ b/Source/JavaScriptCore/jit/JITArithmetic32_64.cpp
@@ -30,7 +30,7 @@
 #include "JIT.h"
 
 #include "CodeBlock.h"
-#include "JITInlines.h"
+#include "JITInlineMethods.h"
 #include "JITStubCall.h"
 #include "JITStubs.h"
 #include "JSArray.h"
diff --git a/Source/JavaScriptCore/jit/JITCall.cpp b/Source/JavaScriptCore/jit/JITCall.cpp
index 006c5b741..074bf7f97 100644
--- a/Source/JavaScriptCore/jit/JITCall.cpp
+++ b/Source/JavaScriptCore/jit/JITCall.cpp
@@ -31,7 +31,7 @@
 
 #include "Arguments.h"
 #include "CodeBlock.h"
-#include "JITInlines.h"
+#include "JITInlineMethods.h"
 #include "JITStubCall.h"
 #include "JSArray.h"
 #include "JSFunction.h"
diff --git a/Source/JavaScriptCore/jit/JITCall32_64.cpp b/Source/JavaScriptCore/jit/JITCall32_64.cpp
index ecd5cf126..ad827cdf9 100644
--- a/Source/JavaScriptCore/jit/JITCall32_64.cpp
+++ b/Source/JavaScriptCore/jit/JITCall32_64.cpp
@@ -32,7 +32,7 @@
 #include "Arguments.h"
 #include "CodeBlock.h"
 #include "Interpreter.h"
-#include "JITInlines.h"
+#include "JITInlineMethods.h"
 #include "JITStubCall.h"
 #include "JSArray.h"
 #include "JSFunction.h"
diff --git a/Source/JavaScriptCore/jit/JITExceptions.cpp b/Source/JavaScriptCore/jit/JITExceptions.cpp
index aeb869474..f6cec24bd 100644
--- a/Source/JavaScriptCore/jit/JITExceptions.cpp
+++ b/Source/JavaScriptCore/jit/JITExceptions.cpp
@@ -39,7 +39,7 @@ namespace JSC {
 ExceptionHandler genericThrow(JSGlobalData* globalData, ExecState* callFrame, JSValue exceptionValue, unsigned vPCIndex)
 {
     ASSERT(exceptionValue);
-    
+
     globalData->exception = JSValue();
     HandlerInfo* handler = globalData->interpreter->throwException(callFrame, exceptionValue, vPCIndex); // This may update callFrame & exceptionValue!
     globalData->exception = exceptionValue;
diff --git a/Source/JavaScriptCore/jit/JITInlineMethods.h b/Source/JavaScriptCore/jit/JITInlineMethods.h
new file mode 100644
index 000000000..410bdf710
--- /dev/null
+++ b/Source/JavaScriptCore/jit/JITInlineMethods.h
@@ -0,0 +1,1001 @@
+/*
+ * Copyright (C) 2008, 2012 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef JITInlineMethods_h
+#define JITInlineMethods_h
+
+
+#if ENABLE(JIT)
+
+namespace JSC {
+
+ALWAYS_INLINE bool JIT::isOperandConstantImmediateDouble(unsigned src)
+{
+    return m_codeBlock->isConstantRegisterIndex(src) && getConstantOperand(src).isDouble();
+}
+
+ALWAYS_INLINE JSValue JIT::getConstantOperand(unsigned src)
+{
+    ASSERT(m_codeBlock->isConstantRegisterIndex(src));
+    return m_codeBlock->getConstant(src);
+}
+
+ALWAYS_INLINE void JIT::emitPutCellToCallFrameHeader(RegisterID from, JSStack::CallFrameHeaderEntry entry)
+{
+#if USE(JSVALUE32_64)
+    store32(TrustedImm32(JSValue::CellTag), tagFor(entry, callFrameRegister));
+    store32(from, payloadFor(entry, callFrameRegister));
+#else
+    store64(from, addressFor(entry, callFrameRegister));
+#endif
+}
+
+ALWAYS_INLINE void JIT::emitPutIntToCallFrameHeader(RegisterID from, JSStack::CallFrameHeaderEntry entry)
+{
+#if USE(JSVALUE32_64)
+    store32(TrustedImm32(Int32Tag), intTagFor(entry, callFrameRegister));
+    store32(from, intPayloadFor(entry, callFrameRegister));
+#else
+    store64(from, addressFor(entry, callFrameRegister));
+#endif
+}
+
+ALWAYS_INLINE void JIT::emitPutToCallFrameHeader(RegisterID from, JSStack::CallFrameHeaderEntry entry)
+{
+#if USE(JSVALUE32_64)
+    storePtr(from, payloadFor(entry, callFrameRegister));
+#else
+    store64(from, addressFor(entry, callFrameRegister));
+#endif
+}
+
+ALWAYS_INLINE void JIT::emitPutImmediateToCallFrameHeader(void* value, JSStack::CallFrameHeaderEntry entry)
+{
+    storePtr(TrustedImmPtr(value), Address(callFrameRegister, entry * sizeof(Register)));
+}
+
+ALWAYS_INLINE void JIT::emitGetFromCallFrameHeaderPtr(JSStack::CallFrameHeaderEntry entry, RegisterID to, RegisterID from)
+{
+    loadPtr(Address(from, entry * sizeof(Register)), to);
+#if USE(JSVALUE64)
+    killLastResultRegister();
+#endif
+}
+
+ALWAYS_INLINE void JIT::emitGetFromCallFrameHeader32(JSStack::CallFrameHeaderEntry entry, RegisterID to, RegisterID from)
+{
+    load32(Address(from, entry * sizeof(Register)), to);
+#if USE(JSVALUE64)
+    killLastResultRegister();
+#endif
+}
+
+#if USE(JSVALUE64)
+ALWAYS_INLINE void JIT::emitGetFromCallFrameHeader64(JSStack::CallFrameHeaderEntry entry, RegisterID to, RegisterID from)
+{
+    load64(Address(from, entry * sizeof(Register)), to);
+    killLastResultRegister();
+}
+#endif
+
+ALWAYS_INLINE void JIT::emitLoadCharacterString(RegisterID src, RegisterID dst, JumpList& failures)
+{
+    failures.append(branchPtr(NotEqual, Address(src, JSCell::structureOffset()), TrustedImmPtr(m_globalData->stringStructure.get())));
+    failures.append(branch32(NotEqual, MacroAssembler::Address(src, ThunkHelpers::jsStringLengthOffset()), TrustedImm32(1)));
+    loadPtr(MacroAssembler::Address(src, ThunkHelpers::jsStringValueOffset()), dst);
+    failures.append(branchTest32(Zero, dst));
+    loadPtr(MacroAssembler::Address(dst, ThunkHelpers::stringImplFlagsOffset()), regT1);
+    loadPtr(MacroAssembler::Address(dst, ThunkHelpers::stringImplDataOffset()), dst);
+
+    JumpList is16Bit;
+    JumpList cont8Bit;
+    is16Bit.append(branchTest32(Zero, regT1, TrustedImm32(ThunkHelpers::stringImpl8BitFlag())));
+    load8(MacroAssembler::Address(dst, 0), dst);
+    cont8Bit.append(jump());
+    is16Bit.link(this);
+    load16(MacroAssembler::Address(dst, 0), dst);
+    cont8Bit.link(this);
+}
+
+ALWAYS_INLINE JIT::Call JIT::emitNakedCall(CodePtr function)
+{
+    ASSERT(m_bytecodeOffset != (unsigned)-1); // This method should only be called during hot/cold path generation, so that m_bytecodeOffset is set.
+
+    Call nakedCall = nearCall();
+    m_calls.append(CallRecord(nakedCall, m_bytecodeOffset, function.executableAddress()));
+    return nakedCall;
+}
+
+ALWAYS_INLINE bool JIT::atJumpTarget()
+{
+    while (m_jumpTargetsPosition < m_codeBlock->numberOfJumpTargets() && m_codeBlock->jumpTarget(m_jumpTargetsPosition) <= m_bytecodeOffset) {
+        if (m_codeBlock->jumpTarget(m_jumpTargetsPosition) == m_bytecodeOffset)
+            return true;
+        ++m_jumpTargetsPosition;
+    }
+    return false;
+}
+
+#if defined(ASSEMBLER_HAS_CONSTANT_POOL) && ASSEMBLER_HAS_CONSTANT_POOL
+
+ALWAYS_INLINE void JIT::beginUninterruptedSequence(int insnSpace, int constSpace)
+{
+#if CPU(ARM_TRADITIONAL)
+#ifndef NDEBUG
+    // Ensure the label after the sequence can also fit
+    insnSpace += sizeof(ARMWord);
+    constSpace += sizeof(uint64_t);
+#endif
+
+    ensureSpace(insnSpace, constSpace);
+
+#elif CPU(SH4)
+#ifndef NDEBUG
+    insnSpace += sizeof(SH4Word);
+    constSpace += sizeof(uint64_t);
+#endif
+
+    m_assembler.ensureSpace(insnSpace + m_assembler.maxInstructionSize + 2, constSpace + 8);
+#endif
+
+#if defined(ASSEMBLER_HAS_CONSTANT_POOL) && ASSEMBLER_HAS_CONSTANT_POOL
+#ifndef NDEBUG
+    m_uninterruptedInstructionSequenceBegin = label();
+    m_uninterruptedConstantSequenceBegin = sizeOfConstantPool();
+#endif
+#endif
+}
+
+ALWAYS_INLINE void JIT::endUninterruptedSequence(int insnSpace, int constSpace, int dst)
+{
+    UNUSED_PARAM(dst);
+#if defined(ASSEMBLER_HAS_CONSTANT_POOL) && ASSEMBLER_HAS_CONSTANT_POOL
+    /* There are several cases when the uninterrupted sequence is larger than
+     * maximum required offset for pathing the same sequence. Eg.: if in a
+     * uninterrupted sequence the last macroassembler's instruction is a stub
+     * call, it emits store instruction(s) which should not be included in the
+     * calculation of length of uninterrupted sequence. So, the insnSpace and
+     * constSpace should be upper limit instead of hard limit.
+     */
+#if CPU(SH4)
+    if ((dst > 15) || (dst < -16)) {
+        insnSpace += 8;
+        constSpace += 2;
+    }
+
+    if (((dst >= -16) && (dst < 0)) || ((dst > 7) && (dst <= 15)))
+        insnSpace += 8;
+#endif
+    ASSERT(differenceBetween(m_uninterruptedInstructionSequenceBegin, label()) <= insnSpace);
+    ASSERT(sizeOfConstantPool() - m_uninterruptedConstantSequenceBegin <= constSpace);
+#endif
+}
+
+#endif
+
+#if CPU(ARM)
+
+ALWAYS_INLINE void JIT::preserveReturnAddressAfterCall(RegisterID reg)
+{
+    move(linkRegister, reg);
+}
+
+ALWAYS_INLINE void JIT::restoreReturnAddressBeforeReturn(RegisterID reg)
+{
+    move(reg, linkRegister);
+}
+
+ALWAYS_INLINE void JIT::restoreReturnAddressBeforeReturn(Address address)
+{
+    loadPtr(address, linkRegister);
+}
+#elif CPU(SH4)
+
+ALWAYS_INLINE void JIT::preserveReturnAddressAfterCall(RegisterID reg)
+{
+    m_assembler.stspr(reg);
+}
+
+ALWAYS_INLINE void JIT::restoreReturnAddressBeforeReturn(RegisterID reg)
+{
+    m_assembler.ldspr(reg);
+}
+
+ALWAYS_INLINE void JIT::restoreReturnAddressBeforeReturn(Address address)
+{
+    loadPtrLinkReg(address);
+}
+
+#elif CPU(MIPS)
+
+ALWAYS_INLINE void JIT::preserveReturnAddressAfterCall(RegisterID reg)
+{
+    move(returnAddressRegister, reg);
+}
+
+ALWAYS_INLINE void JIT::restoreReturnAddressBeforeReturn(RegisterID reg)
+{
+    move(reg, returnAddressRegister);
+}
+
+ALWAYS_INLINE void JIT::restoreReturnAddressBeforeReturn(Address address)
+{
+    loadPtr(address, returnAddressRegister);
+}
+
+#else // CPU(X86) || CPU(X86_64)
+
+ALWAYS_INLINE void JIT::preserveReturnAddressAfterCall(RegisterID reg)
+{
+    pop(reg);
+}
+
+ALWAYS_INLINE void JIT::restoreReturnAddressBeforeReturn(RegisterID reg)
+{
+    push(reg);
+}
+
+ALWAYS_INLINE void JIT::restoreReturnAddressBeforeReturn(Address address)
+{
+    push(address);
+}
+
+#endif
+
+ALWAYS_INLINE void JIT::restoreArgumentReference()
+{
+    move(stackPointerRegister, firstArgumentRegister);
+    poke(callFrameRegister, OBJECT_OFFSETOF(struct JITStackFrame, callFrame) / sizeof(void*));
+}
+
+ALWAYS_INLINE void JIT::updateTopCallFrame()
+{
+    ASSERT(static_cast<int>(m_bytecodeOffset) >= 0);
+    if (m_bytecodeOffset) {
+#if USE(JSVALUE32_64)
+        storePtr(TrustedImmPtr(m_codeBlock->instructions().begin() + m_bytecodeOffset + 1), intTagFor(JSStack::ArgumentCount));
+#else
+        store32(TrustedImm32(m_bytecodeOffset + 1), intTagFor(JSStack::ArgumentCount));
+#endif
+    }
+    storePtr(callFrameRegister, &m_globalData->topCallFrame);
+}
+
+ALWAYS_INLINE void JIT::restoreArgumentReferenceForTrampoline()
+{
+#if CPU(X86)
+    // Within a trampoline the return address will be on the stack at this point.
+    addPtr(TrustedImm32(sizeof(void*)), stackPointerRegister, firstArgumentRegister);
+#elif CPU(ARM)
+    move(stackPointerRegister, firstArgumentRegister);
+#elif CPU(SH4)
+    move(stackPointerRegister, firstArgumentRegister);
+#endif
+    // In the trampoline on x86-64, the first argument register is not overwritten.
+}
+
+ALWAYS_INLINE JIT::Jump JIT::checkStructure(RegisterID reg, Structure* structure)
+{
+    return branchPtr(NotEqual, Address(reg, JSCell::structureOffset()), TrustedImmPtr(structure));
+}
+
+ALWAYS_INLINE void JIT::linkSlowCaseIfNotJSCell(Vector<SlowCaseEntry>::iterator& iter, int vReg)
+{
+    if (!m_codeBlock->isKnownNotImmediate(vReg))
+        linkSlowCase(iter);
+}
+
+ALWAYS_INLINE void JIT::addSlowCase(Jump jump)
+{
+    ASSERT(m_bytecodeOffset != (unsigned)-1); // This method should only be called during hot/cold path generation, so that m_bytecodeOffset is set.
+
+    m_slowCases.append(SlowCaseEntry(jump, m_bytecodeOffset));
+}
+
+ALWAYS_INLINE void JIT::addSlowCase(JumpList jumpList)
+{
+    ASSERT(m_bytecodeOffset != (unsigned)-1); // This method should only be called during hot/cold path generation, so that m_bytecodeOffset is set.
+
+    const JumpList::JumpVector& jumpVector = jumpList.jumps();
+    size_t size = jumpVector.size();
+    for (size_t i = 0; i < size; ++i)
+        m_slowCases.append(SlowCaseEntry(jumpVector[i], m_bytecodeOffset));
+}
+
+ALWAYS_INLINE void JIT::addSlowCase()
+{
+    ASSERT(m_bytecodeOffset != (unsigned)-1); // This method should only be called during hot/cold path generation, so that m_bytecodeOffset is set.
+    
+    Jump emptyJump; // Doing it this way to make Windows happy.
+    m_slowCases.append(SlowCaseEntry(emptyJump, m_bytecodeOffset));
+}
+
+ALWAYS_INLINE void JIT::addJump(Jump jump, int relativeOffset)
+{
+    ASSERT(m_bytecodeOffset != (unsigned)-1); // This method should only be called during hot/cold path generation, so that m_bytecodeOffset is set.
+
+    m_jmpTable.append(JumpTable(jump, m_bytecodeOffset + relativeOffset));
+}
+
+ALWAYS_INLINE void JIT::emitJumpSlowToHot(Jump jump, int relativeOffset)
+{
+    ASSERT(m_bytecodeOffset != (unsigned)-1); // This method should only be called during hot/cold path generation, so that m_bytecodeOffset is set.
+
+    jump.linkTo(m_labels[m_bytecodeOffset + relativeOffset], this);
+}
+
+ALWAYS_INLINE JIT::Jump JIT::emitJumpIfNotObject(RegisterID structureReg)
+{
+    return branch8(Below, Address(structureReg, Structure::typeInfoTypeOffset()), TrustedImm32(ObjectType));
+}
+
+ALWAYS_INLINE JIT::Jump JIT::emitJumpIfNotType(RegisterID baseReg, RegisterID scratchReg, JSType type)
+{
+    loadPtr(Address(baseReg, JSCell::structureOffset()), scratchReg);
+    return branch8(NotEqual, Address(scratchReg, Structure::typeInfoTypeOffset()), TrustedImm32(type));
+}
+
+#if ENABLE(SAMPLING_FLAGS)
+ALWAYS_INLINE void JIT::setSamplingFlag(int32_t flag)
+{
+    ASSERT(flag >= 1);
+    ASSERT(flag <= 32);
+    or32(TrustedImm32(1u << (flag - 1)), AbsoluteAddress(SamplingFlags::addressOfFlags()));
+}
+
+ALWAYS_INLINE void JIT::clearSamplingFlag(int32_t flag)
+{
+    ASSERT(flag >= 1);
+    ASSERT(flag <= 32);
+    and32(TrustedImm32(~(1u << (flag - 1))), AbsoluteAddress(SamplingFlags::addressOfFlags()));
+}
+#endif
+
+#if ENABLE(SAMPLING_COUNTERS)
+ALWAYS_INLINE void JIT::emitCount(AbstractSamplingCounter& counter, int32_t count)
+{
+    add64(TrustedImm32(count), AbsoluteAddress(counter.addressOfCounter()));
+}
+#endif
+
+#if ENABLE(OPCODE_SAMPLING)
+#if CPU(X86_64)
+ALWAYS_INLINE void JIT::sampleInstruction(Instruction* instruction, bool inHostFunction)
+{
+    move(TrustedImmPtr(m_interpreter->sampler()->sampleSlot()), X86Registers::ecx);
+    storePtr(TrustedImmPtr(m_interpreter->sampler()->encodeSample(instruction, inHostFunction)), X86Registers::ecx);
+}
+#else
+ALWAYS_INLINE void JIT::sampleInstruction(Instruction* instruction, bool inHostFunction)
+{
+    storePtr(TrustedImmPtr(m_interpreter->sampler()->encodeSample(instruction, inHostFunction)), m_interpreter->sampler()->sampleSlot());
+}
+#endif
+#endif
+
+#if ENABLE(CODEBLOCK_SAMPLING)
+#if CPU(X86_64)
+ALWAYS_INLINE void JIT::sampleCodeBlock(CodeBlock* codeBlock)
+{
+    move(TrustedImmPtr(m_interpreter->sampler()->codeBlockSlot()), X86Registers::ecx);
+    storePtr(TrustedImmPtr(codeBlock), X86Registers::ecx);
+}
+#else
+ALWAYS_INLINE void JIT::sampleCodeBlock(CodeBlock* codeBlock)
+{
+    storePtr(TrustedImmPtr(codeBlock), m_interpreter->sampler()->codeBlockSlot());
+}
+#endif
+#endif
+
+ALWAYS_INLINE bool JIT::isOperandConstantImmediateChar(unsigned src)
+{
+    return m_codeBlock->isConstantRegisterIndex(src) && getConstantOperand(src).isString() && asString(getConstantOperand(src).asCell())->length() == 1;
+}
+
+template <typename ClassType, MarkedBlock::DestructorType destructorType, typename StructureType> inline void JIT::emitAllocateBasicJSObject(StructureType structure, RegisterID result, RegisterID storagePtr)
+{
+    size_t size = ClassType::allocationSize(INLINE_STORAGE_CAPACITY);
+    MarkedAllocator* allocator = 0;
+    if (destructorType == MarkedBlock::Normal)
+        allocator = &m_globalData->heap.allocatorForObjectWithNormalDestructor(size);
+    else if (destructorType == MarkedBlock::ImmortalStructure)
+        allocator = &m_globalData->heap.allocatorForObjectWithImmortalStructureDestructor(size);
+    else
+        allocator = &m_globalData->heap.allocatorForObjectWithoutDestructor(size);
+    loadPtr(&allocator->m_freeList.head, result);
+    addSlowCase(branchTestPtr(Zero, result));
+
+    // remove the object from the free list
+    loadPtr(Address(result), storagePtr);
+    storePtr(storagePtr, &allocator->m_freeList.head);
+
+    // initialize the object's structure
+    storePtr(structure, Address(result, JSCell::structureOffset()));
+
+    // initialize the object's property storage pointer
+    storePtr(TrustedImmPtr(0), Address(result, JSObject::butterflyOffset()));
+}
+
+template <typename T> inline void JIT::emitAllocateJSFinalObject(T structure, RegisterID result, RegisterID scratch)
+{
+    emitAllocateBasicJSObject<JSFinalObject, MarkedBlock::None, T>(structure, result, scratch);
+}
+
+#if ENABLE(VALUE_PROFILER)
+inline void JIT::emitValueProfilingSite(ValueProfile* valueProfile)
+{
+    ASSERT(shouldEmitProfiling());
+    ASSERT(valueProfile);
+
+    const RegisterID value = regT0;
+#if USE(JSVALUE32_64)
+    const RegisterID valueTag = regT1;
+#endif
+    const RegisterID scratch = regT3;
+    
+    if (ValueProfile::numberOfBuckets == 1) {
+        // We're in a simple configuration: only one bucket, so we can just do a direct
+        // store.
+#if USE(JSVALUE64)
+        store64(value, valueProfile->m_buckets);
+#else
+        EncodedValueDescriptor* descriptor = bitwise_cast<EncodedValueDescriptor*>(valueProfile->m_buckets);
+        store32(value, &descriptor->asBits.payload);
+        store32(valueTag, &descriptor->asBits.tag);
+#endif
+        return;
+    }
+    
+    if (m_randomGenerator.getUint32() & 1)
+        add32(TrustedImm32(1), bucketCounterRegister);
+    else
+        add32(TrustedImm32(3), bucketCounterRegister);
+    and32(TrustedImm32(ValueProfile::bucketIndexMask), bucketCounterRegister);
+    move(TrustedImmPtr(valueProfile->m_buckets), scratch);
+#if USE(JSVALUE64)
+    store64(value, BaseIndex(scratch, bucketCounterRegister, TimesEight));
+#elif USE(JSVALUE32_64)
+    store32(value, BaseIndex(scratch, bucketCounterRegister, TimesEight, OBJECT_OFFSETOF(JSValue, u.asBits.payload)));
+    store32(valueTag, BaseIndex(scratch, bucketCounterRegister, TimesEight, OBJECT_OFFSETOF(JSValue, u.asBits.tag)));
+#endif
+}
+
+inline void JIT::emitValueProfilingSite(unsigned bytecodeOffset)
+{
+    if (!shouldEmitProfiling())
+        return;
+    emitValueProfilingSite(m_codeBlock->valueProfileForBytecodeOffset(bytecodeOffset));
+}
+
+inline void JIT::emitValueProfilingSite()
+{
+    emitValueProfilingSite(m_bytecodeOffset);
+}
+#endif // ENABLE(VALUE_PROFILER)
+
+inline void JIT::emitArrayProfilingSite(RegisterID structureAndIndexingType, RegisterID scratch, ArrayProfile* arrayProfile)
+{
+    UNUSED_PARAM(scratch); // We had found this scratch register useful here before, so I will keep it for now.
+    
+    RegisterID structure = structureAndIndexingType;
+    RegisterID indexingType = structureAndIndexingType;
+    
+    if (canBeOptimized())
+        storePtr(structure, arrayProfile->addressOfLastSeenStructure());
+
+    load8(Address(structure, Structure::indexingTypeOffset()), indexingType);
+}
+
+inline void JIT::emitArrayProfilingSiteForBytecodeIndex(RegisterID structureAndIndexingType, RegisterID scratch, unsigned bytecodeIndex)
+{
+#if ENABLE(VALUE_PROFILER)
+    emitArrayProfilingSite(structureAndIndexingType, scratch, m_codeBlock->getOrAddArrayProfile(bytecodeIndex));
+#else
+    UNUSED_PARAM(bytecodeIndex);
+    emitArrayProfilingSite(structureAndIndexingType, scratch, 0);
+#endif
+}
+
+inline void JIT::emitArrayProfileStoreToHoleSpecialCase(ArrayProfile* arrayProfile)
+{
+#if ENABLE(VALUE_PROFILER)    
+    store8(TrustedImm32(1), arrayProfile->addressOfMayStoreToHole());
+#else
+    UNUSED_PARAM(arrayProfile);
+#endif
+}
+
+static inline bool arrayProfileSaw(ArrayProfile* profile, IndexingType capability)
+{
+#if ENABLE(VALUE_PROFILER)
+    return !!(profile->observedArrayModes() & (asArrayModes(NonArray | capability) | asArrayModes(ArrayClass | capability)));
+#else
+    UNUSED_PARAM(profile);
+    UNUSED_PARAM(capability);
+    return false;
+#endif
+}
+
+inline JITArrayMode JIT::chooseArrayMode(ArrayProfile* profile)
+{
+    if (arrayProfileSaw(profile, ArrayStorageShape))
+        return JITArrayStorage;
+    return JITContiguous;
+}
+
+#if USE(JSVALUE32_64)
+
+inline void JIT::emitLoadTag(int index, RegisterID tag)
+{
+    RegisterID mappedTag;
+    if (getMappedTag(index, mappedTag)) {
+        move(mappedTag, tag);
+        unmap(tag);
+        return;
+    }
+
+    if (m_codeBlock->isConstantRegisterIndex(index)) {
+        move(Imm32(getConstantOperand(index).tag()), tag);
+        unmap(tag);
+        return;
+    }
+
+    load32(tagFor(index), tag);
+    unmap(tag);
+}
+
+inline void JIT::emitLoadPayload(int index, RegisterID payload)
+{
+    RegisterID mappedPayload;
+    if (getMappedPayload(index, mappedPayload)) {
+        move(mappedPayload, payload);
+        unmap(payload);
+        return;
+    }
+
+    if (m_codeBlock->isConstantRegisterIndex(index)) {
+        move(Imm32(getConstantOperand(index).payload()), payload);
+        unmap(payload);
+        return;
+    }
+
+    load32(payloadFor(index), payload);
+    unmap(payload);
+}
+
+inline void JIT::emitLoad(const JSValue& v, RegisterID tag, RegisterID payload)
+{
+    move(Imm32(v.payload()), payload);
+    move(Imm32(v.tag()), tag);
+}
+
+inline void JIT::emitLoad(int index, RegisterID tag, RegisterID payload, RegisterID base)
+{
+    ASSERT(tag != payload);
+
+    if (base == callFrameRegister) {
+        ASSERT(payload != base);
+        emitLoadPayload(index, payload);
+        emitLoadTag(index, tag);
+        return;
+    }
+
+    if (payload == base) { // avoid stomping base
+        load32(tagFor(index, base), tag);
+        load32(payloadFor(index, base), payload);
+        return;
+    }
+
+    load32(payloadFor(index, base), payload);
+    load32(tagFor(index, base), tag);
+}
+
+inline void JIT::emitLoad2(int index1, RegisterID tag1, RegisterID payload1, int index2, RegisterID tag2, RegisterID payload2)
+{
+    if (isMapped(index1)) {
+        emitLoad(index1, tag1, payload1);
+        emitLoad(index2, tag2, payload2);
+        return;
+    }
+    emitLoad(index2, tag2, payload2);
+    emitLoad(index1, tag1, payload1);
+}
+
+inline void JIT::emitLoadDouble(int index, FPRegisterID value)
+{
+    if (m_codeBlock->isConstantRegisterIndex(index)) {
+        WriteBarrier<Unknown>& inConstantPool = m_codeBlock->constantRegister(index);
+        loadDouble(&inConstantPool, value);
+    } else
+        loadDouble(addressFor(index), value);
+}
+
+inline void JIT::emitLoadInt32ToDouble(int index, FPRegisterID value)
+{
+    if (m_codeBlock->isConstantRegisterIndex(index)) {
+        WriteBarrier<Unknown>& inConstantPool = m_codeBlock->constantRegister(index);
+        char* bytePointer = reinterpret_cast<char*>(&inConstantPool);
+        convertInt32ToDouble(AbsoluteAddress(bytePointer + OBJECT_OFFSETOF(JSValue, u.asBits.payload)), value);
+    } else
+        convertInt32ToDouble(payloadFor(index), value);
+}
+
+inline void JIT::emitStore(int index, RegisterID tag, RegisterID payload, RegisterID base)
+{
+    store32(payload, payloadFor(index, base));
+    store32(tag, tagFor(index, base));
+}
+
+inline void JIT::emitStoreInt32(int index, RegisterID payload, bool indexIsInt32)
+{
+    store32(payload, payloadFor(index, callFrameRegister));
+    if (!indexIsInt32)
+        store32(TrustedImm32(JSValue::Int32Tag), tagFor(index, callFrameRegister));
+}
+
+inline void JIT::emitStoreAndMapInt32(int index, RegisterID tag, RegisterID payload, bool indexIsInt32, size_t opcodeLength)
+{
+    emitStoreInt32(index, payload, indexIsInt32);
+    map(m_bytecodeOffset + opcodeLength, index, tag, payload);
+}
+
+inline void JIT::emitStoreInt32(int index, TrustedImm32 payload, bool indexIsInt32)
+{
+    store32(payload, payloadFor(index, callFrameRegister));
+    if (!indexIsInt32)
+        store32(TrustedImm32(JSValue::Int32Tag), tagFor(index, callFrameRegister));
+}
+
+inline void JIT::emitStoreCell(int index, RegisterID payload, bool indexIsCell)
+{
+    store32(payload, payloadFor(index, callFrameRegister));
+    if (!indexIsCell)
+        store32(TrustedImm32(JSValue::CellTag), tagFor(index, callFrameRegister));
+}
+
+inline void JIT::emitStoreBool(int index, RegisterID payload, bool indexIsBool)
+{
+    store32(payload, payloadFor(index, callFrameRegister));
+    if (!indexIsBool)
+        store32(TrustedImm32(JSValue::BooleanTag), tagFor(index, callFrameRegister));
+}
+
+inline void JIT::emitStoreDouble(int index, FPRegisterID value)
+{
+    storeDouble(value, addressFor(index));
+}
+
+inline void JIT::emitStore(int index, const JSValue constant, RegisterID base)
+{
+    store32(Imm32(constant.payload()), payloadFor(index, base));
+    store32(Imm32(constant.tag()), tagFor(index, base));
+}
+
+ALWAYS_INLINE void JIT::emitInitRegister(unsigned dst)
+{
+    emitStore(dst, jsUndefined());
+}
+
+inline bool JIT::isLabeled(unsigned bytecodeOffset)
+{
+    for (size_t numberOfJumpTargets = m_codeBlock->numberOfJumpTargets(); m_jumpTargetIndex != numberOfJumpTargets; ++m_jumpTargetIndex) {
+        unsigned jumpTarget = m_codeBlock->jumpTarget(m_jumpTargetIndex);
+        if (jumpTarget == bytecodeOffset)
+            return true;
+        if (jumpTarget > bytecodeOffset)
+            return false;
+    }
+    return false;
+}
+
+inline void JIT::map(unsigned bytecodeOffset, int virtualRegisterIndex, RegisterID tag, RegisterID payload)
+{
+    if (isLabeled(bytecodeOffset))
+        return;
+
+    m_mappedBytecodeOffset = bytecodeOffset;
+    m_mappedVirtualRegisterIndex = virtualRegisterIndex;
+    m_mappedTag = tag;
+    m_mappedPayload = payload;
+    
+    ASSERT(!canBeOptimized() || m_mappedPayload == regT0);
+    ASSERT(!canBeOptimized() || m_mappedTag == regT1);
+}
+
+inline void JIT::unmap(RegisterID registerID)
+{
+    if (m_mappedTag == registerID)
+        m_mappedTag = (RegisterID)-1;
+    else if (m_mappedPayload == registerID)
+        m_mappedPayload = (RegisterID)-1;
+}
+
+inline void JIT::unmap()
+{
+    m_mappedBytecodeOffset = (unsigned)-1;
+    m_mappedVirtualRegisterIndex = JSStack::ReturnPC;
+    m_mappedTag = (RegisterID)-1;
+    m_mappedPayload = (RegisterID)-1;
+}
+
+inline bool JIT::isMapped(int virtualRegisterIndex)
+{
+    if (m_mappedBytecodeOffset != m_bytecodeOffset)
+        return false;
+    if (m_mappedVirtualRegisterIndex != virtualRegisterIndex)
+        return false;
+    return true;
+}
+
+inline bool JIT::getMappedPayload(int virtualRegisterIndex, RegisterID& payload)
+{
+    if (m_mappedBytecodeOffset != m_bytecodeOffset)
+        return false;
+    if (m_mappedVirtualRegisterIndex != virtualRegisterIndex)
+        return false;
+    if (m_mappedPayload == (RegisterID)-1)
+        return false;
+    payload = m_mappedPayload;
+    return true;
+}
+
+inline bool JIT::getMappedTag(int virtualRegisterIndex, RegisterID& tag)
+{
+    if (m_mappedBytecodeOffset != m_bytecodeOffset)
+        return false;
+    if (m_mappedVirtualRegisterIndex != virtualRegisterIndex)
+        return false;
+    if (m_mappedTag == (RegisterID)-1)
+        return false;
+    tag = m_mappedTag;
+    return true;
+}
+
+inline void JIT::emitJumpSlowCaseIfNotJSCell(int virtualRegisterIndex)
+{
+    if (!m_codeBlock->isKnownNotImmediate(virtualRegisterIndex)) {
+        if (m_codeBlock->isConstantRegisterIndex(virtualRegisterIndex))
+            addSlowCase(jump());
+        else
+            addSlowCase(emitJumpIfNotJSCell(virtualRegisterIndex));
+    }
+}
+
+inline void JIT::emitJumpSlowCaseIfNotJSCell(int virtualRegisterIndex, RegisterID tag)
+{
+    if (!m_codeBlock->isKnownNotImmediate(virtualRegisterIndex)) {
+        if (m_codeBlock->isConstantRegisterIndex(virtualRegisterIndex))
+            addSlowCase(jump());
+        else
+            addSlowCase(branch32(NotEqual, tag, TrustedImm32(JSValue::CellTag)));
+    }
+}
+
+ALWAYS_INLINE bool JIT::isOperandConstantImmediateInt(unsigned src)
+{
+    return m_codeBlock->isConstantRegisterIndex(src) && getConstantOperand(src).isInt32();
+}
+
+ALWAYS_INLINE bool JIT::getOperandConstantImmediateInt(unsigned op1, unsigned op2, unsigned& op, int32_t& constant)
+{
+    if (isOperandConstantImmediateInt(op1)) {
+        constant = getConstantOperand(op1).asInt32();
+        op = op2;
+        return true;
+    }
+
+    if (isOperandConstantImmediateInt(op2)) {
+        constant = getConstantOperand(op2).asInt32();
+        op = op1;
+        return true;
+    }
+    
+    return false;
+}
+
+#else // USE(JSVALUE32_64)
+
+/* Deprecated: Please use JITStubCall instead. */
+
+ALWAYS_INLINE void JIT::emitGetJITStubArg(unsigned argumentNumber, RegisterID dst)
+{
+    unsigned argumentStackOffset = (argumentNumber * (sizeof(JSValue) / sizeof(void*))) + JITSTACKFRAME_ARGS_INDEX;
+    peek64(dst, argumentStackOffset);
+}
+
+ALWAYS_INLINE void JIT::killLastResultRegister()
+{
+    m_lastResultBytecodeRegister = std::numeric_limits<int>::max();
+}
+
+// get arg puts an arg from the SF register array into a h/w register
+ALWAYS_INLINE void JIT::emitGetVirtualRegister(int src, RegisterID dst)
+{
+    ASSERT(m_bytecodeOffset != (unsigned)-1); // This method should only be called during hot/cold path generation, so that m_bytecodeOffset is set.
+
+    // TODO: we want to reuse values that are already in registers if we can - add a register allocator!
+    if (m_codeBlock->isConstantRegisterIndex(src)) {
+        JSValue value = m_codeBlock->getConstant(src);
+        if (!value.isNumber())
+            move(TrustedImm64(JSValue::encode(value)), dst);
+        else
+            move(Imm64(JSValue::encode(value)), dst);
+        killLastResultRegister();
+        return;
+    }
+
+    if (src == m_lastResultBytecodeRegister && m_codeBlock->isTemporaryRegisterIndex(src) && !atJumpTarget()) {
+        // The argument we want is already stored in eax
+        if (dst != cachedResultRegister)
+            move(cachedResultRegister, dst);
+        killLastResultRegister();
+        return;
+    }
+
+    load64(Address(callFrameRegister, src * sizeof(Register)), dst);
+    killLastResultRegister();
+}
+
+ALWAYS_INLINE void JIT::emitGetVirtualRegisters(int src1, RegisterID dst1, int src2, RegisterID dst2)
+{
+    if (src2 == m_lastResultBytecodeRegister) {
+        emitGetVirtualRegister(src2, dst2);
+        emitGetVirtualRegister(src1, dst1);
+    } else {
+        emitGetVirtualRegister(src1, dst1);
+        emitGetVirtualRegister(src2, dst2);
+    }
+}
+
+ALWAYS_INLINE int32_t JIT::getConstantOperandImmediateInt(unsigned src)
+{
+    return getConstantOperand(src).asInt32();
+}
+
+ALWAYS_INLINE bool JIT::isOperandConstantImmediateInt(unsigned src)
+{
+    return m_codeBlock->isConstantRegisterIndex(src) && getConstantOperand(src).isInt32();
+}
+
+ALWAYS_INLINE void JIT::emitPutVirtualRegister(unsigned dst, RegisterID from)
+{
+    store64(from, Address(callFrameRegister, dst * sizeof(Register)));
+    m_lastResultBytecodeRegister = (from == cachedResultRegister) ? static_cast<int>(dst) : std::numeric_limits<int>::max();
+}
+
+ALWAYS_INLINE void JIT::emitInitRegister(unsigned dst)
+{
+    store64(TrustedImm64(JSValue::encode(jsUndefined())), Address(callFrameRegister, dst * sizeof(Register)));
+}
+
+ALWAYS_INLINE JIT::Jump JIT::emitJumpIfJSCell(RegisterID reg)
+{
+    return branchTest64(Zero, reg, tagMaskRegister);
+}
+
+ALWAYS_INLINE JIT::Jump JIT::emitJumpIfBothJSCells(RegisterID reg1, RegisterID reg2, RegisterID scratch)
+{
+    move(reg1, scratch);
+    or64(reg2, scratch);
+    return emitJumpIfJSCell(scratch);
+}
+
+ALWAYS_INLINE void JIT::emitJumpSlowCaseIfJSCell(RegisterID reg)
+{
+    addSlowCase(emitJumpIfJSCell(reg));
+}
+
+ALWAYS_INLINE JIT::Jump JIT::emitJumpIfNotJSCell(RegisterID reg)
+{
+    return branchTest64(NonZero, reg, tagMaskRegister);
+}
+
+ALWAYS_INLINE void JIT::emitJumpSlowCaseIfNotJSCell(RegisterID reg)
+{
+    addSlowCase(emitJumpIfNotJSCell(reg));
+}
+
+ALWAYS_INLINE void JIT::emitJumpSlowCaseIfNotJSCell(RegisterID reg, int vReg)
+{
+    if (!m_codeBlock->isKnownNotImmediate(vReg))
+        emitJumpSlowCaseIfNotJSCell(reg);
+}
+
+inline void JIT::emitLoadDouble(int index, FPRegisterID value)
+{
+    if (m_codeBlock->isConstantRegisterIndex(index)) {
+        WriteBarrier<Unknown>& inConstantPool = m_codeBlock->constantRegister(index);
+        loadDouble(&inConstantPool, value);
+    } else
+        loadDouble(addressFor(index), value);
+}
+
+inline void JIT::emitLoadInt32ToDouble(int index, FPRegisterID value)
+{
+    if (m_codeBlock->isConstantRegisterIndex(index)) {
+        ASSERT(isOperandConstantImmediateInt(index));
+        convertInt32ToDouble(Imm32(getConstantOperand(index).asInt32()), value);
+    } else
+        convertInt32ToDouble(addressFor(index), value);
+}
+
+ALWAYS_INLINE JIT::Jump JIT::emitJumpIfImmediateInteger(RegisterID reg)
+{
+    return branch64(AboveOrEqual, reg, tagTypeNumberRegister);
+}
+
+ALWAYS_INLINE JIT::Jump JIT::emitJumpIfNotImmediateInteger(RegisterID reg)
+{
+    return branch64(Below, reg, tagTypeNumberRegister);
+}
+
+ALWAYS_INLINE JIT::Jump JIT::emitJumpIfNotImmediateIntegers(RegisterID reg1, RegisterID reg2, RegisterID scratch)
+{
+    move(reg1, scratch);
+    and64(reg2, scratch);
+    return emitJumpIfNotImmediateInteger(scratch);
+}
+
+ALWAYS_INLINE void JIT::emitJumpSlowCaseIfNotImmediateInteger(RegisterID reg)
+{
+    addSlowCase(emitJumpIfNotImmediateInteger(reg));
+}
+
+ALWAYS_INLINE void JIT::emitJumpSlowCaseIfNotImmediateIntegers(RegisterID reg1, RegisterID reg2, RegisterID scratch)
+{
+    addSlowCase(emitJumpIfNotImmediateIntegers(reg1, reg2, scratch));
+}
+
+ALWAYS_INLINE void JIT::emitJumpSlowCaseIfNotImmediateNumber(RegisterID reg)
+{
+    addSlowCase(emitJumpIfNotImmediateNumber(reg));
+}
+
+ALWAYS_INLINE void JIT::emitFastArithReTagImmediate(RegisterID src, RegisterID dest)
+{
+    emitFastArithIntToImmNoCheck(src, dest);
+}
+
+// operand is int32_t, must have been zero-extended if register is 64-bit.
+ALWAYS_INLINE void JIT::emitFastArithIntToImmNoCheck(RegisterID src, RegisterID dest)
+{
+    if (src != dest)
+        move(src, dest);
+    or64(tagTypeNumberRegister, dest);
+}
+
+ALWAYS_INLINE void JIT::emitTagAsBoolImmediate(RegisterID reg)
+{
+    or32(TrustedImm32(static_cast<int32_t>(ValueFalse)), reg);
+}
+
+#endif // USE(JSVALUE32_64)
+
+} // namespace JSC
+
+#endif // ENABLE(JIT)
+
+#endif
diff --git a/Source/JavaScriptCore/jit/JITInlines.h b/Source/JavaScriptCore/jit/JITInlines.h
deleted file mode 100644
index e6f95b94c..000000000
--- a/Source/JavaScriptCore/jit/JITInlines.h
+++ /dev/null
@@ -1,1013 +0,0 @@
-/*
- * Copyright (C) 2008, 2012 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
- */
-
-#ifndef JITInlines_h
-#define JITInlines_h
-
-
-#if ENABLE(JIT)
-
-namespace JSC {
-
-ALWAYS_INLINE bool JIT::isOperandConstantImmediateDouble(unsigned src)
-{
-    return m_codeBlock->isConstantRegisterIndex(src) && getConstantOperand(src).isDouble();
-}
-
-ALWAYS_INLINE JSValue JIT::getConstantOperand(unsigned src)
-{
-    ASSERT(m_codeBlock->isConstantRegisterIndex(src));
-    return m_codeBlock->getConstant(src);
-}
-
-ALWAYS_INLINE void JIT::emitPutCellToCallFrameHeader(RegisterID from, JSStack::CallFrameHeaderEntry entry)
-{
-#if USE(JSVALUE32_64)
-    store32(TrustedImm32(JSValue::CellTag), tagFor(entry, callFrameRegister));
-    store32(from, payloadFor(entry, callFrameRegister));
-#else
-    store64(from, addressFor(entry, callFrameRegister));
-#endif
-}
-
-ALWAYS_INLINE void JIT::emitPutIntToCallFrameHeader(RegisterID from, JSStack::CallFrameHeaderEntry entry)
-{
-#if USE(JSVALUE32_64)
-    store32(TrustedImm32(Int32Tag), intTagFor(entry, callFrameRegister));
-    store32(from, intPayloadFor(entry, callFrameRegister));
-#else
-    store64(from, addressFor(entry, callFrameRegister));
-#endif
-}
-
-ALWAYS_INLINE void JIT::emitPutToCallFrameHeader(RegisterID from, JSStack::CallFrameHeaderEntry entry)
-{
-#if USE(JSVALUE32_64)
-    storePtr(from, payloadFor(entry, callFrameRegister));
-#else
-    store64(from, addressFor(entry, callFrameRegister));
-#endif
-}
-
-ALWAYS_INLINE void JIT::emitPutImmediateToCallFrameHeader(void* value, JSStack::CallFrameHeaderEntry entry)
-{
-    storePtr(TrustedImmPtr(value), Address(callFrameRegister, entry * sizeof(Register)));
-}
-
-ALWAYS_INLINE void JIT::emitGetFromCallFrameHeaderPtr(JSStack::CallFrameHeaderEntry entry, RegisterID to, RegisterID from)
-{
-    loadPtr(Address(from, entry * sizeof(Register)), to);
-#if USE(JSVALUE64)
-    killLastResultRegister();
-#endif
-}
-
-ALWAYS_INLINE void JIT::emitGetFromCallFrameHeader32(JSStack::CallFrameHeaderEntry entry, RegisterID to, RegisterID from)
-{
-    load32(Address(from, entry * sizeof(Register)), to);
-#if USE(JSVALUE64)
-    killLastResultRegister();
-#endif
-}
-
-#if USE(JSVALUE64)
-ALWAYS_INLINE void JIT::emitGetFromCallFrameHeader64(JSStack::CallFrameHeaderEntry entry, RegisterID to, RegisterID from)
-{
-    load64(Address(from, entry * sizeof(Register)), to);
-    killLastResultRegister();
-}
-#endif
-
-ALWAYS_INLINE void JIT::emitLoadCharacterString(RegisterID src, RegisterID dst, JumpList& failures)
-{
-    failures.append(branchPtr(NotEqual, Address(src, JSCell::structureOffset()), TrustedImmPtr(m_globalData->stringStructure.get())));
-    failures.append(branch32(NotEqual, MacroAssembler::Address(src, ThunkHelpers::jsStringLengthOffset()), TrustedImm32(1)));
-    loadPtr(MacroAssembler::Address(src, ThunkHelpers::jsStringValueOffset()), dst);
-    failures.append(branchTest32(Zero, dst));
-    loadPtr(MacroAssembler::Address(dst, ThunkHelpers::stringImplFlagsOffset()), regT1);
-    loadPtr(MacroAssembler::Address(dst, ThunkHelpers::stringImplDataOffset()), dst);
-
-    JumpList is16Bit;
-    JumpList cont8Bit;
-    is16Bit.append(branchTest32(Zero, regT1, TrustedImm32(ThunkHelpers::stringImpl8BitFlag())));
-    load8(MacroAssembler::Address(dst, 0), dst);
-    cont8Bit.append(jump());
-    is16Bit.link(this);
-    load16(MacroAssembler::Address(dst, 0), dst);
-    cont8Bit.link(this);
-}
-
-ALWAYS_INLINE JIT::Call JIT::emitNakedCall(CodePtr function)
-{
-    ASSERT(m_bytecodeOffset != (unsigned)-1); // This method should only be called during hot/cold path generation, so that m_bytecodeOffset is set.
-
-    Call nakedCall = nearCall();
-    m_calls.append(CallRecord(nakedCall, m_bytecodeOffset, function.executableAddress()));
-    return nakedCall;
-}
-
-ALWAYS_INLINE bool JIT::atJumpTarget()
-{
-    while (m_jumpTargetsPosition < m_codeBlock->numberOfJumpTargets() && m_codeBlock->jumpTarget(m_jumpTargetsPosition) <= m_bytecodeOffset) {
-        if (m_codeBlock->jumpTarget(m_jumpTargetsPosition) == m_bytecodeOffset)
-            return true;
-        ++m_jumpTargetsPosition;
-    }
-    return false;
-}
-
-#if defined(ASSEMBLER_HAS_CONSTANT_POOL) && ASSEMBLER_HAS_CONSTANT_POOL
-
-ALWAYS_INLINE void JIT::beginUninterruptedSequence(int insnSpace, int constSpace)
-{
-#if CPU(ARM_TRADITIONAL)
-#ifndef NDEBUG
-    // Ensure the label after the sequence can also fit
-    insnSpace += sizeof(ARMWord);
-    constSpace += sizeof(uint64_t);
-#endif
-
-    ensureSpace(insnSpace, constSpace);
-
-#elif CPU(SH4)
-#ifndef NDEBUG
-    insnSpace += sizeof(SH4Word);
-    constSpace += sizeof(uint64_t);
-#endif
-
-    m_assembler.ensureSpace(insnSpace + m_assembler.maxInstructionSize + 2, constSpace + 8);
-#endif
-
-#if defined(ASSEMBLER_HAS_CONSTANT_POOL) && ASSEMBLER_HAS_CONSTANT_POOL
-#ifndef NDEBUG
-    m_uninterruptedInstructionSequenceBegin = label();
-    m_uninterruptedConstantSequenceBegin = sizeOfConstantPool();
-#endif
-#endif
-}
-
-ALWAYS_INLINE void JIT::endUninterruptedSequence(int insnSpace, int constSpace, int dst)
-{
-    UNUSED_PARAM(dst);
-#if defined(ASSEMBLER_HAS_CONSTANT_POOL) && ASSEMBLER_HAS_CONSTANT_POOL
-    /* There are several cases when the uninterrupted sequence is larger than
-     * maximum required offset for pathing the same sequence. Eg.: if in a
-     * uninterrupted sequence the last macroassembler's instruction is a stub
-     * call, it emits store instruction(s) which should not be included in the
-     * calculation of length of uninterrupted sequence. So, the insnSpace and
-     * constSpace should be upper limit instead of hard limit.
-     */
-#if CPU(SH4)
-    if ((dst > 15) || (dst < -16)) {
-        insnSpace += 8;
-        constSpace += 2;
-    }
-
-    if (((dst >= -16) && (dst < 0)) || ((dst > 7) && (dst <= 15)))
-        insnSpace += 8;
-#endif
-    ASSERT(differenceBetween(m_uninterruptedInstructionSequenceBegin, label()) <= insnSpace);
-    ASSERT(sizeOfConstantPool() - m_uninterruptedConstantSequenceBegin <= constSpace);
-#endif
-}
-
-#endif
-
-#if CPU(ARM)
-
-ALWAYS_INLINE void JIT::preserveReturnAddressAfterCall(RegisterID reg)
-{
-    move(linkRegister, reg);
-}
-
-ALWAYS_INLINE void JIT::restoreReturnAddressBeforeReturn(RegisterID reg)
-{
-    move(reg, linkRegister);
-}
-
-ALWAYS_INLINE void JIT::restoreReturnAddressBeforeReturn(Address address)
-{
-    loadPtr(address, linkRegister);
-}
-#elif CPU(SH4)
-
-ALWAYS_INLINE void JIT::preserveReturnAddressAfterCall(RegisterID reg)
-{
-    m_assembler.stspr(reg);
-}
-
-ALWAYS_INLINE void JIT::restoreReturnAddressBeforeReturn(RegisterID reg)
-{
-    m_assembler.ldspr(reg);
-}
-
-ALWAYS_INLINE void JIT::restoreReturnAddressBeforeReturn(Address address)
-{
-    loadPtrLinkReg(address);
-}
-
-#elif CPU(MIPS)
-
-ALWAYS_INLINE void JIT::preserveReturnAddressAfterCall(RegisterID reg)
-{
-    move(returnAddressRegister, reg);
-}
-
-ALWAYS_INLINE void JIT::restoreReturnAddressBeforeReturn(RegisterID reg)
-{
-    move(reg, returnAddressRegister);
-}
-
-ALWAYS_INLINE void JIT::restoreReturnAddressBeforeReturn(Address address)
-{
-    loadPtr(address, returnAddressRegister);
-}
-
-#else // CPU(X86) || CPU(X86_64)
-
-ALWAYS_INLINE void JIT::preserveReturnAddressAfterCall(RegisterID reg)
-{
-    pop(reg);
-}
-
-ALWAYS_INLINE void JIT::restoreReturnAddressBeforeReturn(RegisterID reg)
-{
-    push(reg);
-}
-
-ALWAYS_INLINE void JIT::restoreReturnAddressBeforeReturn(Address address)
-{
-    push(address);
-}
-
-#endif
-
-ALWAYS_INLINE void JIT::restoreArgumentReference()
-{
-    move(stackPointerRegister, firstArgumentRegister);
-    poke(callFrameRegister, OBJECT_OFFSETOF(struct JITStackFrame, callFrame) / sizeof(void*));
-}
-
-ALWAYS_INLINE void JIT::updateTopCallFrame()
-{
-    ASSERT(static_cast<int>(m_bytecodeOffset) >= 0);
-    if (m_bytecodeOffset) {
-#if USE(JSVALUE32_64)
-        storePtr(TrustedImmPtr(m_codeBlock->instructions().begin() + m_bytecodeOffset + 1), intTagFor(JSStack::ArgumentCount));
-#else
-        store32(TrustedImm32(m_bytecodeOffset + 1), intTagFor(JSStack::ArgumentCount));
-#endif
-    }
-    storePtr(callFrameRegister, &m_globalData->topCallFrame);
-}
-
-ALWAYS_INLINE void JIT::restoreArgumentReferenceForTrampoline()
-{
-#if CPU(X86)
-    // Within a trampoline the return address will be on the stack at this point.
-    addPtr(TrustedImm32(sizeof(void*)), stackPointerRegister, firstArgumentRegister);
-#elif CPU(ARM)
-    move(stackPointerRegister, firstArgumentRegister);
-#elif CPU(SH4)
-    move(stackPointerRegister, firstArgumentRegister);
-#endif
-    // In the trampoline on x86-64, the first argument register is not overwritten.
-}
-
-ALWAYS_INLINE JIT::Jump JIT::checkStructure(RegisterID reg, Structure* structure)
-{
-    return branchPtr(NotEqual, Address(reg, JSCell::structureOffset()), TrustedImmPtr(structure));
-}
-
-ALWAYS_INLINE void JIT::linkSlowCaseIfNotJSCell(Vector<SlowCaseEntry>::iterator& iter, int vReg)
-{
-    if (!m_codeBlock->isKnownNotImmediate(vReg))
-        linkSlowCase(iter);
-}
-
-ALWAYS_INLINE void JIT::addSlowCase(Jump jump)
-{
-    ASSERT(m_bytecodeOffset != (unsigned)-1); // This method should only be called during hot/cold path generation, so that m_bytecodeOffset is set.
-
-    m_slowCases.append(SlowCaseEntry(jump, m_bytecodeOffset));
-}
-
-ALWAYS_INLINE void JIT::addSlowCase(JumpList jumpList)
-{
-    ASSERT(m_bytecodeOffset != (unsigned)-1); // This method should only be called during hot/cold path generation, so that m_bytecodeOffset is set.
-
-    const JumpList::JumpVector& jumpVector = jumpList.jumps();
-    size_t size = jumpVector.size();
-    for (size_t i = 0; i < size; ++i)
-        m_slowCases.append(SlowCaseEntry(jumpVector[i], m_bytecodeOffset));
-}
-
-ALWAYS_INLINE void JIT::addSlowCase()
-{
-    ASSERT(m_bytecodeOffset != (unsigned)-1); // This method should only be called during hot/cold path generation, so that m_bytecodeOffset is set.
-    
-    Jump emptyJump; // Doing it this way to make Windows happy.
-    m_slowCases.append(SlowCaseEntry(emptyJump, m_bytecodeOffset));
-}
-
-ALWAYS_INLINE void JIT::addJump(Jump jump, int relativeOffset)
-{
-    ASSERT(m_bytecodeOffset != (unsigned)-1); // This method should only be called during hot/cold path generation, so that m_bytecodeOffset is set.
-
-    m_jmpTable.append(JumpTable(jump, m_bytecodeOffset + relativeOffset));
-}
-
-ALWAYS_INLINE void JIT::emitJumpSlowToHot(Jump jump, int relativeOffset)
-{
-    ASSERT(m_bytecodeOffset != (unsigned)-1); // This method should only be called during hot/cold path generation, so that m_bytecodeOffset is set.
-
-    jump.linkTo(m_labels[m_bytecodeOffset + relativeOffset], this);
-}
-
-ALWAYS_INLINE JIT::Jump JIT::emitJumpIfNotObject(RegisterID structureReg)
-{
-    return branch8(Below, Address(structureReg, Structure::typeInfoTypeOffset()), TrustedImm32(ObjectType));
-}
-
-ALWAYS_INLINE JIT::Jump JIT::emitJumpIfNotType(RegisterID baseReg, RegisterID scratchReg, JSType type)
-{
-    loadPtr(Address(baseReg, JSCell::structureOffset()), scratchReg);
-    return branch8(NotEqual, Address(scratchReg, Structure::typeInfoTypeOffset()), TrustedImm32(type));
-}
-
-#if ENABLE(SAMPLING_FLAGS)
-ALWAYS_INLINE void JIT::setSamplingFlag(int32_t flag)
-{
-    ASSERT(flag >= 1);
-    ASSERT(flag <= 32);
-    or32(TrustedImm32(1u << (flag - 1)), AbsoluteAddress(SamplingFlags::addressOfFlags()));
-}
-
-ALWAYS_INLINE void JIT::clearSamplingFlag(int32_t flag)
-{
-    ASSERT(flag >= 1);
-    ASSERT(flag <= 32);
-    and32(TrustedImm32(~(1u << (flag - 1))), AbsoluteAddress(SamplingFlags::addressOfFlags()));
-}
-#endif
-
-#if ENABLE(SAMPLING_COUNTERS)
-ALWAYS_INLINE void JIT::emitCount(AbstractSamplingCounter& counter, int32_t count)
-{
-    add64(TrustedImm32(count), AbsoluteAddress(counter.addressOfCounter()));
-}
-#endif
-
-#if ENABLE(OPCODE_SAMPLING)
-#if CPU(X86_64)
-ALWAYS_INLINE void JIT::sampleInstruction(Instruction* instruction, bool inHostFunction)
-{
-    move(TrustedImmPtr(m_interpreter->sampler()->sampleSlot()), X86Registers::ecx);
-    storePtr(TrustedImmPtr(m_interpreter->sampler()->encodeSample(instruction, inHostFunction)), X86Registers::ecx);
-}
-#else
-ALWAYS_INLINE void JIT::sampleInstruction(Instruction* instruction, bool inHostFunction)
-{
-    storePtr(TrustedImmPtr(m_interpreter->sampler()->encodeSample(instruction, inHostFunction)), m_interpreter->sampler()->sampleSlot());
-}
-#endif
-#endif
-
-#if ENABLE(CODEBLOCK_SAMPLING)
-#if CPU(X86_64)
-ALWAYS_INLINE void JIT::sampleCodeBlock(CodeBlock* codeBlock)
-{
-    move(TrustedImmPtr(m_interpreter->sampler()->codeBlockSlot()), X86Registers::ecx);
-    storePtr(TrustedImmPtr(codeBlock), X86Registers::ecx);
-}
-#else
-ALWAYS_INLINE void JIT::sampleCodeBlock(CodeBlock* codeBlock)
-{
-    storePtr(TrustedImmPtr(codeBlock), m_interpreter->sampler()->codeBlockSlot());
-}
-#endif
-#endif
-
-ALWAYS_INLINE bool JIT::isOperandConstantImmediateChar(unsigned src)
-{
-    return m_codeBlock->isConstantRegisterIndex(src) && getConstantOperand(src).isString() && asString(getConstantOperand(src).asCell())->length() == 1;
-}
-
-template <typename ClassType, MarkedBlock::DestructorType destructorType, typename StructureType> inline void JIT::emitAllocateBasicJSObject(StructureType structure, RegisterID result, RegisterID storagePtr)
-{
-    size_t size = ClassType::allocationSize(INLINE_STORAGE_CAPACITY);
-    MarkedAllocator* allocator = 0;
-    if (destructorType == MarkedBlock::Normal)
-        allocator = &m_globalData->heap.allocatorForObjectWithNormalDestructor(size);
-    else if (destructorType == MarkedBlock::ImmortalStructure)
-        allocator = &m_globalData->heap.allocatorForObjectWithImmortalStructureDestructor(size);
-    else
-        allocator = &m_globalData->heap.allocatorForObjectWithoutDestructor(size);
-    loadPtr(&allocator->m_freeList.head, result);
-    addSlowCase(branchTestPtr(Zero, result));
-
-    // remove the object from the free list
-    loadPtr(Address(result), storagePtr);
-    storePtr(storagePtr, &allocator->m_freeList.head);
-
-    // initialize the object's structure
-    storePtr(structure, Address(result, JSCell::structureOffset()));
-
-    // initialize the object's property storage pointer
-    storePtr(TrustedImmPtr(0), Address(result, JSObject::butterflyOffset()));
-}
-
-template <typename T> inline void JIT::emitAllocateJSFinalObject(T structure, RegisterID result, RegisterID scratch)
-{
-    emitAllocateBasicJSObject<JSFinalObject, MarkedBlock::None, T>(structure, result, scratch);
-}
-
-#if ENABLE(VALUE_PROFILER)
-inline void JIT::emitValueProfilingSite(ValueProfile* valueProfile)
-{
-    ASSERT(shouldEmitProfiling());
-    ASSERT(valueProfile);
-
-    const RegisterID value = regT0;
-#if USE(JSVALUE32_64)
-    const RegisterID valueTag = regT1;
-#endif
-    const RegisterID scratch = regT3;
-    
-    if (ValueProfile::numberOfBuckets == 1) {
-        // We're in a simple configuration: only one bucket, so we can just do a direct
-        // store.
-#if USE(JSVALUE64)
-        store64(value, valueProfile->m_buckets);
-#else
-        EncodedValueDescriptor* descriptor = bitwise_cast<EncodedValueDescriptor*>(valueProfile->m_buckets);
-        store32(value, &descriptor->asBits.payload);
-        store32(valueTag, &descriptor->asBits.tag);
-#endif
-        return;
-    }
-    
-    if (m_randomGenerator.getUint32() & 1)
-        add32(TrustedImm32(1), bucketCounterRegister);
-    else
-        add32(TrustedImm32(3), bucketCounterRegister);
-    and32(TrustedImm32(ValueProfile::bucketIndexMask), bucketCounterRegister);
-    move(TrustedImmPtr(valueProfile->m_buckets), scratch);
-#if USE(JSVALUE64)
-    store64(value, BaseIndex(scratch, bucketCounterRegister, TimesEight));
-#elif USE(JSVALUE32_64)
-    store32(value, BaseIndex(scratch, bucketCounterRegister, TimesEight, OBJECT_OFFSETOF(JSValue, u.asBits.payload)));
-    store32(valueTag, BaseIndex(scratch, bucketCounterRegister, TimesEight, OBJECT_OFFSETOF(JSValue, u.asBits.tag)));
-#endif
-}
-
-inline void JIT::emitValueProfilingSite(unsigned bytecodeOffset)
-{
-    if (!shouldEmitProfiling())
-        return;
-    emitValueProfilingSite(m_codeBlock->valueProfileForBytecodeOffset(bytecodeOffset));
-}
-
-inline void JIT::emitValueProfilingSite()
-{
-    emitValueProfilingSite(m_bytecodeOffset);
-}
-#endif // ENABLE(VALUE_PROFILER)
-
-inline void JIT::emitArrayProfilingSite(RegisterID structureAndIndexingType, RegisterID scratch, ArrayProfile* arrayProfile)
-{
-    UNUSED_PARAM(scratch); // We had found this scratch register useful here before, so I will keep it for now.
-    
-    RegisterID structure = structureAndIndexingType;
-    RegisterID indexingType = structureAndIndexingType;
-    
-    if (canBeOptimized())
-        storePtr(structure, arrayProfile->addressOfLastSeenStructure());
-
-    load8(Address(structure, Structure::indexingTypeOffset()), indexingType);
-}
-
-inline void JIT::emitArrayProfilingSiteForBytecodeIndex(RegisterID structureAndIndexingType, RegisterID scratch, unsigned bytecodeIndex)
-{
-#if ENABLE(VALUE_PROFILER)
-    emitArrayProfilingSite(structureAndIndexingType, scratch, m_codeBlock->getOrAddArrayProfile(bytecodeIndex));
-#else
-    UNUSED_PARAM(bytecodeIndex);
-    emitArrayProfilingSite(structureAndIndexingType, scratch, 0);
-#endif
-}
-
-inline void JIT::emitArrayProfileStoreToHoleSpecialCase(ArrayProfile* arrayProfile)
-{
-#if ENABLE(VALUE_PROFILER)    
-    store8(TrustedImm32(1), arrayProfile->addressOfMayStoreToHole());
-#else
-    UNUSED_PARAM(arrayProfile);
-#endif
-}
-
-static inline bool arrayProfileSaw(ArrayModes arrayModes, IndexingType capability)
-{
-#if ENABLE(VALUE_PROFILER)
-    return arrayModesInclude(arrayModes, capability);
-#else
-    UNUSED_PARAM(arrayModes);
-    UNUSED_PARAM(capability);
-    return false;
-#endif
-}
-
-inline JITArrayMode JIT::chooseArrayMode(ArrayProfile* profile)
-{
-#if ENABLE(VALUE_PROFILER)        
-    profile->computeUpdatedPrediction(m_codeBlock);
-    ArrayModes arrayModes = profile->observedArrayModes();
-    if (arrayProfileSaw(arrayModes, DoubleShape))
-        return JITDouble;
-    if (arrayProfileSaw(arrayModes, Int32Shape))
-        return JITInt32;
-    if (arrayProfileSaw(arrayModes, ArrayStorageShape))
-        return JITArrayStorage;
-    return JITContiguous;
-#else
-    UNUSED_PARAM(profile);
-    return JITContiguous;
-#endif
-}
-
-#if USE(JSVALUE32_64)
-
-inline void JIT::emitLoadTag(int index, RegisterID tag)
-{
-    RegisterID mappedTag;
-    if (getMappedTag(index, mappedTag)) {
-        move(mappedTag, tag);
-        unmap(tag);
-        return;
-    }
-
-    if (m_codeBlock->isConstantRegisterIndex(index)) {
-        move(Imm32(getConstantOperand(index).tag()), tag);
-        unmap(tag);
-        return;
-    }
-
-    load32(tagFor(index), tag);
-    unmap(tag);
-}
-
-inline void JIT::emitLoadPayload(int index, RegisterID payload)
-{
-    RegisterID mappedPayload;
-    if (getMappedPayload(index, mappedPayload)) {
-        move(mappedPayload, payload);
-        unmap(payload);
-        return;
-    }
-
-    if (m_codeBlock->isConstantRegisterIndex(index)) {
-        move(Imm32(getConstantOperand(index).payload()), payload);
-        unmap(payload);
-        return;
-    }
-
-    load32(payloadFor(index), payload);
-    unmap(payload);
-}
-
-inline void JIT::emitLoad(const JSValue& v, RegisterID tag, RegisterID payload)
-{
-    move(Imm32(v.payload()), payload);
-    move(Imm32(v.tag()), tag);
-}
-
-inline void JIT::emitLoad(int index, RegisterID tag, RegisterID payload, RegisterID base)
-{
-    ASSERT(tag != payload);
-
-    if (base == callFrameRegister) {
-        ASSERT(payload != base);
-        emitLoadPayload(index, payload);
-        emitLoadTag(index, tag);
-        return;
-    }
-
-    if (payload == base) { // avoid stomping base
-        load32(tagFor(index, base), tag);
-        load32(payloadFor(index, base), payload);
-        return;
-    }
-
-    load32(payloadFor(index, base), payload);
-    load32(tagFor(index, base), tag);
-}
-
-inline void JIT::emitLoad2(int index1, RegisterID tag1, RegisterID payload1, int index2, RegisterID tag2, RegisterID payload2)
-{
-    if (isMapped(index1)) {
-        emitLoad(index1, tag1, payload1);
-        emitLoad(index2, tag2, payload2);
-        return;
-    }
-    emitLoad(index2, tag2, payload2);
-    emitLoad(index1, tag1, payload1);
-}
-
-inline void JIT::emitLoadDouble(int index, FPRegisterID value)
-{
-    if (m_codeBlock->isConstantRegisterIndex(index)) {
-        WriteBarrier<Unknown>& inConstantPool = m_codeBlock->constantRegister(index);
-        loadDouble(&inConstantPool, value);
-    } else
-        loadDouble(addressFor(index), value);
-}
-
-inline void JIT::emitLoadInt32ToDouble(int index, FPRegisterID value)
-{
-    if (m_codeBlock->isConstantRegisterIndex(index)) {
-        WriteBarrier<Unknown>& inConstantPool = m_codeBlock->constantRegister(index);
-        char* bytePointer = reinterpret_cast<char*>(&inConstantPool);
-        convertInt32ToDouble(AbsoluteAddress(bytePointer + OBJECT_OFFSETOF(JSValue, u.asBits.payload)), value);
-    } else
-        convertInt32ToDouble(payloadFor(index), value);
-}
-
-inline void JIT::emitStore(int index, RegisterID tag, RegisterID payload, RegisterID base)
-{
-    store32(payload, payloadFor(index, base));
-    store32(tag, tagFor(index, base));
-}
-
-inline void JIT::emitStoreInt32(int index, RegisterID payload, bool indexIsInt32)
-{
-    store32(payload, payloadFor(index, callFrameRegister));
-    if (!indexIsInt32)
-        store32(TrustedImm32(JSValue::Int32Tag), tagFor(index, callFrameRegister));
-}
-
-inline void JIT::emitStoreAndMapInt32(int index, RegisterID tag, RegisterID payload, bool indexIsInt32, size_t opcodeLength)
-{
-    emitStoreInt32(index, payload, indexIsInt32);
-    map(m_bytecodeOffset + opcodeLength, index, tag, payload);
-}
-
-inline void JIT::emitStoreInt32(int index, TrustedImm32 payload, bool indexIsInt32)
-{
-    store32(payload, payloadFor(index, callFrameRegister));
-    if (!indexIsInt32)
-        store32(TrustedImm32(JSValue::Int32Tag), tagFor(index, callFrameRegister));
-}
-
-inline void JIT::emitStoreCell(int index, RegisterID payload, bool indexIsCell)
-{
-    store32(payload, payloadFor(index, callFrameRegister));
-    if (!indexIsCell)
-        store32(TrustedImm32(JSValue::CellTag), tagFor(index, callFrameRegister));
-}
-
-inline void JIT::emitStoreBool(int index, RegisterID payload, bool indexIsBool)
-{
-    store32(payload, payloadFor(index, callFrameRegister));
-    if (!indexIsBool)
-        store32(TrustedImm32(JSValue::BooleanTag), tagFor(index, callFrameRegister));
-}
-
-inline void JIT::emitStoreDouble(int index, FPRegisterID value)
-{
-    storeDouble(value, addressFor(index));
-}
-
-inline void JIT::emitStore(int index, const JSValue constant, RegisterID base)
-{
-    store32(Imm32(constant.payload()), payloadFor(index, base));
-    store32(Imm32(constant.tag()), tagFor(index, base));
-}
-
-ALWAYS_INLINE void JIT::emitInitRegister(unsigned dst)
-{
-    emitStore(dst, jsUndefined());
-}
-
-inline bool JIT::isLabeled(unsigned bytecodeOffset)
-{
-    for (size_t numberOfJumpTargets = m_codeBlock->numberOfJumpTargets(); m_jumpTargetIndex != numberOfJumpTargets; ++m_jumpTargetIndex) {
-        unsigned jumpTarget = m_codeBlock->jumpTarget(m_jumpTargetIndex);
-        if (jumpTarget == bytecodeOffset)
-            return true;
-        if (jumpTarget > bytecodeOffset)
-            return false;
-    }
-    return false;
-}
-
-inline void JIT::map(unsigned bytecodeOffset, int virtualRegisterIndex, RegisterID tag, RegisterID payload)
-{
-    if (isLabeled(bytecodeOffset))
-        return;
-
-    m_mappedBytecodeOffset = bytecodeOffset;
-    m_mappedVirtualRegisterIndex = virtualRegisterIndex;
-    m_mappedTag = tag;
-    m_mappedPayload = payload;
-    
-    ASSERT(!canBeOptimized() || m_mappedPayload == regT0);
-    ASSERT(!canBeOptimized() || m_mappedTag == regT1);
-}
-
-inline void JIT::unmap(RegisterID registerID)
-{
-    if (m_mappedTag == registerID)
-        m_mappedTag = (RegisterID)-1;
-    else if (m_mappedPayload == registerID)
-        m_mappedPayload = (RegisterID)-1;
-}
-
-inline void JIT::unmap()
-{
-    m_mappedBytecodeOffset = (unsigned)-1;
-    m_mappedVirtualRegisterIndex = JSStack::ReturnPC;
-    m_mappedTag = (RegisterID)-1;
-    m_mappedPayload = (RegisterID)-1;
-}
-
-inline bool JIT::isMapped(int virtualRegisterIndex)
-{
-    if (m_mappedBytecodeOffset != m_bytecodeOffset)
-        return false;
-    if (m_mappedVirtualRegisterIndex != virtualRegisterIndex)
-        return false;
-    return true;
-}
-
-inline bool JIT::getMappedPayload(int virtualRegisterIndex, RegisterID& payload)
-{
-    if (m_mappedBytecodeOffset != m_bytecodeOffset)
-        return false;
-    if (m_mappedVirtualRegisterIndex != virtualRegisterIndex)
-        return false;
-    if (m_mappedPayload == (RegisterID)-1)
-        return false;
-    payload = m_mappedPayload;
-    return true;
-}
-
-inline bool JIT::getMappedTag(int virtualRegisterIndex, RegisterID& tag)
-{
-    if (m_mappedBytecodeOffset != m_bytecodeOffset)
-        return false;
-    if (m_mappedVirtualRegisterIndex != virtualRegisterIndex)
-        return false;
-    if (m_mappedTag == (RegisterID)-1)
-        return false;
-    tag = m_mappedTag;
-    return true;
-}
-
-inline void JIT::emitJumpSlowCaseIfNotJSCell(int virtualRegisterIndex)
-{
-    if (!m_codeBlock->isKnownNotImmediate(virtualRegisterIndex)) {
-        if (m_codeBlock->isConstantRegisterIndex(virtualRegisterIndex))
-            addSlowCase(jump());
-        else
-            addSlowCase(emitJumpIfNotJSCell(virtualRegisterIndex));
-    }
-}
-
-inline void JIT::emitJumpSlowCaseIfNotJSCell(int virtualRegisterIndex, RegisterID tag)
-{
-    if (!m_codeBlock->isKnownNotImmediate(virtualRegisterIndex)) {
-        if (m_codeBlock->isConstantRegisterIndex(virtualRegisterIndex))
-            addSlowCase(jump());
-        else
-            addSlowCase(branch32(NotEqual, tag, TrustedImm32(JSValue::CellTag)));
-    }
-}
-
-ALWAYS_INLINE bool JIT::isOperandConstantImmediateInt(unsigned src)
-{
-    return m_codeBlock->isConstantRegisterIndex(src) && getConstantOperand(src).isInt32();
-}
-
-ALWAYS_INLINE bool JIT::getOperandConstantImmediateInt(unsigned op1, unsigned op2, unsigned& op, int32_t& constant)
-{
-    if (isOperandConstantImmediateInt(op1)) {
-        constant = getConstantOperand(op1).asInt32();
-        op = op2;
-        return true;
-    }
-
-    if (isOperandConstantImmediateInt(op2)) {
-        constant = getConstantOperand(op2).asInt32();
-        op = op1;
-        return true;
-    }
-    
-    return false;
-}
-
-#else // USE(JSVALUE32_64)
-
-/* Deprecated: Please use JITStubCall instead. */
-
-ALWAYS_INLINE void JIT::emitGetJITStubArg(unsigned argumentNumber, RegisterID dst)
-{
-    unsigned argumentStackOffset = (argumentNumber * (sizeof(JSValue) / sizeof(void*))) + JITSTACKFRAME_ARGS_INDEX;
-    peek64(dst, argumentStackOffset);
-}
-
-ALWAYS_INLINE void JIT::killLastResultRegister()
-{
-    m_lastResultBytecodeRegister = std::numeric_limits<int>::max();
-}
-
-// get arg puts an arg from the SF register array into a h/w register
-ALWAYS_INLINE void JIT::emitGetVirtualRegister(int src, RegisterID dst)
-{
-    ASSERT(m_bytecodeOffset != (unsigned)-1); // This method should only be called during hot/cold path generation, so that m_bytecodeOffset is set.
-
-    // TODO: we want to reuse values that are already in registers if we can - add a register allocator!
-    if (m_codeBlock->isConstantRegisterIndex(src)) {
-        JSValue value = m_codeBlock->getConstant(src);
-        if (!value.isNumber())
-            move(TrustedImm64(JSValue::encode(value)), dst);
-        else
-            move(Imm64(JSValue::encode(value)), dst);
-        killLastResultRegister();
-        return;
-    }
-
-    if (src == m_lastResultBytecodeRegister && m_codeBlock->isTemporaryRegisterIndex(src) && !atJumpTarget()) {
-        // The argument we want is already stored in eax
-        if (dst != cachedResultRegister)
-            move(cachedResultRegister, dst);
-        killLastResultRegister();
-        return;
-    }
-
-    load64(Address(callFrameRegister, src * sizeof(Register)), dst);
-    killLastResultRegister();
-}
-
-ALWAYS_INLINE void JIT::emitGetVirtualRegisters(int src1, RegisterID dst1, int src2, RegisterID dst2)
-{
-    if (src2 == m_lastResultBytecodeRegister) {
-        emitGetVirtualRegister(src2, dst2);
-        emitGetVirtualRegister(src1, dst1);
-    } else {
-        emitGetVirtualRegister(src1, dst1);
-        emitGetVirtualRegister(src2, dst2);
-    }
-}
-
-ALWAYS_INLINE int32_t JIT::getConstantOperandImmediateInt(unsigned src)
-{
-    return getConstantOperand(src).asInt32();
-}
-
-ALWAYS_INLINE bool JIT::isOperandConstantImmediateInt(unsigned src)
-{
-    return m_codeBlock->isConstantRegisterIndex(src) && getConstantOperand(src).isInt32();
-}
-
-ALWAYS_INLINE void JIT::emitPutVirtualRegister(unsigned dst, RegisterID from)
-{
-    store64(from, Address(callFrameRegister, dst * sizeof(Register)));
-    m_lastResultBytecodeRegister = (from == cachedResultRegister) ? static_cast<int>(dst) : std::numeric_limits<int>::max();
-}
-
-ALWAYS_INLINE void JIT::emitInitRegister(unsigned dst)
-{
-    store64(TrustedImm64(JSValue::encode(jsUndefined())), Address(callFrameRegister, dst * sizeof(Register)));
-}
-
-ALWAYS_INLINE JIT::Jump JIT::emitJumpIfJSCell(RegisterID reg)
-{
-    return branchTest64(Zero, reg, tagMaskRegister);
-}
-
-ALWAYS_INLINE JIT::Jump JIT::emitJumpIfBothJSCells(RegisterID reg1, RegisterID reg2, RegisterID scratch)
-{
-    move(reg1, scratch);
-    or64(reg2, scratch);
-    return emitJumpIfJSCell(scratch);
-}
-
-ALWAYS_INLINE void JIT::emitJumpSlowCaseIfJSCell(RegisterID reg)
-{
-    addSlowCase(emitJumpIfJSCell(reg));
-}
-
-ALWAYS_INLINE JIT::Jump JIT::emitJumpIfNotJSCell(RegisterID reg)
-{
-    return branchTest64(NonZero, reg, tagMaskRegister);
-}
-
-ALWAYS_INLINE void JIT::emitJumpSlowCaseIfNotJSCell(RegisterID reg)
-{
-    addSlowCase(emitJumpIfNotJSCell(reg));
-}
-
-ALWAYS_INLINE void JIT::emitJumpSlowCaseIfNotJSCell(RegisterID reg, int vReg)
-{
-    if (!m_codeBlock->isKnownNotImmediate(vReg))
-        emitJumpSlowCaseIfNotJSCell(reg);
-}
-
-inline void JIT::emitLoadDouble(int index, FPRegisterID value)
-{
-    if (m_codeBlock->isConstantRegisterIndex(index)) {
-        WriteBarrier<Unknown>& inConstantPool = m_codeBlock->constantRegister(index);
-        loadDouble(&inConstantPool, value);
-    } else
-        loadDouble(addressFor(index), value);
-}
-
-inline void JIT::emitLoadInt32ToDouble(int index, FPRegisterID value)
-{
-    if (m_codeBlock->isConstantRegisterIndex(index)) {
-        ASSERT(isOperandConstantImmediateInt(index));
-        convertInt32ToDouble(Imm32(getConstantOperand(index).asInt32()), value);
-    } else
-        convertInt32ToDouble(addressFor(index), value);
-}
-
-ALWAYS_INLINE JIT::Jump JIT::emitJumpIfImmediateInteger(RegisterID reg)
-{
-    return branch64(AboveOrEqual, reg, tagTypeNumberRegister);
-}
-
-ALWAYS_INLINE JIT::Jump JIT::emitJumpIfNotImmediateInteger(RegisterID reg)
-{
-    return branch64(Below, reg, tagTypeNumberRegister);
-}
-
-ALWAYS_INLINE JIT::Jump JIT::emitJumpIfNotImmediateIntegers(RegisterID reg1, RegisterID reg2, RegisterID scratch)
-{
-    move(reg1, scratch);
-    and64(reg2, scratch);
-    return emitJumpIfNotImmediateInteger(scratch);
-}
-
-ALWAYS_INLINE void JIT::emitJumpSlowCaseIfNotImmediateInteger(RegisterID reg)
-{
-    addSlowCase(emitJumpIfNotImmediateInteger(reg));
-}
-
-ALWAYS_INLINE void JIT::emitJumpSlowCaseIfNotImmediateIntegers(RegisterID reg1, RegisterID reg2, RegisterID scratch)
-{
-    addSlowCase(emitJumpIfNotImmediateIntegers(reg1, reg2, scratch));
-}
-
-ALWAYS_INLINE void JIT::emitJumpSlowCaseIfNotImmediateNumber(RegisterID reg)
-{
-    addSlowCase(emitJumpIfNotImmediateNumber(reg));
-}
-
-ALWAYS_INLINE void JIT::emitFastArithReTagImmediate(RegisterID src, RegisterID dest)
-{
-    emitFastArithIntToImmNoCheck(src, dest);
-}
-
-// operand is int32_t, must have been zero-extended if register is 64-bit.
-ALWAYS_INLINE void JIT::emitFastArithIntToImmNoCheck(RegisterID src, RegisterID dest)
-{
-    if (src != dest)
-        move(src, dest);
-    or64(tagTypeNumberRegister, dest);
-}
-
-ALWAYS_INLINE void JIT::emitTagAsBoolImmediate(RegisterID reg)
-{
-    or32(TrustedImm32(static_cast<int32_t>(ValueFalse)), reg);
-}
-
-#endif // USE(JSVALUE32_64)
-
-} // namespace JSC
-
-#endif // ENABLE(JIT)
-
-#endif // JITInlines_h
-
diff --git a/Source/JavaScriptCore/jit/JITOpcodes.cpp b/Source/JavaScriptCore/jit/JITOpcodes.cpp
index 3053918b8..4fb9d8cd5 100644
--- a/Source/JavaScriptCore/jit/JITOpcodes.cpp
+++ b/Source/JavaScriptCore/jit/JITOpcodes.cpp
@@ -29,9 +29,9 @@
 #include "JIT.h"
 
 #include "Arguments.h"
-#include "CopiedSpaceInlines.h"
+#include "CopiedSpaceInlineMethods.h"
 #include "Heap.h"
-#include "JITInlines.h"
+#include "JITInlineMethods.h"
 #include "JITStubCall.h"
 #include "JSArray.h"
 #include "JSCell.h"
@@ -1952,7 +1952,6 @@ void JIT::emit_op_new_array(Instruction* currentInstruction)
     JITStubCall stubCall(this, cti_op_new_array);
     stubCall.addArgument(TrustedImm32(currentInstruction[2].u.operand));
     stubCall.addArgument(TrustedImm32(currentInstruction[3].u.operand));
-    stubCall.addArgument(TrustedImmPtr(currentInstruction[4].u.arrayAllocationProfile));
     stubCall.call(currentInstruction[1].u.operand);
 }
 
@@ -1964,7 +1963,6 @@ void JIT::emit_op_new_array_with_size(Instruction* currentInstruction)
 #else
     stubCall.addArgument(currentInstruction[2].u.operand);
 #endif
-    stubCall.addArgument(TrustedImmPtr(currentInstruction[3].u.arrayAllocationProfile));
     stubCall.call(currentInstruction[1].u.operand);
 }
 
@@ -1973,7 +1971,6 @@ void JIT::emit_op_new_array_buffer(Instruction* currentInstruction)
     JITStubCall stubCall(this, cti_op_new_array_buffer);
     stubCall.addArgument(TrustedImm32(currentInstruction[2].u.operand));
     stubCall.addArgument(TrustedImm32(currentInstruction[3].u.operand));
-    stubCall.addArgument(TrustedImmPtr(currentInstruction[4].u.arrayAllocationProfile));
     stubCall.call(currentInstruction[1].u.operand);
 }
 
diff --git a/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp b/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp
index 23361c099..9c5d260ab 100644
--- a/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp
+++ b/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp
@@ -30,7 +30,7 @@
 #if USE(JSVALUE32_64)
 #include "JIT.h"
 
-#include "JITInlines.h"
+#include "JITInlineMethods.h"
 #include "JITStubCall.h"
 #include "JSArray.h"
 #include "JSCell.h"
diff --git a/Source/JavaScriptCore/jit/JITPropertyAccess.cpp b/Source/JavaScriptCore/jit/JITPropertyAccess.cpp
index 3110be38c..6362598f4 100644
--- a/Source/JavaScriptCore/jit/JITPropertyAccess.cpp
+++ b/Source/JavaScriptCore/jit/JITPropertyAccess.cpp
@@ -32,7 +32,7 @@
 #include "GCAwareJITStubRoutine.h"
 #include "GetterSetter.h"
 #include "Interpreter.h"
-#include "JITInlines.h"
+#include "JITInlineMethods.h"
 #include "JITStubCall.h"
 #include "JSArray.h"
 #include "JSFunction.h"
@@ -98,7 +98,7 @@ void JIT::emit_op_get_by_val(Instruction* currentInstruction)
     unsigned base = currentInstruction[2].u.operand;
     unsigned property = currentInstruction[3].u.operand;
     ArrayProfile* profile = currentInstruction[4].u.arrayProfile;
-    
+
     emitGetVirtualRegisters(base, regT0, property, regT1);
     emitJumpSlowCaseIfNotImmediateInteger(regT1);
 
@@ -120,12 +120,6 @@ void JIT::emit_op_get_by_val(Instruction* currentInstruction)
 
     JITArrayMode mode = chooseArrayMode(profile);
     switch (mode) {
-    case JITInt32:
-        slowCases = emitInt32GetByVal(currentInstruction, badType);
-        break;
-    case JITDouble:
-        slowCases = emitDoubleGetByVal(currentInstruction, badType);
-        break;
     case JITContiguous:
         slowCases = emitContiguousGetByVal(currentInstruction, badType);
         break;
@@ -154,26 +148,11 @@ void JIT::emit_op_get_by_val(Instruction* currentInstruction)
     m_byValCompilationInfo.append(ByValCompilationInfo(m_bytecodeOffset, badType, mode, done));
 }
 
-JIT::JumpList JIT::emitDoubleGetByVal(Instruction*, PatchableJump& badType)
+JIT::JumpList JIT::emitContiguousGetByVal(Instruction*, PatchableJump& badType)
 {
     JumpList slowCases;
     
-    badType = patchableBranch32(NotEqual, regT2, TrustedImm32(DoubleShape));
-    loadPtr(Address(regT0, JSObject::butterflyOffset()), regT2);
-    slowCases.append(branch32(AboveOrEqual, regT1, Address(regT2, Butterfly::offsetOfPublicLength())));
-    loadDouble(BaseIndex(regT2, regT1, TimesEight), fpRegT0);
-    slowCases.append(branchDouble(DoubleNotEqualOrUnordered, fpRegT0, fpRegT0));
-    moveDoubleTo64(fpRegT0, regT0);
-    sub64(tagTypeNumberRegister, regT0);
-    
-    return slowCases;
-}
-
-JIT::JumpList JIT::emitContiguousGetByVal(Instruction*, PatchableJump& badType, IndexingType expectedShape)
-{
-    JumpList slowCases;
-    
-    badType = patchableBranch32(NotEqual, regT2, TrustedImm32(expectedShape));
+    badType = patchableBranch32(NotEqual, regT2, TrustedImm32(ContiguousShape));
     loadPtr(Address(regT0, JSObject::butterflyOffset()), regT2);
     slowCases.append(branch32(AboveOrEqual, regT1, Address(regT2, Butterfly::offsetOfPublicLength())));
     load64(BaseIndex(regT2, regT1, TimesEight), regT0);
@@ -325,12 +304,6 @@ void JIT::emit_op_put_by_val(Instruction* currentInstruction)
     
     JITArrayMode mode = chooseArrayMode(profile);
     switch (mode) {
-    case JITInt32:
-        slowCases = emitInt32PutByVal(currentInstruction, badType);
-        break;
-    case JITDouble:
-        slowCases = emitDoublePutByVal(currentInstruction, badType);
-        break;
     case JITContiguous:
         slowCases = emitContiguousPutByVal(currentInstruction, badType);
         break;
@@ -352,49 +325,24 @@ void JIT::emit_op_put_by_val(Instruction* currentInstruction)
     emitWriteBarrier(regT0, regT3, regT1, regT3, ShouldFilterImmediates, WriteBarrierForPropertyAccess);
 }
 
-template<IndexingType indexingShape>
-JIT::JumpList JIT::emitGenericContiguousPutByVal(Instruction* currentInstruction, PatchableJump& badType)
+JIT::JumpList JIT::emitContiguousPutByVal(Instruction* currentInstruction, PatchableJump& badType)
 {
     unsigned value = currentInstruction[3].u.operand;
     ArrayProfile* profile = currentInstruction[4].u.arrayProfile;
     
-    JumpList slowCases;
-
-    badType = patchableBranch32(NotEqual, regT2, TrustedImm32(indexingShape));
+    badType = patchableBranch32(NotEqual, regT2, TrustedImm32(ContiguousShape));
     
     loadPtr(Address(regT0, JSObject::butterflyOffset()), regT2);
     Jump outOfBounds = branch32(AboveOrEqual, regT1, Address(regT2, Butterfly::offsetOfPublicLength()));
 
     Label storeResult = label();
     emitGetVirtualRegister(value, regT3);
-    switch (indexingShape) {
-    case Int32Shape:
-        slowCases.append(emitJumpIfNotImmediateInteger(regT3));
-        store64(regT3, BaseIndex(regT2, regT1, TimesEight));
-        break;
-    case DoubleShape: {
-        Jump notInt = emitJumpIfNotImmediateInteger(regT3);
-        convertInt32ToDouble(regT3, fpRegT0);
-        Jump ready = jump();
-        notInt.link(this);
-        add64(tagTypeNumberRegister, regT3);
-        move64ToDouble(regT3, fpRegT0);
-        slowCases.append(branchDouble(DoubleNotEqualOrUnordered, fpRegT0, fpRegT0));
-        ready.link(this);
-        storeDouble(fpRegT0, BaseIndex(regT2, regT1, TimesEight));
-        break;
-    }
-    case ContiguousShape:
-        store64(regT3, BaseIndex(regT2, regT1, TimesEight));
-        break;
-    default:
-        CRASH();
-        break;
-    }
+    store64(regT3, BaseIndex(regT2, regT1, TimesEight));
     
     Jump done = jump();
     outOfBounds.link(this);
     
+    JumpList slowCases;
     slowCases.append(branch32(AboveOrEqual, regT1, Address(regT2, Butterfly::offsetOfVectorLength())));
     
     emitArrayProfileStoreToHoleSpecialCase(profile);
@@ -446,23 +394,12 @@ void JIT::emitSlow_op_put_by_val(Instruction* currentInstruction, Vector<SlowCas
     unsigned base = currentInstruction[1].u.operand;
     unsigned property = currentInstruction[2].u.operand;
     unsigned value = currentInstruction[3].u.operand;
-    ArrayProfile* profile = currentInstruction[4].u.arrayProfile;
 
     linkSlowCase(iter); // property int32 check
     linkSlowCaseIfNotJSCell(iter, base); // base cell check
     linkSlowCase(iter); // base not array check
     linkSlowCase(iter); // out of bounds
     
-    JITArrayMode mode = chooseArrayMode(profile);
-    switch (mode) {
-    case JITInt32:
-    case JITDouble:
-        linkSlowCase(iter); // value type check
-        break;
-    default:
-        break;
-    }
-    
     Label slowPath = label();
 
     JITStubCall stubPutByValCall(this, cti_op_put_by_val);
@@ -1375,12 +1312,6 @@ void JIT::privateCompileGetByVal(ByValInfo* byValInfo, ReturnAddressPtr returnAd
     JumpList slowCases;
     
     switch (arrayMode) {
-    case JITInt32:
-        slowCases = emitInt32GetByVal(currentInstruction, badType);
-        break;
-    case JITDouble:
-        slowCases = emitDoubleGetByVal(currentInstruction, badType);
-        break;
     case JITContiguous:
         slowCases = emitContiguousGetByVal(currentInstruction, badType);
         break;
@@ -1444,12 +1375,6 @@ void JIT::privateCompilePutByVal(ByValInfo* byValInfo, ReturnAddressPtr returnAd
     JumpList slowCases;
     
     switch (arrayMode) {
-    case JITInt32:
-        slowCases = emitInt32PutByVal(currentInstruction, badType);
-        break;
-    case JITDouble:
-        slowCases = emitDoublePutByVal(currentInstruction, badType);
-        break;
     case JITContiguous:
         slowCases = emitContiguousPutByVal(currentInstruction, badType);
         break;
diff --git a/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp b/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp
index 414827420..939766f04 100644
--- a/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp
+++ b/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp
@@ -32,7 +32,7 @@
 #include "CodeBlock.h"
 #include "GCAwareJITStubRoutine.h"
 #include "Interpreter.h"
-#include "JITInlines.h"
+#include "JITInlineMethods.h"
 #include "JITStubCall.h"
 #include "JSArray.h"
 #include "JSFunction.h"
@@ -153,12 +153,6 @@ void JIT::emit_op_get_by_val(Instruction* currentInstruction)
     
     JITArrayMode mode = chooseArrayMode(profile);
     switch (mode) {
-    case JITInt32:
-        slowCases = emitInt32GetByVal(currentInstruction, badType);
-        break;
-    case JITDouble:
-        slowCases = emitDoubleGetByVal(currentInstruction, badType);
-        break;
     case JITContiguous:
         slowCases = emitContiguousGetByVal(currentInstruction, badType);
         break;
@@ -187,11 +181,11 @@ void JIT::emit_op_get_by_val(Instruction* currentInstruction)
     m_byValCompilationInfo.append(ByValCompilationInfo(m_bytecodeOffset, badType, mode, done));
 }
 
-JIT::JumpList JIT::emitContiguousGetByVal(Instruction*, PatchableJump& badType, IndexingType expectedShape)
+JIT::JumpList JIT::emitContiguousGetByVal(Instruction*, PatchableJump& badType)
 {
     JumpList slowCases;
     
-    badType = patchableBranch32(NotEqual, regT1, TrustedImm32(expectedShape));
+    badType = patchableBranch32(NotEqual, regT1, TrustedImm32(ContiguousShape));
     
     loadPtr(Address(regT0, JSObject::butterflyOffset()), regT3);
     slowCases.append(branch32(AboveOrEqual, regT2, Address(regT3, Butterfly::offsetOfPublicLength())));
@@ -203,22 +197,6 @@ JIT::JumpList JIT::emitContiguousGetByVal(Instruction*, PatchableJump& badType,
     return slowCases;
 }
 
-JIT::JumpList JIT::emitDoubleGetByVal(Instruction*, PatchableJump& badType)
-{
-    JumpList slowCases;
-    
-    badType = patchableBranch32(NotEqual, regT1, TrustedImm32(DoubleShape));
-    
-    loadPtr(Address(regT0, JSObject::butterflyOffset()), regT3);
-    slowCases.append(branch32(AboveOrEqual, regT2, Address(regT3, Butterfly::offsetOfPublicLength())));
-    
-    loadDouble(BaseIndex(regT3, regT2, TimesEight), fpRegT0);
-    slowCases.append(branchDouble(DoubleNotEqualOrUnordered, fpRegT0, fpRegT0));
-    moveDoubleToInts(fpRegT0, regT0, regT1);
-    
-    return slowCases;
-}
-
 JIT::JumpList JIT::emitArrayStorageGetByVal(Instruction*, PatchableJump& badType)
 {
     JumpList slowCases;
@@ -292,12 +270,6 @@ void JIT::emit_op_put_by_val(Instruction* currentInstruction)
     
     JITArrayMode mode = chooseArrayMode(profile);
     switch (mode) {
-    case JITInt32:
-        slowCases = emitInt32PutByVal(currentInstruction, badType);
-        break;
-    case JITDouble:
-        slowCases = emitDoublePutByVal(currentInstruction, badType);
-        break;
     case JITContiguous:
         slowCases = emitContiguousPutByVal(currentInstruction, badType);
         break;
@@ -317,8 +289,7 @@ void JIT::emit_op_put_by_val(Instruction* currentInstruction)
     m_byValCompilationInfo.append(ByValCompilationInfo(m_bytecodeOffset, badType, mode, done));
 }
 
-template<IndexingType indexingShape>
-JIT::JumpList JIT::emitGenericContiguousPutByVal(Instruction* currentInstruction, PatchableJump& badType)
+JIT::JumpList JIT::emitContiguousPutByVal(Instruction* currentInstruction, PatchableJump& badType)
 {
     unsigned value = currentInstruction[3].u.operand;
     ArrayProfile* profile = currentInstruction[4].u.arrayProfile;
@@ -332,30 +303,8 @@ JIT::JumpList JIT::emitGenericContiguousPutByVal(Instruction* currentInstruction
     
     Label storeResult = label();
     emitLoad(value, regT1, regT0);
-    switch (indexingShape) {
-    case Int32Shape:
-        slowCases.append(branch32(NotEqual, regT1, TrustedImm32(JSValue::Int32Tag)));
-        // Fall through.
-    case ContiguousShape:
-        store32(regT0, BaseIndex(regT3, regT2, TimesEight, OBJECT_OFFSETOF(JSValue, u.asBits.payload)));
-        store32(regT1, BaseIndex(regT3, regT2, TimesEight, OBJECT_OFFSETOF(JSValue, u.asBits.tag)));
-        break;
-    case DoubleShape: {
-        Jump notInt = branch32(NotEqual, regT1, TrustedImm32(JSValue::Int32Tag));
-        convertInt32ToDouble(regT0, fpRegT0);
-        Jump ready = jump();
-        notInt.link(this);
-        moveIntsToDouble(regT0, regT1, fpRegT0, fpRegT1);
-        slowCases.append(branchDouble(DoubleNotEqualOrUnordered, fpRegT0, fpRegT0));
-        ready.link(this);
-        storeDouble(fpRegT0, BaseIndex(regT3, regT2, TimesEight));
-        break;
-    }
-    default:
-        CRASH();
-        break;
-    }
-        
+    store32(regT0, BaseIndex(regT3, regT2, TimesEight, OBJECT_OFFSETOF(JSValue, u.asBits.payload)));
+    store32(regT1, BaseIndex(regT3, regT2, TimesEight, OBJECT_OFFSETOF(JSValue, u.asBits.tag)));
     Jump done = jump();
     
     outOfBounds.link(this);
@@ -415,23 +364,12 @@ void JIT::emitSlow_op_put_by_val(Instruction* currentInstruction, Vector<SlowCas
     unsigned base = currentInstruction[1].u.operand;
     unsigned property = currentInstruction[2].u.operand;
     unsigned value = currentInstruction[3].u.operand;
-    ArrayProfile* profile = currentInstruction[4].u.arrayProfile;
     
     linkSlowCase(iter); // property int32 check
     linkSlowCaseIfNotJSCell(iter, base); // base cell check
     linkSlowCase(iter); // base not array check
     linkSlowCase(iter); // out of bounds
     
-    JITArrayMode mode = chooseArrayMode(profile);
-    switch (mode) {
-    case JITInt32:
-    case JITDouble:
-        linkSlowCase(iter); // value type check
-        break;
-    default:
-        break;
-    }
-    
     Label slowPath = label();
     
     JITStubCall stubPutByValCall(this, cti_op_put_by_val);
diff --git a/Source/JavaScriptCore/jit/JITStubs.cpp b/Source/JavaScriptCore/jit/JITStubs.cpp
index 521dfacfd..5ddb98dee 100644
--- a/Source/JavaScriptCore/jit/JITStubs.cpp
+++ b/Source/JavaScriptCore/jit/JITStubs.cpp
@@ -1877,11 +1877,6 @@ DEFINE_STUB_FUNCTION(void, optimize)
     ASSERT(optimizedCodeBlock->getJITType() == JITCode::DFGJIT);
     
     if (void* address = DFG::prepareOSREntry(callFrame, optimizedCodeBlock, bytecodeIndex)) {
-        if (Options::showDFGDisassembly()) {
-            dataLog(
-                "Performing OSR from code block %p to code block %p, address %p to %p.\n",
-                codeBlock, optimizedCodeBlock, (STUB_RETURN_ADDRESS).value(), address);
-        }
 #if ENABLE(JIT_VERBOSE_OSR)
         dataLog("Optimizing %p succeeded, performing OSR after a delay of %u.\n", codeBlock, codeBlock->optimizationDelayCounter());
 #endif
@@ -2233,21 +2228,21 @@ DEFINE_STUB_FUNCTION(JSObject*, op_new_array)
 {
     STUB_INIT_STACK_FRAME(stackFrame);
 
-    return constructArray(stackFrame.callFrame, stackFrame.args[2].arrayAllocationProfile(), reinterpret_cast<JSValue*>(&stackFrame.callFrame->registers()[stackFrame.args[0].int32()]), stackFrame.args[1].int32());
+    return constructArray(stackFrame.callFrame, reinterpret_cast<JSValue*>(&stackFrame.callFrame->registers()[stackFrame.args[0].int32()]), stackFrame.args[1].int32());
 }
 
 DEFINE_STUB_FUNCTION(JSObject*, op_new_array_with_size)
 {
     STUB_INIT_STACK_FRAME(stackFrame);
     
-    return constructArrayWithSizeQuirk(stackFrame.callFrame, stackFrame.args[1].arrayAllocationProfile(), stackFrame.callFrame->lexicalGlobalObject(), stackFrame.args[0].jsValue());
+    return constructArrayWithSizeQuirk(stackFrame.callFrame, stackFrame.callFrame->lexicalGlobalObject(), stackFrame.args[0].jsValue());
 }
 
 DEFINE_STUB_FUNCTION(JSObject*, op_new_array_buffer)
 {
     STUB_INIT_STACK_FRAME(stackFrame);
     
-    return constructArray(stackFrame.callFrame, stackFrame.args[2].arrayAllocationProfile(), stackFrame.callFrame->codeBlock()->constantBuffer(stackFrame.args[0].int32()), stackFrame.args[1].int32());
+    return constructArray(stackFrame.callFrame, stackFrame.callFrame->codeBlock()->constantBuffer(stackFrame.args[0].int32()), stackFrame.args[1].int32());
 }
 
 DEFINE_STUB_FUNCTION(void, op_init_global_const_check)
@@ -2475,7 +2470,7 @@ DEFINE_STUB_FUNCTION(void, op_put_by_val)
     JSValue baseValue = stackFrame.args[0].jsValue();
     JSValue subscript = stackFrame.args[1].jsValue();
     JSValue value = stackFrame.args[2].jsValue();
-    
+
     if (baseValue.isObject() && subscript.isInt32()) {
         // See if it's worth optimizing at all.
         JSObject* object = asObject(baseValue);
diff --git a/Source/JavaScriptCore/jit/JITStubs.h b/Source/JavaScriptCore/jit/JITStubs.h
index 3bf13bbdf..5761236b1 100644
--- a/Source/JavaScriptCore/jit/JITStubs.h
+++ b/Source/JavaScriptCore/jit/JITStubs.h
@@ -45,7 +45,6 @@ namespace JSC {
 
     struct StructureStubInfo;
 
-    class ArrayAllocationProfile;
     class CodeBlock;
     class ExecutablePool;
     class FunctionExecutable;
@@ -86,7 +85,6 @@ namespace JSC {
         ReturnAddressPtr returnAddress() { return ReturnAddressPtr(asPointer); }
         ResolveOperations* resolveOperations() { return static_cast<ResolveOperations*>(asPointer); }
         PutToBaseOperation* putToBaseOperation() { return static_cast<PutToBaseOperation*>(asPointer); }
-        ArrayAllocationProfile* arrayAllocationProfile() { return static_cast<ArrayAllocationProfile*>(asPointer); }
     };
     
     struct TrampolineStructure {
diff --git a/Source/JavaScriptCore/jsc.cpp b/Source/JavaScriptCore/jsc.cpp
index 07a05b0c9..b8cf49da6 100644
--- a/Source/JavaScriptCore/jsc.cpp
+++ b/Source/JavaScriptCore/jsc.cpp
@@ -22,10 +22,10 @@
 
 #include "config.h"
 
-#include "ButterflyInlines.h"
+#include "ButterflyInlineMethods.h"
 #include "BytecodeGenerator.h"
 #include "Completion.h"
-#include "CopiedSpaceInlines.h"
+#include "CopiedSpaceInlineMethods.h"
 #include "ExceptionHelpers.h"
 #include "HeapStatistics.h"
 #include "InitializeThreading.h"
@@ -231,7 +231,7 @@ protected:
         addConstructableFunction(globalData, "Float32Array", constructJSFloat32Array, 1);
         addConstructableFunction(globalData, "Float64Array", constructJSFloat64Array, 1);
 
-        JSArray* array = constructEmptyArray(globalExec(), 0);
+        JSArray* array = constructEmptyArray(globalExec());
         for (size_t i = 0; i < arguments.size(); ++i)
             array->putDirectIndex(globalExec(), i, jsString(globalExec(), arguments[i]));
         putDirect(globalData, Identifier(globalExec(), "arguments"), array);
diff --git a/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp b/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp
index 8a578ffac..ba44bf404 100644
--- a/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp
+++ b/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp
@@ -275,7 +275,7 @@ inline bool shouldJIT(ExecState* exec)
 // Returns true if we should try to OSR.
 inline bool jitCompileAndSetHeuristics(CodeBlock* codeBlock, ExecState* exec)
 {
-    codeBlock->updateAllValueProfilePredictions();
+    codeBlock->updateAllPredictions();
     
     if (!codeBlock->checkIfJITThresholdReached()) {
 #if ENABLE(JIT_VERBOSE_OSR)
@@ -510,19 +510,19 @@ LLINT_SLOW_PATH_DECL(slow_path_new_object)
 LLINT_SLOW_PATH_DECL(slow_path_new_array)
 {
     LLINT_BEGIN();
-    LLINT_RETURN(constructArray(exec, pc[4].u.arrayAllocationProfile, bitwise_cast<JSValue*>(&LLINT_OP(2)), pc[3].u.operand));
+    LLINT_RETURN(constructArray(exec, bitwise_cast<JSValue*>(&LLINT_OP(2)), pc[3].u.operand));
 }
 
 LLINT_SLOW_PATH_DECL(slow_path_new_array_with_size)
 {
     LLINT_BEGIN();
-    LLINT_RETURN(constructArrayWithSizeQuirk(exec, pc[3].u.arrayAllocationProfile, exec->lexicalGlobalObject(), LLINT_OP_C(2).jsValue()));
+    LLINT_RETURN(constructArrayWithSizeQuirk(exec, exec->lexicalGlobalObject(), LLINT_OP_C(2).jsValue()));
 }
 
 LLINT_SLOW_PATH_DECL(slow_path_new_array_buffer)
 {
     LLINT_BEGIN();
-    LLINT_RETURN(constructArray(exec, pc[4].u.arrayAllocationProfile, exec->codeBlock()->constantBuffer(pc[2].u.operand), pc[3].u.operand));
+    LLINT_RETURN(constructArray(exec, exec->codeBlock()->constantBuffer(pc[2].u.operand), pc[3].u.operand));
 }
 
 LLINT_SLOW_PATH_DECL(slow_path_new_regexp)
diff --git a/Source/JavaScriptCore/llint/LowLevelInterpreter.asm b/Source/JavaScriptCore/llint/LowLevelInterpreter.asm
index 00d5c4f6f..ba5b67df4 100644
--- a/Source/JavaScriptCore/llint/LowLevelInterpreter.asm
+++ b/Source/JavaScriptCore/llint/LowLevelInterpreter.asm
@@ -88,13 +88,10 @@ else
 end
 
 # Constant for reasoning about butterflies.
-const IsArray                  = 1
-const IndexingShapeMask        = 30
-const NoIndexingShape          = 0
-const Int32Shape               = 20
-const DoubleShape              = 22
-const ContiguousShape          = 26
-const ArrayStorageShape        = 28
+const IsArray = 1
+const IndexingShapeMask = 30
+const ContiguousShape = 26
+const ArrayStorageShape = 28
 const SlowPutArrayStorageShape = 30
 
 # Type constants.
@@ -465,19 +462,19 @@ end
 _llint_op_new_array:
     traceExecution()
     callSlowPath(_llint_slow_path_new_array)
-    dispatch(5)
+    dispatch(4)
 
 
 _llint_op_new_array_with_size:
     traceExecution()
     callSlowPath(_llint_slow_path_new_array_with_size)
-    dispatch(4)
+    dispatch(3)
 
 
 _llint_op_new_array_buffer:
     traceExecution()
     callSlowPath(_llint_slow_path_new_array_buffer)
-    dispatch(5)
+    dispatch(4)
 
 
 _llint_op_new_regexp:
diff --git a/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm b/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm
index e3ef909f5..ffb146247 100644
--- a/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm
+++ b/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm
@@ -1185,9 +1185,7 @@ _llint_op_get_by_val:
     loadConstantOrVariablePayload(t3, Int32Tag, t1, .opGetByValSlow)
     loadp JSObject::m_butterfly[t0], t3
     andi IndexingShapeMask, t2
-    bieq t2, Int32Shape, .opGetByValIsContiguous
     bineq t2, ContiguousShape, .opGetByValNotContiguous
-.opGetByValIsContiguous:
     
     biaeq t1, -sizeof IndexingHeader + IndexingHeader::m_publicLength[t3], .opGetByValSlow
     loadi TagOffset[t3, t1, 8], t2
@@ -1195,16 +1193,6 @@ _llint_op_get_by_val:
     jmp .opGetByValDone
 
 .opGetByValNotContiguous:
-    bineq t2, DoubleShape, .opGetByValNotDouble
-    biaeq t1, -sizeof IndexingHeader + IndexingHeader::m_publicLength[t3], .opGetByValSlow
-    loadd [t3, t1, 8], ft0
-    bdnequn ft0, ft0, .opGetByValSlow
-    # FIXME: This could be massively optimized.
-    fd2ii ft0, t1, t2
-    loadi 4[PC], t0
-    jmp .opGetByValNotEmpty
-
-.opGetByValNotDouble:
     subi ArrayStorageShape, t2
     bia t2, SlowPutArrayStorageShape - ArrayStorageShape, .opGetByValSlow
     biaeq t1, -sizeof IndexingHeader + IndexingHeader::m_vectorLength[t3], .opGetByValSlow
@@ -1214,7 +1202,6 @@ _llint_op_get_by_val:
 .opGetByValDone:
     loadi 4[PC], t0
     bieq t2, EmptyValueTag, .opGetByValSlow
-.opGetByValNotEmpty:
     storei t2, TagOffset[cfr, t0, 8]
     storei t1, PayloadOffset[cfr, t0, 8]
     loadi 20[PC], t0
@@ -1283,24 +1270,6 @@ _llint_op_get_by_pname:
     dispatch(7)
 
 
-macro contiguousPutByVal(storeCallback)
-    biaeq t3, -sizeof IndexingHeader + IndexingHeader::m_publicLength[t0], .outOfBounds
-.storeResult:
-    loadi 12[PC], t2
-    storeCallback(t2, t1, t0, t3)
-    dispatch(5)
-
-.outOfBounds:
-    biaeq t3, -sizeof IndexingHeader + IndexingHeader::m_vectorLength[t0], .opPutByValSlow
-    if VALUE_PROFILER
-        loadp 16[PC], t2
-        storeb 1, ArrayProfile::m_mayStoreToHole[t2]
-    end
-    addi 1, t3, t2
-    storei t2, -sizeof IndexingHeader + IndexingHeader::m_publicLength[t0]
-    jmp .storeResult
-end
-
 _llint_op_put_by_val:
     traceExecution()
     loadi 4[PC], t0
@@ -1312,42 +1281,26 @@ _llint_op_put_by_val:
     loadConstantOrVariablePayload(t0, Int32Tag, t3, .opPutByValSlow)
     loadp JSObject::m_butterfly[t1], t0
     andi IndexingShapeMask, t2
-    bineq t2, Int32Shape, .opPutByValNotInt32
-    contiguousPutByVal(
-        macro (operand, scratch, base, index)
-            loadConstantOrVariablePayload(operand, Int32Tag, scratch, .opPutByValSlow)
-            storei Int32Tag, TagOffset[base, index, 8]
-            storei scratch, PayloadOffset[base, index, 8]
-        end)
+    bineq t2, ContiguousShape, .opPutByValNotContiguous
 
-.opPutByValNotInt32:
-    bineq t2, DoubleShape, .opPutByValNotDouble
-    contiguousPutByVal(
-        macro (operand, scratch, base, index)
-            const tag = scratch
-            const payload = operand
-            loadConstantOrVariable2Reg(operand, tag, payload)
-            bineq tag, Int32Tag, .notInt
-            ci2d payload, ft0
-            jmp .ready
-        .notInt:
-            fii2d payload, tag, ft0
-            bdnequn ft0, ft0, .opPutByValSlow
-        .ready:
-            stored ft0, [base, index, 8]
-        end)
+    biaeq t3, -sizeof IndexingHeader + IndexingHeader::m_publicLength[t0], .opPutByValContiguousOutOfBounds
+.opPutByValContiguousStoreResult:
+    loadi 12[PC], t2
+    loadConstantOrVariable2Reg(t2, t1, t2)
+    writeBarrier(t1, t2)
+    storei t1, TagOffset[t0, t3, 8]
+    storei t2, PayloadOffset[t0, t3, 8]
+    dispatch(5)
 
-.opPutByValNotDouble:
-    bineq t2, ContiguousShape, .opPutByValNotContiguous
-    contiguousPutByVal(
-        macro (operand, scratch, base, index)
-            const tag = scratch
-            const payload = operand
-            loadConstantOrVariable2Reg(operand, tag, payload)
-            writeBarrier(tag, payload)
-            storei tag, TagOffset[base, index, 8]
-            storei payload, PayloadOffset[base, index, 8]
-        end)
+.opPutByValContiguousOutOfBounds:
+    biaeq t3, -sizeof IndexingHeader + IndexingHeader::m_vectorLength[t0], .opPutByValSlow
+    if VALUE_PROFILER
+        loadp 16[PC], t1
+        storeb 1, ArrayProfile::m_mayStoreToHole[t1]
+    end
+    addi 1, t3, t2
+    storei t2, -sizeof IndexingHeader + IndexingHeader::m_publicLength[t0]
+    jmp .opPutByValContiguousStoreResult
 
 .opPutByValNotContiguous:
     bineq t2, ArrayStorageShape, .opPutByValSlow
diff --git a/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm b/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm
index d8a293337..c9900b343 100644
--- a/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm
+++ b/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm
@@ -1025,9 +1025,7 @@ _llint_op_get_by_val:
     sxi2q t1, t1
     loadp JSObject::m_butterfly[t0], t3
     andi IndexingShapeMask, t2
-    bieq t2, Int32Shape, .opGetByValIsContiguous
     bineq t2, ContiguousShape, .opGetByValNotContiguous
-.opGetByValIsContiguous:
 
     biaeq t1, -sizeof IndexingHeader + IndexingHeader::m_publicLength[t3], .opGetByValSlow
     loadisFromInstruction(1, t0)
@@ -1036,16 +1034,6 @@ _llint_op_get_by_val:
     jmp .opGetByValDone
 
 .opGetByValNotContiguous:
-    bineq t2, DoubleShape, .opGetByValNotDouble
-    biaeq t1, -sizeof IndexingHeader + IndexingHeader::m_publicLength[t3], .opGetByValSlow
-    loadis 8[PB, PC, 8], t0
-    loadd [t3, t1, 8], ft0
-    bdnequn ft0, ft0, .opGetByValSlow
-    fd2q ft0, t2
-    subq tagTypeNumber, t2
-    jmp .opGetByValDone
-    
-.opGetByValNotDouble:
     subi ArrayStorageShape, t2
     bia t2, SlowPutArrayStorageShape - ArrayStorageShape, .opGetByValSlow
     biaeq t1, -sizeof IndexingHeader + IndexingHeader::m_vectorLength[t3], .opGetByValSlow
@@ -1121,24 +1109,6 @@ _llint_op_get_by_pname:
     dispatch(7)
 
 
-macro contiguousPutByVal(storeCallback)
-    biaeq t3, -sizeof IndexingHeader + IndexingHeader::m_publicLength[t0], .outOfBounds
-.storeResult:
-    loadisFromInstruction(3, t2)
-    storeCallback(t2, t1, [t0, t3, 8])
-    dispatch(5)
-
-.outOfBounds:
-    biaeq t3, -sizeof IndexingHeader + IndexingHeader::m_vectorLength[t0], .opPutByValSlow
-    if VALUE_PROFILER
-        loadp 32[PB, PC, 8], t2
-        storeb 1, ArrayProfile::m_mayStoreToHole[t2]
-    end
-    addi 1, t3, t2
-    storei t2, -sizeof IndexingHeader + IndexingHeader::m_publicLength[t0]
-    jmp .storeResult
-end
-
 _llint_op_put_by_val:
     traceExecution()
     loadisFromInstruction(1, t0)
@@ -1151,38 +1121,25 @@ _llint_op_put_by_val:
     sxi2q t3, t3
     loadp JSObject::m_butterfly[t1], t0
     andi IndexingShapeMask, t2
-    bineq t2, Int32Shape, .opPutByValNotInt32
-    contiguousPutByVal(
-        macro (operand, scratch, address)
-            loadConstantOrVariable(operand, scratch)
-            bpb scratch, tagTypeNumber, .opPutByValSlow
-            storep scratch, address
-        end)
-
-.opPutByValNotInt32:
-    bineq t2, DoubleShape, .opPutByValNotDouble
-    contiguousPutByVal(
-        macro (operand, scratch, address)
-            loadConstantOrVariable(operand, scratch)
-            bqb scratch, tagTypeNumber, .notInt
-            ci2d scratch, ft0
-            jmp .ready
-        .notInt:
-            addp tagTypeNumber, scratch
-            fq2d scratch, ft0
-            bdnequn ft0, ft0, .opPutByValSlow
-        .ready:
-            stored ft0, address
-        end)
-
-.opPutByValNotDouble:
     bineq t2, ContiguousShape, .opPutByValNotContiguous
-    contiguousPutByVal(
-        macro (operand, scratch, address)
-            loadConstantOrVariable(operand, scratch)
-            writeBarrier(scratch)
-            storep scratch, address
-        end)
+    
+    biaeq t3, -sizeof IndexingHeader + IndexingHeader::m_publicLength[t0], .opPutByValContiguousOutOfBounds
+.opPutByValContiguousStoreResult:
+    loadisFromInstruction(3, t2)
+    loadConstantOrVariable(t2, t1)
+    writeBarrier(t1)
+    storeq t1, [t0, t3, 8]
+    dispatch(5)
+
+.opPutByValContiguousOutOfBounds:
+    biaeq t3, -sizeof IndexingHeader + IndexingHeader::m_vectorLength[t0], .opPutByValSlow
+    if VALUE_PROFILER
+        loadpFromInstruction(4, t2)
+        storeb 1, ArrayProfile::m_mayStoreToHole[t2]
+    end
+    addi 1, t3, t2
+    storei t2, -sizeof IndexingHeader + IndexingHeader::m_publicLength[t0]
+    jmp .opPutByValContiguousStoreResult
 
 .opPutByValNotContiguous:
     bineq t2, ArrayStorageShape, .opPutByValSlow
diff --git a/Source/JavaScriptCore/offlineasm/x86.rb b/Source/JavaScriptCore/offlineasm/x86.rb
index f78b43912..67cbd14b0 100644
--- a/Source/JavaScriptCore/offlineasm/x86.rb
+++ b/Source/JavaScriptCore/offlineasm/x86.rb
@@ -764,16 +764,11 @@ class Instruction
         when "ci2d"
             $asm.puts "cvtsi2sd #{operands[0].x86Operand(:int)}, #{operands[1].x86Operand(:double)}"
         when "bdeq"
+            isUnordered = LocalLabel.unique("bdeq")
             $asm.puts "ucomisd #{operands[0].x86Operand(:double)}, #{operands[1].x86Operand(:double)}"
-            if operands[0] == operands[1]
-                # This is just a jump ordered, which is a jnp.
-                $asm.puts "jnp #{operands[2].asmLabel}"
-            else
-                isUnordered = LocalLabel.unique("bdeq")
-                $asm.puts "jp #{LabelReference.new(codeOrigin, isUnordered).asmLabel}"
-                $asm.puts "je #{LabelReference.new(codeOrigin, operands[2]).asmLabel}"
-                isUnordered.lower("X86")
-            end
+            $asm.puts "jp #{LabelReference.new(codeOrigin, isUnordered).asmLabel}"
+            $asm.puts "je #{LabelReference.new(codeOrigin, operands[2]).asmLabel}"
+            isUnordered.lower("X86")
         when "bdneq"
             handleX86DoubleBranch("jne", :normal)
         when "bdgt"
@@ -787,19 +782,14 @@ class Instruction
         when "bdequn"
             handleX86DoubleBranch("je", :normal)
         when "bdnequn"
+            isUnordered = LocalLabel.unique("bdnequn")
+            isEqual = LocalLabel.unique("bdnequn")
             $asm.puts "ucomisd #{operands[0].x86Operand(:double)}, #{operands[1].x86Operand(:double)}"
-            if operands[0] == operands[1]
-                # This is just a jump unordered, which is a jp.
-                $asm.puts "jp #{operands[2].asmLabel}"
-            else
-                isUnordered = LocalLabel.unique("bdnequn")
-                isEqual = LocalLabel.unique("bdnequn")
-                $asm.puts "jp #{LabelReference.new(codeOrigin, isUnordered).asmLabel}"
-                $asm.puts "je #{LabelReference.new(codeOrigin, isEqual).asmLabel}"
-                isUnordered.lower("X86")
-                $asm.puts "jmp #{operands[2].asmLabel}"
-                isEqual.lower("X86")
-            end
+            $asm.puts "jp #{LabelReference.new(codeOrigin, isUnordered).asmLabel}"
+            $asm.puts "je #{LabelReference.new(codeOrigin, isEqual).asmLabel}"
+            isUnordered.lower("X86")
+            $asm.puts "jmp #{operands[2].asmLabel}"
+            isEqual.lower("X86")
         when "bdgtun"
             handleX86DoubleBranch("jb", :reverse)
         when "bdgtequn"
@@ -1125,7 +1115,7 @@ class Instruction
             $asm.puts "movd #{operands[0].x86Operand(:double)}, #{operands[1].x86Operand(:int)}"
             $asm.puts "movsd #{operands[0].x86Operand(:double)}, %xmm7"
             $asm.puts "psrlq $32, %xmm7"
-            $asm.puts "movd %xmm7, #{operands[2].x86Operand(:int)}"
+            $asm.puts "movsd %xmm7, #{operands[2].x86Operand(:int)}"
         when "fq2d"
             $asm.puts "movd #{operands[0].x86Operand(:quad)}, #{operands[1].x86Operand(:double)}"
         when "fd2q"
diff --git a/Source/JavaScriptCore/runtime/Arguments.h b/Source/JavaScriptCore/runtime/Arguments.h
index 8ae991422..7961d4bc8 100644
--- a/Source/JavaScriptCore/runtime/Arguments.h
+++ b/Source/JavaScriptCore/runtime/Arguments.h
@@ -34,246 +34,246 @@
 
 namespace JSC {
 
-class Arguments : public JSDestructibleObject {
-    friend class JIT;
-    friend class DFG::SpeculativeJIT;
-public:
-    typedef JSDestructibleObject Base;
+    class Arguments : public JSDestructibleObject {
+        friend class JIT;
+        friend class DFG::SpeculativeJIT;
+    public:
+        typedef JSDestructibleObject Base;
+
+        static Arguments* create(JSGlobalData& globalData, CallFrame* callFrame)
+        {
+            Arguments* arguments = new (NotNull, allocateCell<Arguments>(globalData.heap)) Arguments(callFrame);
+            arguments->finishCreation(callFrame);
+            return arguments;
+        }
+        
+        static Arguments* create(JSGlobalData& globalData, CallFrame* callFrame, InlineCallFrame* inlineCallFrame)
+        {
+            Arguments* arguments = new (NotNull, allocateCell<Arguments>(globalData.heap)) Arguments(callFrame);
+            arguments->finishCreation(callFrame, inlineCallFrame);
+            return arguments;
+        }
+
+        enum { MaxArguments = 0x10000 };
+
+    private:
+        enum NoParametersType { NoParameters };
+        
+        Arguments(CallFrame*);
+        Arguments(CallFrame*, NoParametersType);
+        
+        void tearOffForInlineCallFrame(JSGlobalData& globalData, Register*, InlineCallFrame*);
 
-    static Arguments* create(JSGlobalData& globalData, CallFrame* callFrame)
+    public:
+        static const ClassInfo s_info;
+
+        static void visitChildren(JSCell*, SlotVisitor&);
+
+        void fillArgList(ExecState*, MarkedArgumentBuffer&);
+
+        uint32_t length(ExecState* exec) const 
+        {
+            if (UNLIKELY(m_overrodeLength))
+                return get(exec, exec->propertyNames().length).toUInt32(exec);
+            return m_numArguments; 
+        }
+        
+        void copyToArguments(ExecState*, CallFrame*, uint32_t length);
+        void tearOff(CallFrame*);
+        void tearOff(CallFrame*, InlineCallFrame*);
+        bool isTornOff() const { return m_registerArray; }
+        void didTearOffActivation(ExecState*, JSActivation*);
+
+        static Structure* createStructure(JSGlobalData& globalData, JSGlobalObject* globalObject, JSValue prototype) 
+        { 
+            return Structure::create(globalData, globalObject, prototype, TypeInfo(ObjectType, StructureFlags), &s_info); 
+        }
+        
+    protected:
+        static const unsigned StructureFlags = OverridesGetOwnPropertySlot | InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | OverridesVisitChildren | OverridesGetPropertyNames | JSObject::StructureFlags;
+
+        void finishCreation(CallFrame*);
+        void finishCreation(CallFrame*, InlineCallFrame*);
+
+    private:
+        static void destroy(JSCell*);
+        static bool getOwnPropertySlot(JSCell*, ExecState*, PropertyName, PropertySlot&);
+        static bool getOwnPropertySlotByIndex(JSCell*, ExecState*, unsigned propertyName, PropertySlot&);
+        static bool getOwnPropertyDescriptor(JSObject*, ExecState*, PropertyName, PropertyDescriptor&);
+        static void getOwnPropertyNames(JSObject*, ExecState*, PropertyNameArray&, EnumerationMode);
+        static void put(JSCell*, ExecState*, PropertyName, JSValue, PutPropertySlot&);
+        static void putByIndex(JSCell*, ExecState*, unsigned propertyName, JSValue, bool shouldThrow);
+        static bool deleteProperty(JSCell*, ExecState*, PropertyName);
+        static bool deletePropertyByIndex(JSCell*, ExecState*, unsigned propertyName);
+        static bool defineOwnProperty(JSObject*, ExecState*, PropertyName, PropertyDescriptor&, bool shouldThrow);
+        void createStrictModeCallerIfNecessary(ExecState*);
+        void createStrictModeCalleeIfNecessary(ExecState*);
+
+        bool isArgument(size_t);
+        bool trySetArgument(JSGlobalData&, size_t argument, JSValue);
+        JSValue tryGetArgument(size_t argument);
+        bool isDeletedArgument(size_t);
+        bool tryDeleteArgument(size_t);
+        WriteBarrierBase<Unknown>& argument(size_t);
+        void allocateSlowArguments();
+
+        void init(CallFrame*);
+
+        WriteBarrier<JSActivation> m_activation;
+
+        unsigned m_numArguments;
+
+        // We make these full byte booleans to make them easy to test from the JIT,
+        // and because even if they were single-bit booleans we still wouldn't save
+        // any space.
+        bool m_overrodeLength; 
+        bool m_overrodeCallee;
+        bool m_overrodeCaller;
+        bool m_isStrictMode;
+
+        WriteBarrierBase<Unknown>* m_registers;
+        OwnArrayPtr<WriteBarrier<Unknown> > m_registerArray;
+
+        OwnArrayPtr<SlowArgument> m_slowArguments;
+
+        WriteBarrier<JSFunction> m_callee;
+    };
+
+    Arguments* asArguments(JSValue);
+
+    inline Arguments* asArguments(JSValue value)
     {
-        Arguments* arguments = new (NotNull, allocateCell<Arguments>(globalData.heap)) Arguments(callFrame);
-        arguments->finishCreation(callFrame);
-        return arguments;
+        ASSERT(asObject(value)->inherits(&Arguments::s_info));
+        return static_cast<Arguments*>(asObject(value));
     }
-        
-    static Arguments* create(JSGlobalData& globalData, CallFrame* callFrame, InlineCallFrame* inlineCallFrame)
+
+    inline Arguments::Arguments(CallFrame* callFrame)
+        : JSDestructibleObject(callFrame->globalData(), callFrame->lexicalGlobalObject()->argumentsStructure())
     {
-        Arguments* arguments = new (NotNull, allocateCell<Arguments>(globalData.heap)) Arguments(callFrame);
-        arguments->finishCreation(callFrame, inlineCallFrame);
-        return arguments;
     }
 
-    enum { MaxArguments = 0x10000 };
+    inline Arguments::Arguments(CallFrame* callFrame, NoParametersType)
+        : JSDestructibleObject(callFrame->globalData(), callFrame->lexicalGlobalObject()->argumentsStructure())
+    {
+    }
 
-private:
-    enum NoParametersType { NoParameters };
-        
-    Arguments(CallFrame*);
-    Arguments(CallFrame*, NoParametersType);
-        
-    void tearOffForInlineCallFrame(JSGlobalData& globalData, Register*, InlineCallFrame*);
+    inline void Arguments::allocateSlowArguments()
+    {
+        if (m_slowArguments)
+            return;
+        m_slowArguments = adoptArrayPtr(new SlowArgument[m_numArguments]);
+        for (size_t i = 0; i < m_numArguments; ++i) {
+            ASSERT(m_slowArguments[i].status == SlowArgument::Normal);
+            m_slowArguments[i].index = CallFrame::argumentOffset(i);
+        }
+    }
 
-public:
-    static const ClassInfo s_info;
+    inline bool Arguments::tryDeleteArgument(size_t argument)
+    {
+        if (!isArgument(argument))
+            return false;
+        allocateSlowArguments();
+        m_slowArguments[argument].status = SlowArgument::Deleted;
+        return true;
+    }
 
-    static void visitChildren(JSCell*, SlotVisitor&);
+    inline bool Arguments::trySetArgument(JSGlobalData& globalData, size_t argument, JSValue value)
+    {
+        if (!isArgument(argument))
+            return false;
+        this->argument(argument).set(globalData, this, value);
+        return true;
+    }
 
-    void fillArgList(ExecState*, MarkedArgumentBuffer&);
+    inline JSValue Arguments::tryGetArgument(size_t argument)
+    {
+        if (!isArgument(argument))
+            return JSValue();
+        return this->argument(argument).get();
+    }
 
-    uint32_t length(ExecState* exec) const 
+    inline bool Arguments::isDeletedArgument(size_t argument)
     {
-        if (UNLIKELY(m_overrodeLength))
-            return get(exec, exec->propertyNames().length).toUInt32(exec);
-        return m_numArguments; 
+        if (argument >= m_numArguments)
+            return false;
+        if (!m_slowArguments)
+            return false;
+        if (m_slowArguments[argument].status != SlowArgument::Deleted)
+            return false;
+        return true;
     }
-        
-    void copyToArguments(ExecState*, CallFrame*, uint32_t length);
-    void tearOff(CallFrame*);
-    void tearOff(CallFrame*, InlineCallFrame*);
-    bool isTornOff() const { return m_registerArray; }
-    void didTearOffActivation(ExecState*, JSActivation*);
-
-    static Structure* createStructure(JSGlobalData& globalData, JSGlobalObject* globalObject, JSValue prototype) 
-    { 
-        return Structure::create(globalData, globalObject, prototype, TypeInfo(ObjectType, StructureFlags), &s_info); 
+
+    inline bool Arguments::isArgument(size_t argument)
+    {
+        if (argument >= m_numArguments)
+            return false;
+        if (m_slowArguments && m_slowArguments[argument].status == SlowArgument::Deleted)
+            return false;
+        return true;
     }
-        
-protected:
-    static const unsigned StructureFlags = OverridesGetOwnPropertySlot | InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | OverridesVisitChildren | OverridesGetPropertyNames | JSObject::StructureFlags;
-
-    void finishCreation(CallFrame*);
-    void finishCreation(CallFrame*, InlineCallFrame*);
-
-private:
-    static void destroy(JSCell*);
-    static bool getOwnPropertySlot(JSCell*, ExecState*, PropertyName, PropertySlot&);
-    static bool getOwnPropertySlotByIndex(JSCell*, ExecState*, unsigned propertyName, PropertySlot&);
-    static bool getOwnPropertyDescriptor(JSObject*, ExecState*, PropertyName, PropertyDescriptor&);
-    static void getOwnPropertyNames(JSObject*, ExecState*, PropertyNameArray&, EnumerationMode);
-    static void put(JSCell*, ExecState*, PropertyName, JSValue, PutPropertySlot&);
-    static void putByIndex(JSCell*, ExecState*, unsigned propertyName, JSValue, bool shouldThrow);
-    static bool deleteProperty(JSCell*, ExecState*, PropertyName);
-    static bool deletePropertyByIndex(JSCell*, ExecState*, unsigned propertyName);
-    static bool defineOwnProperty(JSObject*, ExecState*, PropertyName, PropertyDescriptor&, bool shouldThrow);
-    void createStrictModeCallerIfNecessary(ExecState*);
-    void createStrictModeCalleeIfNecessary(ExecState*);
-
-    bool isArgument(size_t);
-    bool trySetArgument(JSGlobalData&, size_t argument, JSValue);
-    JSValue tryGetArgument(size_t argument);
-    bool isDeletedArgument(size_t);
-    bool tryDeleteArgument(size_t);
-    WriteBarrierBase<Unknown>& argument(size_t);
-    void allocateSlowArguments();
-
-    void init(CallFrame*);
-
-    WriteBarrier<JSActivation> m_activation;
-
-    unsigned m_numArguments;
-
-    // We make these full byte booleans to make them easy to test from the JIT,
-    // and because even if they were single-bit booleans we still wouldn't save
-    // any space.
-    bool m_overrodeLength; 
-    bool m_overrodeCallee;
-    bool m_overrodeCaller;
-    bool m_isStrictMode;
-
-    WriteBarrierBase<Unknown>* m_registers;
-    OwnArrayPtr<WriteBarrier<Unknown> > m_registerArray;
-
-    OwnArrayPtr<SlowArgument> m_slowArguments;
-
-    WriteBarrier<JSFunction> m_callee;
-};
-
-Arguments* asArguments(JSValue);
-
-inline Arguments* asArguments(JSValue value)
-{
-    ASSERT(asObject(value)->inherits(&Arguments::s_info));
-    return static_cast<Arguments*>(asObject(value));
-}
-
-inline Arguments::Arguments(CallFrame* callFrame)
-    : JSDestructibleObject(callFrame->globalData(), callFrame->lexicalGlobalObject()->argumentsStructure())
-{
-}
-
-inline Arguments::Arguments(CallFrame* callFrame, NoParametersType)
-    : JSDestructibleObject(callFrame->globalData(), callFrame->lexicalGlobalObject()->argumentsStructure())
-{
-}
-
-inline void Arguments::allocateSlowArguments()
-{
-    if (m_slowArguments)
-        return;
-    m_slowArguments = adoptArrayPtr(new SlowArgument[m_numArguments]);
-    for (size_t i = 0; i < m_numArguments; ++i) {
-        ASSERT(m_slowArguments[i].status == SlowArgument::Normal);
-        m_slowArguments[i].index = CallFrame::argumentOffset(i);
+
+    inline WriteBarrierBase<Unknown>& Arguments::argument(size_t argument)
+    {
+        ASSERT(isArgument(argument));
+        if (!m_slowArguments)
+            return m_registers[CallFrame::argumentOffset(argument)];
+
+        int index = m_slowArguments[argument].index;
+        if (!m_activation || m_slowArguments[argument].status != SlowArgument::Captured)
+            return m_registers[index];
+
+        return m_activation->registerAt(index);
     }
-}
-
-inline bool Arguments::tryDeleteArgument(size_t argument)
-{
-    if (!isArgument(argument))
-        return false;
-    allocateSlowArguments();
-    m_slowArguments[argument].status = SlowArgument::Deleted;
-    return true;
-}
-
-inline bool Arguments::trySetArgument(JSGlobalData& globalData, size_t argument, JSValue value)
-{
-    if (!isArgument(argument))
-        return false;
-    this->argument(argument).set(globalData, this, value);
-    return true;
-}
-
-inline JSValue Arguments::tryGetArgument(size_t argument)
-{
-    if (!isArgument(argument))
-        return JSValue();
-    return this->argument(argument).get();
-}
-
-inline bool Arguments::isDeletedArgument(size_t argument)
-{
-    if (argument >= m_numArguments)
-        return false;
-    if (!m_slowArguments)
-        return false;
-    if (m_slowArguments[argument].status != SlowArgument::Deleted)
-        return false;
-    return true;
-}
-
-inline bool Arguments::isArgument(size_t argument)
-{
-    if (argument >= m_numArguments)
-        return false;
-    if (m_slowArguments && m_slowArguments[argument].status == SlowArgument::Deleted)
-        return false;
-    return true;
-}
-
-inline WriteBarrierBase<Unknown>& Arguments::argument(size_t argument)
-{
-    ASSERT(isArgument(argument));
-    if (!m_slowArguments)
-        return m_registers[CallFrame::argumentOffset(argument)];
-
-    int index = m_slowArguments[argument].index;
-    if (!m_activation || m_slowArguments[argument].status != SlowArgument::Captured)
-        return m_registers[index];
-
-    return m_activation->registerAt(index);
-}
-
-inline void Arguments::finishCreation(CallFrame* callFrame)
-{
-    Base::finishCreation(callFrame->globalData());
-    ASSERT(inherits(&s_info));
-
-    JSFunction* callee = jsCast<JSFunction*>(callFrame->callee());
-    m_numArguments = callFrame->argumentCount();
-    m_registers = reinterpret_cast<WriteBarrierBase<Unknown>*>(callFrame->registers());
-    m_callee.set(callFrame->globalData(), this, callee);
-    m_overrodeLength = false;
-    m_overrodeCallee = false;
-    m_overrodeCaller = false;
-    m_isStrictMode = callFrame->codeBlock()->isStrictMode();
-
-    SharedSymbolTable* symbolTable = callFrame->codeBlock()->symbolTable();
-    const SlowArgument* slowArguments = symbolTable->slowArguments();
-    if (slowArguments) {
-        allocateSlowArguments();
-        size_t count = std::min<unsigned>(m_numArguments, symbolTable->parameterCount());
-        for (size_t i = 0; i < count; ++i)
-            m_slowArguments[i] = slowArguments[i];
+
+    inline void Arguments::finishCreation(CallFrame* callFrame)
+    {
+        Base::finishCreation(callFrame->globalData());
+        ASSERT(inherits(&s_info));
+
+        JSFunction* callee = jsCast<JSFunction*>(callFrame->callee());
+        m_numArguments = callFrame->argumentCount();
+        m_registers = reinterpret_cast<WriteBarrierBase<Unknown>*>(callFrame->registers());
+        m_callee.set(callFrame->globalData(), this, callee);
+        m_overrodeLength = false;
+        m_overrodeCallee = false;
+        m_overrodeCaller = false;
+        m_isStrictMode = callFrame->codeBlock()->isStrictMode();
+
+        SharedSymbolTable* symbolTable = callFrame->codeBlock()->symbolTable();
+        const SlowArgument* slowArguments = symbolTable->slowArguments();
+        if (slowArguments) {
+            allocateSlowArguments();
+            size_t count = std::min<unsigned>(m_numArguments, symbolTable->parameterCount());
+            for (size_t i = 0; i < count; ++i)
+                m_slowArguments[i] = slowArguments[i];
+        }
+
+        // The bytecode generator omits op_tear_off_activation in cases of no
+        // declared parameters, so we need to tear off immediately.
+        if (m_isStrictMode || !callee->jsExecutable()->parameterCount())
+            tearOff(callFrame);
     }
 
-    // The bytecode generator omits op_tear_off_activation in cases of no
-    // declared parameters, so we need to tear off immediately.
-    if (m_isStrictMode || !callee->jsExecutable()->parameterCount())
-        tearOff(callFrame);
-}
-
-inline void Arguments::finishCreation(CallFrame* callFrame, InlineCallFrame* inlineCallFrame)
-{
-    Base::finishCreation(callFrame->globalData());
-    ASSERT(inherits(&s_info));
-
-    JSFunction* callee = inlineCallFrame->callee.get();
-    m_numArguments = inlineCallFrame->arguments.size() - 1;
-    m_registers = reinterpret_cast<WriteBarrierBase<Unknown>*>(callFrame->registers()) + inlineCallFrame->stackOffset;
-    m_callee.set(callFrame->globalData(), this, callee);
-    m_overrodeLength = false;
-    m_overrodeCallee = false;
-    m_overrodeCaller = false;
-    m_isStrictMode = jsCast<FunctionExecutable*>(inlineCallFrame->executable.get())->isStrictMode();
-    ASSERT(!jsCast<FunctionExecutable*>(inlineCallFrame->executable.get())->symbolTable(inlineCallFrame->isCall ? CodeForCall : CodeForConstruct)->slowArguments());
-
-    // The bytecode generator omits op_tear_off_activation in cases of no
-    // declared parameters, so we need to tear off immediately.
-    if (m_isStrictMode || !callee->jsExecutable()->parameterCount())
-        tearOff(callFrame, inlineCallFrame);
-}
+    inline void Arguments::finishCreation(CallFrame* callFrame, InlineCallFrame* inlineCallFrame)
+    {
+        Base::finishCreation(callFrame->globalData());
+        ASSERT(inherits(&s_info));
+
+        JSFunction* callee = inlineCallFrame->callee.get();
+        m_numArguments = inlineCallFrame->arguments.size() - 1;
+        m_registers = reinterpret_cast<WriteBarrierBase<Unknown>*>(callFrame->registers()) + inlineCallFrame->stackOffset;
+        m_callee.set(callFrame->globalData(), this, callee);
+        m_overrodeLength = false;
+        m_overrodeCallee = false;
+        m_overrodeCaller = false;
+        m_isStrictMode = jsCast<FunctionExecutable*>(inlineCallFrame->executable.get())->isStrictMode();
+        ASSERT(!jsCast<FunctionExecutable*>(inlineCallFrame->executable.get())->symbolTable(inlineCallFrame->isCall ? CodeForCall : CodeForConstruct)->slowArguments());
+
+        // The bytecode generator omits op_tear_off_activation in cases of no
+        // declared parameters, so we need to tear off immediately.
+        if (m_isStrictMode || !callee->jsExecutable()->parameterCount())
+            tearOff(callFrame, inlineCallFrame);
+    }
 
 } // namespace JSC
 
diff --git a/Source/JavaScriptCore/runtime/ArrayConstructor.cpp b/Source/JavaScriptCore/runtime/ArrayConstructor.cpp
index a3fce45f2..5c2cd7167 100644
--- a/Source/JavaScriptCore/runtime/ArrayConstructor.cpp
+++ b/Source/JavaScriptCore/runtime/ArrayConstructor.cpp
@@ -25,8 +25,8 @@
 #include "ArrayConstructor.h"
 
 #include "ArrayPrototype.h"
-#include "ButterflyInlines.h"
-#include "CopiedSpaceInlines.h"
+#include "ButterflyInlineMethods.h"
+#include "CopiedSpaceInlineMethods.h"
 #include "Error.h"
 #include "ExceptionHelpers.h"
 #include "JSArray.h"
@@ -77,15 +77,15 @@ bool ArrayConstructor::getOwnPropertyDescriptor(JSObject* object, ExecState* exe
 
 // ------------------------------ Functions ---------------------------
 
-JSObject* constructArrayWithSizeQuirk(ExecState* exec, ArrayAllocationProfile* profile, JSGlobalObject* globalObject, JSValue length)
+JSObject* constructArrayWithSizeQuirk(ExecState* exec, JSGlobalObject* globalObject, JSValue length)
 {
     if (!length.isNumber())
-        return constructArray(exec, profile, globalObject, &length, 1);
+        return constructArray(exec, globalObject, &length, 1);
     
     uint32_t n = length.toUInt32(exec);
     if (n != length.toNumber(exec))
         return throwError(exec, createRangeError(exec, ASCIILiteral("Array size is not a small enough positive integer.")));
-    return constructEmptyArray(exec, profile, globalObject, n);
+    return constructEmptyArray(exec, globalObject, n);
 }
 
 static inline JSObject* constructArrayWithSizeQuirk(ExecState* exec, const ArgList& args)
@@ -94,10 +94,10 @@ static inline JSObject* constructArrayWithSizeQuirk(ExecState* exec, const ArgLi
 
     // a single numeric argument denotes the array size (!)
     if (args.size() == 1)
-        return constructArrayWithSizeQuirk(exec, 0, globalObject, args.at(0));
+        return constructArrayWithSizeQuirk(exec, globalObject, args.at(0));
 
     // otherwise the array is constructed with the arguments in it
-    return constructArray(exec, 0, globalObject, args);
+    return constructArray(exec, globalObject, args);
 }
 
 static EncodedJSValue JSC_HOST_CALL constructWithArrayConstructor(ExecState* exec)
diff --git a/Source/JavaScriptCore/runtime/ArrayConstructor.h b/Source/JavaScriptCore/runtime/ArrayConstructor.h
index 96860b0fc..dcbf0a1b3 100644
--- a/Source/JavaScriptCore/runtime/ArrayConstructor.h
+++ b/Source/JavaScriptCore/runtime/ArrayConstructor.h
@@ -25,42 +25,42 @@
 
 namespace JSC {
 
-class ArrayPrototype;
-class JSArray;
+    class ArrayPrototype;
+    class JSArray;
 
-class ArrayConstructor : public InternalFunction {
-public:
-    typedef InternalFunction Base;
+    class ArrayConstructor : public InternalFunction {
+    public:
+        typedef InternalFunction Base;
 
-    static ArrayConstructor* create(ExecState* exec, JSGlobalObject* globalObject, Structure* structure, ArrayPrototype* arrayPrototype)
-    {
-        ArrayConstructor* constructor = new (NotNull, allocateCell<ArrayConstructor>(*exec->heap())) ArrayConstructor(globalObject, structure);
-        constructor->finishCreation(exec, arrayPrototype);
-        return constructor;
-    }
+        static ArrayConstructor* create(ExecState* exec, JSGlobalObject* globalObject, Structure* structure, ArrayPrototype* arrayPrototype)
+        {
+            ArrayConstructor* constructor = new (NotNull, allocateCell<ArrayConstructor>(*exec->heap())) ArrayConstructor(globalObject, structure);
+            constructor->finishCreation(exec, arrayPrototype);
+            return constructor;
+        }
 
-    static const ClassInfo s_info;
+        static const ClassInfo s_info;
 
-    static Structure* createStructure(JSGlobalData& globalData, JSGlobalObject* globalObject, JSValue prototype)
-    {
-        return Structure::create(globalData, globalObject, prototype, TypeInfo(ObjectType, StructureFlags), &s_info);
-    }
+        static Structure* createStructure(JSGlobalData& globalData, JSGlobalObject* globalObject, JSValue prototype)
+        {
+            return Structure::create(globalData, globalObject, prototype, TypeInfo(ObjectType, StructureFlags), &s_info);
+        }
 
-protected:
-    void finishCreation(ExecState*, ArrayPrototype*);
-    static const unsigned StructureFlags = OverridesGetOwnPropertySlot | InternalFunction::StructureFlags;
+    protected:
+        void finishCreation(ExecState*, ArrayPrototype*);
+        static const unsigned StructureFlags = OverridesGetOwnPropertySlot | InternalFunction::StructureFlags;
 
-private:
-    ArrayConstructor(JSGlobalObject*, Structure*);
-    static bool getOwnPropertySlot(JSCell*, ExecState*, PropertyName, PropertySlot&);
+    private:
+        ArrayConstructor(JSGlobalObject*, Structure*);
+        static bool getOwnPropertySlot(JSCell*, ExecState*, PropertyName, PropertySlot&);
 
-    static bool getOwnPropertyDescriptor(JSObject*, ExecState*, PropertyName, PropertyDescriptor&);
+        static bool getOwnPropertyDescriptor(JSObject*, ExecState*, PropertyName, PropertyDescriptor&);
 
-    static ConstructType getConstructData(JSCell*, ConstructData&);
-    static CallType getCallData(JSCell*, CallData&);
-};
+        static ConstructType getConstructData(JSCell*, ConstructData&);
+        static CallType getCallData(JSCell*, CallData&);
+    };
 
-JSObject* constructArrayWithSizeQuirk(ExecState*, ArrayAllocationProfile*, JSGlobalObject*, JSValue);
+    JSObject* constructArrayWithSizeQuirk(ExecState*, JSGlobalObject*, JSValue);
 
 } // namespace JSC
 
diff --git a/Source/JavaScriptCore/runtime/ArrayPrototype.cpp b/Source/JavaScriptCore/runtime/ArrayPrototype.cpp
index cc847d8ff..6975dc778 100644
--- a/Source/JavaScriptCore/runtime/ArrayPrototype.cpp
+++ b/Source/JavaScriptCore/runtime/ArrayPrototype.cpp
@@ -24,10 +24,10 @@
 #include "config.h"
 #include "ArrayPrototype.h"
 
-#include "ButterflyInlines.h"
+#include "ButterflyInlineMethods.h"
 #include "CachedCall.h"
 #include "CodeBlock.h"
-#include "CopiedSpaceInlines.h"
+#include "CopiedSpaceInlineMethods.h"
 #include "Interpreter.h"
 #include "JIT.h"
 #include "JSStringBuilder.h"
@@ -456,7 +456,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncJoin(ExecState* exec)
 EncodedJSValue JSC_HOST_CALL arrayProtoFuncConcat(ExecState* exec)
 {
     JSValue thisValue = exec->hostThisValue();
-    JSArray* arr = constructEmptyArray(exec, 0);
+    JSArray* arr = constructEmptyArray(exec);
     unsigned n = 0;
     JSValue curArg = thisValue.toObject(exec);
     if (exec->hadException())
@@ -618,7 +618,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncSlice(ExecState* exec)
         return JSValue::encode(jsUndefined());
 
     // We return a new array
-    JSArray* resObj = constructEmptyArray(exec, 0);
+    JSArray* resObj = constructEmptyArray(exec);
     JSValue result = resObj;
 
     unsigned begin = argumentClampedIndexFromStartOrEnd(exec, 0, length);
@@ -733,7 +733,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncSplice(ExecState* exec)
         return JSValue::encode(jsUndefined());
     
     if (!exec->argumentCount())
-        return JSValue::encode(constructEmptyArray(exec, 0));
+        return JSValue::encode(constructEmptyArray(exec));
 
     unsigned begin = argumentClampedIndexFromStartOrEnd(exec, 0, length);
 
@@ -748,7 +748,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncSplice(ExecState* exec)
             deleteCount = static_cast<unsigned>(deleteDouble);
     }
 
-    JSArray* resObj = JSArray::tryCreateUninitialized(exec->globalData(), exec->lexicalGlobalObject()->arrayStructureForIndexingTypeDuringAllocation(ArrayWithUndecided), deleteCount);
+    JSArray* resObj = JSArray::tryCreateUninitialized(exec->globalData(), exec->lexicalGlobalObject()->arrayStructure(), deleteCount);
     if (!resObj)
         return JSValue::encode(throwOutOfMemoryError(exec));
 
@@ -820,7 +820,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncFilter(ExecState* exec)
         return throwVMTypeError(exec);
 
     JSValue applyThis = exec->argument(1);
-    JSArray* resultArray = constructEmptyArray(exec, 0);
+    JSArray* resultArray = constructEmptyArray(exec);
 
     unsigned filterIndex = 0;
     unsigned k = 0;
@@ -880,7 +880,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncMap(ExecState* exec)
 
     JSValue applyThis = exec->argument(1);
 
-    JSArray* resultArray = constructEmptyArray(exec, 0, length);
+    JSArray* resultArray = constructEmptyArray(exec, length);
     unsigned k = 0;
     if (callType == CallTypeJS && isJSArray(thisObj)) {
         JSFunction* f = jsCast<JSFunction*>(function);
diff --git a/Source/JavaScriptCore/runtime/ArrayPrototype.h b/Source/JavaScriptCore/runtime/ArrayPrototype.h
index 2b83d39b7..b33021121 100644
--- a/Source/JavaScriptCore/runtime/ArrayPrototype.h
+++ b/Source/JavaScriptCore/runtime/ArrayPrototype.h
@@ -26,28 +26,28 @@
 
 namespace JSC {
 
-class ArrayPrototype : public JSArray {
-private:
-    ArrayPrototype(JSGlobalObject*, Structure*, Butterfly*);
+    class ArrayPrototype : public JSArray {
+    private:
+        ArrayPrototype(JSGlobalObject*, Structure*, Butterfly*);
 
-public:
-    typedef JSArray Base;
+    public:
+        typedef JSArray Base;
 
-    static ArrayPrototype* create(ExecState*, JSGlobalObject*, Structure*);
+        static ArrayPrototype* create(ExecState*, JSGlobalObject*, Structure*);
         
-    static bool getOwnPropertySlot(JSCell*, ExecState*, PropertyName, PropertySlot&);
-    static bool getOwnPropertyDescriptor(JSObject*, ExecState*, PropertyName, PropertyDescriptor&);
+        static bool getOwnPropertySlot(JSCell*, ExecState*, PropertyName, PropertySlot&);
+        static bool getOwnPropertyDescriptor(JSObject*, ExecState*, PropertyName, PropertyDescriptor&);
 
-    static const ClassInfo s_info;
+        static const ClassInfo s_info;
 
-    static Structure* createStructure(JSGlobalData& globalData, JSGlobalObject* globalObject, JSValue prototype)
-    {
-        return Structure::create(globalData, globalObject, prototype, TypeInfo(ObjectType, StructureFlags), &s_info, ArrayWithArrayStorage);
-    }
+        static Structure* createStructure(JSGlobalData& globalData, JSGlobalObject* globalObject, JSValue prototype)
+        {
+            return Structure::create(globalData, globalObject, prototype, TypeInfo(ObjectType, StructureFlags), &s_info, ArrayWithArrayStorage);
+        }
 
-protected:
-    void finishCreation(JSGlobalObject*);
-};
+    protected:
+        void finishCreation(JSGlobalObject*);
+    };
 
 } // namespace JSC
 
diff --git a/Source/JavaScriptCore/runtime/Butterfly.h b/Source/JavaScriptCore/runtime/Butterfly.h
index 4b8d53f7e..cb93aea8a 100644
--- a/Source/JavaScriptCore/runtime/Butterfly.h
+++ b/Source/JavaScriptCore/runtime/Butterfly.h
@@ -88,18 +88,12 @@ public:
     template<typename T>
     T* indexingPayload() { return reinterpret_cast<T*>(this); }
     ArrayStorage* arrayStorage() { return indexingPayload<ArrayStorage>(); }
-    WriteBarrier<Unknown>* contiguousInt32() { return indexingPayload<WriteBarrier<Unknown> >(); }
-    double* contiguousDouble() { return indexingPayload<double>(); }
     WriteBarrier<Unknown>* contiguous() { return indexingPayload<WriteBarrier<Unknown> >(); }
     
     static Butterfly* fromContiguous(WriteBarrier<Unknown>* contiguous)
     {
         return reinterpret_cast<Butterfly*>(contiguous);
     }
-    static Butterfly* fromContiguous(double* contiguous)
-    {
-        return reinterpret_cast<Butterfly*>(contiguous);
-    }
     
     static ptrdiff_t offsetOfPropertyStorage() { return -static_cast<ptrdiff_t>(sizeof(IndexingHeader)); }
     static int indexOfPropertyStorage()
diff --git a/Source/JavaScriptCore/runtime/ButterflyInlineMethods.h b/Source/JavaScriptCore/runtime/ButterflyInlineMethods.h
new file mode 100644
index 000000000..86a836bef
--- /dev/null
+++ b/Source/JavaScriptCore/runtime/ButterflyInlineMethods.h
@@ -0,0 +1,179 @@
+/*
+ * Copyright (C) 2012 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef ButterflyInlineMethods_h
+#define ButterflyInlineMethods_h
+
+#include "ArrayStorage.h"
+#include "Butterfly.h"
+#include "CopiedSpaceInlineMethods.h"
+#include "CopyVisitor.h"
+#include "JSGlobalData.h"
+#include "Structure.h"
+
+namespace JSC {
+
+inline Butterfly* Butterfly::createUninitialized(JSGlobalData& globalData, size_t preCapacity, size_t propertyCapacity, bool hasIndexingHeader, size_t indexingPayloadSizeInBytes)
+{
+    void* temp;
+    size_t size = totalSize(preCapacity, propertyCapacity, hasIndexingHeader, indexingPayloadSizeInBytes);
+    if (!globalData.heap.tryAllocateStorage(size, &temp))
+        CRASH();
+    Butterfly* result = fromBase(temp, preCapacity, propertyCapacity);
+    return result;
+}
+
+inline Butterfly* Butterfly::create(JSGlobalData& globalData, size_t preCapacity, size_t propertyCapacity, bool hasIndexingHeader, const IndexingHeader& indexingHeader, size_t indexingPayloadSizeInBytes)
+{
+    Butterfly* result = createUninitialized(
+        globalData, preCapacity, propertyCapacity, hasIndexingHeader, indexingPayloadSizeInBytes);
+    if (hasIndexingHeader)
+        *result->indexingHeader() = indexingHeader;
+    return result;
+}
+
+inline Butterfly* Butterfly::create(JSGlobalData& globalData, Structure* structure)
+{
+    return create(globalData, 0, structure->outOfLineCapacity(), hasIndexingHeader(structure->indexingType()), IndexingHeader(), 0);
+}
+
+inline Butterfly* Butterfly::createUninitializedDuringCollection(CopyVisitor& visitor, size_t preCapacity, size_t propertyCapacity, bool hasIndexingHeader, size_t indexingPayloadSizeInBytes)
+{
+    Butterfly* result = fromBase(
+        visitor.allocateNewSpace(totalSize(preCapacity, propertyCapacity, hasIndexingHeader, indexingPayloadSizeInBytes)),
+        preCapacity, propertyCapacity);
+    return result;
+}
+
+inline void* Butterfly::base(Structure* structure)
+{
+    return base(indexingHeader()->preCapacity(structure), structure->outOfLineCapacity());
+}
+
+inline Butterfly* Butterfly::growPropertyStorage(JSGlobalData& globalData, size_t preCapacity, size_t oldPropertyCapacity, bool hasIndexingHeader, size_t indexingPayloadSizeInBytes, size_t newPropertyCapacity)
+{
+    ASSERT(newPropertyCapacity > oldPropertyCapacity);
+    Butterfly* result = createUninitialized(
+        globalData, preCapacity, newPropertyCapacity, hasIndexingHeader, indexingPayloadSizeInBytes);
+    memcpy(
+        result->propertyStorage() - oldPropertyCapacity,
+        propertyStorage() - oldPropertyCapacity,
+        totalSize(0, oldPropertyCapacity, hasIndexingHeader, indexingPayloadSizeInBytes));
+    return result;
+}
+
+inline Butterfly* Butterfly::growPropertyStorage(JSGlobalData& globalData, Structure* structure, size_t oldPropertyCapacity, size_t newPropertyCapacity)
+{
+    return growPropertyStorage(
+        globalData, indexingHeader()->preCapacity(structure), oldPropertyCapacity,
+        hasIndexingHeader(structure->indexingType()),
+        indexingHeader()->indexingPayloadSizeInBytes(structure), newPropertyCapacity);
+}
+
+inline Butterfly* Butterfly::growPropertyStorage(JSGlobalData& globalData, Structure* oldStructure, size_t newPropertyCapacity)
+{
+    return growPropertyStorage(
+        globalData, oldStructure, oldStructure->outOfLineCapacity(), newPropertyCapacity);
+}
+
+inline Butterfly* Butterfly::growArrayRight(JSGlobalData& globalData, Structure* oldStructure, size_t propertyCapacity, bool hadIndexingHeader, size_t oldIndexingPayloadSizeInBytes, size_t newIndexingPayloadSizeInBytes)
+{
+    ASSERT_UNUSED(oldStructure, !indexingHeader()->preCapacity(oldStructure));
+    ASSERT_UNUSED(oldStructure, hadIndexingHeader == hasIndexingHeader(oldStructure->indexingType()));
+    void* theBase = base(0, propertyCapacity);
+    size_t oldSize = totalSize(0, propertyCapacity, hadIndexingHeader, oldIndexingPayloadSizeInBytes);
+    size_t newSize = totalSize(0, propertyCapacity, true, newIndexingPayloadSizeInBytes);
+    if (!globalData.heap.tryReallocateStorage(&theBase, oldSize, newSize))
+        return 0;
+    return fromBase(theBase, 0, propertyCapacity);
+}
+
+inline Butterfly* Butterfly::growArrayRight(JSGlobalData& globalData, Structure* oldStructure, size_t newIndexingPayloadSizeInBytes)
+{
+    return growArrayRight(
+        globalData, oldStructure, oldStructure->outOfLineCapacity(),
+        hasIndexingHeader(oldStructure->indexingType()),
+        indexingHeader()->indexingPayloadSizeInBytes(oldStructure), newIndexingPayloadSizeInBytes);
+}
+
+inline Butterfly* Butterfly::resizeArray(JSGlobalData& globalData, size_t propertyCapacity, bool oldHasIndexingHeader, size_t oldIndexingPayloadSizeInBytes, size_t newPreCapacity, bool newHasIndexingHeader, size_t newIndexingPayloadSizeInBytes)
+{
+    Butterfly* result = createUninitialized(
+        globalData, newPreCapacity, propertyCapacity, newHasIndexingHeader, newIndexingPayloadSizeInBytes);
+    // FIXME: This could be made much more efficient if we used the property size,
+    // not the capacity.
+    void* to = result->propertyStorage() - propertyCapacity;
+    void* from = propertyStorage() - propertyCapacity;
+    size_t size = std::min(
+        totalSize(0, propertyCapacity, oldHasIndexingHeader, oldIndexingPayloadSizeInBytes),
+        totalSize(0, propertyCapacity, newHasIndexingHeader, newIndexingPayloadSizeInBytes));
+    memcpy(to, from, size);
+    return result;
+}
+
+inline Butterfly* Butterfly::resizeArray(JSGlobalData& globalData, Structure* structure, size_t newPreCapacity, size_t newIndexingPayloadSizeInBytes)
+{
+    bool hasIndexingHeader = JSC::hasIndexingHeader(structure->indexingType());
+    return resizeArray(
+        globalData, structure->outOfLineCapacity(), hasIndexingHeader,
+        indexingHeader()->indexingPayloadSizeInBytes(structure), newPreCapacity,
+        hasIndexingHeader, newIndexingPayloadSizeInBytes);
+}
+
+inline Butterfly* Butterfly::unshift(Structure* structure, size_t numberOfSlots)
+{
+    ASSERT(hasArrayStorage(structure->indexingType()));
+    ASSERT(numberOfSlots <= indexingHeader()->preCapacity(structure));
+    unsigned propertyCapacity = structure->outOfLineCapacity();
+    // FIXME: It would probably be wise to rewrite this as a loop since (1) we know in which
+    // direction we're moving memory so we don't need the extra check of memmove and (2) we're
+    // moving a small amount of memory in the common case so the throughput of memmove won't
+    // amortize the overhead of calling it. And no, we cannot rely on the C++ compiler to
+    // inline memmove (particularly since the size argument is likely to be variable), nor can
+    // we rely on the compiler to recognize the ordering of the pointer arguments (since
+    // propertyCapacity is variable and could cause wrap-around as far as the compiler knows).
+    memmove(
+        propertyStorage() - numberOfSlots - propertyCapacity,
+        propertyStorage() - propertyCapacity,
+        sizeof(EncodedJSValue) * propertyCapacity + sizeof(IndexingHeader) + ArrayStorage::sizeFor(0));
+    return IndexingHeader::fromEndOf(propertyStorage() - numberOfSlots)->butterfly();
+}
+
+inline Butterfly* Butterfly::shift(Structure* structure, size_t numberOfSlots)
+{
+    ASSERT(hasArrayStorage(structure->indexingType()));
+    unsigned propertyCapacity = structure->outOfLineCapacity();
+    // FIXME: See comment in unshift(), above.
+    memmove(
+        propertyStorage() - propertyCapacity + numberOfSlots,
+        propertyStorage() - propertyCapacity,
+        sizeof(EncodedJSValue) * propertyCapacity + sizeof(IndexingHeader) + ArrayStorage::sizeFor(0));
+    return IndexingHeader::fromEndOf(propertyStorage() + numberOfSlots)->butterfly();
+}
+
+} // namespace JSC
+
+#endif // ButterflyInlineMethods_h
+
diff --git a/Source/JavaScriptCore/runtime/ButterflyInlines.h b/Source/JavaScriptCore/runtime/ButterflyInlines.h
deleted file mode 100644
index 9167497a4..000000000
--- a/Source/JavaScriptCore/runtime/ButterflyInlines.h
+++ /dev/null
@@ -1,180 +0,0 @@
-/*
- * Copyright (C) 2012 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
- */
-
-#ifndef ButterflyInlines_h
-#define ButterflyInlines_h
-
-#include "ArrayStorage.h"
-#include "Butterfly.h"
-#include "CopiedSpaceInlines.h"
-#include "CopyVisitor.h"
-#include "JSGlobalData.h"
-#include "Structure.h"
-
-namespace JSC {
-
-inline Butterfly* Butterfly::createUninitialized(JSGlobalData& globalData, size_t preCapacity, size_t propertyCapacity, bool hasIndexingHeader, size_t indexingPayloadSizeInBytes)
-{
-    void* temp;
-    size_t size = totalSize(preCapacity, propertyCapacity, hasIndexingHeader, indexingPayloadSizeInBytes);
-    if (!globalData.heap.tryAllocateStorage(size, &temp))
-        CRASH();
-    Butterfly* result = fromBase(temp, preCapacity, propertyCapacity);
-    return result;
-}
-
-inline Butterfly* Butterfly::create(JSGlobalData& globalData, size_t preCapacity, size_t propertyCapacity, bool hasIndexingHeader, const IndexingHeader& indexingHeader, size_t indexingPayloadSizeInBytes)
-{
-    Butterfly* result = createUninitialized(
-        globalData, preCapacity, propertyCapacity, hasIndexingHeader, indexingPayloadSizeInBytes);
-    if (hasIndexingHeader)
-        *result->indexingHeader() = indexingHeader;
-    return result;
-}
-
-inline Butterfly* Butterfly::create(JSGlobalData& globalData, Structure* structure)
-{
-    return create(globalData, 0, structure->outOfLineCapacity(), hasIndexingHeader(structure->indexingType()), IndexingHeader(), 0);
-}
-
-inline Butterfly* Butterfly::createUninitializedDuringCollection(CopyVisitor& visitor, size_t preCapacity, size_t propertyCapacity, bool hasIndexingHeader, size_t indexingPayloadSizeInBytes)
-{
-    size_t size = totalSize(preCapacity, propertyCapacity, hasIndexingHeader, indexingPayloadSizeInBytes);
-    Butterfly* result = fromBase(
-        visitor.allocateNewSpace(size),
-        preCapacity, propertyCapacity);
-    return result;
-}
-
-inline void* Butterfly::base(Structure* structure)
-{
-    return base(indexingHeader()->preCapacity(structure), structure->outOfLineCapacity());
-}
-
-inline Butterfly* Butterfly::growPropertyStorage(JSGlobalData& globalData, size_t preCapacity, size_t oldPropertyCapacity, bool hasIndexingHeader, size_t indexingPayloadSizeInBytes, size_t newPropertyCapacity)
-{
-    ASSERT(newPropertyCapacity > oldPropertyCapacity);
-    Butterfly* result = createUninitialized(
-        globalData, preCapacity, newPropertyCapacity, hasIndexingHeader, indexingPayloadSizeInBytes);
-    memcpy(
-        result->propertyStorage() - oldPropertyCapacity,
-        propertyStorage() - oldPropertyCapacity,
-        totalSize(0, oldPropertyCapacity, hasIndexingHeader, indexingPayloadSizeInBytes));
-    return result;
-}
-
-inline Butterfly* Butterfly::growPropertyStorage(JSGlobalData& globalData, Structure* structure, size_t oldPropertyCapacity, size_t newPropertyCapacity)
-{
-    return growPropertyStorage(
-        globalData, indexingHeader()->preCapacity(structure), oldPropertyCapacity,
-        hasIndexingHeader(structure->indexingType()),
-        indexingHeader()->indexingPayloadSizeInBytes(structure), newPropertyCapacity);
-}
-
-inline Butterfly* Butterfly::growPropertyStorage(JSGlobalData& globalData, Structure* oldStructure, size_t newPropertyCapacity)
-{
-    return growPropertyStorage(
-        globalData, oldStructure, oldStructure->outOfLineCapacity(), newPropertyCapacity);
-}
-
-inline Butterfly* Butterfly::growArrayRight(JSGlobalData& globalData, Structure* oldStructure, size_t propertyCapacity, bool hadIndexingHeader, size_t oldIndexingPayloadSizeInBytes, size_t newIndexingPayloadSizeInBytes)
-{
-    ASSERT_UNUSED(oldStructure, !indexingHeader()->preCapacity(oldStructure));
-    ASSERT_UNUSED(oldStructure, hadIndexingHeader == hasIndexingHeader(oldStructure->indexingType()));
-    void* theBase = base(0, propertyCapacity);
-    size_t oldSize = totalSize(0, propertyCapacity, hadIndexingHeader, oldIndexingPayloadSizeInBytes);
-    size_t newSize = totalSize(0, propertyCapacity, true, newIndexingPayloadSizeInBytes);
-    if (!globalData.heap.tryReallocateStorage(&theBase, oldSize, newSize))
-        return 0;
-    return fromBase(theBase, 0, propertyCapacity);
-}
-
-inline Butterfly* Butterfly::growArrayRight(JSGlobalData& globalData, Structure* oldStructure, size_t newIndexingPayloadSizeInBytes)
-{
-    return growArrayRight(
-        globalData, oldStructure, oldStructure->outOfLineCapacity(),
-        hasIndexingHeader(oldStructure->indexingType()),
-        indexingHeader()->indexingPayloadSizeInBytes(oldStructure), newIndexingPayloadSizeInBytes);
-}
-
-inline Butterfly* Butterfly::resizeArray(JSGlobalData& globalData, size_t propertyCapacity, bool oldHasIndexingHeader, size_t oldIndexingPayloadSizeInBytes, size_t newPreCapacity, bool newHasIndexingHeader, size_t newIndexingPayloadSizeInBytes)
-{
-    Butterfly* result = createUninitialized(
-        globalData, newPreCapacity, propertyCapacity, newHasIndexingHeader, newIndexingPayloadSizeInBytes);
-    // FIXME: This could be made much more efficient if we used the property size,
-    // not the capacity.
-    void* to = result->propertyStorage() - propertyCapacity;
-    void* from = propertyStorage() - propertyCapacity;
-    size_t size = std::min(
-        totalSize(0, propertyCapacity, oldHasIndexingHeader, oldIndexingPayloadSizeInBytes),
-        totalSize(0, propertyCapacity, newHasIndexingHeader, newIndexingPayloadSizeInBytes));
-    memcpy(to, from, size);
-    return result;
-}
-
-inline Butterfly* Butterfly::resizeArray(JSGlobalData& globalData, Structure* structure, size_t newPreCapacity, size_t newIndexingPayloadSizeInBytes)
-{
-    bool hasIndexingHeader = JSC::hasIndexingHeader(structure->indexingType());
-    return resizeArray(
-        globalData, structure->outOfLineCapacity(), hasIndexingHeader,
-        indexingHeader()->indexingPayloadSizeInBytes(structure), newPreCapacity,
-        hasIndexingHeader, newIndexingPayloadSizeInBytes);
-}
-
-inline Butterfly* Butterfly::unshift(Structure* structure, size_t numberOfSlots)
-{
-    ASSERT(hasArrayStorage(structure->indexingType()));
-    ASSERT(numberOfSlots <= indexingHeader()->preCapacity(structure));
-    unsigned propertyCapacity = structure->outOfLineCapacity();
-    // FIXME: It would probably be wise to rewrite this as a loop since (1) we know in which
-    // direction we're moving memory so we don't need the extra check of memmove and (2) we're
-    // moving a small amount of memory in the common case so the throughput of memmove won't
-    // amortize the overhead of calling it. And no, we cannot rely on the C++ compiler to
-    // inline memmove (particularly since the size argument is likely to be variable), nor can
-    // we rely on the compiler to recognize the ordering of the pointer arguments (since
-    // propertyCapacity is variable and could cause wrap-around as far as the compiler knows).
-    memmove(
-        propertyStorage() - numberOfSlots - propertyCapacity,
-        propertyStorage() - propertyCapacity,
-        sizeof(EncodedJSValue) * propertyCapacity + sizeof(IndexingHeader) + ArrayStorage::sizeFor(0));
-    return IndexingHeader::fromEndOf(propertyStorage() - numberOfSlots)->butterfly();
-}
-
-inline Butterfly* Butterfly::shift(Structure* structure, size_t numberOfSlots)
-{
-    ASSERT(hasArrayStorage(structure->indexingType()));
-    unsigned propertyCapacity = structure->outOfLineCapacity();
-    // FIXME: See comment in unshift(), above.
-    memmove(
-        propertyStorage() - propertyCapacity + numberOfSlots,
-        propertyStorage() - propertyCapacity,
-        sizeof(EncodedJSValue) * propertyCapacity + sizeof(IndexingHeader) + ArrayStorage::sizeFor(0));
-    return IndexingHeader::fromEndOf(propertyStorage() + numberOfSlots)->butterfly();
-}
-
-} // namespace JSC
-
-#endif // ButterflyInlines_h
-
diff --git a/Source/JavaScriptCore/runtime/CodeCache.cpp b/Source/JavaScriptCore/runtime/CodeCache.cpp
index 068919528..4de760e49 100644
--- a/Source/JavaScriptCore/runtime/CodeCache.cpp
+++ b/Source/JavaScriptCore/runtime/CodeCache.cpp
@@ -36,6 +36,7 @@
 namespace JSC {
 
 CodeCache::CodeCache()
+    : m_randomGenerator(static_cast<uint32_t>(randomNumber() * UINT32_MAX))
 {
 }
 
@@ -66,9 +67,9 @@ UnlinkedCodeBlockType* CodeCache::getCodeBlock(JSGlobalData& globalData, Executa
     CodeBlockKey key = makeCodeBlockKey(source, CacheTypes<UnlinkedCodeBlockType>::codeType, strictness);
     bool storeInCache = false;
     if (debuggerMode == DebuggerOff && profilerMode == ProfilerOff) {
-        const Strong<UnlinkedCodeBlock>* result = m_cachedCodeBlocks.find(key);
-        if (result) {
-            UnlinkedCodeBlockType* unlinkedCode = jsCast<UnlinkedCodeBlockType*>(result->get());
+        CodeBlockIndicesMap::iterator result = m_cachedCodeBlockIndices.find(key);
+        if (result != m_cachedCodeBlockIndices.end()) {
+            UnlinkedCodeBlockType* unlinkedCode = jsCast<UnlinkedCodeBlockType*>(m_cachedCodeBlocks[result->value].second.get());
             unsigned firstLine = source.firstLine() + unlinkedCode->firstLine();
             executable->recordParse(unlinkedCode->codeFeatures(), unlinkedCode->hasCapturedVariables(), firstLine, firstLine + unlinkedCode->lineCount());
             return unlinkedCode;
@@ -90,8 +91,14 @@ UnlinkedCodeBlockType* CodeCache::getCodeBlock(JSGlobalData& globalData, Executa
     if (error.m_type != ParserError::ErrorNone)
         return 0;
 
-    if (storeInCache)
-        m_cachedCodeBlocks.add(key, Strong<UnlinkedCodeBlock>(globalData, unlinkedCode));
+    if (storeInCache) {
+        size_t index = m_randomGenerator.getUint32() % kMaxCodeBlockEntries;
+        if (m_cachedCodeBlocks[index].second)
+            m_cachedCodeBlockIndices.remove(m_cachedCodeBlocks[index].first);
+        m_cachedCodeBlockIndices.set(key, index);
+        m_cachedCodeBlocks[index].second.set(globalData, unlinkedCode);
+        m_cachedCodeBlocks[index].first = key;
+    }
 
     return unlinkedCode;
 }
@@ -126,7 +133,6 @@ UnlinkedFunctionCodeBlock* CodeCache::generateFunctionCodeBlock(JSGlobalData& gl
     body->destroyData();
     if (error.m_type != ParserError::ErrorNone)
         return 0;
-    m_cachedFunctionCode.add(result, Strong<UnlinkedFunctionCodeBlock>(globalData, result));
     return result;
 }
 
@@ -143,9 +149,9 @@ CodeCache::GlobalFunctionKey CodeCache::makeGlobalFunctionKey(const SourceCode&
 UnlinkedFunctionExecutable* CodeCache::getFunctionExecutableFromGlobalCode(JSGlobalData& globalData, const Identifier& name, const SourceCode& source, ParserError& error)
 {
     GlobalFunctionKey key = makeGlobalFunctionKey(source, name.string());
-    const Strong<UnlinkedFunctionExecutable>* result = m_cachedGlobalFunctions.find(key);
-    if (result)
-        return result->get();
+    GlobalFunctionIndicesMap::iterator result = m_cachedGlobalFunctionIndices.find(key);
+    if (result != m_cachedGlobalFunctionIndices.end())
+        return m_cachedGlobalFunctions[result->value].second.get();
 
     RefPtr<ProgramNode> program = parse<ProgramNode>(&globalData, source, 0, Identifier(), JSParseNormal, JSParseProgramCode, error);
     if (!program) {
@@ -167,13 +173,14 @@ UnlinkedFunctionExecutable* CodeCache::getFunctionExecutableFromGlobalCode(JSGlo
     UnlinkedFunctionExecutable* functionExecutable = UnlinkedFunctionExecutable::create(&globalData, source, body);
     functionExecutable->m_nameValue.set(globalData, functionExecutable, jsString(&globalData, name.string()));
 
-    m_cachedGlobalFunctions.add(key, Strong<UnlinkedFunctionExecutable>(globalData, functionExecutable));
-    return functionExecutable;
-}
+    size_t index = m_randomGenerator.getUint32() % kMaxGlobalFunctionEntries;
+    if (m_cachedGlobalFunctions[index].second)
+        m_cachedGlobalFunctionIndices.remove(m_cachedGlobalFunctions[index].first);
+    m_cachedGlobalFunctionIndices.set(key, index);
+    m_cachedGlobalFunctions[index].second.set(globalData, functionExecutable);
+    m_cachedGlobalFunctions[index].first = key;
 
-void CodeCache::usedFunctionCode(JSGlobalData& globalData, UnlinkedFunctionCodeBlock* codeBlock)
-{
-    m_cachedFunctionCode.add(codeBlock, Strong<UnlinkedFunctionCodeBlock>(globalData, codeBlock));
+    return functionExecutable;
 }
 
 }
diff --git a/Source/JavaScriptCore/runtime/CodeCache.h b/Source/JavaScriptCore/runtime/CodeCache.h
index 740aaa6df..4d4617189 100644
--- a/Source/JavaScriptCore/runtime/CodeCache.h
+++ b/Source/JavaScriptCore/runtime/CodeCache.h
@@ -34,7 +34,6 @@
 #include <wtf/FixedArray.h>
 #include <wtf/Forward.h>
 #include <wtf/PassOwnPtr.h>
-#include <wtf/RandomNumber.h>
 #include <wtf/text/WTFString.h>
 
 namespace JSC {
@@ -52,41 +51,6 @@ struct ParserError;
 class SourceCode;
 class SourceProvider;
 
-template <typename KeyType, typename EntryType, int CacheSize> class Thingy {
-    typedef typename HashMap<KeyType, unsigned>::iterator iterator;
-public:
-    Thingy()
-    : m_randomGenerator((static_cast<uint32_t>(randomNumber() * UINT32_MAX)))
-    {
-    }
-    const EntryType* find(const KeyType& key)
-    {
-        iterator result = m_map.find(key);
-        if (result == m_map.end())
-            return 0;
-        return &m_data[result->value].second;
-    }
-    void add(const KeyType& key, const EntryType& value)
-    {
-        iterator result = m_map.find(key);
-        if (result != m_map.end()) {
-            m_data[result->value].second = value;
-            return;
-        }
-        size_t newIndex = m_randomGenerator.getUint32() % CacheSize;
-        if (m_data[newIndex].second)
-            m_map.remove(m_data[newIndex].first);
-        m_map.add(key, newIndex);
-        m_data[newIndex].first = key;
-        m_data[newIndex].second = value;
-        ASSERT(m_map.size() <= CacheSize);
-    }
-private:
-    HashMap<KeyType, unsigned> m_map;
-    FixedArray<std::pair<KeyType, EntryType>, CacheSize> m_data;
-    WeakRandom m_randomGenerator;
-};
-
 class CodeCache {
 public:
     static PassOwnPtr<CodeCache> create() { return adoptPtr(new CodeCache); }
@@ -95,12 +59,13 @@ public:
     UnlinkedEvalCodeBlock* getEvalCodeBlock(JSGlobalData&, EvalExecutable*, const SourceCode&, JSParserStrictness, DebuggerMode, ProfilerMode, ParserError&);
     UnlinkedFunctionCodeBlock* getFunctionCodeBlock(JSGlobalData&, UnlinkedFunctionExecutable*, const SourceCode&, CodeSpecializationKind, DebuggerMode, ProfilerMode, ParserError&);
     UnlinkedFunctionExecutable* getFunctionExecutableFromGlobalCode(JSGlobalData&, const Identifier&, const SourceCode&, ParserError&);
-    void usedFunctionCode(JSGlobalData&, UnlinkedFunctionCodeBlock*);
     ~CodeCache();
 
     enum CodeType { EvalType, ProgramType, FunctionType };
     typedef std::pair<String, unsigned> CodeBlockKey;
+    typedef HashMap<CodeBlockKey, unsigned> CodeBlockIndicesMap;
     typedef std::pair<String, String> GlobalFunctionKey;
+    typedef HashMap<GlobalFunctionKey, unsigned> GlobalFunctionIndicesMap;
 
 private:
     CodeCache();
@@ -109,17 +74,18 @@ private:
 
     template <class UnlinkedCodeBlockType, class ExecutableType> inline UnlinkedCodeBlockType* getCodeBlock(JSGlobalData&, ExecutableType*, const SourceCode&, JSParserStrictness, DebuggerMode, ProfilerMode, ParserError&);
     CodeBlockKey makeCodeBlockKey(const SourceCode&, CodeType, JSParserStrictness);
+    CodeBlockIndicesMap m_cachedCodeBlockIndices;
     GlobalFunctionKey makeGlobalFunctionKey(const SourceCode&, const String&);
+    GlobalFunctionIndicesMap m_cachedGlobalFunctionIndices;
 
     enum {
         kMaxCodeBlockEntries = 1024,
-        kMaxGlobalFunctionEntries = 1024,
-        kMaxFunctionCodeBlocks = 1024
+        kMaxGlobalFunctionEntries = 1024
     };
 
-    Thingy<CodeBlockKey, Strong<UnlinkedCodeBlock>, kMaxCodeBlockEntries> m_cachedCodeBlocks;
-    Thingy<GlobalFunctionKey, Strong<UnlinkedFunctionExecutable>, kMaxGlobalFunctionEntries> m_cachedGlobalFunctions;
-    Thingy<UnlinkedFunctionCodeBlock*, Strong<UnlinkedFunctionCodeBlock>, kMaxFunctionCodeBlocks> m_cachedFunctionCode;
+    FixedArray<std::pair<CodeBlockKey, Strong<UnlinkedCodeBlock> >, kMaxCodeBlockEntries> m_cachedCodeBlocks;
+    FixedArray<std::pair<GlobalFunctionKey, Strong<UnlinkedFunctionExecutable> >, kMaxGlobalFunctionEntries> m_cachedGlobalFunctions;
+    WeakRandom m_randomGenerator;
 };
 
 }
diff --git a/Source/JavaScriptCore/runtime/Executable.cpp b/Source/JavaScriptCore/runtime/Executable.cpp
index 49a0e256d..20a2e2acb 100644
--- a/Source/JavaScriptCore/runtime/Executable.cpp
+++ b/Source/JavaScriptCore/runtime/Executable.cpp
@@ -620,17 +620,18 @@ void FunctionExecutable::clearCodeIfNotCompiling()
     clearCode();
 }
 
-void FunctionExecutable::clearUnlinkedCodeForRecompilationIfNotCompiling()
+void FunctionExecutable::clearUnlinkedCodeIfNotCompiling()
 {
     if (isCompiling())
         return;
-    m_unlinkedExecutable->clearCodeForRecompilation();
+    m_unlinkedExecutable->clearCode();
 }
 
 void FunctionExecutable::clearCode()
 {
     m_codeBlockForCall.clear();
     m_codeBlockForConstruct.clear();
+    m_unlinkedExecutable->clearCode();
     Base::clearCode();
 }
 
diff --git a/Source/JavaScriptCore/runtime/Executable.h b/Source/JavaScriptCore/runtime/Executable.h
index 98471b85b..74b4add75 100644
--- a/Source/JavaScriptCore/runtime/Executable.h
+++ b/Source/JavaScriptCore/runtime/Executable.h
@@ -704,7 +704,7 @@ namespace JSC {
         SharedSymbolTable* symbolTable(CodeSpecializationKind kind) const { return m_unlinkedExecutable->symbolTable(kind); }
 
         void clearCodeIfNotCompiling();
-        void clearUnlinkedCodeForRecompilationIfNotCompiling();
+        void clearUnlinkedCodeIfNotCompiling();
         static void visitChildren(JSCell*, SlotVisitor&);
         static Structure* createStructure(JSGlobalData& globalData, JSGlobalObject* globalObject, JSValue proto)
         {
diff --git a/Source/JavaScriptCore/runtime/FunctionPrototype.cpp b/Source/JavaScriptCore/runtime/FunctionPrototype.cpp
index 8e4390b1b..a4b2202c1 100644
--- a/Source/JavaScriptCore/runtime/FunctionPrototype.cpp
+++ b/Source/JavaScriptCore/runtime/FunctionPrototype.cpp
@@ -186,7 +186,7 @@ EncodedJSValue JSC_HOST_CALL functionProtoFuncBind(ExecState* exec)
 
     // Let A be a new (possibly empty) internal list of all of the argument values provided after thisArg (arg1, arg2 etc), in order.
     size_t numBoundArgs = exec->argumentCount() > 1 ? exec->argumentCount() - 1 : 0;
-    JSArray* boundArgs = JSArray::tryCreateUninitialized(exec->globalData(), globalObject->arrayStructureForIndexingTypeDuringAllocation(ArrayWithUndecided), numBoundArgs);
+    JSArray* boundArgs = JSArray::tryCreateUninitialized(exec->globalData(), globalObject->arrayStructure(), numBoundArgs);
     if (!boundArgs)
         return JSValue::encode(throwOutOfMemoryError(exec));
 
diff --git a/Source/JavaScriptCore/runtime/IndexingHeaderInlineMethods.h b/Source/JavaScriptCore/runtime/IndexingHeaderInlineMethods.h
new file mode 100644
index 000000000..22785ce24
--- /dev/null
+++ b/Source/JavaScriptCore/runtime/IndexingHeaderInlineMethods.h
@@ -0,0 +1,61 @@
+/*
+ * Copyright (C) 2012 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef IndexingHeaderInlineMethods_h
+#define IndexingHeaderInlineMethods_h
+
+#include "ArrayStorage.h"
+#include "IndexingHeader.h"
+#include "Structure.h"
+
+namespace JSC {
+
+inline size_t IndexingHeader::preCapacity(Structure* structure)
+{
+    if (LIKELY(!hasArrayStorage(structure->indexingType())))
+        return 0;
+    
+    return arrayStorage()->m_indexBias;
+}
+
+inline size_t IndexingHeader::indexingPayloadSizeInBytes(Structure* structure)
+{
+    switch (structure->indexingType()) {
+    case ALL_CONTIGUOUS_INDEXING_TYPES:
+        return vectorLength() * sizeof(EncodedJSValue);
+        
+    case ALL_ARRAY_STORAGE_INDEXING_TYPES:
+        return ArrayStorage::sizeFor(arrayStorage()->vectorLength());
+        
+    default:
+        ASSERT(!hasIndexedProperties(structure->indexingType()));
+        return 0;
+    }
+}
+
+} // namespace JSC
+
+#endif // IndexingHeaderInlineMethods_h
+
diff --git a/Source/JavaScriptCore/runtime/IndexingHeaderInlines.h b/Source/JavaScriptCore/runtime/IndexingHeaderInlines.h
deleted file mode 100644
index cfad1c8c2..000000000
--- a/Source/JavaScriptCore/runtime/IndexingHeaderInlines.h
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Copyright (C) 2012 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
- */
-
-#ifndef IndexingHeaderInlines_h
-#define IndexingHeaderInlines_h
-
-#include "ArrayStorage.h"
-#include "IndexingHeader.h"
-#include "Structure.h"
-
-namespace JSC {
-
-inline size_t IndexingHeader::preCapacity(Structure* structure)
-{
-    if (LIKELY(!hasArrayStorage(structure->indexingType())))
-        return 0;
-    
-    return arrayStorage()->m_indexBias;
-}
-
-inline size_t IndexingHeader::indexingPayloadSizeInBytes(Structure* structure)
-{
-    switch (structure->indexingType()) {
-    case ALL_UNDECIDED_INDEXING_TYPES:
-    case ALL_INT32_INDEXING_TYPES:
-    case ALL_DOUBLE_INDEXING_TYPES:
-    case ALL_CONTIGUOUS_INDEXING_TYPES:
-        return vectorLength() * sizeof(EncodedJSValue);
-        
-    case ALL_ARRAY_STORAGE_INDEXING_TYPES:
-        return ArrayStorage::sizeFor(arrayStorage()->vectorLength());
-        
-    default:
-        ASSERT(!hasIndexedProperties(structure->indexingType()));
-        return 0;
-    }
-}
-
-} // namespace JSC
-
-#endif // IndexingHeaderInlines_h
-
diff --git a/Source/JavaScriptCore/runtime/IndexingType.cpp b/Source/JavaScriptCore/runtime/IndexingType.cpp
index dc2733ad1..7261847a2 100644
--- a/Source/JavaScriptCore/runtime/IndexingType.cpp
+++ b/Source/JavaScriptCore/runtime/IndexingType.cpp
@@ -31,46 +31,6 @@
 
 namespace JSC {
 
-IndexingType leastUpperBoundOfIndexingTypes(IndexingType a, IndexingType b)
-{
-    // It doesn't make sense to LUB something that is an array with something that isn't.
-    ASSERT((a & IsArray) == (b & IsArray));
-
-    // Boy, this sure is easy right now.
-    return std::max(a, b);
-}
-
-IndexingType leastUpperBoundOfIndexingTypeAndType(IndexingType indexingType, SpeculatedType type)
-{
-    if (!type)
-        return indexingType;
-    switch (indexingType) {
-    case ALL_BLANK_INDEXING_TYPES:
-    case ALL_UNDECIDED_INDEXING_TYPES:
-    case ALL_INT32_INDEXING_TYPES:
-        if (isInt32Speculation(type))
-            return (indexingType & ~IndexingShapeMask) | Int32Shape;
-        if (isNumberSpeculation(type))
-            return (indexingType & ~IndexingShapeMask) | DoubleShape;
-        return (indexingType & ~IndexingShapeMask) | ContiguousShape;
-    case ALL_DOUBLE_INDEXING_TYPES:
-        if (isNumberSpeculation(type))
-            return indexingType;
-        return (indexingType & ~IndexingShapeMask) | ContiguousShape;
-    case ALL_CONTIGUOUS_INDEXING_TYPES:
-    case ALL_ARRAY_STORAGE_INDEXING_TYPES:
-        return indexingType;
-    default:
-        CRASH();
-        return 0;
-    }
-}
-
-IndexingType leastUpperBoundOfIndexingTypeAndValue(IndexingType indexingType, JSValue value)
-{
-    return leastUpperBoundOfIndexingTypeAndType(indexingType, speculationFromValue(value));
-}
-
 const char* indexingTypeToString(IndexingType indexingType)
 {
     static char result[128];
@@ -79,12 +39,6 @@ const char* indexingTypeToString(IndexingType indexingType)
     case NonArray:
         basicName = "NonArray";
         break;
-    case NonArrayWithInt32:
-        basicName = "NonArrayWithInt32";
-        break;
-    case NonArrayWithDouble:
-        basicName = "NonArrayWithDouble";
-        break;
     case NonArrayWithContiguous:
         basicName = "NonArrayWithContiguous";
         break;
@@ -97,15 +51,6 @@ const char* indexingTypeToString(IndexingType indexingType)
     case ArrayClass:
         basicName = "ArrayClass";
         break;
-    case ArrayWithUndecided:
-        basicName = "ArrayWithUndecided";
-        break;
-    case ArrayWithInt32:
-        basicName = "ArrayWithInt32";
-        break;
-    case ArrayWithDouble:
-        basicName = "ArrayWithDouble";
-        break;
     case ArrayWithContiguous:
         basicName = "ArrayWithContiguous";
         break;
diff --git a/Source/JavaScriptCore/runtime/IndexingType.h b/Source/JavaScriptCore/runtime/IndexingType.h
index ab253be1e..4bbe3cfa0 100644
--- a/Source/JavaScriptCore/runtime/IndexingType.h
+++ b/Source/JavaScriptCore/runtime/IndexingType.h
@@ -26,7 +26,6 @@
 #ifndef IndexingType_h
 #define IndexingType_h
 
-#include "SpeculatedType.h"
 #include <wtf/StdLibExtras.h>
 
 namespace JSC {
@@ -38,32 +37,21 @@ static const IndexingType IsArray                  = 1;
 
 // The shape of the indexed property storage.
 static const IndexingType IndexingShapeMask        = 30;
-static const IndexingType NoIndexingShape          = 0;
-static const IndexingType UndecidedShape           = 2; // Only useful for arrays.
-static const IndexingType Int32Shape               = 20;
-static const IndexingType DoubleShape              = 22;
+static const IndexingType NoIndexingShape          = 0; 
 static const IndexingType ContiguousShape          = 26;
 static const IndexingType ArrayStorageShape        = 28;
 static const IndexingType SlowPutArrayStorageShape = 30;
 
-static const IndexingType IndexingShapeShift       = 1;
-static const IndexingType NumberOfIndexingShapes   = 16;
-
 // Additional flags for tracking the history of the type. These are usually
 // masked off unless you ask for them directly.
 static const IndexingType MayHaveIndexedAccessors  = 32;
 
 // List of acceptable array types.
 static const IndexingType NonArray                        = 0;
-static const IndexingType NonArrayWithInt32               = Int32Shape;
-static const IndexingType NonArrayWithDouble              = DoubleShape;
 static const IndexingType NonArrayWithContiguous          = ContiguousShape;
 static const IndexingType NonArrayWithArrayStorage        = ArrayStorageShape;
 static const IndexingType NonArrayWithSlowPutArrayStorage = SlowPutArrayStorageShape;
 static const IndexingType ArrayClass                      = IsArray; // I'd want to call this "Array" but this would lead to disastrous namespace pollution.
-static const IndexingType ArrayWithUndecided              = IsArray | UndecidedShape;
-static const IndexingType ArrayWithInt32                  = IsArray | Int32Shape;
-static const IndexingType ArrayWithDouble                 = IsArray | DoubleShape;
 static const IndexingType ArrayWithContiguous             = IsArray | ContiguousShape;
 static const IndexingType ArrayWithArrayStorage           = IsArray | ArrayStorageShape;
 static const IndexingType ArrayWithSlowPutArrayStorage    = IsArray | SlowPutArrayStorageShape;
@@ -72,17 +60,6 @@ static const IndexingType ArrayWithSlowPutArrayStorage    = IsArray | SlowPutArr
     NonArray:                    \
     case ArrayClass
 
-#define ALL_UNDECIDED_INDEXING_TYPES \
-    ArrayWithUndecided
-
-#define ALL_INT32_INDEXING_TYPES      \
-    NonArrayWithInt32:                \
-    case ArrayWithInt32
-
-#define ALL_DOUBLE_INDEXING_TYPES     \
-    NonArrayWithDouble:               \
-    case ArrayWithDouble
-
 #define ALL_CONTIGUOUS_INDEXING_TYPES \
     NonArrayWithContiguous:           \
     case ArrayWithContiguous
@@ -106,21 +83,6 @@ static inline bool hasIndexingHeader(IndexingType type)
     return hasIndexedProperties(type);
 }
 
-static inline bool hasUndecided(IndexingType indexingType)
-{
-    return (indexingType & IndexingShapeMask) == UndecidedShape;
-}
-
-static inline bool hasInt32(IndexingType indexingType)
-{
-    return (indexingType & IndexingShapeMask) == Int32Shape;
-}
-
-static inline bool hasDouble(IndexingType indexingType)
-{
-    return (indexingType & IndexingShapeMask) == DoubleShape;
-}
-
 static inline bool hasContiguous(IndexingType indexingType)
 {
     return (indexingType & IndexingShapeMask) == ContiguousShape;
@@ -143,12 +105,6 @@ static inline bool shouldUseSlowPut(IndexingType indexingType)
     return (indexingType & IndexingShapeMask) == SlowPutArrayStorageShape;
 }
 
-// Return an indexing type that can handle all of the elements of both indexing types.
-IndexingType leastUpperBoundOfIndexingTypes(IndexingType, IndexingType);
-
-IndexingType leastUpperBoundOfIndexingTypeAndType(IndexingType, SpeculatedType);
-IndexingType leastUpperBoundOfIndexingTypeAndValue(IndexingType, JSValue);
-
 const char* indexingTypeToString(IndexingType);
 
 // Mask of all possible types.
diff --git a/Source/JavaScriptCore/runtime/JSActivation.h b/Source/JavaScriptCore/runtime/JSActivation.h
index b8f5621af..fc6336463 100644
--- a/Source/JavaScriptCore/runtime/JSActivation.h
+++ b/Source/JavaScriptCore/runtime/JSActivation.h
@@ -30,7 +30,7 @@
 #define JSActivation_h
 
 #include "CodeBlock.h"
-#include "CopiedSpaceInlines.h"
+#include "CopiedSpaceInlineMethods.h"
 #include "JSVariableObject.h"
 #include "Nodes.h"
 #include "SymbolTable.h"
diff --git a/Source/JavaScriptCore/runtime/JSArray.cpp b/Source/JavaScriptCore/runtime/JSArray.cpp
index 4ba5cc2bd..d1ece1a36 100644
--- a/Source/JavaScriptCore/runtime/JSArray.cpp
+++ b/Source/JavaScriptCore/runtime/JSArray.cpp
@@ -24,14 +24,14 @@
 #include "JSArray.h"
 
 #include "ArrayPrototype.h"
-#include "ButterflyInlines.h"
-#include "CachedCall.h"
+#include "ButterflyInlineMethods.h"
 #include "CopiedSpace.h"
-#include "CopiedSpaceInlines.h"
+#include "CopiedSpaceInlineMethods.h"
+#include "CachedCall.h"
 #include "Error.h"
 #include "Executable.h"
 #include "GetterSetter.h"
-#include "IndexingHeaderInlines.h"
+#include "IndexingHeaderInlineMethods.h"
 #include "PropertyNameArray.h"
 #include "Reject.h"
 #include <wtf/AVLTree.h>
@@ -410,33 +410,25 @@ bool JSArray::setLength(ExecState* exec, unsigned newLength, bool throwException
                 exec, newLength, throwException,
                 convertContiguousToArrayStorage(exec->globalData()));
         }
-        createInitialUndecided(exec->globalData(), newLength);
+        createInitialContiguous(exec->globalData(), newLength);
         return true;
         
-    case ArrayWithUndecided:
-    case ArrayWithInt32:
-    case ArrayWithDouble:
     case ArrayWithContiguous:
         if (newLength == m_butterfly->publicLength())
             return true;
         if (newLength >= MAX_ARRAY_INDEX // This case ensures that we can do fast push.
             || (newLength >= MIN_SPARSE_ARRAY_INDEX
-                && !isDenseEnoughForVector(newLength, countElements()))) {
+                && !isDenseEnoughForVector(newLength, countElementsInContiguous(m_butterfly)))) {
             return setLengthWithArrayStorage(
                 exec, newLength, throwException,
-                ensureArrayStorage(exec->globalData()));
+                convertContiguousToArrayStorage(exec->globalData()));
         }
         if (newLength > m_butterfly->publicLength()) {
-            ensureLength(exec->globalData(), newLength);
+            ensureContiguousLength(exec->globalData(), newLength);
             return true;
         }
-        if (structure()->indexingType() == ArrayWithDouble) {
-            for (unsigned i = m_butterfly->publicLength(); i-- > newLength;)
-                m_butterfly->contiguousDouble()[i] = QNaN;
-        } else {
-            for (unsigned i = m_butterfly->publicLength(); i-- > newLength;)
-                m_butterfly->contiguous()[i].clear();
-        }
+        for (unsigned i = m_butterfly->publicLength(); i-- > newLength;)
+            m_butterfly->contiguous()[i].clear();
         m_butterfly->setPublicLength(newLength);
         return true;
         
@@ -456,13 +448,6 @@ JSValue JSArray::pop(ExecState* exec)
     case ArrayClass:
         return jsUndefined();
         
-    case ArrayWithUndecided:
-        if (!m_butterfly->publicLength())
-            return jsUndefined();
-        // We have nothing but holes. So, drop down to the slow version.
-        break;
-        
-    case ArrayWithInt32:
     case ArrayWithContiguous: {
         unsigned length = m_butterfly->publicLength();
         
@@ -479,22 +464,6 @@ JSValue JSArray::pop(ExecState* exec)
         break;
     }
         
-    case ArrayWithDouble: {
-        unsigned length = m_butterfly->publicLength();
-        
-        if (!length--)
-            return jsUndefined();
-        
-        ASSERT(length < m_butterfly->vectorLength());
-        double value = m_butterfly->contiguousDouble()[length];
-        if (value == value) {
-            m_butterfly->contiguousDouble()[length] = QNaN;
-            m_butterfly->setPublicLength(length);
-            return JSValue(JSValue::EncodeAsDouble, value);
-        }
-        break;
-    }
-        
     case ARRAY_WITH_ARRAY_STORAGE_INDEXING_TYPES: {
         ArrayStorage* storage = m_butterfly->arrayStorage();
     
@@ -549,42 +518,10 @@ void JSArray::push(ExecState* exec, JSValue value)
 {
     switch (structure()->indexingType()) {
     case ArrayClass: {
-        createInitialUndecided(exec->globalData(), 0);
-        // Fall through.
-    }
-        
-    case ArrayWithUndecided: {
-        convertUndecidedForValue(exec->globalData(), value);
-        push(exec, value);
-        return;
+        putByIndexBeyondVectorLengthWithArrayStorage(exec, 0, value, true, createInitialArrayStorage(exec->globalData()));
+        break;
     }
         
-    case ArrayWithInt32: {
-        if (!value.isInt32()) {
-            convertInt32ForValue(exec->globalData(), value);
-            push(exec, value);
-            return;
-        }
-
-        unsigned length = m_butterfly->publicLength();
-        ASSERT(length <= m_butterfly->vectorLength());
-        if (length < m_butterfly->vectorLength()) {
-            m_butterfly->contiguousInt32()[length].setWithoutWriteBarrier(value);
-            m_butterfly->setPublicLength(length + 1);
-            return;
-        }
-        
-        if (length > MAX_ARRAY_INDEX) {
-            methodTable()->putByIndex(this, exec, length, value, true);
-            if (!exec->hadException())
-                throwError(exec, createRangeError(exec, "Invalid array length"));
-            return;
-        }
-        
-        putByIndexBeyondVectorLengthWithoutAttributes<Int32Shape>(exec, length, value);
-        return;
-    }
-
     case ArrayWithContiguous: {
         unsigned length = m_butterfly->publicLength();
         ASSERT(length <= m_butterfly->vectorLength());
@@ -601,42 +538,10 @@ void JSArray::push(ExecState* exec, JSValue value)
             return;
         }
         
-        putByIndexBeyondVectorLengthWithoutAttributes<ContiguousShape>(exec, length, value);
+        putByIndexBeyondVectorLengthContiguousWithoutAttributes(exec, length, value);
         return;
     }
         
-    case ArrayWithDouble: {
-        if (!value.isNumber()) {
-            convertDoubleToContiguous(exec->globalData());
-            push(exec, value);
-            return;
-        }
-        double valueAsDouble = value.asNumber();
-        if (valueAsDouble != valueAsDouble) {
-            convertDoubleToContiguous(exec->globalData());
-            push(exec, value);
-            return;
-        }
-
-        unsigned length = m_butterfly->publicLength();
-        ASSERT(length <= m_butterfly->vectorLength());
-        if (length < m_butterfly->vectorLength()) {
-            m_butterfly->contiguousDouble()[length] = valueAsDouble;
-            m_butterfly->setPublicLength(length + 1);
-            return;
-        }
-        
-        if (length > MAX_ARRAY_INDEX) {
-            methodTable()->putByIndex(this, exec, length, value, true);
-            if (!exec->hadException())
-                throwError(exec, createRangeError(exec, "Invalid array length"));
-            return;
-        }
-        
-        putByIndexBeyondVectorLengthWithoutAttributes<DoubleShape>(exec, length, value);
-        break;
-    }
-        
     case ArrayWithSlowPutArrayStorage: {
         unsigned oldLength = length();
         if (attemptToInterceptPutByIndexOnHole(exec, oldLength, value, true)) {
@@ -742,11 +647,6 @@ bool JSArray::shiftCountWithAnyIndexingType(ExecState* exec, unsigned startIndex
     case ArrayClass:
         return true;
         
-    case ArrayWithUndecided:
-        // Don't handle this because it's confusing and it shouldn't come up.
-        return false;
-        
-    case ArrayWithInt32:
     case ArrayWithContiguous: {
         unsigned oldLength = m_butterfly->publicLength();
         ASSERT(count <= oldLength);
@@ -754,7 +654,7 @@ bool JSArray::shiftCountWithAnyIndexingType(ExecState* exec, unsigned startIndex
         // We may have to walk the entire array to do the shift. We're willing to do
         // so only if it's not horribly slow.
         if (oldLength - (startIndex + count) >= MIN_SPARSE_ARRAY_INDEX)
-            return shiftCountWithArrayStorage(startIndex, count, ensureArrayStorage(exec->globalData()));
+            return shiftCountWithArrayStorage(startIndex, count, convertContiguousToArrayStorage(exec->globalData()));
         
         unsigned end = oldLength - count;
         for (unsigned i = startIndex; i < end; ++i) {
@@ -768,7 +668,7 @@ bool JSArray::shiftCountWithAnyIndexingType(ExecState* exec, unsigned startIndex
                 // about holes (at least for now), but it can detect them quickly. So
                 // we convert to array storage and then allow the array storage path to
                 // figure it out.
-                return shiftCountWithArrayStorage(startIndex, count, ensureArrayStorage(exec->globalData()));
+                return shiftCountWithArrayStorage(startIndex, count, convertContiguousToArrayStorage(exec->globalData()));
             }
             // No need for a barrier since we're just moving data around in the same vector.
             // This is in line with our standing assumption that we won't have a deletion
@@ -782,41 +682,6 @@ bool JSArray::shiftCountWithAnyIndexingType(ExecState* exec, unsigned startIndex
         return true;
     }
         
-    case ArrayWithDouble: {
-        unsigned oldLength = m_butterfly->publicLength();
-        ASSERT(count <= oldLength);
-        
-        // We may have to walk the entire array to do the shift. We're willing to do
-        // so only if it's not horribly slow.
-        if (oldLength - (startIndex + count) >= MIN_SPARSE_ARRAY_INDEX)
-            return shiftCountWithArrayStorage(startIndex, count, ensureArrayStorage(exec->globalData()));
-        
-        unsigned end = oldLength - count;
-        for (unsigned i = startIndex; i < end; ++i) {
-            // Storing to a hole is fine since we're still having a good time. But reading
-            // from a hole is totally not fine, since we might have to read from the proto
-            // chain.
-            double v = m_butterfly->contiguousDouble()[i + count];
-            if (UNLIKELY(v != v)) {
-                // The purpose of this path is to ensure that we don't make the same
-                // mistake in the future: shiftCountWithArrayStorage() can't do anything
-                // about holes (at least for now), but it can detect them quickly. So
-                // we convert to array storage and then allow the array storage path to
-                // figure it out.
-                return shiftCountWithArrayStorage(startIndex, count, ensureArrayStorage(exec->globalData()));
-            }
-            // No need for a barrier since we're just moving data around in the same vector.
-            // This is in line with our standing assumption that we won't have a deletion
-            // barrier.
-            m_butterfly->contiguousDouble()[i] = v;
-        }
-        for (unsigned i = end; i < oldLength; ++i)
-            m_butterfly->contiguousDouble()[i] = QNaN;
-        
-        m_butterfly->setPublicLength(oldLength - count);
-        return true;
-    }
-        
     case ArrayWithArrayStorage:
     case ArrayWithSlowPutArrayStorage:
         return shiftCountWithArrayStorage(startIndex, count, arrayStorage());
@@ -875,25 +740,23 @@ bool JSArray::unshiftCountWithAnyIndexingType(ExecState* exec, unsigned startInd
 {
     switch (structure()->indexingType()) {
     case ArrayClass:
-    case ArrayWithUndecided:
         // We could handle this. But it shouldn't ever come up, so we won't.
         return false;
-
-    case ArrayWithInt32:
+        
     case ArrayWithContiguous: {
         unsigned oldLength = m_butterfly->publicLength();
         
         // We may have to walk the entire array to do the unshift. We're willing to do so
         // only if it's not horribly slow.
         if (oldLength - startIndex >= MIN_SPARSE_ARRAY_INDEX)
-            return unshiftCountWithArrayStorage(exec, startIndex, count, ensureArrayStorage(exec->globalData()));
+            return unshiftCountWithArrayStorage(exec, startIndex, count, convertContiguousToArrayStorage(exec->globalData()));
         
-        ensureLength(exec->globalData(), oldLength + count);
+        ensureContiguousLength(exec->globalData(), oldLength + count);
         
         for (unsigned i = oldLength; i-- > startIndex;) {
             JSValue v = m_butterfly->contiguous()[i].get();
             if (UNLIKELY(!v))
-                return unshiftCountWithArrayStorage(exec, startIndex, count, ensureArrayStorage(exec->globalData()));
+                return unshiftCountWithArrayStorage(exec, startIndex, count, convertContiguousToArrayStorage(exec->globalData()));
             m_butterfly->contiguous()[i + count].setWithoutWriteBarrier(v);
         }
         
@@ -905,31 +768,6 @@ bool JSArray::unshiftCountWithAnyIndexingType(ExecState* exec, unsigned startInd
         return true;
     }
         
-    case ArrayWithDouble: {
-        unsigned oldLength = m_butterfly->publicLength();
-        
-        // We may have to walk the entire array to do the unshift. We're willing to do so
-        // only if it's not horribly slow.
-        if (oldLength - startIndex >= MIN_SPARSE_ARRAY_INDEX)
-            return unshiftCountWithArrayStorage(exec, startIndex, count, ensureArrayStorage(exec->globalData()));
-        
-        ensureLength(exec->globalData(), oldLength + count);
-        
-        for (unsigned i = oldLength; i-- > startIndex;) {
-            double v = m_butterfly->contiguousDouble()[i];
-            if (UNLIKELY(v != v))
-                return unshiftCountWithArrayStorage(exec, startIndex, count, ensureArrayStorage(exec->globalData()));
-            m_butterfly->contiguousDouble()[i + count] = v;
-        }
-        
-        // NOTE: we're leaving being garbage in the part of the array that we shifted out
-        // of. This is fine because the caller is required to store over that area, and
-        // in contiguous mode storing into a hole is guaranteed to behave exactly the same
-        // as storing over an existing element.
-        
-        return true;
-    }
-        
     case ArrayWithArrayStorage:
     case ArrayWithSlowPutArrayStorage:
         return unshiftCountWithArrayStorage(exec, startIndex, count, arrayStorage());
@@ -940,20 +778,6 @@ bool JSArray::unshiftCountWithAnyIndexingType(ExecState* exec, unsigned startInd
     }
 }
 
-static int compareNumbersForQSortWithInt32(const void* a, const void* b)
-{
-    int32_t ia = static_cast<const JSValue*>(a)->asInt32();
-    int32_t ib = static_cast<const JSValue*>(b)->asInt32();
-    return ia - ib;
-}
-
-static int compareNumbersForQSortWithDouble(const void* a, const void* b)
-{
-    double da = *static_cast<const double*>(a);
-    double db = *static_cast<const double*>(b);
-    return (da > db) - (da < db);
-}
-
 static int compareNumbersForQSort(const void* a, const void* b)
 {
     double da = static_cast<const JSValue*>(a)->asNumber();
@@ -971,7 +795,7 @@ static int compareByStringPairForQSort(const void* a, const void* b)
 template<IndexingType indexingType>
 void JSArray::sortNumericVector(ExecState* exec, JSValue compareFunction, CallType callType, const CallData& callData)
 {
-    ASSERT(indexingType == ArrayWithInt32 || indexingType == ArrayWithDouble || indexingType == ArrayWithContiguous || indexingType == ArrayWithArrayStorage);
+    ASSERT(indexingType == ArrayWithContiguous || indexingType == ArrayWithArrayStorage);
     
     unsigned lengthNotIncludingUndefined;
     unsigned newRelevantLength;
@@ -990,19 +814,11 @@ void JSArray::sortNumericVector(ExecState* exec, JSValue compareFunction, CallTy
         return;
     
     bool allValuesAreNumbers = true;
-    switch (indexingType) {
-    case ArrayWithInt32:
-    case ArrayWithDouble:
-        break;
-        
-    default:
-        for (size_t i = 0; i < newRelevantLength; ++i) {
-            if (!data[i].isNumber()) {
-                allValuesAreNumbers = false;
-                break;
-            }
+    for (size_t i = 0; i < newRelevantLength; ++i) {
+        if (!data[i].isNumber()) {
+            allValuesAreNumbers = false;
+            break;
         }
-        break;
     }
     
     if (!allValuesAreNumbers)
@@ -1011,23 +827,7 @@ void JSArray::sortNumericVector(ExecState* exec, JSValue compareFunction, CallTy
     // For numeric comparison, which is fast, qsort is faster than mergesort. We
     // also don't require mergesort's stability, since there's no user visible
     // side-effect from swapping the order of equal primitive values.
-    int (*compare)(const void*, const void*);
-    switch (indexingType) {
-    case ArrayWithInt32:
-        compare = compareNumbersForQSortWithInt32;
-        break;
-        
-    case ArrayWithDouble:
-        compare = compareNumbersForQSortWithDouble;
-        ASSERT(sizeof(WriteBarrier<Unknown>) == sizeof(double));
-        break;
-        
-    default:
-        compare = compareNumbersForQSort;
-        break;
-    }
-    
-    qsort(data, newRelevantLength, sizeof(WriteBarrier<Unknown>), compare);
+    qsort(data, newRelevantLength, sizeof(WriteBarrier<Unknown>), compareNumbersForQSort);
     return;
 }
 
@@ -1039,14 +839,6 @@ void JSArray::sortNumeric(ExecState* exec, JSValue compareFunction, CallType cal
     case ArrayClass:
         return;
         
-    case ArrayWithInt32:
-        sortNumericVector<ArrayWithInt32>(exec, compareFunction, callType, callData);
-        break;
-        
-    case ArrayWithDouble:
-        sortNumericVector<ArrayWithDouble>(exec, compareFunction, callType, callData);
-        break;
-        
     case ArrayWithContiguous:
         sortNumericVector<ArrayWithContiguous>(exec, compareFunction, callType, callData);
         return;
@@ -1062,7 +854,7 @@ void JSArray::sortNumeric(ExecState* exec, JSValue compareFunction, CallType cal
 }
 
 template<IndexingType indexingType>
-void JSArray::sortCompactedVector(ExecState* exec, void* begin, unsigned relevantLength)
+void JSArray::sortCompactedVector(ExecState* exec, WriteBarrier<Unknown>* begin, unsigned relevantLength)
 {
     if (!relevantLength)
         return;
@@ -1083,31 +875,11 @@ void JSArray::sortCompactedVector(ExecState* exec, void* begin, unsigned relevan
     Heap::heap(this)->pushTempSortVector(&values);
         
     bool isSortingPrimitiveValues = true;
-    switch (indexingType) {
-    case ArrayWithInt32:
-        for (size_t i = 0; i < relevantLength; i++) {
-            JSValue value = static_cast<WriteBarrier<Unknown>*>(begin)[i].get();
-            ASSERT(value.isInt32());
-            values[i].first = value;
-        }
-        break;
-        
-    case ArrayWithDouble:
-        for (size_t i = 0; i < relevantLength; i++) {
-            double value = static_cast<double*>(begin)[i];
-            ASSERT(value == value);
-            values[i].first = JSValue(JSValue::EncodeAsDouble, value);
-        }
-        break;
-        
-    default:
-        for (size_t i = 0; i < relevantLength; i++) {
-            JSValue value = static_cast<WriteBarrier<Unknown>*>(begin)[i].get();
-            ASSERT(!value.isUndefined());
-            values[i].first = value;
-            isSortingPrimitiveValues = isSortingPrimitiveValues && value.isPrimitive();
-        }
-        break;
+    for (size_t i = 0; i < relevantLength; i++) {
+        JSValue value = begin[i].get();
+        ASSERT(!value.isUndefined());
+        values[i].first = value;
+        isSortingPrimitiveValues = isSortingPrimitiveValues && value.isPrimitive();
     }
         
     // FIXME: The following loop continues to call toString on subsequent values even after
@@ -1138,10 +910,8 @@ void JSArray::sortCompactedVector(ExecState* exec, void* begin, unsigned relevan
     // If the toString function changed the length of the array or vector storage,
     // increase the length to handle the orignal number of actual values.
     switch (indexingType) {
-    case ArrayWithInt32:
-    case ArrayWithDouble:
     case ArrayWithContiguous:
-        ensureLength(globalData, relevantLength);
+        ensureContiguousLength(globalData, relevantLength);
         break;
         
     case ArrayWithArrayStorage:
@@ -1157,12 +927,8 @@ void JSArray::sortCompactedVector(ExecState* exec, void* begin, unsigned relevan
         CRASH();
     }
 
-    for (size_t i = 0; i < relevantLength; i++) {
-        if (indexingType == ArrayWithDouble)
-            static_cast<double*>(begin)[i] = values[i].first.asNumber();
-        else
-            static_cast<WriteBarrier<Unknown>*>(begin)[i].set(globalData, this, values[i].first);
-    }
+    for (size_t i = 0; i < relevantLength; i++)
+        begin[i].set(globalData, this, values[i].first);
     
     Heap::heap(this)->popTempSortVector(&values);
 }
@@ -1173,31 +939,8 @@ void JSArray::sort(ExecState* exec)
     
     switch (structure()->indexingType()) {
     case ArrayClass:
-    case ArrayWithUndecided:
         return;
         
-    case ArrayWithInt32: {
-        unsigned lengthNotIncludingUndefined;
-        unsigned newRelevantLength;
-        compactForSorting<ArrayWithInt32>(
-            lengthNotIncludingUndefined, newRelevantLength);
-        
-        sortCompactedVector<ArrayWithInt32>(
-            exec, m_butterfly->contiguousInt32(), lengthNotIncludingUndefined);
-        return;
-    }
-        
-    case ArrayWithDouble: {
-        unsigned lengthNotIncludingUndefined;
-        unsigned newRelevantLength;
-        compactForSorting<ArrayWithDouble>(
-            lengthNotIncludingUndefined, newRelevantLength);
-        
-        sortCompactedVector<ArrayWithDouble>(
-            exec, m_butterfly->contiguousDouble(), lengthNotIncludingUndefined);
-        return;
-    }
-        
     case ArrayWithContiguous: {
         unsigned lengthNotIncludingUndefined;
         unsigned newRelevantLength;
@@ -1344,12 +1087,12 @@ void JSArray::sortVector(ExecState* exec, JSValue compareFunction, CallType call
         
     unsigned numDefined = 0;
     unsigned numUndefined = 0;
-    
+        
     // Iterate over the array, ignoring missing values, counting undefined ones, and inserting all other ones into the tree.
     for (; numDefined < usedVectorLength; ++numDefined) {
         if (numDefined > m_butterfly->vectorLength())
             break;
-        JSValue v = getHolyIndexQuickly(numDefined);
+        JSValue v = currentIndexingData()[numDefined].get();
         if (!v || v.isUndefined())
             break;
         tree.abstractor().m_nodes[numDefined].value = v;
@@ -1358,7 +1101,7 @@ void JSArray::sortVector(ExecState* exec, JSValue compareFunction, CallType call
     for (unsigned i = numDefined; i < usedVectorLength; ++i) {
         if (i > m_butterfly->vectorLength())
             break;
-        JSValue v = getHolyIndexQuickly(i);
+        JSValue v = currentIndexingData()[i].get();
         if (v) {
             if (v.isUndefined())
                 ++numUndefined;
@@ -1369,7 +1112,7 @@ void JSArray::sortVector(ExecState* exec, JSValue compareFunction, CallType call
             }
         }
     }
-    
+        
     unsigned newUsedVectorLength = numDefined + numUndefined;
         
     // The array size may have changed. Figure out the new bounds.
@@ -1384,31 +1127,16 @@ void JSArray::sortVector(ExecState* exec, JSValue compareFunction, CallType call
     iter.start_iter_least(tree);
     JSGlobalData& globalData = exec->globalData();
     for (unsigned i = 0; i < elementsToExtractThreshold; ++i) {
-        if (structure()->indexingType() == ArrayWithDouble)
-            butterfly()->contiguousDouble()[i] = tree.abstractor().m_nodes[*iter].value.asNumber();
-        else
-            currentIndexingData()[i].set(globalData, this, tree.abstractor().m_nodes[*iter].value);
+        currentIndexingData()[i].set(globalData, this, tree.abstractor().m_nodes[*iter].value);
         ++iter;
     }
     // Put undefined values back in.
-    switch (structure()->indexingType()) {
-    case ArrayWithInt32:
-    case ArrayWithDouble:
-        ASSERT(elementsToExtractThreshold == undefinedElementsThreshold);
-        break;
-        
-    default:
-        for (unsigned i = elementsToExtractThreshold; i < undefinedElementsThreshold; ++i)
-            currentIndexingData()[i].setUndefined();
-    }
+    for (unsigned i = elementsToExtractThreshold; i < undefinedElementsThreshold; ++i)
+        currentIndexingData()[i].setUndefined();
 
     // Ensure that unused values in the vector are zeroed out.
-    for (unsigned i = undefinedElementsThreshold; i < clearElementsThreshold; ++i) {
-        if (structure()->indexingType() == ArrayWithDouble)
-            butterfly()->contiguousDouble()[i] = QNaN;
-        else
-            currentIndexingData()[i].clear();
-    }
+    for (unsigned i = undefinedElementsThreshold; i < clearElementsThreshold; ++i)
+        currentIndexingData()[i].clear();
     
     if (hasArrayStorage(structure()->indexingType()))
         arrayStorage()->m_numValuesInVector = newUsedVectorLength;
@@ -1420,17 +1148,8 @@ void JSArray::sort(ExecState* exec, JSValue compareFunction, CallType callType,
     
     switch (structure()->indexingType()) {
     case ArrayClass:
-    case ArrayWithUndecided:
         return;
         
-    case ArrayWithInt32:
-        sortVector<ArrayWithInt32>(exec, compareFunction, callType, callData);
-        return;
-
-    case ArrayWithDouble:
-        sortVector<ArrayWithDouble>(exec, compareFunction, callType, callData);
-        return;
-
     case ArrayWithContiguous:
         sortVector<ArrayWithContiguous>(exec, compareFunction, callType, callData);
         return;
@@ -1454,30 +1173,11 @@ void JSArray::fillArgList(ExecState* exec, MarkedArgumentBuffer& args)
     case ArrayClass:
         return;
         
-    case ArrayWithUndecided: {
-        vector = 0;
-        vectorEnd = 0;
-        break;
-    }
-        
-    case ArrayWithInt32:
     case ArrayWithContiguous: {
         vectorEnd = m_butterfly->publicLength();
         vector = m_butterfly->contiguous();
         break;
     }
-        
-    case ArrayWithDouble: {
-        vector = 0;
-        vectorEnd = 0;
-        for (; i < m_butterfly->publicLength(); ++i) {
-            double v = butterfly()->contiguousDouble()[i];
-            if (v != v)
-                break;
-            args.append(JSValue(JSValue::EncodeAsDouble, v));
-        }
-        break;
-    }
     
     case ARRAY_WITH_ARRAY_STORAGE_INDEXING_TYPES: {
         ArrayStorage* storage = m_butterfly->arrayStorage();
@@ -1516,31 +1216,12 @@ void JSArray::copyToArguments(ExecState* exec, CallFrame* callFrame, uint32_t le
     case ArrayClass:
         return;
         
-    case ArrayWithUndecided: {
-        vector = 0;
-        vectorEnd = 0;
-        break;
-    }
-        
-    case ArrayWithInt32:
     case ArrayWithContiguous: {
         vector = m_butterfly->contiguous();
         vectorEnd = m_butterfly->publicLength();
         break;
     }
         
-    case ArrayWithDouble: {
-        vector = 0;
-        vectorEnd = 0;
-        for (; i < m_butterfly->publicLength(); ++i) {
-            double v = m_butterfly->contiguousDouble()[i];
-            if (v != v)
-                break;
-            callFrame->setArgument(i, JSValue(JSValue::EncodeAsDouble, v));
-        }
-        break;
-    }
-        
     case ARRAY_WITH_ARRAY_STORAGE_INDEXING_TYPES: {
         ArrayStorage* storage = m_butterfly->arrayStorage();
         vector = storage->m_vector;
@@ -1578,40 +1259,12 @@ void JSArray::compactForSorting(unsigned& numDefined, unsigned& newRelevantLengt
     unsigned numUndefined = 0;
         
     for (; numDefined < myRelevantLength; ++numDefined) {
-        if (indexingType == ArrayWithInt32) {
-            JSValue v = m_butterfly->contiguousInt32()[numDefined].get();
-            if (!v)
-                break;
-            ASSERT(v.isInt32());
-            continue;
-        }
-        if (indexingType == ArrayWithDouble) {
-            double v = m_butterfly->contiguousDouble()[numDefined];
-            if (v != v)
-                break;
-            continue;
-        }
         JSValue v = indexingData<indexingType>()[numDefined].get();
         if (!v || v.isUndefined())
             break;
     }
         
     for (unsigned i = numDefined; i < myRelevantLength; ++i) {
-        if (indexingType == ArrayWithInt32) {
-            JSValue v = m_butterfly->contiguousInt32()[i].get();
-            if (!v)
-                continue;
-            ASSERT(v.isInt32());
-            m_butterfly->contiguousInt32()[numDefined++].setWithoutWriteBarrier(v);
-            continue;
-        }
-        if (indexingType == ArrayWithDouble) {
-            double v = m_butterfly->contiguousDouble()[i];
-            if (v != v)
-                continue;
-            m_butterfly->contiguousDouble()[numDefined++] = v;
-            continue;
-        }
         JSValue v = indexingData<indexingType>()[i].get();
         if (v) {
             if (v.isUndefined())
@@ -1626,23 +1279,10 @@ void JSArray::compactForSorting(unsigned& numDefined, unsigned& newRelevantLengt
     if (hasArrayStorage(indexingType))
         ASSERT(!arrayStorage()->m_sparseMap);
     
-    switch (indexingType) {
-    case ArrayWithInt32:
-    case ArrayWithDouble:
-        ASSERT(numDefined == newRelevantLength);
-        break;
-        
-    default:
-        for (unsigned i = numDefined; i < newRelevantLength; ++i)
-            indexingData<indexingType>()[i].setUndefined();
-        break;
-    }
-    for (unsigned i = newRelevantLength; i < myRelevantLength; ++i) {
-        if (indexingType == ArrayWithDouble)
-            m_butterfly->contiguousDouble()[i] = QNaN;
-        else
-            indexingData<indexingType>()[i].clear();
-    }
+    for (unsigned i = numDefined; i < newRelevantLength; ++i)
+        indexingData<indexingType>()[i].setUndefined();
+    for (unsigned i = newRelevantLength; i < myRelevantLength; ++i)
+        indexingData<indexingType>()[i].clear();
 
     if (hasArrayStorage(indexingType))
         arrayStorage()->m_numValuesInVector = newRelevantLength;
diff --git a/Source/JavaScriptCore/runtime/JSArray.h b/Source/JavaScriptCore/runtime/JSArray.h
index ea1ed9047..1d1e64173 100644
--- a/Source/JavaScriptCore/runtime/JSArray.h
+++ b/Source/JavaScriptCore/runtime/JSArray.h
@@ -22,7 +22,7 @@
 #define JSArray_h
 
 #include "ArrayConventions.h"
-#include "ButterflyInlines.h"
+#include "ButterflyInlineMethods.h"
 #include "JSObject.h"
 
 namespace JSC {
@@ -162,7 +162,7 @@ private:
     void sortNumericVector(ExecState*, JSValue compareFunction, CallType, const CallData&);
         
     template<IndexingType indexingType>
-    void sortCompactedVector(ExecState*, void* begin, unsigned relevantLength);
+    void sortCompactedVector(ExecState*, WriteBarrier<Unknown>* begin, unsigned relevantLength);
         
     template<IndexingType indexingType>
     void sortVector(ExecState*, JSValue compareFunction, CallType, const CallData&);
@@ -174,14 +174,13 @@ private:
     void compactForSorting(unsigned& numDefined, unsigned& newRelevantLength);
 };
 
-inline Butterfly* createContiguousArrayButterfly(JSGlobalData& globalData, unsigned length, unsigned& vectorLength)
+inline Butterfly* createContiguousArrayButterfly(JSGlobalData& globalData, unsigned length)
 {
     IndexingHeader header;
-    vectorLength = std::max(length, BASE_VECTOR_LEN);
-    header.setVectorLength(vectorLength);
+    header.setVectorLength(std::max(length, BASE_VECTOR_LEN));
     header.setPublicLength(length);
     Butterfly* result = Butterfly::create(
-        globalData, 0, 0, true, header, vectorLength * sizeof(EncodedJSValue));
+        globalData, 0, 0, true, header, header.vectorLength() * sizeof(EncodedJSValue));
     return result;
 }
 
@@ -201,23 +200,13 @@ Butterfly* createArrayButterflyInDictionaryIndexingMode(JSGlobalData&, unsigned
 inline JSArray* JSArray::create(JSGlobalData& globalData, Structure* structure, unsigned initialLength)
 {
     Butterfly* butterfly;
-    if (LIKELY(!hasArrayStorage(structure->indexingType()))) {
-        ASSERT(
-            hasUndecided(structure->indexingType())
-            || hasInt32(structure->indexingType())
-            || hasDouble(structure->indexingType())
-            || hasContiguous(structure->indexingType()));
-        unsigned vectorLength;
-        butterfly = createContiguousArrayButterfly(globalData, initialLength, vectorLength);
+    if (LIKELY(structure->indexingType() == ArrayWithContiguous)) {
+        butterfly = createContiguousArrayButterfly(globalData, initialLength);
         ASSERT(initialLength < MIN_SPARSE_ARRAY_INDEX);
-        if (hasDouble(structure->indexingType())) {
-            for (unsigned i = 0; i < vectorLength; ++i)
-                butterfly->contiguousDouble()[i] = QNaN;
-        }
     } else {
         ASSERT(
             structure->indexingType() == ArrayWithSlowPutArrayStorage
-            || structure->indexingType() == ArrayWithArrayStorage);
+            || (initialLength && structure->indexingType() == ArrayWithArrayStorage));
         butterfly = createArrayButterfly(globalData, initialLength);
     }
     JSArray* array = new (NotNull, allocateCell<JSArray>(globalData.heap)) JSArray(globalData, structure, butterfly);
@@ -232,13 +221,8 @@ inline JSArray* JSArray::tryCreateUninitialized(JSGlobalData& globalData, Struct
         return 0;
         
     Butterfly* butterfly;
-    if (LIKELY(!hasArrayStorage(structure->indexingType()))) {
-        ASSERT(
-            hasUndecided(structure->indexingType())
-            || hasInt32(structure->indexingType())
-            || hasDouble(structure->indexingType())
-            || hasContiguous(structure->indexingType()));
-
+    if (LIKELY(structure->indexingType() == ArrayWithContiguous)) {
+            
         void* temp;
         if (!globalData.heap.tryAllocateStorage(Butterfly::totalSize(0, 0, true, vectorLength * sizeof(EncodedJSValue)), &temp))
             return 0;
diff --git a/Source/JavaScriptCore/runtime/JSCell.h b/Source/JavaScriptCore/runtime/JSCell.h
index df31b8542..3b37613d1 100644
--- a/Source/JavaScriptCore/runtime/JSCell.h
+++ b/Source/JavaScriptCore/runtime/JSCell.h
@@ -28,9 +28,9 @@
 #include "ConstructData.h"
 #include "Heap.h"
 #include "JSLock.h"
-#include "JSValueInlines.h"
+#include "JSValueInlineMethods.h"
 #include "SlotVisitor.h"
-#include "SlotVisitorInlines.h"
+#include "SlotVisitorInlineMethods.h"
 #include "TypedArrayDescriptor.h"
 #include "WriteBarrier.h"
 #include <wtf/Noncopyable.h>
diff --git a/Source/JavaScriptCore/runtime/JSGlobalObject.cpp b/Source/JavaScriptCore/runtime/JSGlobalObject.cpp
index a7c6c8c18..c466a2b04 100644
--- a/Source/JavaScriptCore/runtime/JSGlobalObject.cpp
+++ b/Source/JavaScriptCore/runtime/JSGlobalObject.cpp
@@ -230,16 +230,9 @@ void JSGlobalObject::reset(JSValue prototype)
     m_callbackObjectStructure.set(exec->globalData(), this, JSCallbackObject<JSDestructibleObject>::createStructure(exec->globalData(), this, m_objectPrototype.get()));
 
     m_arrayPrototype.set(exec->globalData(), this, ArrayPrototype::create(exec, this, ArrayPrototype::createStructure(exec->globalData(), this, m_objectPrototype.get())));
-    
-    m_originalArrayStructureForIndexingShape[UndecidedShape >> IndexingShapeShift].set(exec->globalData(), this, JSArray::createStructure(exec->globalData(), this, m_arrayPrototype.get(), ArrayWithUndecided));
-    m_originalArrayStructureForIndexingShape[Int32Shape >> IndexingShapeShift].set(exec->globalData(), this, JSArray::createStructure(exec->globalData(), this, m_arrayPrototype.get(), ArrayWithInt32));
-    m_originalArrayStructureForIndexingShape[DoubleShape >> IndexingShapeShift].set(exec->globalData(), this, JSArray::createStructure(exec->globalData(), this, m_arrayPrototype.get(), ArrayWithDouble));
-    m_originalArrayStructureForIndexingShape[ContiguousShape >> IndexingShapeShift].set(exec->globalData(), this, JSArray::createStructure(exec->globalData(), this, m_arrayPrototype.get(), ArrayWithContiguous));
-    m_originalArrayStructureForIndexingShape[ArrayStorageShape >> IndexingShapeShift].set(exec->globalData(), this, JSArray::createStructure(exec->globalData(), this, m_arrayPrototype.get(), ArrayWithArrayStorage));
-    m_originalArrayStructureForIndexingShape[SlowPutArrayStorageShape >> IndexingShapeShift].set(exec->globalData(), this, JSArray::createStructure(exec->globalData(), this, m_arrayPrototype.get(), ArrayWithSlowPutArrayStorage));
-    for (unsigned i = 0; i < NumberOfIndexingShapes; ++i)
-        m_arrayStructureForIndexingShapeDuringAllocation[i] = m_originalArrayStructureForIndexingShape[i];
-    
+    m_arrayStructure.set(exec->globalData(), this, JSArray::createStructure(exec->globalData(), this, m_arrayPrototype.get(), ArrayWithContiguous));
+    m_arrayStructureWithArrayStorage.set(exec->globalData(), this, JSArray::createStructure(exec->globalData(), this, m_arrayPrototype.get(), ArrayWithArrayStorage));
+    m_arrayStructureForSlowPut.set(exec->globalData(), this, JSArray::createStructure(exec->globalData(), this, m_arrayPrototype.get(), ArrayWithSlowPutArrayStorage));
     m_regExpMatchesArrayStructure.set(exec->globalData(), this, RegExpMatchesArray::createStructure(exec->globalData(), this, m_arrayPrototype.get()));
 
     m_stringPrototype.set(exec->globalData(), this, StringPrototype::create(exec, this, StringPrototype::createStructure(exec->globalData(), this, m_objectPrototype.get())));
@@ -367,9 +360,7 @@ inline bool hasBrokenIndexing(JSObject* object)
 {
     // This will change if we have more indexing types.
     IndexingType type = object->structure()->indexingType();
-    // This could be made obviously more efficient, but isn't made so right now, because
-    // we expect this to be an unlikely slow path anyway.
-    return hasUndecided(type) || hasInt32(type) || hasDouble(type) || hasContiguous(type) || hasFastArrayStorage(type);
+    return hasContiguous(type) || hasFastArrayStorage(type);
 }
 
 void ObjectsWithBrokenIndexingFinder::operator()(JSCell* cell)
@@ -421,8 +412,8 @@ void JSGlobalObject::haveABadTime(JSGlobalData& globalData)
     
     // Make sure that all JSArray allocations that load the appropriate structure from
     // this object now load a structure that uses SlowPut.
-    for (unsigned i = 0; i < NumberOfIndexingShapes; ++i)
-        m_arrayStructureForIndexingShapeDuringAllocation[i].set(globalData, this, originalArrayStructureForIndexingType(ArrayWithSlowPutArrayStorage));
+    m_arrayStructure.set(globalData, this, m_arrayStructureForSlowPut.get());
+    m_arrayStructureWithArrayStorage.set(globalData, this, m_arrayStructureForSlowPut.get());
     
     // Make sure that all objects that have indexed storage switch to the slow kind of
     // indexed storage.
@@ -497,10 +488,9 @@ void JSGlobalObject::visitChildren(JSCell* cell, SlotVisitor& visitor)
     visitor.append(&thisObject->m_activationStructure);
     visitor.append(&thisObject->m_nameScopeStructure);
     visitor.append(&thisObject->m_argumentsStructure);
-    for (unsigned i = 0; i < NumberOfIndexingShapes; ++i)
-        visitor.append(&thisObject->m_originalArrayStructureForIndexingShape[i]);
-    for (unsigned i = 0; i < NumberOfIndexingShapes; ++i)
-        visitor.append(&thisObject->m_arrayStructureForIndexingShapeDuringAllocation[i]);
+    visitor.append(&thisObject->m_arrayStructure);
+    visitor.append(&thisObject->m_arrayStructureWithArrayStorage);
+    visitor.append(&thisObject->m_arrayStructureForSlowPut);
     visitor.append(&thisObject->m_booleanObjectStructure);
     visitor.append(&thisObject->m_callbackConstructorStructure);
     visitor.append(&thisObject->m_callbackFunctionStructure);
diff --git a/Source/JavaScriptCore/runtime/JSGlobalObject.h b/Source/JavaScriptCore/runtime/JSGlobalObject.h
index 121b71b72..3212363ab 100644
--- a/Source/JavaScriptCore/runtime/JSGlobalObject.h
+++ b/Source/JavaScriptCore/runtime/JSGlobalObject.h
@@ -22,7 +22,6 @@
 #ifndef JSGlobalObject_h
 #define JSGlobalObject_h
 
-#include "ArrayAllocationProfile.h"
 #include "JSArray.h"
 #include "JSGlobalData.h"
 #include "JSSegmentedVariableObject.h"
@@ -131,12 +130,9 @@ namespace JSC {
         WriteBarrier<Structure> m_activationStructure;
         WriteBarrier<Structure> m_nameScopeStructure;
         WriteBarrier<Structure> m_argumentsStructure;
-        
-        // Lists the actual structures used for having these particular indexing shapes.
-        WriteBarrier<Structure> m_originalArrayStructureForIndexingShape[NumberOfIndexingShapes];
-        // Lists the structures we should use during allocation for these particular indexing shapes.
-        WriteBarrier<Structure> m_arrayStructureForIndexingShapeDuringAllocation[NumberOfIndexingShapes];
-        
+        WriteBarrier<Structure> m_arrayStructure; // This gets set to m_arrayStructureForSlowPut as soon as we decide to have a bad time.
+        WriteBarrier<Structure> m_arrayStructureWithArrayStorage; // This gets set to m_arrayStructureForSlowPut as soon as we decide to have a bad time.
+        WriteBarrier<Structure> m_arrayStructureForSlowPut;
         WriteBarrier<Structure> m_booleanObjectStructure;
         WriteBarrier<Structure> m_callbackConstructorStructure;
         WriteBarrier<Structure> m_callbackFunctionStructure;
@@ -279,26 +275,14 @@ namespace JSC {
         Structure* activationStructure() const { return m_activationStructure.get(); }
         Structure* nameScopeStructure() const { return m_nameScopeStructure.get(); }
         Structure* argumentsStructure() const { return m_argumentsStructure.get(); }
-        Structure* originalArrayStructureForIndexingType(IndexingType indexingType) const
-        {
-            ASSERT(indexingType & IsArray);
-            return m_originalArrayStructureForIndexingShape[(indexingType & IndexingShapeMask) >> IndexingShapeShift].get();
-        }
-        Structure* arrayStructureForIndexingTypeDuringAllocation(IndexingType indexingType) const
-        {
-            ASSERT(indexingType & IsArray);
-            return m_arrayStructureForIndexingShapeDuringAllocation[(indexingType & IndexingShapeMask) >> IndexingShapeShift].get();
-        }
-        Structure* arrayStructureForProfileDuringAllocation(ArrayAllocationProfile* profile) const
-        {
-            return arrayStructureForIndexingTypeDuringAllocation(ArrayAllocationProfile::selectIndexingTypeFor(profile));
-        }
-        
+        Structure* arrayStructure() const { return m_arrayStructure.get(); }
+        Structure* arrayStructureWithArrayStorage() const { return m_arrayStructureWithArrayStorage.get(); }
+        void* addressOfArrayStructure() { return &m_arrayStructure; }
+        void* addressOfArrayStructureWithArrayStorage() { return &m_arrayStructureWithArrayStorage; }
         bool isOriginalArrayStructure(Structure* structure)
         {
-            return originalArrayStructureForIndexingType(structure->indexingType() | IsArray) == structure;
+            return structure == m_arrayStructure.get() || structure == m_arrayStructureWithArrayStorage.get();
         }
-        
         Structure* booleanObjectStructure() const { return m_booleanObjectStructure.get(); }
         Structure* callbackConstructorStructure() const { return m_callbackConstructorStructure.get(); }
         Structure* callbackFunctionStructure() const { return m_callbackFunctionStructure.get(); }
@@ -513,34 +497,34 @@ namespace JSC {
         return constructEmptyObject(exec, exec->lexicalGlobalObject());
     }
 
-    inline JSArray* constructEmptyArray(ExecState* exec, ArrayAllocationProfile* profile, JSGlobalObject* globalObject, unsigned initialLength = 0)
+    inline JSArray* constructEmptyArray(ExecState* exec, JSGlobalObject* globalObject, unsigned initialLength = 0)
     {
-        return ArrayAllocationProfile::updateLastAllocationFor(profile, JSArray::create(exec->globalData(), initialLength >= MIN_SPARSE_ARRAY_INDEX ? globalObject->arrayStructureForIndexingTypeDuringAllocation(ArrayWithArrayStorage) : globalObject->arrayStructureForProfileDuringAllocation(profile), initialLength));
+        return JSArray::create(exec->globalData(), initialLength >= MIN_SPARSE_ARRAY_INDEX ? globalObject->arrayStructureWithArrayStorage() : globalObject->arrayStructure(), initialLength);
     }
 
-    inline JSArray* constructEmptyArray(ExecState* exec, ArrayAllocationProfile* profile, unsigned initialLength = 0)
+    inline JSArray* constructEmptyArray(ExecState* exec, unsigned initialLength = 0)
     {
-        return constructEmptyArray(exec, profile, exec->lexicalGlobalObject(), initialLength);
+        return constructEmptyArray(exec, exec->lexicalGlobalObject(), initialLength);
     }
  
-    inline JSArray* constructArray(ExecState* exec, ArrayAllocationProfile* profile, JSGlobalObject* globalObject, const ArgList& values)
+    inline JSArray* constructArray(ExecState* exec, JSGlobalObject* globalObject, const ArgList& values)
     {
-        return ArrayAllocationProfile::updateLastAllocationFor(profile, constructArray(exec, globalObject->arrayStructureForProfileDuringAllocation(profile), values));
+        return constructArray(exec, globalObject->arrayStructure(), values);
     }
 
-    inline JSArray* constructArray(ExecState* exec, ArrayAllocationProfile* profile, const ArgList& values)
+    inline JSArray* constructArray(ExecState* exec, const ArgList& values)
     {
-        return constructArray(exec, profile, exec->lexicalGlobalObject(), values);
+        return constructArray(exec, exec->lexicalGlobalObject(), values);
     }
 
-    inline JSArray* constructArray(ExecState* exec, ArrayAllocationProfile* profile, JSGlobalObject* globalObject, const JSValue* values, unsigned length)
+    inline JSArray* constructArray(ExecState* exec, JSGlobalObject* globalObject, const JSValue* values, unsigned length)
     {
-        return ArrayAllocationProfile::updateLastAllocationFor(profile, constructArray(exec, globalObject->arrayStructureForProfileDuringAllocation(profile), values, length));
+        return constructArray(exec, globalObject->arrayStructure(), values, length);
     }
 
-    inline JSArray* constructArray(ExecState* exec, ArrayAllocationProfile* profile, const JSValue* values, unsigned length)
+    inline JSArray* constructArray(ExecState* exec, const JSValue* values, unsigned length)
     {
-        return constructArray(exec, profile, exec->lexicalGlobalObject(), values, length);
+        return constructArray(exec, exec->lexicalGlobalObject(), values, length);
     }
 
     class DynamicGlobalObjectScope {
diff --git a/Source/JavaScriptCore/runtime/JSObject.cpp b/Source/JavaScriptCore/runtime/JSObject.cpp
index a67896b1a..6a3fb84e4 100644
--- a/Source/JavaScriptCore/runtime/JSObject.cpp
+++ b/Source/JavaScriptCore/runtime/JSObject.cpp
@@ -24,14 +24,14 @@
 #include "config.h"
 #include "JSObject.h"
 
-#include "ButterflyInlines.h"
-#include "CopiedSpaceInlines.h"
+#include "ButterflyInlineMethods.h"
+#include "CopiedSpaceInlineMethods.h"
 #include "CopyVisitor.h"
-#include "CopyVisitorInlines.h"
+#include "CopyVisitorInlineMethods.h"
 #include "DatePrototype.h"
 #include "ErrorConstructor.h"
 #include "GetterSetter.h"
-#include "IndexingHeaderInlines.h"
+#include "IndexingHeaderInlineMethods.h"
 #include "JSFunction.h"
 #include "JSGlobalObject.h"
 #include "Lookup.h"
@@ -42,7 +42,7 @@
 #include "PropertyDescriptor.h"
 #include "PropertyNameArray.h"
 #include "Reject.h"
-#include "SlotVisitorInlines.h"
+#include "SlotVisitorInlineMethods.h"
 #include <math.h>
 #include <wtf/Assertions.h>
 
@@ -129,16 +129,7 @@ ALWAYS_INLINE void JSObject::copyButterfly(CopyVisitor& visitor, Butterfly* butt
             size_t count;
             
             switch (structure->indexingType()) {
-            case ALL_UNDECIDED_INDEXING_TYPES: {
-                currentTarget = 0;
-                currentSource = 0;
-                count = 0;
-                break;
-            }
-                
-            case ALL_CONTIGUOUS_INDEXING_TYPES:
-            case ALL_INT32_INDEXING_TYPES:
-            case ALL_DOUBLE_INDEXING_TYPES: {
+            case ALL_CONTIGUOUS_INDEXING_TYPES: {
                 currentTarget = newButterfly->contiguous();
                 currentSource = butterfly->contiguous();
                 ASSERT(newButterfly->publicLength() <= newButterfly->vectorLength());
@@ -161,7 +152,8 @@ ALWAYS_INLINE void JSObject::copyButterfly(CopyVisitor& visitor, Butterfly* butt
                 break;
             }
 
-            memcpy(currentTarget, currentSource, count * sizeof(EncodedJSValue));
+            while (count--)
+                (currentTarget++)->setWithoutWriteBarrier((currentSource++)->get());
         }
         
         m_butterfly = newButterfly;
@@ -280,10 +272,8 @@ bool JSObject::getOwnPropertySlotByIndex(JSCell* cell, ExecState* exec, unsigned
     
     switch (thisObject->structure()->indexingType()) {
     case ALL_BLANK_INDEXING_TYPES:
-    case ALL_UNDECIDED_INDEXING_TYPES:
         break;
         
-    case ALL_INT32_INDEXING_TYPES:
     case ALL_CONTIGUOUS_INDEXING_TYPES: {
         Butterfly* butterfly = thisObject->m_butterfly;
         if (i >= butterfly->vectorLength())
@@ -298,20 +288,6 @@ bool JSObject::getOwnPropertySlotByIndex(JSCell* cell, ExecState* exec, unsigned
         return false;
     }
         
-    case ALL_DOUBLE_INDEXING_TYPES: {
-        Butterfly* butterfly = thisObject->m_butterfly;
-        if (i >= butterfly->vectorLength())
-            return false;
-        
-        double value = butterfly->contiguousDouble()[i];
-        if (value == value) {
-            slot.setValue(JSValue(JSValue::EncodeAsDouble, value));
-            return true;
-        }
-        
-        return false;
-    }
-        
     case ALL_ARRAY_STORAGE_INDEXING_TYPES: {
         ArrayStorage* storage = thisObject->m_butterfly->arrayStorage();
         if (i >= storage->length())
@@ -429,22 +405,6 @@ void JSObject::putByIndex(JSCell* cell, ExecState* exec, unsigned propertyName,
     case ALL_BLANK_INDEXING_TYPES:
         break;
         
-    case ALL_UNDECIDED_INDEXING_TYPES: {
-        thisObject->convertUndecidedForValue(exec->globalData(), value);
-        // Reloop.
-        putByIndex(cell, exec, propertyName, value, shouldThrow);
-        return;
-    }
-        
-    case ALL_INT32_INDEXING_TYPES: {
-        if (!value.isInt32()) {
-            thisObject->convertInt32ForValue(exec->globalData(), value);
-            putByIndex(cell, exec, propertyName, value, shouldThrow);
-            return;
-        }
-        // Fall through.
-    }
-        
     case ALL_CONTIGUOUS_INDEXING_TYPES: {
         Butterfly* butterfly = thisObject->m_butterfly;
         if (propertyName >= butterfly->vectorLength())
@@ -455,29 +415,6 @@ void JSObject::putByIndex(JSCell* cell, ExecState* exec, unsigned propertyName,
         return;
     }
         
-    case ALL_DOUBLE_INDEXING_TYPES: {
-        if (!value.isNumber()) {
-            thisObject->convertDoubleToContiguous(exec->globalData());
-            // Reloop.
-            putByIndex(cell, exec, propertyName, value, shouldThrow);
-            return;
-        }
-        double valueAsDouble = value.asNumber();
-        if (valueAsDouble != valueAsDouble) {
-            thisObject->convertDoubleToContiguous(exec->globalData());
-            // Reloop.
-            putByIndex(cell, exec, propertyName, value, shouldThrow);
-            return;
-        }
-        Butterfly* butterfly = thisObject->m_butterfly;
-        if (propertyName >= butterfly->vectorLength())
-            break;
-        butterfly->contiguousDouble()[propertyName] = valueAsDouble;
-        if (propertyName >= butterfly->publicLength())
-            butterfly->setPublicLength(propertyName + 1);
-        return;
-    }
-        
     case NonArrayWithArrayStorage:
     case ArrayWithArrayStorage: {
         ArrayStorage* storage = thisObject->m_butterfly->arrayStorage();
@@ -570,13 +507,10 @@ ArrayStorage* JSObject::enterDictionaryIndexingModeWhenArrayStorageAlreadyExists
 void JSObject::enterDictionaryIndexingMode(JSGlobalData& globalData)
 {
     switch (structure()->indexingType()) {
-    case ALL_UNDECIDED_INDEXING_TYPES:
-    case ALL_INT32_INDEXING_TYPES:
-    case ALL_DOUBLE_INDEXING_TYPES:
     case ALL_CONTIGUOUS_INDEXING_TYPES:
         // NOTE: this is horribly inefficient, as it will perform two conversions. We could optimize
         // this case if we ever cared.
-        enterDictionaryIndexingModeWhenArrayStorageAlreadyExists(globalData, ensureArrayStorageSlow(globalData));
+        enterDictionaryIndexingModeWhenArrayStorageAlreadyExists(globalData, convertContiguousToArrayStorage(globalData));
         break;
     case ALL_ARRAY_STORAGE_INDEXING_TYPES:
         enterDictionaryIndexingModeWhenArrayStorageAlreadyExists(globalData, m_butterfly->arrayStorage());
@@ -600,7 +534,7 @@ void JSObject::notifyPresenceOfIndexedAccessors(JSGlobalData& globalData)
     globalObject()->haveABadTime(globalData);
 }
 
-Butterfly* JSObject::createInitialIndexedStorage(JSGlobalData& globalData, unsigned length, size_t elementSize)
+WriteBarrier<Unknown>* JSObject::createInitialContiguous(JSGlobalData& globalData, unsigned length)
 {
     ASSERT(length < MAX_ARRAY_INDEX);
     IndexingType oldType = structure()->indexingType();
@@ -610,41 +544,9 @@ Butterfly* JSObject::createInitialIndexedStorage(JSGlobalData& globalData, unsig
     unsigned vectorLength = std::max(length, BASE_VECTOR_LEN);
     Butterfly* newButterfly = m_butterfly->growArrayRight(
         globalData, structure(), structure()->outOfLineCapacity(), false, 0,
-        elementSize * vectorLength);
+        sizeof(EncodedJSValue) * vectorLength);
     newButterfly->setPublicLength(length);
     newButterfly->setVectorLength(vectorLength);
-    return newButterfly;
-}
-
-Butterfly* JSObject::createInitialUndecided(JSGlobalData& globalData, unsigned length)
-{
-    Butterfly* newButterfly = createInitialIndexedStorage(globalData, length, sizeof(EncodedJSValue));
-    Structure* newStructure = Structure::nonPropertyTransition(globalData, structure(), AllocateUndecided);
-    setButterfly(globalData, newButterfly, newStructure);
-    return newButterfly;
-}
-
-WriteBarrier<Unknown>* JSObject::createInitialInt32(JSGlobalData& globalData, unsigned length)
-{
-    Butterfly* newButterfly = createInitialIndexedStorage(globalData, length, sizeof(EncodedJSValue));
-    Structure* newStructure = Structure::nonPropertyTransition(globalData, structure(), AllocateInt32);
-    setButterfly(globalData, newButterfly, newStructure);
-    return newButterfly->contiguousInt32();
-}
-
-double* JSObject::createInitialDouble(JSGlobalData& globalData, unsigned length)
-{
-    Butterfly* newButterfly = createInitialIndexedStorage(globalData, length, sizeof(double));
-    for (unsigned i = newButterfly->vectorLength(); i--;)
-        newButterfly->contiguousDouble()[i] = QNaN;
-    Structure* newStructure = Structure::nonPropertyTransition(globalData, structure(), AllocateDouble);
-    setButterfly(globalData, newButterfly, newStructure);
-    return newButterfly->contiguousDouble();
-}
-
-WriteBarrier<Unknown>* JSObject::createInitialContiguous(JSGlobalData& globalData, unsigned length)
-{
-    Butterfly* newButterfly = createInitialIndexedStorage(globalData, length, sizeof(EncodedJSValue));
     Structure* newStructure = Structure::nonPropertyTransition(globalData, structure(), AllocateContiguous);
     setButterfly(globalData, newButterfly, newStructure);
     return newButterfly->contiguous();
@@ -675,33 +577,10 @@ ArrayStorage* JSObject::createInitialArrayStorage(JSGlobalData& globalData)
     return createArrayStorage(globalData, 0, BASE_VECTOR_LEN);
 }
 
-WriteBarrier<Unknown>* JSObject::convertUndecidedToInt32(JSGlobalData& globalData)
-{
-    ASSERT(hasUndecided(structure()->indexingType()));
-    setStructure(globalData, Structure::nonPropertyTransition(globalData, structure(), AllocateInt32));
-    return m_butterfly->contiguousInt32();
-}
-
-double* JSObject::convertUndecidedToDouble(JSGlobalData& globalData)
+ArrayStorage* JSObject::convertContiguousToArrayStorage(JSGlobalData& globalData, NonPropertyTransition transition, unsigned neededLength)
 {
-    ASSERT(hasUndecided(structure()->indexingType()));
-    
-    for (unsigned i = m_butterfly->vectorLength(); i--;)
-        m_butterfly->contiguousDouble()[i] = QNaN;
+    ASSERT(hasContiguous(structure()->indexingType()));
     
-    setStructure(globalData, Structure::nonPropertyTransition(globalData, structure(), AllocateDouble));
-    return m_butterfly->contiguousDouble();
-}
-
-WriteBarrier<Unknown>* JSObject::convertUndecidedToContiguous(JSGlobalData& globalData)
-{
-    ASSERT(hasUndecided(structure()->indexingType()));
-    setStructure(globalData, Structure::nonPropertyTransition(globalData, structure(), AllocateContiguous));
-    return m_butterfly->contiguous();
-}
-
-ArrayStorage* JSObject::constructConvertedArrayStorageWithoutCopyingElements(JSGlobalData& globalData, unsigned neededLength)
-{
     unsigned publicLength = m_butterfly->publicLength();
     unsigned propertyCapacity = structure()->outOfLineCapacity();
     unsigned propertySize = structure()->outOfLineSize();
@@ -720,141 +599,7 @@ ArrayStorage* JSObject::constructConvertedArrayStorageWithoutCopyingElements(JSG
     newStorage->m_sparseMap.clear();
     newStorage->m_indexBias = 0;
     newStorage->m_numValuesInVector = 0;
-    
-    return newStorage;
-}
-
-ArrayStorage* JSObject::convertUndecidedToArrayStorage(JSGlobalData& globalData, NonPropertyTransition transition, unsigned neededLength)
-{
-    ASSERT(hasUndecided(structure()->indexingType()));
-    
-    ArrayStorage* storage = constructConvertedArrayStorageWithoutCopyingElements(globalData, neededLength);
-    // No need to copy elements.
-    
-    Structure* newStructure = Structure::nonPropertyTransition(globalData, structure(), transition);
-    setButterfly(globalData, storage->butterfly(), newStructure);
-    return storage;
-}
-
-ArrayStorage* JSObject::convertUndecidedToArrayStorage(JSGlobalData& globalData, NonPropertyTransition transition)
-{
-    return convertUndecidedToArrayStorage(globalData, transition, m_butterfly->vectorLength());
-}
-
-ArrayStorage* JSObject::convertUndecidedToArrayStorage(JSGlobalData& globalData)
-{
-    return convertUndecidedToArrayStorage(globalData, structure()->suggestedArrayStorageTransition());
-}
-
-double* JSObject::convertInt32ToDouble(JSGlobalData& globalData)
-{
-    ASSERT(hasInt32(structure()->indexingType()));
-    
-    for (unsigned i = m_butterfly->vectorLength(); i--;) {
-        WriteBarrier<Unknown>* current = &m_butterfly->contiguousInt32()[i];
-        double* currentAsDouble = bitwise_cast<double*>(current);
-        JSValue v = current->get();
-        if (!v) {
-            *currentAsDouble = QNaN;
-            continue;
-        }
-        ASSERT(v.isInt32());
-        *currentAsDouble = v.asInt32();
-    }
-    
-    setStructure(globalData, Structure::nonPropertyTransition(globalData, structure(), AllocateDouble));
-    return m_butterfly->contiguousDouble();
-}
-
-WriteBarrier<Unknown>* JSObject::convertInt32ToContiguous(JSGlobalData& globalData)
-{
-    ASSERT(hasInt32(structure()->indexingType()));
-    
-    setStructure(globalData, Structure::nonPropertyTransition(globalData, structure(), AllocateContiguous));
-    return m_butterfly->contiguous();
-}
-
-ArrayStorage* JSObject::convertInt32ToArrayStorage(JSGlobalData& globalData, NonPropertyTransition transition, unsigned neededLength)
-{
-    ASSERT(hasInt32(structure()->indexingType()));
-    
-    ArrayStorage* newStorage = constructConvertedArrayStorageWithoutCopyingElements(globalData, neededLength);
-    for (unsigned i = m_butterfly->publicLength(); i--;) {
-        JSValue v = m_butterfly->contiguous()[i].get();
-        if (!v)
-            continue;
-        newStorage->m_vector[i].setWithoutWriteBarrier(v);
-        newStorage->m_numValuesInVector++;
-    }
-    
-    Structure* newStructure = Structure::nonPropertyTransition(globalData, structure(), transition);
-    setButterfly(globalData, newStorage->butterfly(), newStructure);
-    return newStorage;
-}
-
-ArrayStorage* JSObject::convertInt32ToArrayStorage(JSGlobalData& globalData, NonPropertyTransition transition)
-{
-    return convertInt32ToArrayStorage(globalData, transition, m_butterfly->vectorLength());
-}
-
-ArrayStorage* JSObject::convertInt32ToArrayStorage(JSGlobalData& globalData)
-{
-    return convertInt32ToArrayStorage(globalData, structure()->suggestedArrayStorageTransition());
-}
-
-WriteBarrier<Unknown>* JSObject::convertDoubleToContiguous(JSGlobalData& globalData)
-{
-    ASSERT(hasDouble(structure()->indexingType()));
-    
-    for (unsigned i = m_butterfly->vectorLength(); i--;) {
-        double* current = &m_butterfly->contiguousDouble()[i];
-        WriteBarrier<Unknown>* currentAsValue = bitwise_cast<WriteBarrier<Unknown>*>(current);
-        double value = *current;
-        if (value != value) {
-            currentAsValue->clear();
-            continue;
-        }
-        currentAsValue->setWithoutWriteBarrier(JSValue(JSValue::EncodeAsDouble, value));
-    }
-    
-    setStructure(globalData, Structure::nonPropertyTransition(globalData, structure(), AllocateContiguous));
-    return m_butterfly->contiguous();
-}
-
-ArrayStorage* JSObject::convertDoubleToArrayStorage(JSGlobalData& globalData, NonPropertyTransition transition, unsigned neededLength)
-{
-    ASSERT(hasDouble(structure()->indexingType()));
-    
-    ArrayStorage* newStorage = constructConvertedArrayStorageWithoutCopyingElements(globalData, neededLength);
-    for (unsigned i = m_butterfly->publicLength(); i--;) {
-        double value = m_butterfly->contiguousDouble()[i];
-        if (value != value)
-            continue;
-        newStorage->m_vector[i].setWithoutWriteBarrier(JSValue(JSValue::EncodeAsDouble, value));
-        newStorage->m_numValuesInVector++;
-    }
-    
-    Structure* newStructure = Structure::nonPropertyTransition(globalData, structure(), transition);
-    setButterfly(globalData, newStorage->butterfly(), newStructure);
-    return newStorage;
-}
-
-ArrayStorage* JSObject::convertDoubleToArrayStorage(JSGlobalData& globalData, NonPropertyTransition transition)
-{
-    return convertDoubleToArrayStorage(globalData, transition, m_butterfly->vectorLength());
-}
-
-ArrayStorage* JSObject::convertDoubleToArrayStorage(JSGlobalData& globalData)
-{
-    return convertDoubleToArrayStorage(globalData, structure()->suggestedArrayStorageTransition());
-}
-
-ArrayStorage* JSObject::convertContiguousToArrayStorage(JSGlobalData& globalData, NonPropertyTransition transition, unsigned neededLength)
-{
-    ASSERT(hasContiguous(structure()->indexingType()));
-    
-    ArrayStorage* newStorage = constructConvertedArrayStorageWithoutCopyingElements(globalData, neededLength);
-    for (unsigned i = m_butterfly->publicLength(); i--;) {
+    for (unsigned i = publicLength; i--;) {
         JSValue v = m_butterfly->contiguous()[i].get();
         if (!v)
             continue;
@@ -863,7 +608,7 @@ ArrayStorage* JSObject::convertContiguousToArrayStorage(JSGlobalData& globalData
     }
     
     Structure* newStructure = Structure::nonPropertyTransition(globalData, structure(), transition);
-    setButterfly(globalData, newStorage->butterfly(), newStructure);
+    setButterfly(globalData, newButterfly, newStructure);
     return newStorage;
 }
 
@@ -877,154 +622,48 @@ ArrayStorage* JSObject::convertContiguousToArrayStorage(JSGlobalData& globalData
     return convertContiguousToArrayStorage(globalData, structure()->suggestedArrayStorageTransition());
 }
 
-void JSObject::convertUndecidedForValue(JSGlobalData& globalData, JSValue value)
-{
-    if (value.isInt32()) {
-        convertUndecidedToInt32(globalData);
-        return;
-    }
-    
-    if (value.isDouble()) {
-        convertUndecidedToDouble(globalData);
-        return;
-    }
-    
-    convertUndecidedToContiguous(globalData);
-}
-
-void JSObject::convertInt32ForValue(JSGlobalData& globalData, JSValue value)
-{
-    ASSERT(!value.isInt32());
-    
-    if (value.isDouble()) {
-        convertInt32ToDouble(globalData);
-        return;
-    }
-    
-    convertInt32ToContiguous(globalData);
-}
-
-void JSObject::setIndexQuicklyToUndecided(JSGlobalData& globalData, unsigned index, JSValue value)
-{
-    ASSERT(index < m_butterfly->publicLength());
-    ASSERT(index < m_butterfly->vectorLength());
-    convertUndecidedForValue(globalData, value);
-    setIndexQuickly(globalData, index, value);
-}
-
-void JSObject::convertInt32ToDoubleOrContiguousWhilePerformingSetIndex(JSGlobalData& globalData, unsigned index, JSValue value)
-{
-    ASSERT(!value.isInt32());
-    convertInt32ForValue(globalData, value);
-    setIndexQuickly(globalData, index, value);
-}
-
-void JSObject::convertDoubleToContiguousWhilePerformingSetIndex(JSGlobalData& globalData, unsigned index, JSValue value)
-{
-    ASSERT(!value.isNumber() || value.asNumber() != value.asNumber());
-    convertDoubleToContiguous(globalData);
-    setIndexQuickly(globalData, index, value);
-}
-
-WriteBarrier<Unknown>* JSObject::ensureInt32Slow(JSGlobalData& globalData)
+WriteBarrier<Unknown>* JSObject::ensureContiguousSlow(JSGlobalData& globalData)
 {
     switch (structure()->indexingType()) {
     case ALL_BLANK_INDEXING_TYPES:
         if (UNLIKELY(indexingShouldBeSparse() || structure()->needsSlowPutIndexing()))
             return 0;
-        return createInitialInt32(globalData, 0);
-        
-    case ALL_UNDECIDED_INDEXING_TYPES:
-        return convertUndecidedToInt32(globalData);
-        
-    case ALL_DOUBLE_INDEXING_TYPES:
-    case ALL_CONTIGUOUS_INDEXING_TYPES:
-    case ALL_ARRAY_STORAGE_INDEXING_TYPES:
-        return 0;
+        return createInitialContiguous(globalData, 0);
         
     default:
-        CRASH();
+        ASSERT_NOT_REACHED();
         return 0;
     }
 }
 
-double* JSObject::ensureDoubleSlow(JSGlobalData& globalData)
+ArrayStorage* JSObject::ensureArrayStorageSlow(JSGlobalData& globalData)
 {
     switch (structure()->indexingType()) {
-    case ALL_BLANK_INDEXING_TYPES:
-        if (UNLIKELY(indexingShouldBeSparse() || structure()->needsSlowPutIndexing()))
-            return 0;
-        return createInitialDouble(globalData, 0);
-        
-    case ALL_UNDECIDED_INDEXING_TYPES:
-        return convertUndecidedToDouble(globalData);
-        
-    case ALL_INT32_INDEXING_TYPES:
-        return convertInt32ToDouble(globalData);
-        
     case ALL_CONTIGUOUS_INDEXING_TYPES:
-    case ALL_ARRAY_STORAGE_INDEXING_TYPES:
-        return 0;
+        ASSERT(!indexingShouldBeSparse());
+        ASSERT(!structure()->needsSlowPutIndexing());
+        return convertContiguousToArrayStorage(globalData);
         
-    default:
-        CRASH();
-        return 0;
-    }
-}
-
-WriteBarrier<Unknown>* JSObject::ensureContiguousSlow(JSGlobalData& globalData)
-{
-    switch (structure()->indexingType()) {
     case ALL_BLANK_INDEXING_TYPES:
-        if (UNLIKELY(indexingShouldBeSparse() || structure()->needsSlowPutIndexing()))
-            return 0;
-        return createInitialContiguous(globalData, 0);
-        
-    case ALL_UNDECIDED_INDEXING_TYPES:
-        return convertUndecidedToContiguous(globalData);
-        
-    case ALL_INT32_INDEXING_TYPES:
-        return convertInt32ToContiguous(globalData);
-        
-    case ALL_DOUBLE_INDEXING_TYPES:
-        return convertDoubleToContiguous(globalData);
-        
-    case ALL_ARRAY_STORAGE_INDEXING_TYPES:
-        return 0;
+        if (UNLIKELY(indexingShouldBeSparse()))
+            return ensureArrayStorageExistsAndEnterDictionaryIndexingMode(globalData);
+        return createInitialArrayStorage(globalData);
         
     default:
-        CRASH();
+        ASSERT_NOT_REACHED();
         return 0;
     }
 }
 
-ArrayStorage* JSObject::ensureArrayStorageSlow(JSGlobalData& globalData)
+Butterfly* JSObject::ensureIndexedStorageSlow(JSGlobalData& globalData)
 {
     switch (structure()->indexingType()) {
     case ALL_BLANK_INDEXING_TYPES:
+        if (UNLIKELY(structure()->needsSlowPutIndexing()))
+            return createInitialArrayStorage(globalData)->butterfly();
         if (UNLIKELY(indexingShouldBeSparse()))
-            return ensureArrayStorageExistsAndEnterDictionaryIndexingMode(globalData);
-        return createInitialArrayStorage(globalData);
-        
-    case ALL_UNDECIDED_INDEXING_TYPES:
-        ASSERT(!indexingShouldBeSparse());
-        ASSERT(!structure()->needsSlowPutIndexing());
-        return convertUndecidedToArrayStorage(globalData);
-        
-    case ALL_INT32_INDEXING_TYPES:
-        ASSERT(!indexingShouldBeSparse());
-        ASSERT(!structure()->needsSlowPutIndexing());
-        return convertInt32ToArrayStorage(globalData);
-        
-    case ALL_DOUBLE_INDEXING_TYPES:
-        ASSERT(!indexingShouldBeSparse());
-        ASSERT(!structure()->needsSlowPutIndexing());
-        return convertDoubleToArrayStorage(globalData);
-        
-    case ALL_CONTIGUOUS_INDEXING_TYPES:
-        ASSERT(!indexingShouldBeSparse());
-        ASSERT(!structure()->needsSlowPutIndexing());
-        return convertContiguousToArrayStorage(globalData);
+            return ensureArrayStorageExistsAndEnterDictionaryIndexingMode(globalData)->butterfly();
+        return Butterfly::fromContiguous(createInitialContiguous(globalData, 0));
         
     default:
         ASSERT_NOT_REACHED();
@@ -1035,6 +674,13 @@ ArrayStorage* JSObject::ensureArrayStorageSlow(JSGlobalData& globalData)
 ArrayStorage* JSObject::ensureArrayStorageExistsAndEnterDictionaryIndexingMode(JSGlobalData& globalData)
 {
     switch (structure()->indexingType()) {
+    case ALL_CONTIGUOUS_INDEXING_TYPES:
+        // FIXME: This could be made way more efficient, if we cared.
+        return enterDictionaryIndexingModeWhenArrayStorageAlreadyExists(globalData, convertContiguousToArrayStorage(globalData));
+        
+    case ALL_ARRAY_STORAGE_INDEXING_TYPES:
+        return enterDictionaryIndexingModeWhenArrayStorageAlreadyExists(globalData, m_butterfly->arrayStorage());
+        
     case ALL_BLANK_INDEXING_TYPES: {
         createArrayStorage(globalData, 0, 0);
         SparseArrayValueMap* map = allocateSparseIndexMap(globalData);
@@ -1042,23 +688,8 @@ ArrayStorage* JSObject::ensureArrayStorageExistsAndEnterDictionaryIndexingMode(J
         return arrayStorage();
     }
         
-    case ALL_UNDECIDED_INDEXING_TYPES:
-        return enterDictionaryIndexingModeWhenArrayStorageAlreadyExists(globalData, convertUndecidedToArrayStorage(globalData));
-        
-    case ALL_INT32_INDEXING_TYPES:
-        return enterDictionaryIndexingModeWhenArrayStorageAlreadyExists(globalData, convertInt32ToArrayStorage(globalData));
-        
-    case ALL_DOUBLE_INDEXING_TYPES:
-        return enterDictionaryIndexingModeWhenArrayStorageAlreadyExists(globalData, convertDoubleToArrayStorage(globalData));
-        
-    case ALL_CONTIGUOUS_INDEXING_TYPES:
-        return enterDictionaryIndexingModeWhenArrayStorageAlreadyExists(globalData, convertContiguousToArrayStorage(globalData));
-        
-    case ALL_ARRAY_STORAGE_INDEXING_TYPES:
-        return enterDictionaryIndexingModeWhenArrayStorageAlreadyExists(globalData, m_butterfly->arrayStorage());
-        
     default:
-        CRASH();
+        ASSERT_NOT_REACHED();
         return 0;
     }
 }
@@ -1066,21 +697,10 @@ ArrayStorage* JSObject::ensureArrayStorageExistsAndEnterDictionaryIndexingMode(J
 void JSObject::switchToSlowPutArrayStorage(JSGlobalData& globalData)
 {
     switch (structure()->indexingType()) {
-    case ALL_UNDECIDED_INDEXING_TYPES:
-        convertUndecidedToArrayStorage(globalData, AllocateSlowPutArrayStorage);
-        break;
-        
-    case ALL_INT32_INDEXING_TYPES:
-        convertInt32ToArrayStorage(globalData, AllocateSlowPutArrayStorage);
-        break;
-        
-    case ALL_DOUBLE_INDEXING_TYPES:
-        convertDoubleToArrayStorage(globalData, AllocateSlowPutArrayStorage);
-        break;
-        
-    case ALL_CONTIGUOUS_INDEXING_TYPES:
+    case ALL_CONTIGUOUS_INDEXING_TYPES: {
         convertContiguousToArrayStorage(globalData, AllocateSlowPutArrayStorage);
         break;
+    }
         
     case NonArrayWithArrayStorage:
     case ArrayWithArrayStorage: {
@@ -1090,7 +710,7 @@ void JSObject::switchToSlowPutArrayStorage(JSGlobalData& globalData)
     }
         
     default:
-        CRASH();
+        ASSERT_NOT_REACHED();
         break;
     }
 }
@@ -1257,10 +877,8 @@ bool JSObject::deletePropertyByIndex(JSCell* cell, ExecState* exec, unsigned i)
     
     switch (thisObject->structure()->indexingType()) {
     case ALL_BLANK_INDEXING_TYPES:
-    case ALL_UNDECIDED_INDEXING_TYPES:
         return true;
         
-    case ALL_INT32_INDEXING_TYPES:
     case ALL_CONTIGUOUS_INDEXING_TYPES: {
         Butterfly* butterfly = thisObject->m_butterfly;
         if (i >= butterfly->vectorLength())
@@ -1269,14 +887,6 @@ bool JSObject::deletePropertyByIndex(JSCell* cell, ExecState* exec, unsigned i)
         return true;
     }
         
-    case ALL_DOUBLE_INDEXING_TYPES: {
-        Butterfly* butterfly = thisObject->m_butterfly;
-        if (i >= butterfly->vectorLength())
-            return true;
-        butterfly->contiguousDouble()[i] = QNaN;
-        return true;
-    }
-        
     case ALL_ARRAY_STORAGE_INDEXING_TYPES: {
         ArrayStorage* storage = thisObject->m_butterfly->arrayStorage();
         
@@ -1448,10 +1058,8 @@ void JSObject::getOwnPropertyNames(JSObject* object, ExecState* exec, PropertyNa
     // which almost certainly means a different structure for PropertyNameArray.
     switch (object->structure()->indexingType()) {
     case ALL_BLANK_INDEXING_TYPES:
-    case ALL_UNDECIDED_INDEXING_TYPES:
         break;
         
-    case ALL_INT32_INDEXING_TYPES:
     case ALL_CONTIGUOUS_INDEXING_TYPES: {
         Butterfly* butterfly = object->m_butterfly;
         unsigned usedLength = butterfly->publicLength();
@@ -1463,18 +1071,6 @@ void JSObject::getOwnPropertyNames(JSObject* object, ExecState* exec, PropertyNa
         break;
     }
         
-    case ALL_DOUBLE_INDEXING_TYPES: {
-        Butterfly* butterfly = object->m_butterfly;
-        unsigned usedLength = butterfly->publicLength();
-        for (unsigned i = 0; i < usedLength; ++i) {
-            double value = butterfly->contiguousDouble()[i];
-            if (value != value)
-                continue;
-            propertyNames.add(Identifier::from(exec, i));
-        }
-        break;
-    }
-        
     case ALL_ARRAY_STORAGE_INDEXING_TYPES: {
         ArrayStorage* storage = object->m_butterfly->arrayStorage();
         
@@ -1864,10 +1460,9 @@ bool JSObject::attemptToInterceptPutByIndexOnHole(ExecState* exec, unsigned i, J
     return asObject(prototypeValue)->attemptToInterceptPutByIndexOnHoleForPrototype(exec, this, i, value, shouldThrow);
 }
 
-template<IndexingType indexingShape>
-void JSObject::putByIndexBeyondVectorLengthWithoutAttributes(ExecState* exec, unsigned i, JSValue value)
+void JSObject::putByIndexBeyondVectorLengthContiguousWithoutAttributes(ExecState* exec, unsigned i, JSValue value)
 {
-    ASSERT((structure()->indexingType() & IndexingShapeMask) == indexingShape);
+    ASSERT(hasContiguous(structure()->indexingType()));
     ASSERT(!indexingShouldBeSparse());
     
     // For us to get here, the index is either greater than the public length, or greater than
@@ -1878,9 +1473,9 @@ void JSObject::putByIndexBeyondVectorLengthWithoutAttributes(ExecState* exec, un
     
     if (i >= MAX_ARRAY_INDEX - 1
         || (i >= MIN_SPARSE_ARRAY_INDEX
-            && !isDenseEnoughForVector(i, countElements<indexingShape>(m_butterfly)))) {
+            && !isDenseEnoughForVector(i, countElementsInContiguous(m_butterfly)))) {
         ASSERT(i <= MAX_ARRAY_INDEX);
-        ensureArrayStorageSlow(globalData);
+        convertContiguousToArrayStorage(globalData, AllocateArrayStorage);
         SparseArrayValueMap* map = allocateSparseIndexMap(globalData);
         map->putEntry(exec, this, i, value, false);
         ASSERT(i >= arrayStorage()->length());
@@ -1888,30 +1483,10 @@ void JSObject::putByIndexBeyondVectorLengthWithoutAttributes(ExecState* exec, un
         return;
     }
 
-    ensureLength(globalData, i + 1);
+    ensureContiguousLength(globalData, i + 1);
 
     ASSERT(i < m_butterfly->vectorLength());
-    switch (indexingShape) {
-    case Int32Shape:
-        ASSERT(value.isInt32());
-        m_butterfly->contiguousInt32()[i].setWithoutWriteBarrier(value);
-        break;
-        
-    case DoubleShape: {
-        ASSERT(value.isNumber());
-        double valueAsDouble = value.asNumber();
-        ASSERT(valueAsDouble == valueAsDouble);
-        m_butterfly->contiguousDouble()[i] = valueAsDouble;
-        break;
-    }
-        
-    case ContiguousShape:
-        m_butterfly->contiguous()[i].set(globalData, this, value);
-        break;
-        
-    default:
-        CRASH();
-    }
+    m_butterfly->contiguous()[i].set(globalData, this, value);
 }
 
 void JSObject::putByIndexBeyondVectorLengthWithArrayStorage(ExecState* exec, unsigned i, JSValue value, bool shouldThrow, ArrayStorage* storage)
@@ -2017,23 +1592,8 @@ void JSObject::putByIndexBeyondVectorLength(ExecState* exec, unsigned i, JSValue
         break;
     }
         
-    case ALL_UNDECIDED_INDEXING_TYPES: {
-        CRASH();
-        break;
-    }
-        
-    case ALL_INT32_INDEXING_TYPES: {
-        putByIndexBeyondVectorLengthWithoutAttributes<Int32Shape>(exec, i, value);
-        break;
-    }
-        
-    case ALL_DOUBLE_INDEXING_TYPES: {
-        putByIndexBeyondVectorLengthWithoutAttributes<DoubleShape>(exec, i, value);
-        break;
-    }
-        
     case ALL_CONTIGUOUS_INDEXING_TYPES: {
-        putByIndexBeyondVectorLengthWithoutAttributes<ContiguousShape>(exec, i, value);
+        putByIndexBeyondVectorLengthContiguousWithoutAttributes(exec, i, value);
         break;
     }
         
@@ -2164,49 +1724,12 @@ bool JSObject::putDirectIndexBeyondVectorLength(ExecState* exec, unsigned i, JSV
         return true;
     }
         
-    case ALL_UNDECIDED_INDEXING_TYPES: {
-        convertUndecidedForValue(exec->globalData(), value);
-        // Reloop.
-        return putDirectIndex(exec, i, value, attributes, mode);
-    }
-        
-    case ALL_INT32_INDEXING_TYPES: {
-        if (attributes & (ReadOnly | Accessor)) {
-            return putDirectIndexBeyondVectorLengthWithArrayStorage(
-                exec, i, value, attributes, mode, convertInt32ToArrayStorage(globalData));
-        }
-        if (!value.isInt32()) {
-            convertInt32ForValue(globalData, value);
-            return putDirectIndexBeyondVectorLength(exec, i, value, attributes, mode);
-        }
-        putByIndexBeyondVectorLengthWithoutAttributes<Int32Shape>(exec, i, value);
-        return true;
-    }
-        
-    case ALL_DOUBLE_INDEXING_TYPES: {
-        if (attributes & (ReadOnly | Accessor)) {
-            return putDirectIndexBeyondVectorLengthWithArrayStorage(
-                exec, i, value, attributes, mode, convertDoubleToArrayStorage(globalData));
-        }
-        if (!value.isNumber()) {
-            convertDoubleToContiguous(globalData);
-            return putDirectIndexBeyondVectorLength(exec, i, value, attributes, mode);
-        }
-        double valueAsDouble = value.asNumber();
-        if (valueAsDouble != valueAsDouble) {
-            convertDoubleToContiguous(globalData);
-            return putDirectIndexBeyondVectorLength(exec, i, value, attributes, mode);
-        }
-        putByIndexBeyondVectorLengthWithoutAttributes<DoubleShape>(exec, i, value);
-        return true;
-    }
-        
     case ALL_CONTIGUOUS_INDEXING_TYPES: {
         if (attributes & (ReadOnly | Accessor)) {
             return putDirectIndexBeyondVectorLengthWithArrayStorage(
                 exec, i, value, attributes, mode, convertContiguousToArrayStorage(globalData));
         }
-        putByIndexBeyondVectorLengthWithoutAttributes<ContiguousShape>(exec, i, value);
+        putByIndexBeyondVectorLengthContiguousWithoutAttributes(exec, i, value);
         return true;
     }
 
@@ -2246,65 +1769,33 @@ ALWAYS_INLINE unsigned JSObject::getNewVectorLength(unsigned desiredLength)
     unsigned vectorLength;
     unsigned length;
     
-    if (hasIndexedProperties(structure()->indexingType())) {
-        vectorLength = m_butterfly->vectorLength();
-        length = m_butterfly->publicLength();
-    } else {
+    switch (structure()->indexingType()) {
+    case ALL_BLANK_INDEXING_TYPES:
         vectorLength = 0;
         length = 0;
+        break;
+    case ALL_CONTIGUOUS_INDEXING_TYPES:
+    case ALL_ARRAY_STORAGE_INDEXING_TYPES:
+        vectorLength = m_butterfly->vectorLength();
+        length = m_butterfly->publicLength();
+        break;
+    default:
+        CRASH();
+        return 0;
     }
-
     return getNewVectorLength(vectorLength, length, desiredLength);
 }
 
-template<IndexingType indexingShape>
-unsigned JSObject::countElements(Butterfly* butterfly)
+unsigned JSObject::countElementsInContiguous(Butterfly* butterfly)
 {
     unsigned numValues = 0;
     for (unsigned i = butterfly->publicLength(); i--;) {
-        switch (indexingShape) {
-        case Int32Shape:
-        case ContiguousShape:
-            if (butterfly->contiguous()[i])
-                numValues++;
-            break;
-            
-        case DoubleShape: {
-            double value = butterfly->contiguousDouble()[i];
-            if (value == value)
-                numValues++;
-            break;
-        }
-            
-        default:
-            CRASH();
-        }
+        if (butterfly->contiguous()[i])
+            numValues++;
     }
     return numValues;
 }
 
-unsigned JSObject::countElements()
-{
-    switch (structure()->indexingType()) {
-    case ALL_BLANK_INDEXING_TYPES:
-    case ALL_UNDECIDED_INDEXING_TYPES:
-        return 0;
-        
-    case ALL_INT32_INDEXING_TYPES:
-        return countElements<Int32Shape>(m_butterfly);
-        
-    case ALL_DOUBLE_INDEXING_TYPES:
-        return countElements<DoubleShape>(m_butterfly);
-        
-    case ALL_CONTIGUOUS_INDEXING_TYPES:
-        return countElements<ContiguousShape>(m_butterfly);
-        
-    default:
-        CRASH();
-        return 0;
-    }
-}
-
 bool JSObject::increaseVectorLength(JSGlobalData& globalData, unsigned newLength)
 {
     // This function leaves the array in an internally inconsistent state, because it does not move any values from sparse value map
@@ -2348,24 +1839,19 @@ bool JSObject::increaseVectorLength(JSGlobalData& globalData, unsigned newLength
     return true;
 }
 
-void JSObject::ensureLengthSlow(JSGlobalData& globalData, unsigned length)
+void JSObject::ensureContiguousLengthSlow(JSGlobalData& globalData, unsigned length)
 {
     ASSERT(length < MAX_ARRAY_INDEX);
-    ASSERT(hasContiguous(structure()->indexingType()) || hasInt32(structure()->indexingType()) || hasDouble(structure()->indexingType()) || hasUndecided(structure()->indexingType()));
+    ASSERT(hasContiguous(structure()->indexingType()));
     ASSERT(length > m_butterfly->vectorLength());
     
     unsigned newVectorLength = std::min(
         length << 1,
         MAX_STORAGE_VECTOR_LENGTH);
-    unsigned oldVectorLength = m_butterfly->vectorLength();
     m_butterfly = m_butterfly->growArrayRight(
         globalData, structure(), structure()->outOfLineCapacity(), true,
-        oldVectorLength * sizeof(EncodedJSValue),
+        m_butterfly->vectorLength() * sizeof(EncodedJSValue),
         newVectorLength * sizeof(EncodedJSValue));
-    if (hasDouble(structure()->indexingType())) {
-        for (unsigned i = oldVectorLength; i < newVectorLength; ++i)
-            m_butterfly->contiguousDouble()[i] = QNaN;
-    }
     m_butterfly->setVectorLength(newVectorLength);
 }
 
@@ -2395,10 +1881,8 @@ bool JSObject::getOwnPropertyDescriptor(JSObject* object, ExecState* exec, Prope
     
     switch (object->structure()->indexingType()) {
     case ALL_BLANK_INDEXING_TYPES:
-    case ALL_UNDECIDED_INDEXING_TYPES:
         return false;
         
-    case ALL_INT32_INDEXING_TYPES:
     case ALL_CONTIGUOUS_INDEXING_TYPES: {
         Butterfly* butterfly = object->m_butterfly;
         if (i >= butterfly->vectorLength())
@@ -2410,17 +1894,6 @@ bool JSObject::getOwnPropertyDescriptor(JSObject* object, ExecState* exec, Prope
         return true;
     }
         
-    case ALL_DOUBLE_INDEXING_TYPES: {
-        Butterfly* butterfly = object->m_butterfly;
-        if (i >= butterfly->vectorLength())
-            return false;
-        double value = butterfly->contiguousDouble()[i];
-        if (value != value)
-            return false;
-        descriptor.setDescriptor(JSValue(JSValue::EncodeAsDouble, value), 0);
-        return true;
-    }
-        
     case ALL_ARRAY_STORAGE_INDEXING_TYPES: {
         ArrayStorage* storage = object->m_butterfly->arrayStorage();
         if (i >= storage->length())
diff --git a/Source/JavaScriptCore/runtime/JSObject.h b/Source/JavaScriptCore/runtime/JSObject.h
index f9ae73ed4..82455390f 100644
--- a/Source/JavaScriptCore/runtime/JSObject.h
+++ b/Source/JavaScriptCore/runtime/JSObject.h
@@ -151,16 +151,30 @@ public:
 
     unsigned getArrayLength() const
     {
-        if (!hasIndexedProperties(structure()->indexingType()))
+        switch (structure()->indexingType()) {
+        case ALL_BLANK_INDEXING_TYPES:
             return 0;
-        return m_butterfly->publicLength();
+        case ALL_CONTIGUOUS_INDEXING_TYPES:
+        case ALL_ARRAY_STORAGE_INDEXING_TYPES:
+            return m_butterfly->publicLength();
+        default:
+            ASSERT_NOT_REACHED();
+            return 0;
+        }
     }
         
     unsigned getVectorLength()
     {
-        if (!hasIndexedProperties(structure()->indexingType()))
+        switch (structure()->indexingType()) {
+        case ALL_BLANK_INDEXING_TYPES:
             return 0;
-        return m_butterfly->vectorLength();
+        case ALL_CONTIGUOUS_INDEXING_TYPES:
+        case ALL_ARRAY_STORAGE_INDEXING_TYPES:
+            return m_butterfly->vectorLength();
+        default:
+            ASSERT_NOT_REACHED();
+            return 0;
+        }
     }
         
     JS_EXPORT_PRIVATE static void put(JSCell*, ExecState*, PropertyName, JSValue, PutPropertySlot&);
@@ -200,19 +214,9 @@ public:
     {
         switch (structure()->indexingType()) {
         case ALL_BLANK_INDEXING_TYPES:
-        case ALL_UNDECIDED_INDEXING_TYPES:
             return false;
-        case ALL_INT32_INDEXING_TYPES:
         case ALL_CONTIGUOUS_INDEXING_TYPES:
             return i < m_butterfly->vectorLength() && m_butterfly->contiguous()[i];
-        case ALL_DOUBLE_INDEXING_TYPES: {
-            if (i >= m_butterfly->vectorLength())
-                return false;
-            double value = m_butterfly->contiguousDouble()[i];
-            if (value != value)
-                return false;
-            return true;
-        }
         case ALL_ARRAY_STORAGE_INDEXING_TYPES:
             return i < m_butterfly->arrayStorage()->vectorLength() && m_butterfly->arrayStorage()->m_vector[i];
         default:
@@ -224,11 +228,8 @@ public:
     JSValue getIndexQuickly(unsigned i)
     {
         switch (structure()->indexingType()) {
-        case ALL_INT32_INDEXING_TYPES:
         case ALL_CONTIGUOUS_INDEXING_TYPES:
             return m_butterfly->contiguous()[i].get();
-        case ALL_DOUBLE_INDEXING_TYPES:
-            return JSValue(JSValue::EncodeAsDouble, m_butterfly->contiguousDouble()[i]);
         case ALL_ARRAY_STORAGE_INDEXING_TYPES:
             return m_butterfly->arrayStorage()->m_vector[i].get();
         default:
@@ -242,19 +243,10 @@ public:
         switch (structure()->indexingType()) {
         case ALL_BLANK_INDEXING_TYPES:
             break;
-        case ALL_INT32_INDEXING_TYPES:
         case ALL_CONTIGUOUS_INDEXING_TYPES:
             if (i < m_butterfly->publicLength())
                 return m_butterfly->contiguous()[i].get();
             break;
-        case ALL_DOUBLE_INDEXING_TYPES: {
-            if (i >= m_butterfly->publicLength())
-                break;
-            double result = m_butterfly->contiguousDouble()[i];
-            if (result != result)
-                break;
-            return JSValue(JSValue::EncodeAsDouble, result);
-        }
         case ALL_ARRAY_STORAGE_INDEXING_TYPES:
             if (i < m_butterfly->arrayStorage()->vectorLength())
                 return m_butterfly->arrayStorage()->m_vector[i].get();
@@ -287,10 +279,7 @@ public:
     {
         switch (structure()->indexingType()) {
         case ALL_BLANK_INDEXING_TYPES:
-        case ALL_UNDECIDED_INDEXING_TYPES:
             return false;
-        case ALL_INT32_INDEXING_TYPES:
-        case ALL_DOUBLE_INDEXING_TYPES:
         case ALL_CONTIGUOUS_INDEXING_TYPES:
         case NonArrayWithArrayStorage:
         case ArrayWithArrayStorage:
@@ -309,10 +298,7 @@ public:
     {
         switch (structure()->indexingType()) {
         case ALL_BLANK_INDEXING_TYPES:
-        case ALL_UNDECIDED_INDEXING_TYPES:
             return false;
-        case ALL_INT32_INDEXING_TYPES:
-        case ALL_DOUBLE_INDEXING_TYPES:
         case ALL_CONTIGUOUS_INDEXING_TYPES:
         case ALL_ARRAY_STORAGE_INDEXING_TYPES:
             return i < m_butterfly->vectorLength();
@@ -325,14 +311,6 @@ public:
     void setIndexQuickly(JSGlobalData& globalData, unsigned i, JSValue v)
     {
         switch (structure()->indexingType()) {
-        case ALL_INT32_INDEXING_TYPES: {
-            ASSERT(i < m_butterfly->vectorLength());
-            if (!v.isInt32()) {
-                convertInt32ToDoubleOrContiguousWhilePerformingSetIndex(globalData, i, v);
-                return;
-            }
-            // Fall through to contiguous case.
-        }
         case ALL_CONTIGUOUS_INDEXING_TYPES: {
             ASSERT(i < m_butterfly->vectorLength());
             m_butterfly->contiguous()[i].set(globalData, this, v);
@@ -340,22 +318,6 @@ public:
                 m_butterfly->setPublicLength(i + 1);
             break;
         }
-        case ALL_DOUBLE_INDEXING_TYPES: {
-            ASSERT(i < m_butterfly->vectorLength());
-            if (!v.isNumber()) {
-                convertDoubleToContiguousWhilePerformingSetIndex(globalData, i, v);
-                return;
-            }
-            double value = v.asNumber();
-            if (value != value) {
-                convertDoubleToContiguousWhilePerformingSetIndex(globalData, i, v);
-                return;
-            }
-            m_butterfly->contiguousDouble()[i] = value;
-            if (i >= m_butterfly->publicLength())
-                m_butterfly->setPublicLength(i + 1);
-            break;
-        }
         case ALL_ARRAY_STORAGE_INDEXING_TYPES: {
             ArrayStorage* storage = m_butterfly->arrayStorage();
             WriteBarrier<Unknown>& x = storage->m_vector[i];
@@ -376,40 +338,12 @@ public:
     void initializeIndex(JSGlobalData& globalData, unsigned i, JSValue v)
     {
         switch (structure()->indexingType()) {
-        case ALL_UNDECIDED_INDEXING_TYPES: {
-            setIndexQuicklyToUndecided(globalData, i, v);
-            break;
-        }
-        case ALL_INT32_INDEXING_TYPES: {
-            ASSERT(i < m_butterfly->publicLength());
-            ASSERT(i < m_butterfly->vectorLength());
-            if (!v.isInt32()) {
-                convertInt32ToDoubleOrContiguousWhilePerformingSetIndex(globalData, i, v);
-                break;
-            }
-            // Fall through.
-        }
         case ALL_CONTIGUOUS_INDEXING_TYPES: {
             ASSERT(i < m_butterfly->publicLength());
             ASSERT(i < m_butterfly->vectorLength());
             m_butterfly->contiguous()[i].set(globalData, this, v);
             break;
         }
-        case ALL_DOUBLE_INDEXING_TYPES: {
-            ASSERT(i < m_butterfly->publicLength());
-            ASSERT(i < m_butterfly->vectorLength());
-            if (!v.isNumber()) {
-                convertDoubleToContiguousWhilePerformingSetIndex(globalData, i, v);
-                return;
-            }
-            double value = v.asNumber();
-            if (value != value) {
-                convertDoubleToContiguousWhilePerformingSetIndex(globalData, i, v);
-                return;
-            }
-            m_butterfly->contiguousDouble()[i] = value;
-            break;
-        }
         case ALL_ARRAY_STORAGE_INDEXING_TYPES: {
             ArrayStorage* storage = m_butterfly->arrayStorage();
             ASSERT(i < storage->length());
@@ -426,9 +360,6 @@ public:
     {
         switch (structure()->indexingType()) {
         case ALL_BLANK_INDEXING_TYPES:
-        case ALL_UNDECIDED_INDEXING_TYPES:
-        case ALL_INT32_INDEXING_TYPES:
-        case ALL_DOUBLE_INDEXING_TYPES:
         case ALL_CONTIGUOUS_INDEXING_TYPES:
             return false;
         case ALL_ARRAY_STORAGE_INDEXING_TYPES:
@@ -443,9 +374,6 @@ public:
     {
         switch (structure()->indexingType()) {
         case ALL_BLANK_INDEXING_TYPES:
-        case ALL_UNDECIDED_INDEXING_TYPES:
-        case ALL_INT32_INDEXING_TYPES:
-        case ALL_DOUBLE_INDEXING_TYPES:
         case ALL_CONTIGUOUS_INDEXING_TYPES:
             return false;
         case ALL_ARRAY_STORAGE_INDEXING_TYPES:
@@ -643,30 +571,6 @@ public:
     // foo->attemptToInterceptPutByIndexOnHole(...);
     bool attemptToInterceptPutByIndexOnHoleForPrototype(ExecState*, JSValue thisValue, unsigned propertyName, JSValue, bool shouldThrow);
         
-    // Returns 0 if int32 storage cannot be created - either because
-    // indexing should be sparse, we're having a bad time, or because
-    // we already have a more general form of storage (double,
-    // contiguous, array storage).
-    WriteBarrier<Unknown>* ensureInt32(JSGlobalData& globalData)
-    {
-        if (LIKELY(hasInt32(structure()->indexingType())))
-            return m_butterfly->contiguousInt32();
-            
-        return ensureInt32Slow(globalData);
-    }
-        
-    // Returns 0 if double storage cannot be created - either because
-    // indexing should be sparse, we're having a bad time, or because
-    // we already have a more general form of storage (contiguous,
-    // or array storage).
-    double* ensureDouble(JSGlobalData& globalData)
-    {
-        if (LIKELY(hasDouble(structure()->indexingType())))
-            return m_butterfly->contiguousDouble();
-            
-        return ensureDoubleSlow(globalData);
-    }
-        
     // Returns 0 if contiguous storage cannot be created - either because
     // indexing should be sparse or because we're having a bad time.
     WriteBarrier<Unknown>* ensureContiguous(JSGlobalData& globalData)
@@ -689,6 +593,14 @@ public:
         return ensureArrayStorageSlow(globalData);
     }
         
+    Butterfly* ensureIndexedStorage(JSGlobalData& globalData)
+    {
+        if (LIKELY(hasIndexedProperties(structure()->indexingType())))
+            return m_butterfly;
+            
+        return ensureIndexedStorageSlow(globalData);
+    }
+        
     static size_t offsetOfInlineStorage();
         
     static ptrdiff_t butterflyOffset()
@@ -749,47 +661,19 @@ protected:
             return 0;
         }
     }
-        
-    Butterfly* createInitialUndecided(JSGlobalData&, unsigned length);
-    WriteBarrier<Unknown>* createInitialInt32(JSGlobalData&, unsigned length);
-    double* createInitialDouble(JSGlobalData&, unsigned length);
-    WriteBarrier<Unknown>* createInitialContiguous(JSGlobalData&, unsigned length);
-        
-    void convertUndecidedForValue(JSGlobalData&, JSValue);
-    void convertInt32ForValue(JSGlobalData&, JSValue);
-        
+
     ArrayStorage* createArrayStorage(JSGlobalData&, unsigned length, unsigned vectorLength);
     ArrayStorage* createInitialArrayStorage(JSGlobalData&);
-        
-    WriteBarrier<Unknown>* convertUndecidedToInt32(JSGlobalData&);
-    double* convertUndecidedToDouble(JSGlobalData&);
-    WriteBarrier<Unknown>* convertUndecidedToContiguous(JSGlobalData&);
-    ArrayStorage* convertUndecidedToArrayStorage(JSGlobalData&, NonPropertyTransition, unsigned neededLength);
-    ArrayStorage* convertUndecidedToArrayStorage(JSGlobalData&, NonPropertyTransition);
-    ArrayStorage* convertUndecidedToArrayStorage(JSGlobalData&);
-        
-    double* convertInt32ToDouble(JSGlobalData&);
-    WriteBarrier<Unknown>* convertInt32ToContiguous(JSGlobalData&);
-    ArrayStorage* convertInt32ToArrayStorage(JSGlobalData&, NonPropertyTransition, unsigned neededLength);
-    ArrayStorage* convertInt32ToArrayStorage(JSGlobalData&, NonPropertyTransition);
-    ArrayStorage* convertInt32ToArrayStorage(JSGlobalData&);
-        
-    WriteBarrier<Unknown>* convertDoubleToContiguous(JSGlobalData&);
-    ArrayStorage* convertDoubleToArrayStorage(JSGlobalData&, NonPropertyTransition, unsigned neededLength);
-    ArrayStorage* convertDoubleToArrayStorage(JSGlobalData&, NonPropertyTransition);
-    ArrayStorage* convertDoubleToArrayStorage(JSGlobalData&);
-        
+    WriteBarrier<Unknown>* createInitialContiguous(JSGlobalData&, unsigned length);
     ArrayStorage* convertContiguousToArrayStorage(JSGlobalData&, NonPropertyTransition, unsigned neededLength);
     ArrayStorage* convertContiguousToArrayStorage(JSGlobalData&, NonPropertyTransition);
     ArrayStorage* convertContiguousToArrayStorage(JSGlobalData&);
-
         
     ArrayStorage* ensureArrayStorageExistsAndEnterDictionaryIndexingMode(JSGlobalData&);
         
     bool defineOwnNonIndexProperty(ExecState*, PropertyName, PropertyDescriptor&, bool throwException);
 
-    template<IndexingType indexingShape>
-    void putByIndexBeyondVectorLengthWithoutAttributes(ExecState*, unsigned propertyName, JSValue);
+    void putByIndexBeyondVectorLengthContiguousWithoutAttributes(ExecState*, unsigned propertyName, JSValue);
     void putByIndexBeyondVectorLengthWithArrayStorage(ExecState*, unsigned propertyName, JSValue, bool shouldThrow, ArrayStorage*);
 
     bool increaseVectorLength(JSGlobalData&, unsigned newLength);
@@ -803,33 +687,24 @@ protected:
         
     // Call this if you want setIndexQuickly to succeed and you're sure that
     // the array is contiguous.
-    void ensureLength(JSGlobalData& globalData, unsigned length)
+    void ensureContiguousLength(JSGlobalData& globalData, unsigned length)
     {
         ASSERT(length < MAX_ARRAY_INDEX);
-        ASSERT(hasContiguous(structure()->indexingType()) || hasInt32(structure()->indexingType()) || hasDouble(structure()->indexingType()) || hasUndecided(structure()->indexingType()));
+        ASSERT(hasContiguous(structure()->indexingType()));
             
         if (m_butterfly->vectorLength() < length)
-            ensureLengthSlow(globalData, length);
+            ensureContiguousLengthSlow(globalData, length);
             
         if (m_butterfly->publicLength() < length)
             m_butterfly->setPublicLength(length);
     }
         
-    template<IndexingType indexingShape>
-    unsigned countElements(Butterfly*);
+    unsigned countElementsInContiguous(Butterfly*);
         
-    // This is relevant to undecided, int32, double, and contiguous.
-    unsigned countElements();
-        
-    // This strange method returns a pointer to the start of the indexed data
-    // as if it contained JSValues. But it won't always contain JSValues.
-    // Make sure you cast this to the appropriate type before using.
     template<IndexingType indexingType>
     WriteBarrier<Unknown>* indexingData()
     {
         switch (indexingType) {
-        case ALL_INT32_INDEXING_TYPES:
-        case ALL_DOUBLE_INDEXING_TYPES:
         case ALL_CONTIGUOUS_INDEXING_TYPES:
             return m_butterfly->contiguous();
                 
@@ -845,7 +720,6 @@ protected:
     WriteBarrier<Unknown>* currentIndexingData()
     {
         switch (structure()->indexingType()) {
-        case ALL_INT32_INDEXING_TYPES:
         case ALL_CONTIGUOUS_INDEXING_TYPES:
             return m_butterfly->contiguous();
 
@@ -858,32 +732,10 @@ protected:
         }
     }
         
-    JSValue getHolyIndexQuickly(unsigned i)
-    {
-        switch (structure()->indexingType()) {
-        case ALL_INT32_INDEXING_TYPES:
-        case ALL_CONTIGUOUS_INDEXING_TYPES:
-            return m_butterfly->contiguous()[i].get();
-        case ALL_DOUBLE_INDEXING_TYPES: {
-            double value = m_butterfly->contiguousDouble()[i];
-            if (value == value)
-                return JSValue(JSValue::EncodeAsDouble, value);
-            return JSValue();
-        }
-        case ALL_ARRAY_STORAGE_INDEXING_TYPES:
-            return m_butterfly->arrayStorage()->m_vector[i].get();
-        default:
-            CRASH();
-            return JSValue();
-        }
-    }
-        
     template<IndexingType indexingType>
     unsigned relevantLength()
     {
         switch (indexingType) {
-        case ALL_INT32_INDEXING_TYPES:
-        case ALL_DOUBLE_INDEXING_TYPES:
         case ALL_CONTIGUOUS_INDEXING_TYPES:
             return m_butterfly->publicLength();
                 
@@ -901,8 +753,6 @@ protected:
     unsigned currentRelevantLength()
     {
         switch (structure()->indexingType()) {
-        case ALL_INT32_INDEXING_TYPES:
-        case ALL_DOUBLE_INDEXING_TYPES:
         case ALL_CONTIGUOUS_INDEXING_TYPES:
             return m_butterfly->publicLength();
 
@@ -928,8 +778,6 @@ private:
     void isObject();
     void isString();
         
-    Butterfly* createInitialIndexedStorage(JSGlobalData&, unsigned length, size_t elementSize);
-        
     ArrayStorage* enterDictionaryIndexingModeWhenArrayStorageAlreadyExists(JSGlobalData&, ArrayStorage*);
         
     template<PutMode>
@@ -952,18 +800,11 @@ private:
 
     JS_EXPORT_PRIVATE bool getOwnPropertySlotSlow(ExecState*, PropertyName, PropertySlot&);
         
-    ArrayStorage* constructConvertedArrayStorageWithoutCopyingElements(JSGlobalData&, unsigned neededLength);
-        
-    JS_EXPORT_PRIVATE void setIndexQuicklyToUndecided(JSGlobalData&, unsigned index, JSValue);
-    JS_EXPORT_PRIVATE void convertInt32ToDoubleOrContiguousWhilePerformingSetIndex(JSGlobalData&, unsigned index, JSValue);
-    JS_EXPORT_PRIVATE void convertDoubleToContiguousWhilePerformingSetIndex(JSGlobalData&, unsigned index, JSValue);
-        
-    void ensureLengthSlow(JSGlobalData&, unsigned length);
+    void ensureContiguousLengthSlow(JSGlobalData&, unsigned length);
         
-    WriteBarrier<Unknown>* ensureInt32Slow(JSGlobalData&);
-    double* ensureDoubleSlow(JSGlobalData&);
     WriteBarrier<Unknown>* ensureContiguousSlow(JSGlobalData&);
     ArrayStorage* ensureArrayStorageSlow(JSGlobalData&);
+    Butterfly* ensureIndexedStorageSlow(JSGlobalData&);
         
 protected:
     Butterfly* m_butterfly;
diff --git a/Source/JavaScriptCore/runtime/JSValue.cpp b/Source/JavaScriptCore/runtime/JSValue.cpp
index 8f245f98d..e7f8cad17 100644
--- a/Source/JavaScriptCore/runtime/JSValue.cpp
+++ b/Source/JavaScriptCore/runtime/JSValue.cpp
@@ -215,8 +215,8 @@ char* JSValue::description() const
 #endif
     } else if (isCell()) {
         snprintf(
-            description, size, "Cell: %p -> %p (%p: %s, %s)",
-            asCell(), isObject() ? asObject(*this)->butterfly() : 0, asCell()->structure(), asCell()->structure()->classInfo()->className,
+            description, size, "Cell: %p (%p: %s, %s)",
+            asCell(), asCell()->structure(), asCell()->structure()->classInfo()->className,
             indexingTypeToString(asCell()->structure()->indexingTypeIncludingHistory()));
     } else if (isTrue())
         snprintf(description, size, "True");
diff --git a/Source/JavaScriptCore/runtime/JSValueInlineMethods.h b/Source/JavaScriptCore/runtime/JSValueInlineMethods.h
new file mode 100644
index 000000000..224982e9e
--- /dev/null
+++ b/Source/JavaScriptCore/runtime/JSValueInlineMethods.h
@@ -0,0 +1,496 @@
+/*
+ * Copyright (C) 2011 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef JSValueInlineMethods_h
+#define JSValueInlineMethods_h
+
+#include "JSValue.h"
+
+namespace JSC {
+
+    ALWAYS_INLINE int32_t JSValue::toInt32(ExecState* exec) const
+    {
+        if (isInt32())
+            return asInt32();
+        return JSC::toInt32(toNumber(exec));
+    }
+
+    inline uint32_t JSValue::toUInt32(ExecState* exec) const
+    {
+        // See comment on JSC::toUInt32, above.
+        return toInt32(exec);
+    }
+
+    inline bool JSValue::isUInt32() const
+    {
+        return isInt32() && asInt32() >= 0;
+    }
+
+    inline uint32_t JSValue::asUInt32() const
+    {
+        ASSERT(isUInt32());
+        return asInt32();
+    }
+
+    inline double JSValue::asNumber() const
+    {
+        ASSERT(isNumber());
+        return isInt32() ? asInt32() : asDouble();
+    }
+
+    inline JSValue jsNaN()
+    {
+        return JSValue(QNaN);
+    }
+
+    inline JSValue::JSValue(char i)
+    {
+        *this = JSValue(static_cast<int32_t>(i));
+    }
+
+    inline JSValue::JSValue(unsigned char i)
+    {
+        *this = JSValue(static_cast<int32_t>(i));
+    }
+
+    inline JSValue::JSValue(short i)
+    {
+        *this = JSValue(static_cast<int32_t>(i));
+    }
+
+    inline JSValue::JSValue(unsigned short i)
+    {
+        *this = JSValue(static_cast<int32_t>(i));
+    }
+
+    inline JSValue::JSValue(unsigned i)
+    {
+        if (static_cast<int32_t>(i) < 0) {
+            *this = JSValue(EncodeAsDouble, static_cast<double>(i));
+            return;
+        }
+        *this = JSValue(static_cast<int32_t>(i));
+    }
+
+    inline JSValue::JSValue(long i)
+    {
+        if (static_cast<int32_t>(i) != i) {
+            *this = JSValue(EncodeAsDouble, static_cast<double>(i));
+            return;
+        }
+        *this = JSValue(static_cast<int32_t>(i));
+    }
+
+    inline JSValue::JSValue(unsigned long i)
+    {
+        if (static_cast<uint32_t>(i) != i) {
+            *this = JSValue(EncodeAsDouble, static_cast<double>(i));
+            return;
+        }
+        *this = JSValue(static_cast<uint32_t>(i));
+    }
+
+    inline JSValue::JSValue(long long i)
+    {
+        if (static_cast<int32_t>(i) != i) {
+            *this = JSValue(EncodeAsDouble, static_cast<double>(i));
+            return;
+        }
+        *this = JSValue(static_cast<int32_t>(i));
+    }
+
+    inline JSValue::JSValue(unsigned long long i)
+    {
+        if (static_cast<uint32_t>(i) != i) {
+            *this = JSValue(EncodeAsDouble, static_cast<double>(i));
+            return;
+        }
+        *this = JSValue(static_cast<uint32_t>(i));
+    }
+
+    inline JSValue::JSValue(double d)
+    {
+        const int32_t asInt32 = static_cast<int32_t>(d);
+        if (asInt32 != d || (!asInt32 && signbit(d))) { // true for -0.0
+            *this = JSValue(EncodeAsDouble, d);
+            return;
+        }
+        *this = JSValue(static_cast<int32_t>(d));
+    }
+
+    inline EncodedJSValue JSValue::encode(JSValue value)
+    {
+        return value.u.asInt64;
+    }
+
+    inline JSValue JSValue::decode(EncodedJSValue encodedJSValue)
+    {
+        JSValue v;
+        v.u.asInt64 = encodedJSValue;
+        return v;
+    }
+
+#if USE(JSVALUE32_64)
+    inline JSValue::JSValue()
+    {
+        u.asBits.tag = EmptyValueTag;
+        u.asBits.payload = 0;
+    }
+
+    inline JSValue::JSValue(JSNullTag)
+    {
+        u.asBits.tag = NullTag;
+        u.asBits.payload = 0;
+    }
+    
+    inline JSValue::JSValue(JSUndefinedTag)
+    {
+        u.asBits.tag = UndefinedTag;
+        u.asBits.payload = 0;
+    }
+    
+    inline JSValue::JSValue(JSTrueTag)
+    {
+        u.asBits.tag = BooleanTag;
+        u.asBits.payload = 1;
+    }
+    
+    inline JSValue::JSValue(JSFalseTag)
+    {
+        u.asBits.tag = BooleanTag;
+        u.asBits.payload = 0;
+    }
+
+    inline JSValue::JSValue(HashTableDeletedValueTag)
+    {
+        u.asBits.tag = DeletedValueTag;
+        u.asBits.payload = 0;
+    }
+
+    inline JSValue::JSValue(JSCell* ptr)
+    {
+        if (ptr)
+            u.asBits.tag = CellTag;
+        else
+            u.asBits.tag = EmptyValueTag;
+        u.asBits.payload = reinterpret_cast<int32_t>(ptr);
+    }
+
+    inline JSValue::JSValue(const JSCell* ptr)
+    {
+        if (ptr)
+            u.asBits.tag = CellTag;
+        else
+            u.asBits.tag = EmptyValueTag;
+        u.asBits.payload = reinterpret_cast<int32_t>(const_cast<JSCell*>(ptr));
+    }
+
+    inline JSValue::operator bool() const
+    {
+        ASSERT(tag() != DeletedValueTag);
+        return tag() != EmptyValueTag;
+    }
+
+    inline bool JSValue::operator==(const JSValue& other) const
+    {
+        return u.asInt64 == other.u.asInt64;
+    }
+
+    inline bool JSValue::operator!=(const JSValue& other) const
+    {
+        return u.asInt64 != other.u.asInt64;
+    }
+
+    inline bool JSValue::isEmpty() const
+    {
+        return tag() == EmptyValueTag;
+    }
+
+    inline bool JSValue::isUndefined() const
+    {
+        return tag() == UndefinedTag;
+    }
+
+    inline bool JSValue::isNull() const
+    {
+        return tag() == NullTag;
+    }
+
+    inline bool JSValue::isUndefinedOrNull() const
+    {
+        return isUndefined() || isNull();
+    }
+
+    inline bool JSValue::isCell() const
+    {
+        return tag() == CellTag;
+    }
+
+    inline bool JSValue::isInt32() const
+    {
+        return tag() == Int32Tag;
+    }
+
+    inline bool JSValue::isDouble() const
+    {
+        return tag() < LowestTag;
+    }
+
+    inline bool JSValue::isTrue() const
+    {
+        return tag() == BooleanTag && payload();
+    }
+
+    inline bool JSValue::isFalse() const
+    {
+        return tag() == BooleanTag && !payload();
+    }
+
+    inline uint32_t JSValue::tag() const
+    {
+        return u.asBits.tag;
+    }
+    
+    inline int32_t JSValue::payload() const
+    {
+        return u.asBits.payload;
+    }
+    
+    inline int32_t JSValue::asInt32() const
+    {
+        ASSERT(isInt32());
+        return u.asBits.payload;
+    }
+    
+    inline double JSValue::asDouble() const
+    {
+        ASSERT(isDouble());
+        return u.asDouble;
+    }
+    
+    ALWAYS_INLINE JSCell* JSValue::asCell() const
+    {
+        ASSERT(isCell());
+        return reinterpret_cast<JSCell*>(u.asBits.payload);
+    }
+
+    ALWAYS_INLINE JSValue::JSValue(EncodeAsDoubleTag, double d)
+    {
+        u.asDouble = d;
+    }
+
+    inline JSValue::JSValue(int i)
+    {
+        u.asBits.tag = Int32Tag;
+        u.asBits.payload = i;
+    }
+
+#if ENABLE(LLINT_C_LOOP)
+    inline JSValue::JSValue(int32_t tag, int32_t payload)
+    {
+        u.asBits.tag = tag;
+        u.asBits.payload = payload;
+    }
+#endif
+
+    inline bool JSValue::isNumber() const
+    {
+        return isInt32() || isDouble();
+    }
+
+    inline bool JSValue::isBoolean() const
+    {
+        return isTrue() || isFalse();
+    }
+
+    inline bool JSValue::asBoolean() const
+    {
+        ASSERT(isBoolean());
+        return payload();
+    }
+
+#else // !USE(JSVALUE32_64) i.e. USE(JSVALUE64)
+
+    // 0x0 can never occur naturally because it has a tag of 00, indicating a pointer value, but a payload of 0x0, which is in the (invalid) zero page.
+    inline JSValue::JSValue()
+    {
+        u.asInt64 = ValueEmpty;
+    }
+
+    // 0x4 can never occur naturally because it has a tag of 00, indicating a pointer value, but a payload of 0x4, which is in the (invalid) zero page.
+    inline JSValue::JSValue(HashTableDeletedValueTag)
+    {
+        u.asInt64 = ValueDeleted;
+    }
+
+    inline JSValue::JSValue(JSCell* ptr)
+    {
+        u.asInt64 = reinterpret_cast<uintptr_t>(ptr);
+    }
+
+    inline JSValue::JSValue(const JSCell* ptr)
+    {
+        u.asInt64 = reinterpret_cast<uintptr_t>(const_cast<JSCell*>(ptr));
+    }
+
+    inline JSValue::operator bool() const
+    {
+        return u.asInt64;
+    }
+
+    inline bool JSValue::operator==(const JSValue& other) const
+    {
+        return u.asInt64 == other.u.asInt64;
+    }
+
+    inline bool JSValue::operator!=(const JSValue& other) const
+    {
+        return u.asInt64 != other.u.asInt64;
+    }
+
+    inline bool JSValue::isEmpty() const
+    {
+        return u.asInt64 == ValueEmpty;
+    }
+
+    inline bool JSValue::isUndefined() const
+    {
+        return asValue() == JSValue(JSUndefined);
+    }
+
+    inline bool JSValue::isNull() const
+    {
+        return asValue() == JSValue(JSNull);
+    }
+
+    inline bool JSValue::isTrue() const
+    {
+        return asValue() == JSValue(JSTrue);
+    }
+
+    inline bool JSValue::isFalse() const
+    {
+        return asValue() == JSValue(JSFalse);
+    }
+
+    inline bool JSValue::asBoolean() const
+    {
+        ASSERT(isBoolean());
+        return asValue() == JSValue(JSTrue);
+    }
+
+    inline int32_t JSValue::asInt32() const
+    {
+        ASSERT(isInt32());
+        return static_cast<int32_t>(u.asInt64);
+    }
+
+    inline bool JSValue::isDouble() const
+    {
+        return isNumber() && !isInt32();
+    }
+
+    inline JSValue::JSValue(JSNullTag)
+    {
+        u.asInt64 = ValueNull;
+    }
+    
+    inline JSValue::JSValue(JSUndefinedTag)
+    {
+        u.asInt64 = ValueUndefined;
+    }
+
+    inline JSValue::JSValue(JSTrueTag)
+    {
+        u.asInt64 = ValueTrue;
+    }
+
+    inline JSValue::JSValue(JSFalseTag)
+    {
+        u.asInt64 = ValueFalse;
+    }
+
+    inline bool JSValue::isUndefinedOrNull() const
+    {
+        // Undefined and null share the same value, bar the 'undefined' bit in the extended tag.
+        return (u.asInt64 & ~TagBitUndefined) == ValueNull;
+    }
+
+    inline bool JSValue::isBoolean() const
+    {
+        return (u.asInt64 & ~1) == ValueFalse;
+    }
+
+    inline bool JSValue::isCell() const
+    {
+        return !(u.asInt64 & TagMask);
+    }
+
+    inline bool JSValue::isInt32() const
+    {
+        return (u.asInt64 & TagTypeNumber) == TagTypeNumber;
+    }
+
+    inline int64_t reinterpretDoubleToInt64(double value)
+    {
+        return bitwise_cast<int64_t>(value);
+    }
+    inline double reinterpretInt64ToDouble(int64_t value)
+    {
+        return bitwise_cast<double>(value);
+    }
+
+    ALWAYS_INLINE JSValue::JSValue(EncodeAsDoubleTag, double d)
+    {
+        u.asInt64 = reinterpretDoubleToInt64(d) + DoubleEncodeOffset;
+    }
+
+    inline JSValue::JSValue(int i)
+    {
+        u.asInt64 = TagTypeNumber | static_cast<uint32_t>(i);
+    }
+
+    inline double JSValue::asDouble() const
+    {
+        ASSERT(isDouble());
+        return reinterpretInt64ToDouble(u.asInt64 - DoubleEncodeOffset);
+    }
+
+    inline bool JSValue::isNumber() const
+    {
+        return u.asInt64 & TagTypeNumber;
+    }
+
+    ALWAYS_INLINE JSCell* JSValue::asCell() const
+    {
+        ASSERT(isCell());
+        return u.ptr;
+    }
+
+#endif // USE(JSVALUE64)
+
+} // namespace JSC
+
+#endif // JSValueInlineMethods_h
diff --git a/Source/JavaScriptCore/runtime/JSValueInlines.h b/Source/JavaScriptCore/runtime/JSValueInlines.h
deleted file mode 100644
index c5a42f67f..000000000
--- a/Source/JavaScriptCore/runtime/JSValueInlines.h
+++ /dev/null
@@ -1,497 +0,0 @@
-/*
- * Copyright (C) 2011 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
- */
-
-#ifndef JSValueInlines_h
-#define JSValueInlines_h
-
-#include "JSValue.h"
-
-namespace JSC {
-
-    ALWAYS_INLINE int32_t JSValue::toInt32(ExecState* exec) const
-    {
-        if (isInt32())
-            return asInt32();
-        return JSC::toInt32(toNumber(exec));
-    }
-
-    inline uint32_t JSValue::toUInt32(ExecState* exec) const
-    {
-        // See comment on JSC::toUInt32, above.
-        return toInt32(exec);
-    }
-
-    inline bool JSValue::isUInt32() const
-    {
-        return isInt32() && asInt32() >= 0;
-    }
-
-    inline uint32_t JSValue::asUInt32() const
-    {
-        ASSERT(isUInt32());
-        return asInt32();
-    }
-
-    inline double JSValue::asNumber() const
-    {
-        ASSERT(isNumber());
-        return isInt32() ? asInt32() : asDouble();
-    }
-
-    inline JSValue jsNaN()
-    {
-        return JSValue(QNaN);
-    }
-
-    inline JSValue::JSValue(char i)
-    {
-        *this = JSValue(static_cast<int32_t>(i));
-    }
-
-    inline JSValue::JSValue(unsigned char i)
-    {
-        *this = JSValue(static_cast<int32_t>(i));
-    }
-
-    inline JSValue::JSValue(short i)
-    {
-        *this = JSValue(static_cast<int32_t>(i));
-    }
-
-    inline JSValue::JSValue(unsigned short i)
-    {
-        *this = JSValue(static_cast<int32_t>(i));
-    }
-
-    inline JSValue::JSValue(unsigned i)
-    {
-        if (static_cast<int32_t>(i) < 0) {
-            *this = JSValue(EncodeAsDouble, static_cast<double>(i));
-            return;
-        }
-        *this = JSValue(static_cast<int32_t>(i));
-    }
-
-    inline JSValue::JSValue(long i)
-    {
-        if (static_cast<int32_t>(i) != i) {
-            *this = JSValue(EncodeAsDouble, static_cast<double>(i));
-            return;
-        }
-        *this = JSValue(static_cast<int32_t>(i));
-    }
-
-    inline JSValue::JSValue(unsigned long i)
-    {
-        if (static_cast<uint32_t>(i) != i) {
-            *this = JSValue(EncodeAsDouble, static_cast<double>(i));
-            return;
-        }
-        *this = JSValue(static_cast<uint32_t>(i));
-    }
-
-    inline JSValue::JSValue(long long i)
-    {
-        if (static_cast<int32_t>(i) != i) {
-            *this = JSValue(EncodeAsDouble, static_cast<double>(i));
-            return;
-        }
-        *this = JSValue(static_cast<int32_t>(i));
-    }
-
-    inline JSValue::JSValue(unsigned long long i)
-    {
-        if (static_cast<uint32_t>(i) != i) {
-            *this = JSValue(EncodeAsDouble, static_cast<double>(i));
-            return;
-        }
-        *this = JSValue(static_cast<uint32_t>(i));
-    }
-
-    inline JSValue::JSValue(double d)
-    {
-        const int32_t asInt32 = static_cast<int32_t>(d);
-        if (asInt32 != d || (!asInt32 && signbit(d))) { // true for -0.0
-            *this = JSValue(EncodeAsDouble, d);
-            return;
-        }
-        *this = JSValue(static_cast<int32_t>(d));
-    }
-
-    inline EncodedJSValue JSValue::encode(JSValue value)
-    {
-        return value.u.asInt64;
-    }
-
-    inline JSValue JSValue::decode(EncodedJSValue encodedJSValue)
-    {
-        JSValue v;
-        v.u.asInt64 = encodedJSValue;
-        return v;
-    }
-
-#if USE(JSVALUE32_64)
-    inline JSValue::JSValue()
-    {
-        u.asBits.tag = EmptyValueTag;
-        u.asBits.payload = 0;
-    }
-
-    inline JSValue::JSValue(JSNullTag)
-    {
-        u.asBits.tag = NullTag;
-        u.asBits.payload = 0;
-    }
-    
-    inline JSValue::JSValue(JSUndefinedTag)
-    {
-        u.asBits.tag = UndefinedTag;
-        u.asBits.payload = 0;
-    }
-    
-    inline JSValue::JSValue(JSTrueTag)
-    {
-        u.asBits.tag = BooleanTag;
-        u.asBits.payload = 1;
-    }
-    
-    inline JSValue::JSValue(JSFalseTag)
-    {
-        u.asBits.tag = BooleanTag;
-        u.asBits.payload = 0;
-    }
-
-    inline JSValue::JSValue(HashTableDeletedValueTag)
-    {
-        u.asBits.tag = DeletedValueTag;
-        u.asBits.payload = 0;
-    }
-
-    inline JSValue::JSValue(JSCell* ptr)
-    {
-        if (ptr)
-            u.asBits.tag = CellTag;
-        else
-            u.asBits.tag = EmptyValueTag;
-        u.asBits.payload = reinterpret_cast<int32_t>(ptr);
-    }
-
-    inline JSValue::JSValue(const JSCell* ptr)
-    {
-        if (ptr)
-            u.asBits.tag = CellTag;
-        else
-            u.asBits.tag = EmptyValueTag;
-        u.asBits.payload = reinterpret_cast<int32_t>(const_cast<JSCell*>(ptr));
-    }
-
-    inline JSValue::operator bool() const
-    {
-        ASSERT(tag() != DeletedValueTag);
-        return tag() != EmptyValueTag;
-    }
-
-    inline bool JSValue::operator==(const JSValue& other) const
-    {
-        return u.asInt64 == other.u.asInt64;
-    }
-
-    inline bool JSValue::operator!=(const JSValue& other) const
-    {
-        return u.asInt64 != other.u.asInt64;
-    }
-
-    inline bool JSValue::isEmpty() const
-    {
-        return tag() == EmptyValueTag;
-    }
-
-    inline bool JSValue::isUndefined() const
-    {
-        return tag() == UndefinedTag;
-    }
-
-    inline bool JSValue::isNull() const
-    {
-        return tag() == NullTag;
-    }
-
-    inline bool JSValue::isUndefinedOrNull() const
-    {
-        return isUndefined() || isNull();
-    }
-
-    inline bool JSValue::isCell() const
-    {
-        return tag() == CellTag;
-    }
-
-    inline bool JSValue::isInt32() const
-    {
-        return tag() == Int32Tag;
-    }
-
-    inline bool JSValue::isDouble() const
-    {
-        return tag() < LowestTag;
-    }
-
-    inline bool JSValue::isTrue() const
-    {
-        return tag() == BooleanTag && payload();
-    }
-
-    inline bool JSValue::isFalse() const
-    {
-        return tag() == BooleanTag && !payload();
-    }
-
-    inline uint32_t JSValue::tag() const
-    {
-        return u.asBits.tag;
-    }
-    
-    inline int32_t JSValue::payload() const
-    {
-        return u.asBits.payload;
-    }
-    
-    inline int32_t JSValue::asInt32() const
-    {
-        ASSERT(isInt32());
-        return u.asBits.payload;
-    }
-    
-    inline double JSValue::asDouble() const
-    {
-        ASSERT(isDouble());
-        return u.asDouble;
-    }
-    
-    ALWAYS_INLINE JSCell* JSValue::asCell() const
-    {
-        ASSERT(isCell());
-        return reinterpret_cast<JSCell*>(u.asBits.payload);
-    }
-
-    ALWAYS_INLINE JSValue::JSValue(EncodeAsDoubleTag, double d)
-    {
-        u.asDouble = d;
-    }
-
-    inline JSValue::JSValue(int i)
-    {
-        u.asBits.tag = Int32Tag;
-        u.asBits.payload = i;
-    }
-
-#if ENABLE(LLINT_C_LOOP)
-    inline JSValue::JSValue(int32_t tag, int32_t payload)
-    {
-        u.asBits.tag = tag;
-        u.asBits.payload = payload;
-    }
-#endif
-
-    inline bool JSValue::isNumber() const
-    {
-        return isInt32() || isDouble();
-    }
-
-    inline bool JSValue::isBoolean() const
-    {
-        return isTrue() || isFalse();
-    }
-
-    inline bool JSValue::asBoolean() const
-    {
-        ASSERT(isBoolean());
-        return payload();
-    }
-
-#else // !USE(JSVALUE32_64) i.e. USE(JSVALUE64)
-
-    // 0x0 can never occur naturally because it has a tag of 00, indicating a pointer value, but a payload of 0x0, which is in the (invalid) zero page.
-    inline JSValue::JSValue()
-    {
-        u.asInt64 = ValueEmpty;
-    }
-
-    // 0x4 can never occur naturally because it has a tag of 00, indicating a pointer value, but a payload of 0x4, which is in the (invalid) zero page.
-    inline JSValue::JSValue(HashTableDeletedValueTag)
-    {
-        u.asInt64 = ValueDeleted;
-    }
-
-    inline JSValue::JSValue(JSCell* ptr)
-    {
-        u.asInt64 = reinterpret_cast<uintptr_t>(ptr);
-    }
-
-    inline JSValue::JSValue(const JSCell* ptr)
-    {
-        u.asInt64 = reinterpret_cast<uintptr_t>(const_cast<JSCell*>(ptr));
-    }
-
-    inline JSValue::operator bool() const
-    {
-        return u.asInt64;
-    }
-
-    inline bool JSValue::operator==(const JSValue& other) const
-    {
-        return u.asInt64 == other.u.asInt64;
-    }
-
-    inline bool JSValue::operator!=(const JSValue& other) const
-    {
-        return u.asInt64 != other.u.asInt64;
-    }
-
-    inline bool JSValue::isEmpty() const
-    {
-        return u.asInt64 == ValueEmpty;
-    }
-
-    inline bool JSValue::isUndefined() const
-    {
-        return asValue() == JSValue(JSUndefined);
-    }
-
-    inline bool JSValue::isNull() const
-    {
-        return asValue() == JSValue(JSNull);
-    }
-
-    inline bool JSValue::isTrue() const
-    {
-        return asValue() == JSValue(JSTrue);
-    }
-
-    inline bool JSValue::isFalse() const
-    {
-        return asValue() == JSValue(JSFalse);
-    }
-
-    inline bool JSValue::asBoolean() const
-    {
-        ASSERT(isBoolean());
-        return asValue() == JSValue(JSTrue);
-    }
-
-    inline int32_t JSValue::asInt32() const
-    {
-        ASSERT(isInt32());
-        return static_cast<int32_t>(u.asInt64);
-    }
-
-    inline bool JSValue::isDouble() const
-    {
-        return isNumber() && !isInt32();
-    }
-
-    inline JSValue::JSValue(JSNullTag)
-    {
-        u.asInt64 = ValueNull;
-    }
-    
-    inline JSValue::JSValue(JSUndefinedTag)
-    {
-        u.asInt64 = ValueUndefined;
-    }
-
-    inline JSValue::JSValue(JSTrueTag)
-    {
-        u.asInt64 = ValueTrue;
-    }
-
-    inline JSValue::JSValue(JSFalseTag)
-    {
-        u.asInt64 = ValueFalse;
-    }
-
-    inline bool JSValue::isUndefinedOrNull() const
-    {
-        // Undefined and null share the same value, bar the 'undefined' bit in the extended tag.
-        return (u.asInt64 & ~TagBitUndefined) == ValueNull;
-    }
-
-    inline bool JSValue::isBoolean() const
-    {
-        return (u.asInt64 & ~1) == ValueFalse;
-    }
-
-    inline bool JSValue::isCell() const
-    {
-        return !(u.asInt64 & TagMask);
-    }
-
-    inline bool JSValue::isInt32() const
-    {
-        return (u.asInt64 & TagTypeNumber) == TagTypeNumber;
-    }
-
-    inline int64_t reinterpretDoubleToInt64(double value)
-    {
-        return bitwise_cast<int64_t>(value);
-    }
-    inline double reinterpretInt64ToDouble(int64_t value)
-    {
-        return bitwise_cast<double>(value);
-    }
-
-    ALWAYS_INLINE JSValue::JSValue(EncodeAsDoubleTag, double d)
-    {
-        u.asInt64 = reinterpretDoubleToInt64(d) + DoubleEncodeOffset;
-    }
-
-    inline JSValue::JSValue(int i)
-    {
-        u.asInt64 = TagTypeNumber | static_cast<uint32_t>(i);
-    }
-
-    inline double JSValue::asDouble() const
-    {
-        ASSERT(isDouble());
-        return reinterpretInt64ToDouble(u.asInt64 - DoubleEncodeOffset);
-    }
-
-    inline bool JSValue::isNumber() const
-    {
-        return u.asInt64 & TagTypeNumber;
-    }
-
-    ALWAYS_INLINE JSCell* JSValue::asCell() const
-    {
-        ASSERT(isCell());
-        return u.ptr;
-    }
-
-#endif // USE(JSVALUE64)
-
-} // namespace JSC
-
-#endif // JSValueInlines_h
-
diff --git a/Source/JavaScriptCore/runtime/LiteralParser.cpp b/Source/JavaScriptCore/runtime/LiteralParser.cpp
index bf27327bf..cd854417b 100644
--- a/Source/JavaScriptCore/runtime/LiteralParser.cpp
+++ b/Source/JavaScriptCore/runtime/LiteralParser.cpp
@@ -27,8 +27,8 @@
 #include "config.h"
 #include "LiteralParser.h"
 
-#include "ButterflyInlines.h"
-#include "CopiedSpaceInlines.h"
+#include "ButterflyInlineMethods.h"
+#include "CopiedSpaceInlineMethods.h"
 #include "JSArray.h"
 #include "JSString.h"
 #include "Lexer.h"
@@ -548,7 +548,7 @@ JSValue LiteralParser<CharType>::parse(ParserState initialState)
         switch(state) {
             startParseArray:
             case StartParseArray: {
-                JSArray* array = constructEmptyArray(m_exec, 0);
+                JSArray* array = constructEmptyArray(m_exec);
                 objectStack.append(array);
                 // fallthrough
             }
diff --git a/Source/JavaScriptCore/runtime/ObjectConstructor.cpp b/Source/JavaScriptCore/runtime/ObjectConstructor.cpp
index 7e74a914b..7df047d28 100644
--- a/Source/JavaScriptCore/runtime/ObjectConstructor.cpp
+++ b/Source/JavaScriptCore/runtime/ObjectConstructor.cpp
@@ -21,8 +21,8 @@
 #include "config.h"
 #include "ObjectConstructor.h"
 
-#include "ButterflyInlines.h"
-#include "CopiedSpaceInlines.h"
+#include "ButterflyInlineMethods.h"
+#include "CopiedSpaceInlineMethods.h"
 #include "Error.h"
 #include "ExceptionHelpers.h"
 #include "JSFunction.h"
@@ -182,7 +182,7 @@ EncodedJSValue JSC_HOST_CALL objectConstructorGetOwnPropertyNames(ExecState* exe
         return throwVMError(exec, createTypeError(exec, ASCIILiteral("Requested property names of a value that is not an object.")));
     PropertyNameArray properties(exec);
     asObject(exec->argument(0))->methodTable()->getOwnPropertyNames(asObject(exec->argument(0)), exec, properties, IncludeDontEnumProperties);
-    JSArray* names = constructEmptyArray(exec, 0);
+    JSArray* names = constructEmptyArray(exec);
     size_t numProperties = properties.size();
     for (size_t i = 0; i < numProperties; i++)
         names->push(exec, jsOwnedString(exec, properties[i].string()));
@@ -196,7 +196,7 @@ EncodedJSValue JSC_HOST_CALL objectConstructorKeys(ExecState* exec)
         return throwVMError(exec, createTypeError(exec, ASCIILiteral("Requested keys of a value that is not an object.")));
     PropertyNameArray properties(exec);
     asObject(exec->argument(0))->methodTable()->getOwnPropertyNames(asObject(exec->argument(0)), exec, properties, ExcludeDontEnumProperties);
-    JSArray* keys = constructEmptyArray(exec, 0);
+    JSArray* keys = constructEmptyArray(exec);
     size_t numProperties = properties.size();
     for (size_t i = 0; i < numProperties; i++)
         keys->push(exec, jsOwnedString(exec, properties[i].string()));
diff --git a/Source/JavaScriptCore/runtime/Operations.h b/Source/JavaScriptCore/runtime/Operations.h
index ed14e895f..01df7e98c 100644
--- a/Source/JavaScriptCore/runtime/Operations.h
+++ b/Source/JavaScriptCore/runtime/Operations.h
@@ -26,7 +26,7 @@
 #include "Interpreter.h"
 #include "JSProxy.h"
 #include "JSString.h"
-#include "JSValueInlines.h"
+#include "JSValueInlineMethods.h"
 
 namespace JSC {
 
diff --git a/Source/JavaScriptCore/runtime/RegExpMatchesArray.cpp b/Source/JavaScriptCore/runtime/RegExpMatchesArray.cpp
index 19f3b81ad..ce9c2d2db 100644
--- a/Source/JavaScriptCore/runtime/RegExpMatchesArray.cpp
+++ b/Source/JavaScriptCore/runtime/RegExpMatchesArray.cpp
@@ -26,7 +26,7 @@
 #include "config.h"
 #include "RegExpMatchesArray.h"
 
-#include "ButterflyInlines.h"
+#include "ButterflyInlineMethods.h"
 
 namespace JSC {
 
diff --git a/Source/JavaScriptCore/runtime/RegExpObject.cpp b/Source/JavaScriptCore/runtime/RegExpObject.cpp
index 00dd1ed74..35de40912 100644
--- a/Source/JavaScriptCore/runtime/RegExpObject.cpp
+++ b/Source/JavaScriptCore/runtime/RegExpObject.cpp
@@ -21,8 +21,8 @@
 #include "config.h"
 #include "RegExpObject.h"
 
-#include "ButterflyInlines.h"
-#include "CopiedSpaceInlines.h"
+#include "ButterflyInlineMethods.h"
+#include "CopiedSpaceInlineMethods.h"
 #include "Error.h"
 #include "ExceptionHelpers.h"
 #include "JSArray.h"
diff --git a/Source/JavaScriptCore/runtime/StringPrototype.cpp b/Source/JavaScriptCore/runtime/StringPrototype.cpp
index 93009d806..5aafe8bb3 100644
--- a/Source/JavaScriptCore/runtime/StringPrototype.cpp
+++ b/Source/JavaScriptCore/runtime/StringPrototype.cpp
@@ -22,9 +22,9 @@
 #include "config.h"
 #include "StringPrototype.h"
 
-#include "ButterflyInlines.h"
+#include "ButterflyInlineMethods.h"
 #include "CachedCall.h"
-#include "CopiedSpaceInlines.h"
+#include "CopiedSpaceInlineMethods.h"
 #include "Error.h"
 #include "Executable.h"
 #include "JSGlobalObjectFunctions.h"
@@ -870,7 +870,7 @@ EncodedJSValue JSC_HOST_CALL stringProtoFuncMatch(ExecState* exec)
         return JSValue::encode(jsNull());
     }
 
-    return JSValue::encode(constructArray(exec, static_cast<ArrayAllocationProfile*>(0), list));
+    return JSValue::encode(constructArray(exec, list));
 }
 
 EncodedJSValue JSC_HOST_CALL stringProtoFuncSearch(ExecState* exec)
@@ -973,7 +973,7 @@ EncodedJSValue JSC_HOST_CALL stringProtoFuncSplit(ExecState* exec)
 
     // 3. Let A be a new array created as if by the expression new Array()
     //    where Array is the standard built-in constructor with that name.
-    JSArray* result = constructEmptyArray(exec, 0);
+    JSArray* result = constructEmptyArray(exec);
 
     // 4. Let lengthA be 0.
     unsigned resultLength = 0;
@@ -1388,10 +1388,7 @@ EncodedJSValue JSC_HOST_CALL stringProtoFuncFontcolor(ExecState* exec)
         return throwVMTypeError(exec);
     String s = thisValue.toString(exec)->value(exec);
     JSValue a0 = exec->argument(0);
-    String color = a0.toWTFString(exec);
-    color.replaceWithLiteral('"', "&quot;");
-
-    return JSValue::encode(jsMakeNontrivialString(exec, "<font color=\"", color, "\">", s, "</font>"));
+    return JSValue::encode(jsMakeNontrivialString(exec, "<font color=\"", a0.toString(exec)->value(exec), "\">", s, "</font>"));
 }
 
 EncodedJSValue JSC_HOST_CALL stringProtoFuncFontsize(ExecState* exec)
@@ -1436,10 +1433,7 @@ EncodedJSValue JSC_HOST_CALL stringProtoFuncFontsize(ExecState* exec)
         return JSValue::encode(jsNontrivialString(exec, impl));
     }
 
-    String fontSize = a0.toWTFString(exec);
-    fontSize.replaceWithLiteral('"', "&quot;");
-
-    return JSValue::encode(jsMakeNontrivialString(exec, "<font size=\"", fontSize, "\">", s, "</font>"));
+    return JSValue::encode(jsMakeNontrivialString(exec, "<font size=\"", a0.toString(exec)->value(exec), "\">", s, "</font>"));
 }
 
 EncodedJSValue JSC_HOST_CALL stringProtoFuncAnchor(ExecState* exec)
@@ -1449,10 +1443,7 @@ EncodedJSValue JSC_HOST_CALL stringProtoFuncAnchor(ExecState* exec)
         return throwVMTypeError(exec);
     String s = thisValue.toString(exec)->value(exec);
     JSValue a0 = exec->argument(0);
-    String anchor = a0.toWTFString(exec);
-    anchor.replaceWithLiteral('"', "&quot;");
-
-    return JSValue::encode(jsMakeNontrivialString(exec, "<a name=\"", anchor, "\">", s, "</a>"));
+    return JSValue::encode(jsMakeNontrivialString(exec, "<a name=\"", a0.toString(exec)->value(exec), "\">", s, "</a>"));
 }
 
 EncodedJSValue JSC_HOST_CALL stringProtoFuncLink(ExecState* exec)
@@ -1462,8 +1453,7 @@ EncodedJSValue JSC_HOST_CALL stringProtoFuncLink(ExecState* exec)
         return throwVMTypeError(exec);
     String s = thisValue.toString(exec)->value(exec);
     JSValue a0 = exec->argument(0);
-    String linkText = a0.toWTFString(exec);
-    linkText.replaceWithLiteral('"', "&quot;");
+    String linkText = a0.toString(exec)->value(exec);
 
     unsigned linkTextSize = linkText.length();
     unsigned stringSize = s.length();
diff --git a/Source/JavaScriptCore/runtime/Structure.cpp b/Source/JavaScriptCore/runtime/Structure.cpp
index e930c022a..e733c7e23 100644
--- a/Source/JavaScriptCore/runtime/Structure.cpp
+++ b/Source/JavaScriptCore/runtime/Structure.cpp
@@ -543,13 +543,12 @@ Structure* Structure::nonPropertyTransition(JSGlobalData& globalData, Structure*
     unsigned attributes = toAttributes(transitionKind);
     IndexingType indexingType = newIndexingType(structure->indexingTypeIncludingHistory(), transitionKind);
     
-    if (JSGlobalObject* globalObject = structure->m_globalObject.get()) {
-        if (globalObject->isOriginalArrayStructure(structure)) {
-            Structure* result = globalObject->originalArrayStructureForIndexingType(indexingType);
-            if (result->indexingTypeIncludingHistory() == indexingType) {
-                structure->notifyTransitionFromThisStructure();
-                return result;
-            }
+    JSGlobalObject* globalObject = structure->globalObject();
+    if (structure == globalObject->arrayStructure()) {
+        Structure* transition = globalObject->arrayStructureWithArrayStorage();
+        if (transition->indexingTypeIncludingHistory() == indexingType) {
+            structure->notifyTransitionFromThisStructure();
+            return transition;
         }
     }
     
diff --git a/Source/JavaScriptCore/runtime/StructureTransitionTable.h b/Source/JavaScriptCore/runtime/StructureTransitionTable.h
index 5291ed540..3ab7b2014 100644
--- a/Source/JavaScriptCore/runtime/StructureTransitionTable.h
+++ b/Source/JavaScriptCore/runtime/StructureTransitionTable.h
@@ -43,9 +43,6 @@ static const unsigned FirstInternalAttribute = 1 << 6; // Use for transitions th
 // Support for attributes used to indicate transitions not related to properties.
 // If any of these are used, the string portion of the key should be 0.
 enum NonPropertyTransition {
-    AllocateUndecided,
-    AllocateInt32,
-    AllocateDouble,
     AllocateContiguous,
     AllocateArrayStorage,
     AllocateSlowPutArrayStorage,
@@ -61,23 +58,14 @@ inline unsigned toAttributes(NonPropertyTransition transition)
 inline IndexingType newIndexingType(IndexingType oldType, NonPropertyTransition transition)
 {
     switch (transition) {
-    case AllocateUndecided:
-        ASSERT(!hasIndexedProperties(oldType));
-        return oldType | UndecidedShape;
-    case AllocateInt32:
-        ASSERT(!hasIndexedProperties(oldType) || hasUndecided(oldType));
-        return (oldType & ~IndexingShapeMask) | Int32Shape;
-    case AllocateDouble:
-        ASSERT(!hasIndexedProperties(oldType) || hasUndecided(oldType) || hasInt32(oldType));
-        return (oldType & ~IndexingShapeMask) | DoubleShape;
     case AllocateContiguous:
-        ASSERT(!hasIndexedProperties(oldType) || hasUndecided(oldType) || hasInt32(oldType) || hasDouble(oldType));
-        return (oldType & ~IndexingShapeMask) | ContiguousShape;
+        ASSERT(!hasIndexedProperties(oldType));
+        return oldType | ContiguousShape;
     case AllocateArrayStorage:
-        ASSERT(!hasIndexedProperties(oldType) || hasUndecided(oldType) || hasInt32(oldType) || hasDouble(oldType) || hasContiguous(oldType));
+        ASSERT(!hasIndexedProperties(oldType) || hasContiguous(oldType));
         return (oldType & ~IndexingShapeMask) | ArrayStorageShape;
     case AllocateSlowPutArrayStorage:
-        ASSERT(!hasIndexedProperties(oldType) || hasUndecided(oldType) || hasInt32(oldType) || hasDouble(oldType) || hasContiguous(oldType) || hasContiguous(oldType));
+        ASSERT(!hasIndexedProperties(oldType) || hasContiguous(oldType));
         return (oldType & ~IndexingShapeMask) | SlowPutArrayStorageShape;
     case SwitchToSlowPutArrayStorage:
         ASSERT(hasFastArrayStorage(oldType));
diff --git a/Source/WTF/wtf/Platform.h b/Source/WTF/wtf/Platform.h
index 3d148ee0b..0ab8086cc 100644
--- a/Source/WTF/wtf/Platform.h
+++ b/Source/WTF/wtf/Platform.h
@@ -892,7 +892,7 @@
 
 /* The JIT is enabled by default on all x86, x86-64, ARM & MIPS platforms. */
 #if !defined(ENABLE_JIT) \
-    && (CPU(X86) || CPU(X86_64)) \
+    && (CPU(X86) || CPU(X86_64) || CPU(ARM) || CPU(MIPS)) \
     && (OS(DARWIN) || !COMPILER(GCC) || GCC_VERSION_AT_LEAST(4, 1, 0)) \
     && !OS(WINCE) \
     && !OS(QNX)
diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
index 8404ca624..dca59ce3d 100644
--- a/Source/WebCore/ChangeLog
+++ b/Source/WebCore/ChangeLog
@@ -1,1113 +1,3 @@
-2012-11-08  Eugene Klyuchnikov  <eustas.bug@gmail.com>
-
-        Web Inspector: Timeline: "Send Request" events are shown out of order.
-        https://bugs.webkit.org/show_bug.cgi?id=101544
-
-        Reviewed by Yury Semikhatsky.
-
-        Solution: replace obsolete out-of-order record pushing with frontend
-        record reparenting.
-
-        * inspector/InspectorTimelineAgent.cpp:
-        (WebCore::InspectorTimelineAgent::willSendResourceRequest): Replaced
-        direct record pushing with standard appendRecord invokation.
-        * inspector/front-end/TimelinePresentationModel.js:
-        (WebInspector.TimelinePresentationModel.prototype._findParentRecord):
-        Made "Send Request" records top-level if gluing is on.
-
-2012-11-08  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r134010.
-        http://trac.webkit.org/changeset/134010
-        https://bugs.webkit.org/show_bug.cgi?id=101716
-
-        Broke the chromium windows build. (Requested by noel_ on
-        #webkit).
-
-        * Modules/indexeddb/IDBAny.cpp:
-        * Modules/indexeddb/IDBCallbacks.h:
-        * Modules/indexeddb/IDBDatabase.cpp:
-        (WebCore::IDBDatabase::createObjectStore):
-        (WebCore::IDBDatabase::deleteObjectStore):
-        (WebCore::IDBDatabase::transaction):
-        * Modules/indexeddb/IDBDatabase.h:
-        (IDBDatabase):
-        * Modules/indexeddb/IDBDatabaseBackendImpl.cpp:
-        (WebCore::IDBDatabaseBackendImpl::getObjectStoreId):
-        (WebCore):
-        (WebCore::IDBDatabaseBackendImpl::setVersion):
-        (WebCore::IDBDatabaseBackendImpl::transaction):
-        (WebCore::IDBDatabaseBackendImpl::runIntVersionChangeTransaction):
-        * Modules/indexeddb/IDBDatabaseBackendImpl.h:
-        (WebCore::IDBDatabaseBackendImpl::deleteObjectStore):
-        (IDBDatabaseBackendImpl):
-        * Modules/indexeddb/IDBDatabaseBackendInterface.h:
-        (WebCore):
-        (IDBDatabaseBackendInterface):
-        * Modules/indexeddb/IDBMetadata.h:
-        (WebCore::IDBObjectStoreMetadata::containsIndex):
-        (WebCore::IDBDatabaseMetadata::findObjectStore):
-        (IDBDatabaseMetadata):
-        (WebCore::IDBDatabaseMetadata::containsObjectStore):
-        * Modules/indexeddb/IDBObjectStore.cpp:
-        (WebCore::IDBObjectStore::put):
-        (WebCore):
-        (WebCore::IDBObjectStore::createIndex):
-        (WebCore::IDBObjectStore::index):
-        (WebCore::IDBObjectStore::deleteIndex):
-        * Modules/indexeddb/IDBObjectStore.h:
-        (WebCore::IDBObjectStore::openCursor):
-        (IDBObjectStore):
-        * Modules/indexeddb/IDBObjectStoreBackendImpl.cpp:
-        (WebCore::IDBObjectStoreBackendImpl::put):
-        (WebCore::IDBObjectStoreBackendImpl::putWithIndexKeys):
-        (WebCore):
-        (WebCore::IDBObjectStoreBackendImpl::setIndexKeys):
-        (WebCore::IDBObjectStoreBackendImpl::setIndexesReady):
-        (WebCore::IDBObjectStoreBackendImpl::index):
-        (WebCore::IDBObjectStoreBackendImpl::getIndexId):
-        (WebCore::IDBObjectStoreBackendImpl::getIndexIds):
-        (WebCore::IDBObjectStoreBackendImpl::deleteIndex):
-        * Modules/indexeddb/IDBObjectStoreBackendImpl.h:
-        (IDBObjectStoreBackendImpl):
-        * Modules/indexeddb/IDBObjectStoreBackendInterface.h:
-        (WebCore):
-        * Modules/indexeddb/IDBTransaction.cpp:
-        (WebCore::IDBTransaction::objectStore):
-        * Modules/indexeddb/IDBTransactionBackendImpl.cpp:
-        (WebCore::IDBTransactionBackendImpl::objectStore):
-        (WebCore):
-        * Modules/indexeddb/IDBTransactionBackendImpl.h:
-        (IDBTransactionBackendImpl):
-        * Modules/indexeddb/IDBTransactionBackendInterface.h:
-
-2012-11-08  Grzegorz Czajkowski  <g.czajkowski@samsung.com>
-
-        [EFL] Add a method to the TextCheckerEnchant class to check whether any dictionary is loaded
-        https://bugs.webkit.org/show_bug.cgi?id=101570
-
-        Reviewed by Gustavo Noronha Silva.
-
-        Expose a new method to check whether a vector of loaded languages is empty.
-        WK2-EFL needs it to set the default language (if the client didn't set any) when
-        spelling setting is being enabled. This change makes it more convenient to check
-        whether the dictionaries vector is empty.
-
-        No new tests, no behavior change.
-
-        * platform/text/enchant/TextCheckerEnchant.cpp:
-        (TextCheckerEnchant::checkSpellingOfString):
-        (TextCheckerEnchant::getGuessesForWord):
-        (TextCheckerEnchant::loadedSpellCheckingLanguages):
-        A newly exposed method is used internally too.
-
-        * platform/text/enchant/TextCheckerEnchant.h:
-        (WebCore::TextCheckerEnchant::hasDictionary):
-        Add an inline hasDictionary() method.
-
-2012-11-08  Shinya Kawanaka  <shinyak@chromium.org>
-
-        [Refactoring] Remove shadowPseudoId() and use pseudo() instead in TextTrackCue
-        https://bugs.webkit.org/show_bug.cgi?id=101702
-
-        Reviewed by Hajime Morita.
-
-        We're migrating shadowPseudoId() to pseudo(). We remove shadowPseudoId() from TextTrackCue and use
-        setPseudo()/pseudo() instead.
-
-        No new tests, simple refactoring.
-
-        * html/track/TextTrackCue.cpp:
-        (WebCore::TextTrackCueBox::TextTrackCueBox):
-        * html/track/TextTrackCue.h:
-        (TextTrackCueBox):
-
-2012-11-08  Arpita Bahuguna  <arpitabahuguna@gmail.com>
-
-        table not aligned in center column and seems shrunk because of float:right (table-layout: fixed and width: 100%)
-        https://bugs.webkit.org/show_bug.cgi?id=18153
-
-        Reviewed by Beth Dakin.
-
-        Preferred logical width is computed incorrectly for fixed layout tables
-        with 100% percent width, in standards mode.
-
-        According to our fixed table layout algorithm (CSS2 specification - 17.5.2.1)
-        the ultimate width of the table is the greater of the value of the
-        'width' property for the table elements and the sum of the column
-        widths.
-
-        For our specific scenario we have a fixed layout table with 100% width
-        consisting of columns with fixed widths, the sum of which is less than
-        the specified width of the table (i.e. 100% of the containing block).
-        Even then the applied width is the cummulative of the width of the
-        columns.
-
-        This happens because of the quirks mode check added in
-        FixedTableLayout::computePreferredLogicalWidths(), which prohibits the
-        setting of maxWidth to our fixed layout table with percent width, and
-        which perhaps is not required anymore.
-
-        Test: fast/table/fixed-table-layout/table-with-percent-width.html
-
-        * rendering/FixedTableLayout.cpp:
-        (WebCore::FixedTableLayout::computePreferredLogicalWidths):
-        Removed the quirks mode check.
-
-2012-11-08  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r134004.
-        http://trac.webkit.org/changeset/134004
-        https://bugs.webkit.org/show_bug.cgi?id=101713
-
-        multiple crashes (Requested by hayato on #webkit).
-
-        * rendering/RenderThemeMac.mm:
-        (WebCore::RenderThemeMac::adjustMediaSliderThumbSize):
-        (WebCore::RenderThemeMac::paintMediaFullscreenButton):
-        (WebCore::RenderThemeMac::paintMediaMuteButton):
-        (WebCore::RenderThemeMac::paintMediaPlayButton):
-        (WebCore::RenderThemeMac::paintMediaSeekBackButton):
-        (WebCore::RenderThemeMac::paintMediaSeekForwardButton):
-        (WebCore::RenderThemeMac::paintMediaSliderTrack):
-        (WebCore::RenderThemeMac::paintMediaSliderThumb):
-        (WebCore::RenderThemeMac::paintMediaRewindButton):
-        (WebCore::RenderThemeMac::paintMediaReturnToRealtimeButton):
-        (WebCore::RenderThemeMac::paintMediaToggleClosedCaptionsButton):
-        (WebCore::RenderThemeMac::paintMediaControlsBackground):
-        (WebCore::RenderThemeMac::paintMediaCurrentTime):
-        (WebCore::RenderThemeMac::paintMediaTimeRemaining):
-        (WebCore::RenderThemeMac::paintMediaVolumeSliderContainer):
-        (WebCore::RenderThemeMac::paintMediaVolumeSliderTrack):
-        (WebCore::RenderThemeMac::paintMediaVolumeSliderThumb):
-        (WebCore::RenderThemeMac::paintMediaFullScreenVolumeSliderTrack):
-        (WebCore::RenderThemeMac::paintMediaFullScreenVolumeSliderThumb):
-
-2012-11-08  Jan Keromnes  <janx@linux.com>
-
-        Web Inspector: stop using cursorCoords in CodeMirrorTextEditor
-        https://bugs.webkit.org/show_bug.cgi?id=101607
-
-        Reviewed by Vsevolod Vlasov.
-
-        API changes completing migration to v3.
-
-        * inspector/front-end/CodeMirrorTextEditor.js:
-        (WebInspector.CodeMirrorTextEditor):
-        (WebInspector.CodeMirrorTextEditor.prototype.revealLine):
-        (WebInspector.CodeMirrorTextEditor.prototype.selection):
-
-2012-11-08  Alexei Filippov  <alph@chromium.org>
-
-        Web Inspector: make "Other" bar color darker in NMI snapshot.
-        https://bugs.webkit.org/show_bug.cgi?id=101602
-
-        Reviewed by Vsevolod Vlasov.
-
-        * inspector/front-end/NativeMemorySnapshotView.js:
-        (WebInspector.MemoryBlockViewProperties._initialize):
-
-2012-11-08  Alec Flett  <alecflett@chromium.org>
-
-        IndexedDB: switch frontend to use int64_t-based references
-        https://bugs.webkit.org/show_bug.cgi?id=100426
-
-        Reviewed by Tony Chang.
-
-        Remove String-based objectStore/index references, obsoleted by
-        https://bugs.webkit.org/show_bug.cgi?id=100425.
-
-        No new tests as this is the second half of a refactor.
-
-        * Modules/indexeddb/IDBCallbacks.h:
-        * Modules/indexeddb/IDBDatabase.cpp:
-        (WebCore::IDBDatabase::deleteObjectStore):
-        (WebCore::IDBDatabase::transaction):
-        * Modules/indexeddb/IDBDatabaseBackendImpl.cpp:
-        (WebCore::IDBDatabaseBackendImpl::setVersion):
-        (WebCore::IDBDatabaseBackendImpl::transaction):
-        (WebCore::IDBDatabaseBackendImpl::runIntVersionChangeTransaction):
-        * Modules/indexeddb/IDBDatabaseBackendImpl.h:
-        (IDBDatabaseBackendImpl):
-        * Modules/indexeddb/IDBDatabaseBackendInterface.h:
-        (IDBDatabaseBackendInterface):
-        * Modules/indexeddb/IDBMetadata.h:
-        (WebCore::IDBObjectStoreMetadata::findIndex):
-        (IDBObjectStoreMetadata):
-        (WebCore::IDBObjectStoreMetadata::containsIndex):
-        * Modules/indexeddb/IDBObjectStore.cpp:
-        (WebCore::IDBObjectStore::put):
-        (WebCore):
-        (WebCore::IDBObjectStore::index):
-        (WebCore::IDBObjectStore::deleteIndex):
-        * Modules/indexeddb/IDBObjectStoreBackendImpl.cpp:
-        (WebCore::IDBObjectStoreBackendImpl::put):
-        (WebCore):
-        * Modules/indexeddb/IDBObjectStoreBackendImpl.h:
-        (IDBObjectStoreBackendImpl):
-        * Modules/indexeddb/IDBObjectStoreBackendInterface.h:
-        * inspector/Inspector-1.0.json:
-        * inspector/Inspector.json:
-        * inspector/InspectorIndexedDBAgent.cpp:
-        (WebCore):
-        (WebCore::InspectorIndexedDBAgent::requestData):
-        * inspector/InspectorIndexedDBAgent.h:
-        (InspectorIndexedDBAgent):
-
-2012-11-08  Shinya Kawanaka  <shinyak@chromium.org>
-
-        [Refactoring] Expose collectFeaturesFromSelector from RuleSet.cpp
-        https://bugs.webkit.org/show_bug.cgi?id=101692
-
-        Reviewed by Dimitri Glazkov.
-
-        We expose collectFeaturesFromSelector in RuleSet.cpp to use it for collecting ShadowDOM select attribute features.
-
-        No new tests, simple refactoring.
-
-        * css/RuleFeature.cpp:
-        (WebCore::RuleFeatureSet::collectFeaturesFromSelector): Moved from RuleSet.cpp.
-        (WebCore):
-        * css/RuleFeature.h:
-        (WebCore):
-        (RuleFeatureSet):
-        * css/RuleSet.cpp:
-        (WebCore::collectFeaturesFromRuleData):
-
-2012-11-08  Robert Sesek  <rsesek@chromium.org>
-
-        Guard calls to WebKitSystemInterface media control drawing functions in RenderThemeMac with PLATFORM(MAC)
-        https://bugs.webkit.org/show_bug.cgi?id=101634
-
-        Reviewed by Adam Barth.
-
-        No new tests, just disabling unused code in Chromium port.
-
-        * rendering/RenderThemeMac.mm:
-        (WebCore::RenderThemeMac::adjustMediaSliderThumbSize):
-        (WebCore::RenderThemeMac::paintMediaFullscreenButton):
-        (WebCore::RenderThemeMac::paintMediaMuteButton):
-        (WebCore::RenderThemeMac::paintMediaPlayButton):
-        (WebCore::RenderThemeMac::paintMediaSeekBackButton):
-        (WebCore::RenderThemeMac::paintMediaSeekForwardButton):
-        (WebCore::RenderThemeMac::paintMediaSliderTrack):
-        (WebCore::RenderThemeMac::paintMediaSliderThumb):
-        (WebCore::RenderThemeMac::paintMediaRewindButton):
-        (WebCore::RenderThemeMac::paintMediaReturnToRealtimeButton):
-        (WebCore::RenderThemeMac::paintMediaToggleClosedCaptionsButton):
-        (WebCore::RenderThemeMac::paintMediaControlsBackground):
-        (WebCore::RenderThemeMac::paintMediaCurrentTime):
-        (WebCore::RenderThemeMac::paintMediaTimeRemaining):
-        (WebCore::RenderThemeMac::paintMediaVolumeSliderContainer):
-        (WebCore::RenderThemeMac::paintMediaVolumeSliderTrack):
-        (WebCore::RenderThemeMac::paintMediaVolumeSliderThumb):
-        (WebCore::RenderThemeMac::paintMediaFullScreenVolumeSliderTrack):
-        (WebCore::RenderThemeMac::paintMediaFullScreenVolumeSliderThumb):
-
-2012-11-08  Keishi Hattori  <keishi@webkit.org>
-
-        Enable calendar picker for input types week/month
-        https://bugs.webkit.org/show_bug.cgi?id=101553
-
-        Reviewed by Kent Tamura.
-
-        Enabling calendar picker for <input type=week/month>
-
-        No new tests. Tests will be added later in Bug 101556 and Bug 101555.
-
-        * rendering/RenderThemeChromiumCommon.cpp:
-        (WebCore::RenderThemeChromiumCommon::supportsCalendarPicker):
-
-2012-11-08  Robin Cao  <robin.cao@torchmobile.com.cn>
-
-        [BlackBerry] Change the default return value of MediaPlayerPrivate::hasSingleSecurityOrigin
-        https://bugs.webkit.org/show_bug.cgi?id=101681
-
-        Reviewed by George Staikos.
-
-        Since the platform player in BlackBerry disallows resources that come from different origins,
-        so it's safe to directly returns true here.
-
-        * platform/graphics/blackberry/MediaPlayerPrivateBlackBerry.cpp:
-        (WebCore::MediaPlayerPrivate::hasSingleSecurityOrigin):
-
-2012-11-08  Mark Lam  <mark.lam@apple.com>
-
-        Renamed ...InlineMethods.h files to ...Inlines.h.
-        https://bugs.webkit.org/show_bug.cgi?id=101145.
-
-        Reviewed by Geoffrey Garen.
-
-        This is only a refactoring effort to rename the files. There are no
-        functionality changes.
-
-        No new tests.
-
-        * GNUmakefile.list.am:
-        * Target.pri:
-        * WebCore.gypi:
-        * WebCore.vcproj/WebCore.vcproj:
-        * WebCore.xcodeproj/project.pbxproj:
-        * html/parser/HTMLEntityParser.cpp:
-        * html/parser/HTMLTokenizer.cpp:
-        * html/track/WebVTTTokenizer.cpp:
-        * xml/parser/CharacterReferenceParserInlineMethods.h: Removed.
-        * xml/parser/CharacterReferenceParserInlines.h: Copied from Source/WebCore/xml/parser/CharacterReferenceParserInlineMethods.h.
-        * xml/parser/MarkupTokenizerInlineMethods.h: Removed.
-        * xml/parser/MarkupTokenizerInlines.h: Copied from Source/WebCore/xml/parser/MarkupTokenizerInlineMethods.h.
-        * xml/parser/XMLCharacterReferenceParser.cpp:
-        * xml/parser/XMLTokenizer.cpp:
-
-2012-11-08  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r133984.
-        http://trac.webkit.org/changeset/133984
-        https://bugs.webkit.org/show_bug.cgi?id=101684
-
-        windows build error. (Requested by hayato on #webkit).
-
-        * Modules/indexeddb/IDBCallbacks.h:
-        * Modules/indexeddb/IDBDatabase.cpp:
-        (WebCore::IDBDatabase::createObjectStore):
-        (WebCore::IDBDatabase::deleteObjectStore):
-        (WebCore::IDBDatabase::transaction):
-        * Modules/indexeddb/IDBDatabase.h:
-        (IDBDatabase):
-        * Modules/indexeddb/IDBDatabaseBackendImpl.cpp:
-        (WebCore::IDBDatabaseBackendImpl::getObjectStoreId):
-        (WebCore):
-        (WebCore::IDBDatabaseBackendImpl::setVersion):
-        (WebCore::IDBDatabaseBackendImpl::transaction):
-        (WebCore::IDBDatabaseBackendImpl::runIntVersionChangeTransaction):
-        * Modules/indexeddb/IDBDatabaseBackendImpl.h:
-        (WebCore::IDBDatabaseBackendImpl::deleteObjectStore):
-        (IDBDatabaseBackendImpl):
-        * Modules/indexeddb/IDBDatabaseBackendInterface.h:
-        (IDBDatabaseBackendInterface):
-        * Modules/indexeddb/IDBMetadata.h:
-        (WebCore::IDBObjectStoreMetadata::containsIndex):
-        (WebCore::IDBDatabaseMetadata::findObjectStore):
-        (IDBDatabaseMetadata):
-        (WebCore::IDBDatabaseMetadata::containsObjectStore):
-        * Modules/indexeddb/IDBObjectStore.cpp:
-        (WebCore::IDBObjectStore::put):
-        (WebCore):
-        (WebCore::IDBObjectStore::createIndex):
-        (WebCore::IDBObjectStore::index):
-        (WebCore::IDBObjectStore::deleteIndex):
-        * Modules/indexeddb/IDBObjectStore.h:
-        (WebCore::IDBObjectStore::openCursor):
-        (IDBObjectStore):
-        * Modules/indexeddb/IDBObjectStoreBackendImpl.cpp:
-        (WebCore::IDBObjectStoreBackendImpl::put):
-        (WebCore::IDBObjectStoreBackendImpl::putWithIndexKeys):
-        (WebCore):
-        (WebCore::IDBObjectStoreBackendImpl::setIndexKeys):
-        (WebCore::IDBObjectStoreBackendImpl::setIndexesReady):
-        (WebCore::IDBObjectStoreBackendImpl::index):
-        (WebCore::IDBObjectStoreBackendImpl::getIndexId):
-        (WebCore::IDBObjectStoreBackendImpl::getIndexIds):
-        (WebCore::IDBObjectStoreBackendImpl::deleteIndex):
-        * Modules/indexeddb/IDBObjectStoreBackendImpl.h:
-        (IDBObjectStoreBackendImpl):
-        * Modules/indexeddb/IDBObjectStoreBackendInterface.h:
-        * Modules/indexeddb/IDBTransaction.cpp:
-        (WebCore::IDBTransaction::objectStore):
-        * Modules/indexeddb/IDBTransactionBackendImpl.cpp:
-        (WebCore::IDBTransactionBackendImpl::objectStore):
-        (WebCore):
-        * Modules/indexeddb/IDBTransactionBackendImpl.h:
-        (IDBTransactionBackendImpl):
-        * Modules/indexeddb/IDBTransactionBackendInterface.h:
-
-2012-11-08  Shinya Kawanaka  <shinyak@chromium.org>
-
-        HTMLContentElement should preserve parsed CSSSelectorList
-        https://bugs.webkit.org/show_bug.cgi?id=101543
-
-        Reviewed by Dimitri Glazkov.
-
-        We would like to preserve CSSSelectorList for select attribute of HTMLContentElement.
-
-        Before, we parsed and validated select attribute every time distribution happens. If we preserve the parsed
-        CSSSelectorList, we can reduce distribution time.
-
-        This is also a prepration patch for Bug 101180. It also needs the parsed CSSSelectorList. We don't want to
-        parse and validate it again.
-
-        No new tests, covered by exising tests.
-
-        * html/shadow/ContentSelectorQuery.cpp:
-        (WebCore::ContentSelectorQuery::ContentSelectorQuery): We don't parse select attribute here anymore.
-        if it's already parsed.
-        (WebCore::ContentSelectorQuery::matches):
-        * html/shadow/ContentSelectorQuery.h:
-        (ContentSelectorQuery):
-        * html/shadow/HTMLContentElement.cpp:
-        (WebCore::HTMLContentElement::HTMLContentElement):
-        (WebCore::HTMLContentElement::isSelectValid):
-        (WebCore::HTMLContentElement::ensureSelectParsed): If we don't have parsed the current select attribute,
-        we parse and validate it.
-        (WebCore::HTMLContentElement::parseAttribute): When select attribute is changed, we have to have a flag enabled
-        to parse select attrite again.
-        (WebCore::validateSubSelector): Moved from ContentSelectorQuery.
-        (WebCore):
-        (WebCore::validateSelector): Moved from ContentSelectorQuery.
-        (WebCore::HTMLContentElement::validateSelect):
-        * html/shadow/HTMLContentElement.h:
-        (HTMLContentElement):
-        (WebCore::HTMLContentElement::setSelect):
-        (WebCore):
-        (WebCore::HTMLContentElement::selectorList):
-        * html/shadow/HTMLShadowElement.cpp:
-        (WebCore::HTMLShadowElement::emptySelectorList):
-        (WebCore):
-        * html/shadow/HTMLShadowElement.h:
-        (HTMLShadowElement):
-        (WebCore::HTMLShadowElement::selectorList):
-        * html/shadow/InsertionPoint.h:
-        (InsertionPoint):
-
-2012-11-08  Alec Flett  <alecflett@chromium.org>
-
-        IndexedDB: switch frontend to use int64_t-based references
-        https://bugs.webkit.org/show_bug.cgi?id=100426
-
-        Reviewed by Tony Chang.
-
-        Remove String-based objectStore/index references, obsoleted by
-        https://bugs.webkit.org/show_bug.cgi?id=100425.
-
-        No new tests as this is the second half of a refactor.
-
-        * Modules/indexeddb/IDBCallbacks.h:
-        * Modules/indexeddb/IDBDatabase.cpp:
-        (WebCore::IDBDatabase::deleteObjectStore):
-        (WebCore::IDBDatabase::transaction):
-        * Modules/indexeddb/IDBDatabaseBackendImpl.cpp:
-        (WebCore::IDBDatabaseBackendImpl::setVersion):
-        (WebCore::IDBDatabaseBackendImpl::transaction):
-        (WebCore::IDBDatabaseBackendImpl::runIntVersionChangeTransaction):
-        * Modules/indexeddb/IDBDatabaseBackendImpl.h:
-        (IDBDatabaseBackendImpl):
-        * Modules/indexeddb/IDBDatabaseBackendInterface.h:
-        (IDBDatabaseBackendInterface):
-        * Modules/indexeddb/IDBMetadata.h:
-        (WebCore::IDBObjectStoreMetadata::findIndex):
-        (IDBObjectStoreMetadata):
-        (WebCore::IDBObjectStoreMetadata::containsIndex):
-        * Modules/indexeddb/IDBObjectStore.cpp:
-        (WebCore::IDBObjectStore::put):
-        (WebCore):
-        (WebCore::IDBObjectStore::index):
-        (WebCore::IDBObjectStore::deleteIndex):
-        * Modules/indexeddb/IDBObjectStoreBackendImpl.cpp:
-        (WebCore::IDBObjectStoreBackendImpl::put):
-        (WebCore):
-        * Modules/indexeddb/IDBObjectStoreBackendImpl.h:
-        (IDBObjectStoreBackendImpl):
-        * Modules/indexeddb/IDBObjectStoreBackendInterface.h:
-        * inspector/Inspector-1.0.json:
-        * inspector/Inspector.json:
-        * inspector/InspectorIndexedDBAgent.cpp:
-        (WebCore):
-        (WebCore::InspectorIndexedDBAgent::requestData):
-        * inspector/InspectorIndexedDBAgent.h:
-        (InspectorIndexedDBAgent):
-
-2012-11-08  Kenichi Ishibashi  <bashi@chromium.org>
-
-        [Chromium] Arabic digits should appear left-to-right
-        https://bugs.webkit.org/show_bug.cgi?id=101440
-
-        Reviewed by Tony Chang.
-
-        Call hb_buffer_set_direction() to set direction when drawing glyphs or
-        direction should be overridden. Leave direction setting to HarfBuzz when
-        WebKit is calculating widths because the direction is LTR by default while
-        calculating widths.  Set script before shaping so that HarfBuzz can estimate
-        appropriate direction.
-
-        Test: fast/text/international/arabic-digits.html
-
-        * platform/graphics/harfbuzz/ng/HarfBuzzShaper.cpp:
-        (WebCore::HarfBuzzShaper::HarfBuzzRun::HarfBuzzRun):
-        Add m_script. This holds the script of the run.
-        (WebCore::HarfBuzzShaper::shape):
-        Tell shapeHarfBuzzRuns() to set direction when drawing glyphs or
-        direction should be overridden.
-        (WebCore::HarfBuzzShaper::collectHarfBuzzRuns):
-        Set script of HarfBuzzRuns.
-        (WebCore::HarfBuzzShaper::shapeHarfBuzzRuns):
-        Add an argument that indicates it should set direction.
-        * platform/graphics/harfbuzz/ng/HarfBuzzShaper.h:
-        (WebCore::HarfBuzzShaper::HarfBuzzRun::create):
-        (WebCore::HarfBuzzShaper::HarfBuzzRun::rtl):
-        (WebCore::HarfBuzzShaper::HarfBuzzRun::script):
-        (HarfBuzzRun):
-        (HarfBuzzShaper):
-
-2012-11-08  Huang Dongsung  <luxtella@company100.net>
-
-        [TexMap] Remove contentsLayer() in GraphicsLayerTextureMapper.
-        https://bugs.webkit.org/show_bug.cgi?id=101658
-
-        Reviewed by Noam Rosenthal.
-
-        GraphicsLayerTextureMapper::contentsLayer() is duplicated to
-        GraphicsLayer::platformLayer(), so we remove it.
-
-        No new tests, this is just a refactor.
-
-        * platform/graphics/texmap/GraphicsLayerTextureMapper.h:
-        (WebCore::GraphicsLayerTextureMapper::platformLayer):
-        * platform/graphics/texmap/TextureMapperLayer.cpp:
-        (WebCore::TextureMapperLayer::flushCompositingStateSelf):
-
-2012-11-08  Benjamin Poulain  <benjamin@webkit.org>
-
-        Improve the use of AtomicString with literals
-        https://bugs.webkit.org/show_bug.cgi?id=101298
-
-        Reviewed by Darin Adler.
-
-        Fix a bunch of cases of AtomicString with literals:
-        -Do not create temporary AtomicString to perform a comparison, that is very wasteful.
-        -Use the ConstructFromLiteral constructor whenever it makes sense.
-        -Make "x-frame-options" static instead of creating it for each response.
-        -Use ASCIILiteral() instead of AtomicString() in EventHandler, the function takes a String,
-         not an AtomicString.
-
-        * Modules/battery/BatteryController.cpp:
-        (WebCore::BatteryController::supplementName):
-        * Modules/battery/NavigatorBattery.cpp:
-        (WebCore::NavigatorBattery::from):
-        * Modules/filesystem/chromium/DraggedIsolatedFileSystem.cpp:
-        (WebCore::DraggedIsolatedFileSystem::supplementName):
-        * Modules/gamepad/NavigatorGamepad.cpp:
-        (WebCore::NavigatorGamepad::from):
-        * Modules/geolocation/GeolocationController.cpp:
-        (WebCore::GeolocationController::supplementName):
-        * Modules/geolocation/NavigatorGeolocation.cpp:
-        (WebCore::NavigatorGeolocation::from):
-        * Modules/indexeddb/DOMWindowIndexedDatabase.cpp:
-        (WebCore::DOMWindowIndexedDatabase::from):
-        * Modules/indexeddb/IDBCursor.cpp:
-        (WebCore::IDBCursor::directionNext):
-        (WebCore::IDBCursor::directionNextUnique):
-        (WebCore::IDBCursor::directionPrev):
-        (WebCore::IDBCursor::directionPrevUnique):
-        * Modules/indexeddb/IDBRequest.cpp:
-        (WebCore::IDBRequest::readyState):
-        * Modules/indexeddb/IDBTransaction.cpp:
-        (WebCore::IDBTransaction::modeReadOnly):
-        (WebCore::IDBTransaction::modeReadWrite):
-        (WebCore::IDBTransaction::modeVersionChange):
-        (WebCore::IDBTransaction::modeReadOnlyLegacy):
-        (WebCore::IDBTransaction::modeReadWriteLegacy):
-        * Modules/indexeddb/PageGroupIndexedDatabase.cpp:
-        (WebCore::PageGroupIndexedDatabase::from):
-        * Modules/intents/DOMWindowIntents.cpp:
-        (WebCore::DOMWindowIntents::from):
-        * Modules/mediastream/UserMediaController.cpp:
-        (WebCore::UserMediaController::supplementName):
-        * Modules/navigatorcontentutils/NavigatorContentUtils.cpp:
-        (WebCore::NavigatorContentUtils::supplementName):
-        * Modules/networkinfo/NavigatorNetworkInfoConnection.cpp:
-        (WebCore::NavigatorNetworkInfoConnection::from):
-        * Modules/networkinfo/NetworkInfoController.cpp:
-        (WebCore::NetworkInfoController::supplementName):
-        * Modules/notifications/DOMWindowNotifications.cpp:
-        (WebCore::DOMWindowNotifications::from):
-        * Modules/notifications/NotificationController.cpp:
-        (WebCore::NotificationController::supplementName):
-        * Modules/quota/DOMWindowQuota.cpp:
-        (WebCore::DOMWindowQuota::from):
-        * Modules/speech/SpeechRecognitionController.cpp:
-        (WebCore::SpeechRecognitionController::supplementName):
-        * Modules/vibration/Vibration.cpp:
-        (WebCore::Vibration::supplementName):
-        * accessibility/AccessibilityObject.cpp:
-        (WebCore::AccessibilityObject::invalidStatus):
-        * accessibility/AccessibilityRenderObject.cpp:
-        (WebCore::AccessibilityRenderObject::ariaLiveRegionStatus):
-        (WebCore::AccessibilityRenderObject::ariaLiveRegionRelevant):
-        * bindings/v8/custom/V8DOMWindowCustom.cpp:
-        (WebCore::V8DOMWindow::namedSecurityCheck):
-        * bindings/v8/custom/V8NodeListCustom.cpp:
-        (WebCore::V8NodeList::namedPropertyGetter):
-        * dom/ContextFeatures.cpp:
-        (WebCore::ContextFeatures::supplementName):
-        * dom/DeviceMotionController.cpp:
-        (WebCore::DeviceMotionController::supplementName):
-        * dom/DeviceOrientationController.cpp:
-        (WebCore::DeviceOrientationController::supplementName):
-        * dom/Element.cpp:
-        (WebCore::Element::webkitRegionOverset):
-        * dom/MutationRecord.cpp:
-        * html/FileInputType.cpp:
-        (WebCore::UploadButtonElement::shadowPseudoId):
-        * html/FormController.cpp:
-        (WebCore::SavedFormState::getReferencedFilePaths):
-        (WebCore::FormKeyGenerator::formKey):
-        * html/HTMLButtonElement.cpp:
-        (WebCore::HTMLButtonElement::formControlType):
-        * html/HTMLDetailsElement.cpp:
-        (WebCore::summaryQuerySelector):
-        * html/HTMLFieldSetElement.cpp:
-        (WebCore::HTMLFieldSetElement::formControlType):
-        * html/HTMLKeygenElement.cpp:
-        (WebCore::KeygenSelectElement::shadowPseudoId):
-        (WebCore::HTMLKeygenElement::formControlType):
-        * html/HTMLOptGroupElement.cpp:
-        (WebCore::HTMLOptGroupElement::formControlType):
-        * html/HTMLOutputElement.cpp:
-        (WebCore::HTMLOutputElement::formControlType):
-        * html/HTMLSelectElement.cpp:
-        (WebCore::HTMLSelectElement::formControlType):
-        * html/HTMLTextAreaElement.cpp:
-        (WebCore::HTMLTextAreaElement::formControlType):
-        * html/HTMLTextFormControlElement.cpp:
-        (WebCore::directionString):
-        * html/shadow/DateTimeEditElement.cpp:
-        (WebCore::DateTimeEditElement::DateTimeEditElement):
-        * html/shadow/DateTimeFieldElements.cpp:
-        (WebCore::DateTimeAMPMFieldElement::create):
-        (WebCore::DateTimeDayFieldElement::create):
-        (WebCore::DateTimeHourFieldElement::create):
-        (WebCore::DateTimeMillisecondFieldElement::create):
-        (WebCore::DateTimeMinuteFieldElement::create):
-        (WebCore::DateTimeMonthFieldElement::create):
-        (WebCore::DateTimeSecondFieldElement::create):
-        (WebCore::DateTimeSymbolicMonthFieldElement::create):
-        (WebCore::DateTimeWeekFieldElement::create):
-        (WebCore::DateTimeYearFieldElement::create):
-        * html/shadow/DetailsMarkerControl.cpp:
-        (WebCore::DetailsMarkerControl::shadowPseudoId):
-        * html/shadow/ImageInnerElement.cpp:
-        (WebCore::ImageInnerElement::shadowPseudoId):
-        * html/shadow/MediaControlElements.cpp:
-        (WebCore::MediaControlPanelElement::shadowPseudoId):
-        (WebCore::MediaControlTimelineContainerElement::shadowPseudoId):
-        (WebCore::MediaControlVolumeSliderContainerElement::shadowPseudoId):
-        (WebCore::MediaControlStatusDisplayElement::shadowPseudoId):
-        (WebCore::MediaControlPanelMuteButtonElement::shadowPseudoId):
-        (WebCore::MediaControlVolumeSliderMuteButtonElement::shadowPseudoId):
-        (WebCore::MediaControlPlayButtonElement::shadowPseudoId):
-        (WebCore::MediaControlOverlayPlayButtonElement::shadowPseudoId):
-        (WebCore::MediaControlSeekForwardButtonElement::shadowPseudoId):
-        (WebCore::MediaControlSeekBackButtonElement::shadowPseudoId):
-        (WebCore::MediaControlRewindButtonElement::shadowPseudoId):
-        (WebCore::MediaControlReturnToRealtimeButtonElement::shadowPseudoId):
-        (WebCore::MediaControlToggleClosedCaptionsButtonElement::shadowPseudoId):
-        (WebCore::MediaControlTimelineElement::shadowPseudoId):
-        (WebCore::MediaControlVolumeSliderElement::shadowPseudoId):
-        (WebCore::MediaControlFullscreenVolumeSliderElement::shadowPseudoId):
-        (WebCore::MediaControlFullscreenButtonElement::shadowPseudoId):
-        (WebCore::MediaControlFullscreenVolumeMinButtonElement::shadowPseudoId):
-        (WebCore::MediaControlFullscreenVolumeMaxButtonElement::shadowPseudoId):
-        (WebCore::MediaControlTimeRemainingDisplayElement::shadowPseudoId):
-        (WebCore::MediaControlCurrentTimeDisplayElement::shadowPseudoId):
-        (WebCore::MediaControlTextTrackContainerElement::shadowPseudoId):
-        * html/shadow/MediaControlRootElement.cpp:
-        (WebCore::MediaControlRootElement::shadowPseudoId):
-        * html/shadow/MediaControlRootElementChromium.cpp:
-        (WebCore::MediaControlPanelEnclosureElement::shadowPseudoId):
-        (WebCore::MediaControlRootElementChromium::shadowPseudoId):
-        * html/shadow/MediaControlRootElementChromiumAndroid.cpp:
-        (WebCore::MediaControlOverlayEnclosureElement::shadowPseudoId):
-        * html/shadow/MeterShadowElement.cpp:
-        (WebCore::MeterInnerElement::shadowPseudoId):
-        (WebCore::MeterBarElement::shadowPseudoId):
-        (WebCore::MeterValueElement::shadowPseudoId):
-        * html/shadow/ProgressShadowElement.cpp:
-        (WebCore::ProgressInnerElement::shadowPseudoId):
-        (WebCore::ProgressBarElement::shadowPseudoId):
-        (WebCore::ProgressValueElement::shadowPseudoId):
-        * html/shadow/SliderThumbElement.cpp:
-        (WebCore::sliderThumbShadowPseudoId):
-        (WebCore::mediaSliderThumbShadowPseudoId):
-        (WebCore::SliderContainerElement::shadowPseudoId):
-        * html/shadow/SpinButtonElement.cpp:
-        (WebCore::SpinButtonElement::shadowPseudoId):
-        * html/shadow/TextControlInnerElements.cpp:
-        (WebCore::SearchFieldResultsButtonElement::shadowPseudoId):
-        (WebCore::SearchFieldCancelButtonElement::shadowPseudoId):
-        (WebCore::InputFieldSpeechButtonElement::shadowPseudoId):
-        * html/track/TextTrackCue.cpp:
-        (WebCore::TextTrackCueBox::textTrackCueBoxShadowPseudoId):
-        * loader/CrossOriginAccessControl.cpp:
-        (WebCore::passesAccessControlCheck):
-        * loader/MainResourceLoader.cpp:
-        (WebCore::MainResourceLoader::didReceiveResponse):
-        * loader/PrerendererClient.cpp:
-        (WebCore::PrerendererClient::supplementName):
-        * loader/cache/CachedResource.cpp:
-        (WebCore::CachedResource::updateResponseAfterRevalidation):
-        * page/DOMWindowPagePopup.cpp:
-        (WebCore::DOMWindowPagePopup::supplementName):
-        * page/EventHandler.cpp:
-        (WebCore::EventHandler::handlePasteGlobalSelection):
-        (WebCore::focusDirectionForKey):
-        * page/SpeechInput.cpp:
-        (WebCore::SpeechInput::supplementName):
-        * page/animation/CompositeAnimation.cpp:
-        (WebCore::CompositeAnimation::updateKeyframeAnimations):
-        * platform/graphics/FontCache.cpp:
-        (WebCore::alternateFamilyName):
-        * platform/graphics/MediaPlayer.cpp:
-        (WebCore::applicationOctetStream):
-        (WebCore::textPlain):
-        (WebCore::codecs):
-        * platform/graphics/chromium/FontCacheAndroid.cpp:
-        (WebCore::FontCache::getLastResortFallbackFont):
-        * platform/graphics/filters/SourceAlpha.cpp:
-        (WebCore::SourceAlpha::effectName):
-        * platform/graphics/filters/SourceGraphic.cpp:
-        (WebCore::SourceGraphic::effectName):
-        * platform/graphics/mac/FontCacheMac.mm:
-        (WebCore::FontCache::getSimilarFontPlatformData):
-        (WebCore::FontCache::getLastResortFallbackFont):
-        * platform/graphics/skia/FontCacheSkia.cpp:
-        (WebCore::FontCache::getLastResortFallbackFont):
-        * platform/graphics/win/FontCacheWin.cpp:
-        (WebCore::FontCache::getLastResortFallbackFont):
-        * platform/graphics/wx/FontCacheWx.cpp:
-        (WebCore::FontCache::getSimilarFontPlatformData):
-        * platform/network/ResourceResponseBase.cpp:
-        (WebCore::ResourceResponseBase::setHTTPHeaderField):
-        (WebCore::ResourceResponseBase::parseCacheControlDirectives):
-        (WebCore::ResourceResponseBase::hasCacheValidatorFields):
-        (WebCore::ResourceResponseBase::date):
-        (WebCore::ResourceResponseBase::age):
-        (WebCore::ResourceResponseBase::expires):
-        (WebCore::ResourceResponseBase::lastModified):
-        (WebCore::ResourceResponseBase::isAttachment):
-        * rendering/RenderTextControlMultiLine.cpp:
-        (WebCore::RenderTextControlMultiLine::getAvgCharWidth):
-        * rendering/RenderTextControlSingleLine.cpp:
-        (WebCore::RenderTextControlSingleLine::getAvgCharWidth):
-        (WebCore::RenderTextControlSingleLine::preferredContentWidth):
-        * svg/SVGAnimateColorElement.cpp:
-        (WebCore::attributeValueIsCurrentColor):
-        * svg/SVGAnimateMotionElement.cpp:
-        (WebCore::SVGAnimateMotionElement::rotateMode):
-        * svg/SVGAnimationElement.cpp:
-        (WebCore::SVGAnimationElement::setCalcMode):
-        (WebCore::SVGAnimationElement::setAttributeType):
-        (WebCore::SVGAnimationElement::isAdditive):
-        (WebCore::SVGAnimationElement::isAccumulated):
-        (WebCore::inheritsFromProperty):
-        * svg/SVGFEConvolveMatrixElement.cpp:
-        (WebCore::SVGFEConvolveMatrixElement::kernelUnitLengthXIdentifier):
-        (WebCore::SVGFEConvolveMatrixElement::kernelUnitLengthYIdentifier):
-        (WebCore::SVGFEConvolveMatrixElement::orderXIdentifier):
-        (WebCore::SVGFEConvolveMatrixElement::orderYIdentifier):
-        * svg/SVGFEDiffuseLightingElement.cpp:
-        (WebCore::SVGFEDiffuseLightingElement::kernelUnitLengthXIdentifier):
-        (WebCore::SVGFEDiffuseLightingElement::kernelUnitLengthYIdentifier):
-        * svg/SVGFEDropShadowElement.cpp:
-        (WebCore::SVGFEDropShadowElement::stdDeviationXIdentifier):
-        (WebCore::SVGFEDropShadowElement::stdDeviationYIdentifier):
-        * svg/SVGFEGaussianBlurElement.cpp:
-        (WebCore::SVGFEGaussianBlurElement::stdDeviationXIdentifier):
-        (WebCore::SVGFEGaussianBlurElement::stdDeviationYIdentifier):
-        * svg/SVGFEMorphologyElement.cpp:
-        (WebCore::SVGFEMorphologyElement::radiusXIdentifier):
-        (WebCore::SVGFEMorphologyElement::radiusYIdentifier):
-        * svg/SVGFESpecularLightingElement.cpp:
-        (WebCore::SVGFESpecularLightingElement::kernelUnitLengthXIdentifier):
-        (WebCore::SVGFESpecularLightingElement::kernelUnitLengthYIdentifier):
-        * svg/SVGFETurbulenceElement.cpp:
-        (WebCore::SVGFETurbulenceElement::baseFrequencyXIdentifier):
-        (WebCore::SVGFETurbulenceElement::baseFrequencyYIdentifier):
-        * svg/SVGFilterElement.cpp:
-        (WebCore::SVGFilterElement::filterResXIdentifier):
-        (WebCore::SVGFilterElement::filterResYIdentifier):
-        * svg/SVGLangSpace.cpp:
-        (WebCore::SVGLangSpace::xmlspace):
-        (WebCore::SVGLangSpace::addSupportedAttributes):
-        * svg/SVGMarkerElement.cpp:
-        (WebCore::SVGMarkerElement::orientTypeIdentifier):
-        (WebCore::SVGMarkerElement::orientAngleIdentifier):
-        (WebCore::SVGMarkerElement::synchronizeOrientType):
-        * svg/SVGSVGElement.cpp:
-        (WebCore::SVGSVGElement::contentScriptType):
-        (WebCore::SVGSVGElement::contentStyleType):
-        * svg/SVGStyleElement.cpp:
-        (WebCore::SVGStyleElement::type):
-        (WebCore::SVGStyleElement::media):
-        * svg/SVGTextContentElement.cpp:
-        (WebCore::SVGTextContentElement::collectStyleForAttribute):
-        * svg/SVGViewSpec.cpp:
-        (WebCore::SVGViewSpec::viewBoxIdentifier):
-        (WebCore::SVGViewSpec::preserveAspectRatioIdentifier):
-        (WebCore::SVGViewSpec::transformIdentifier):
-        * svg/animation/SVGSMILElement.cpp:
-        (WebCore::SVGSMILElement::parseClockValue):
-        (WebCore::SVGSMILElement::restart):
-        (WebCore::SVGSMILElement::fill):
-        (WebCore::SVGSMILElement::repeatCount):
-        * testing/InternalSettings.cpp:
-        (WebCore::InternalSettings::from):
-        * xml/parser/XMLTreeBuilder.cpp:
-        (WebCore::XMLTreeBuilder::processDOCTYPE):
-        (WebCore::XMLTreeBuilder::processXMLEntity):
-
-2012-11-08  Beth Dakin  <bdakin@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=101644
-        Fixed header on Facebook news feed becomes detached from top of 
-        viewport after rubber band scrolling
-        -and corresponding-
-        <rdar://problem/12651944>
-
-        Reviewed by Simon Fraser.
-
-        There is code to handle this for non-threaded scrolling on FrameView. 
-        This patch moves most of that code into a convenience function on 
-        ScrollingCoordinator.
-
-        Have FrameView::scrollOffsetForFixedPosition() call 
-        WebCore::scrollOffsetForFixedPosition() with all the right 
-        parameters.
-        * page/FrameView.cpp:
-        (WebCore::FrameView::scrollOffsetForFixedPosition):
-
-        Here's where all the math happens.
-        * page/scrolling/ScrollingCoordinator.cpp:
-        (WebCore::fixedPositionScrollOffset):
-        (WebCore::scrollOffsetForFixedPosition):
-
-        The viewportRect in these three places needs to have the 
-        adjusted-for-fixed offset.
-        (WebCore::ScrollingCoordinator::updateMainFrameScrollPosition):
-        * page/scrolling/mac/ScrollingTreeScrollingNodeMac.mm:
-        (WebCore::ScrollingTreeScrollingNodeMac::setScrollLayerPosition):
-        * rendering/RenderLayerCompositor.cpp:
-        (WebCore::RenderLayerCompositor::computeFixedViewportConstraints):
-
-2012-11-08  Alpha Lam  <hclam@chromium.org>
-
-        [chromium] Deferred image decoding fails with image orientation
-        https://bugs.webkit.org/show_bug.cgi?id=101648
-
-        Reviewed by Stephen White.
-
-        When an image is deferred save the orientation state. Once this state
-        is cached it can be used to reply future queries since this state is
-        static.
-
-        No new tests but platform/chromium/virtual/deferred/fast/images/image-orientation.html is passing now.
-
-        * platform/graphics/chromium/DeferredImageDecoder.cpp:
-        (WebCore::DeferredImageDecoder::DeferredImageDecoder):
-        (WebCore::DeferredImageDecoder::frameBufferAtIndex):
-        (WebCore::DeferredImageDecoder::orientation):
-        * platform/graphics/chromium/DeferredImageDecoder.h:
-        (DeferredImageDecoder):
-
-2012-11-08  Andreas Kling  <kling@webkit.org>
-
-        DocumentLoader: Shrink-to-fit the ResourceResponse vector after loading completes.
-        <http://webkit.org/b/101657>
-
-        Reviewed by Anders Carlsson.
-
-        Shrink DocumentLoader::m_responses to exact size when we stop adding responses to it,
-        as we know it won't grow after that.
-
-        520kB progression on Membuster3.
-
-        * loader/DocumentLoader.cpp:
-        (WebCore::DocumentLoader::stopRecordingResponses):
-
-2012-11-08  Hans Muller  <hmuller@adobe.com>
-
-        [CSS Exclusions] Polygon with horizontal bottom edges returns incorrect segments
-        https://bugs.webkit.org/show_bug.cgi?id=100874
-
-        Reviewed by Dirk Schulze.
-
-        Revised the way that computeXIntersections() handles intersections with horizotal polygon edges.
-        Deciding if a vertex intersection corresponds to a polygon "edge crossing", i.e. a change from inside
-        to outside or outside to inside, now depends on which side of the horizontal line the function's
-        y parameter corresponds to. If the y corresponds to the top of the line, then isaMinY the parameter
-        is true, and an intersection with a horizontal edge is only considered to be an edge crossing if
-        if the inside of the polygon is just below the horizontal edge.  When isMinY is false then the inside
-        of the polygon must be just above the horizontal edge.
-
-        Tests: fast/exclusions/shape-inside/shape-inside-rectilinear-polygon-003.html
-               fast/exclusions/shape-inside/shape-inside-rectilinear-polygon-004.html
-
-        * rendering/ExclusionPolygon.cpp:
-        (WebCore::getVertexIntersectionVertices): Corrected two cases where the next/previous vertex was determined incorrectly.
-        (WebCore::ExclusionPolygon::computeXIntersections): Added a bool isMinY parameter which specifies if the y parameter corresponds to the top or bottom a horizontal line.
-        (WebCore::ExclusionPolygon::getExcludedIntervals): Added the new computeXIntersections() parameter.
-        (WebCore::ExclusionPolygon::getIncludedIntervals): Ditto.
-        * rendering/ExclusionPolygon.h:
-        (WebCore::ExclusionPolygonEdge::previousEdge): Corrected the previousEdge() function.
-
-2012-11-08  Otto Derek Cheung  <otcheung@rim.com>
-
-        [BlackBerry] Disable cookies on file://
-        https://bugs.webkit.org/show_bug.cgi?id=101646
-
-        Reviewed by Rob Buis.
-
-        Disabling cookies on file and local in the browser app.
-
-        PR 239779
-
-        Tested by trying to set and retrieve cookies on WI while browsing
-        files on the file scheme.
-
-        * platform/blackberry/CookieManager.cpp:
-        (WebCore):
-        (WebCore::shouldIgnoreScheme):
-        (WebCore::CookieManager::getRawCookies):
-        (WebCore::CookieManager::checkAndTreatCookie):
-
-2012-11-08  Joshua Bell  <jsbell@chromium.org>
-
-        Expose snapshots in platform/leveldb wrapper API
-        https://bugs.webkit.org/show_bug.cgi?id=100786
-
-        Reviewed by Tony Chang.
-
-        Expose leveldb "snapshots" in the LevelDB API. A snapshot lets you observe the database
-        as it was when the snapshot was taken. This can be used to implement parallel transactions,
-        e.g. where a read transaction won't see updates made by a later write transaction.
-
-        Tests: webkit_unit_tests --gtest_filter='LevelDBDatabaseTest.Transaction*'
-
-        * platform/leveldb/LevelDBDatabase.cpp:
-        (WebCore::LevelDBSnapshot::LevelDBSnapshot): New (but for now internal-only) wrapper type.
-        (WebCore):
-        (WebCore::LevelDBSnapshot::~LevelDBSnapshot): Release the leveldb::Snapshot.
-        (WebCore::LevelDBDatabase::get): Optional snapshot argument, for use by transactions.
-        (WebCore::LevelDBDatabase::createIterator): Ditto.
-        * platform/leveldb/LevelDBDatabase.h:
-        (leveldb):
-        (WebCore):
-        (LevelDBSnapshot):
-        (LevelDBDatabase):
-        * platform/leveldb/LevelDBTransaction.cpp:
-        (WebCore::LevelDBTransaction::LevelDBTransaction): Initialize a snapshot.
-        (WebCore::LevelDBTransaction::get):
-        (WebCore::LevelDBTransaction::TransactionIterator::TransactionIterator):
-        * platform/leveldb/LevelDBTransaction.h:
-        (LevelDBTransaction):
-
-2012-11-08  Brady Eidson  <beidson@apple.com>
-
-        Have NetworkProcess do the actual loading of subresources.
-        https://bugs.webkit.org/show_bug.cgi?id=101640
-
-        Reviewed by Alexey Proskuryakov.
-
-        No new tests (No change in behavior in any configuration we test.)
-
-        * WebCore.exp.in:
-        * loader/ResourceBuffer.h: Virtualize a few methods for ports to override.
-
-2012-11-08  Huang Dongsung  <luxtella@company100.net>
-
-        Coordinated Graphics: Remove an invisible TiledBackingStore of CoordinatedGraphicsLayer.
-        https://bugs.webkit.org/show_bug.cgi?id=101424
-
-        Reviewed by Noam Rosenthal.
-
-        This patch adds ASSERT to TextureMapperLayer while fixing this bug in
-        WebKit2.
-
-        * platform/graphics/texmap/TextureMapperLayer.cpp:
-        (WebCore::TextureMapperLayer::paintSelf):
-
-2012-11-08  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r133945.
-        http://trac.webkit.org/changeset/133945
-        https://bugs.webkit.org/show_bug.cgi?id=101645
-
-        Numerous layout and unit test failures (Requested by
-        jsbell|gardener on #webkit).
-
-        * bindings/scripts/CodeGeneratorV8.pm:
-        (GenerateHeader):
-        * bindings/scripts/test/V8/V8Float64Array.h:
-        (WebCore::V8Float64Array::toNative):
-        * bindings/scripts/test/V8/V8TestActiveDOMObject.h:
-        (WebCore::V8TestActiveDOMObject::toNative):
-        * bindings/scripts/test/V8/V8TestCustomNamedGetter.h:
-        (WebCore::V8TestCustomNamedGetter::toNative):
-        * bindings/scripts/test/V8/V8TestEventConstructor.h:
-        (WebCore::V8TestEventConstructor::toNative):
-        * bindings/scripts/test/V8/V8TestEventTarget.h:
-        (WebCore::V8TestEventTarget::toNative):
-        * bindings/scripts/test/V8/V8TestException.h:
-        (WebCore::V8TestException::toNative):
-        * bindings/scripts/test/V8/V8TestInterface.h:
-        (WebCore::V8TestInterface::toNative):
-        * bindings/scripts/test/V8/V8TestMediaQueryListListener.h:
-        (WebCore::V8TestMediaQueryListListener::toNative):
-        * bindings/scripts/test/V8/V8TestNamedConstructor.h:
-        (WebCore::V8TestNamedConstructor::toNative):
-        * bindings/scripts/test/V8/V8TestNode.h:
-        (WebCore::V8TestNode::toNative):
-        * bindings/scripts/test/V8/V8TestObj.h:
-        (WebCore::V8TestObj::toNative):
-        * bindings/scripts/test/V8/V8TestSerializedScriptValueInterface.h:
-        (WebCore::V8TestSerializedScriptValueInterface::toNative):
-        * bindings/v8/NPV8Object.cpp:
-        (WebCore::v8ObjectToNPObject):
-        (WebCore::npCreateV8ScriptObject):
-        * bindings/v8/V8Collection.h:
-        (WebCore::toNativeCollection):
-        * bindings/v8/V8DOMWindowShell.cpp:
-        (WebCore::setIsolatedWorldField):
-        (WebCore::V8DOMWindowShell::enteredIsolatedWorldContext):
-        * bindings/v8/V8DOMWrapper.cpp:
-        (WebCore::V8DOMWrapper::isWrapperOfType):
-        * bindings/v8/V8DOMWrapper.h:
-        (WebCore::V8DOMWrapper::setDOMWrapper):
-        (WebCore::V8DOMWrapper::clearDOMWrapper):
-        * bindings/v8/WrapperTypeInfo.h:
-        (WebCore::toNative):
-        (WebCore::toWrapperTypeInfo):
-
-2012-11-01  Filip Pizlo  <fpizlo@apple.com>
-
-        JSC should infer when indexed storage contains only integers or doubles
-        https://bugs.webkit.org/show_bug.cgi?id=98606
-
-        Reviewed by Oliver Hunt.
-
-        Just refactoring WebCore to pass 0 for the ArrayAllocationProfile*.
-
-        * bindings/js/JSCanvasRenderingContext2DCustom.cpp:
-        (WebCore::JSCanvasRenderingContext2D::webkitLineDash):
-        * bindings/js/JSClipboardCustom.cpp:
-        (WebCore::JSClipboard::types):
-        * bindings/js/JSDOMBinding.cpp:
-        (WebCore::jsArray):
-        * bindings/js/JSDOMBinding.h:
-        (WebCore::jsArray):
-        * bindings/js/JSInjectedScriptHostCustom.cpp:
-        (WebCore::getJSListenerFunctions):
-        * bindings/js/JSJavaScriptCallFrameCustom.cpp:
-        (WebCore::JSJavaScriptCallFrame::scopeChain):
-        * bindings/js/JSMessageEventCustom.cpp:
-        (WebCore::JSMessageEvent::ports):
-        * bindings/js/JSMutationCallbackCustom.cpp:
-        (WebCore::JSMutationCallback::handleEvent):
-        * bindings/js/JSWebGLRenderingContextCustom.cpp:
-        (WebCore::toJS):
-        (WebCore::JSWebGLRenderingContext::getAttachedShaders):
-        (WebCore::JSWebGLRenderingContext::getSupportedExtensions):
-        * bindings/js/SerializedScriptValue.cpp:
-        (WebCore::CloneDeserializer::deserialize):
-
 2012-11-08  Tiancheng Jiang  <tijiang@rim.com>
 
         [BlackBerry] Update BB10 date input form.
diff --git a/Source/WebCore/GNUmakefile.list.am b/Source/WebCore/GNUmakefile.list.am
index 3df9dd910..fa6bb12cc 100644
--- a/Source/WebCore/GNUmakefile.list.am
+++ b/Source/WebCore/GNUmakefile.list.am
@@ -5824,10 +5824,10 @@ webcore_sources += \
 	Source/WebCore/workers/WorkerScriptLoader.h \
 	Source/WebCore/workers/WorkerThread.cpp \
 	Source/WebCore/workers/WorkerThread.h \
-	Source/WebCore/xml/parser/CharacterReferenceParserInlines.h \
+	Source/WebCore/xml/parser/CharacterReferenceParserInlineMethods.h \
 	Source/WebCore/xml/parser/MarkupTokenBase.h \
 	Source/WebCore/xml/parser/MarkupTokenizerBase.h \
-	Source/WebCore/xml/parser/MarkupTokenizerInlines.h \
+	Source/WebCore/xml/parser/MarkupTokenizerInlineMethods.h \
 	Source/WebCore/xml/parser/NewXMLDocumentParser.cpp \
 	Source/WebCore/xml/parser/NewXMLDocumentParser.h \
 	Source/WebCore/xml/parser/XMLCharacterReferenceParser.cpp \
diff --git a/Source/WebCore/Modules/battery/BatteryController.cpp b/Source/WebCore/Modules/battery/BatteryController.cpp
index 390f24834..c342e5b38 100644
--- a/Source/WebCore/Modules/battery/BatteryController.cpp
+++ b/Source/WebCore/Modules/battery/BatteryController.cpp
@@ -91,7 +91,7 @@ void BatteryController::didChangeBatteryStatus(const AtomicString& eventType, Pa
 
 const AtomicString& BatteryController::supplementName()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, name, ("BatteryController", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, name, ("BatteryController"));
     return name;
 }
 
diff --git a/Source/WebCore/Modules/battery/NavigatorBattery.cpp b/Source/WebCore/Modules/battery/NavigatorBattery.cpp
index 73d892e83..0790602b6 100644
--- a/Source/WebCore/Modules/battery/NavigatorBattery.cpp
+++ b/Source/WebCore/Modules/battery/NavigatorBattery.cpp
@@ -50,7 +50,7 @@ BatteryManager* NavigatorBattery::webkitBattery(Navigator* navigator)
 
 NavigatorBattery* NavigatorBattery::from(Navigator* navigator)
 {
-    DEFINE_STATIC_LOCAL(AtomicString, name, ("NavigatorBattery", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, name, ("NavigatorBattery"));
     NavigatorBattery* supplement = static_cast<NavigatorBattery*>(Supplement<Navigator>::from(navigator, name));
     if (!supplement) {
         supplement = new NavigatorBattery();
diff --git a/Source/WebCore/Modules/filesystem/chromium/DraggedIsolatedFileSystem.cpp b/Source/WebCore/Modules/filesystem/chromium/DraggedIsolatedFileSystem.cpp
index 91bea3e57..eb3eb632d 100644
--- a/Source/WebCore/Modules/filesystem/chromium/DraggedIsolatedFileSystem.cpp
+++ b/Source/WebCore/Modules/filesystem/chromium/DraggedIsolatedFileSystem.cpp
@@ -59,7 +59,7 @@ DOMFileSystem* DraggedIsolatedFileSystem::getDOMFileSystem(ScriptExecutionContex
 const AtomicString& DraggedIsolatedFileSystem::supplementName()
 {
     ASSERT(isMainThread());
-    DEFINE_STATIC_LOCAL(AtomicString, name, ("DraggedIsolatedFileSystem", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, name, ("DraggedIsolatedFileSystem"));
     return name;
 }
 
diff --git a/Source/WebCore/Modules/gamepad/NavigatorGamepad.cpp b/Source/WebCore/Modules/gamepad/NavigatorGamepad.cpp
index 8648f0b5a..462d3d5b9 100644
--- a/Source/WebCore/Modules/gamepad/NavigatorGamepad.cpp
+++ b/Source/WebCore/Modules/gamepad/NavigatorGamepad.cpp
@@ -45,7 +45,7 @@ NavigatorGamepad::~NavigatorGamepad()
 
 NavigatorGamepad* NavigatorGamepad::from(Navigator* navigator)
 {
-    DEFINE_STATIC_LOCAL(AtomicString, name, ("NavigatorGamepad", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, name, ("NavigatorGamepad"));
     NavigatorGamepad* supplement = static_cast<NavigatorGamepad*>(Supplement<Navigator>::from(navigator, name));
     if (!supplement) {
         supplement = new NavigatorGamepad();
diff --git a/Source/WebCore/Modules/geolocation/GeolocationController.cpp b/Source/WebCore/Modules/geolocation/GeolocationController.cpp
index 3e50ae9cd..7abf83181 100644
--- a/Source/WebCore/Modules/geolocation/GeolocationController.cpp
+++ b/Source/WebCore/Modules/geolocation/GeolocationController.cpp
@@ -134,7 +134,7 @@ GeolocationPosition* GeolocationController::lastPosition()
 
 const AtomicString& GeolocationController::supplementName()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, name, ("GeolocationController", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, name, ("GeolocationController"));
     return name;
 }
 
diff --git a/Source/WebCore/Modules/geolocation/NavigatorGeolocation.cpp b/Source/WebCore/Modules/geolocation/NavigatorGeolocation.cpp
index b7c24bb28..da0ebf54a 100644
--- a/Source/WebCore/Modules/geolocation/NavigatorGeolocation.cpp
+++ b/Source/WebCore/Modules/geolocation/NavigatorGeolocation.cpp
@@ -44,7 +44,7 @@ NavigatorGeolocation::~NavigatorGeolocation()
 
 NavigatorGeolocation* NavigatorGeolocation::from(Navigator* navigator)
 {
-    DEFINE_STATIC_LOCAL(AtomicString, name, ("NavigatorGeolocation", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, name, ("NavigatorGeolocation"));
     NavigatorGeolocation* supplement = static_cast<NavigatorGeolocation*>(Supplement<Navigator>::from(navigator, name));
     if (!supplement) {
         supplement = new NavigatorGeolocation(navigator->frame());
diff --git a/Source/WebCore/Modules/indexeddb/DOMWindowIndexedDatabase.cpp b/Source/WebCore/Modules/indexeddb/DOMWindowIndexedDatabase.cpp
index 8db5e9dda..168028b63 100644
--- a/Source/WebCore/Modules/indexeddb/DOMWindowIndexedDatabase.cpp
+++ b/Source/WebCore/Modules/indexeddb/DOMWindowIndexedDatabase.cpp
@@ -49,7 +49,7 @@ DOMWindowIndexedDatabase::~DOMWindowIndexedDatabase()
 
 DOMWindowIndexedDatabase* DOMWindowIndexedDatabase::from(DOMWindow* window)
 {
-    DEFINE_STATIC_LOCAL(AtomicString, name, ("DOMWindowIndexedDatabase", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, name, ("DOMWindowIndexedDatabase"));
     DOMWindowIndexedDatabase* supplement = static_cast<DOMWindowIndexedDatabase*>(Supplement<DOMWindow>::from(window, name));
     if (!supplement) {
         supplement = new DOMWindowIndexedDatabase(window);
diff --git a/Source/WebCore/Modules/indexeddb/IDBCursor.cpp b/Source/WebCore/Modules/indexeddb/IDBCursor.cpp
index beb01c462..a69d4c3f1 100644
--- a/Source/WebCore/Modules/indexeddb/IDBCursor.cpp
+++ b/Source/WebCore/Modules/indexeddb/IDBCursor.cpp
@@ -50,25 +50,25 @@ PassRefPtr<IDBCursor> IDBCursor::create(PassRefPtr<IDBCursorBackendInterface> ba
 
 const AtomicString& IDBCursor::directionNext()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, next, ("next", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, next, ("next"));
     return next;
 }
 
 const AtomicString& IDBCursor::directionNextUnique()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, nextunique, ("nextunique", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, nextunique, ("nextunique"));
     return nextunique;
 }
 
 const AtomicString& IDBCursor::directionPrev()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, prev, ("prev", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, prev, ("prev"));
     return prev;
 }
 
 const AtomicString& IDBCursor::directionPrevUnique()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, prevunique, ("prevunique", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, prevunique, ("prevunique"));
     return prevunique;
 }
 
diff --git a/Source/WebCore/Modules/indexeddb/IDBRequest.cpp b/Source/WebCore/Modules/indexeddb/IDBRequest.cpp
index ce8aaa372..7046a24da 100644
--- a/Source/WebCore/Modules/indexeddb/IDBRequest.cpp
+++ b/Source/WebCore/Modules/indexeddb/IDBRequest.cpp
@@ -142,8 +142,8 @@ PassRefPtr<IDBTransaction> IDBRequest::transaction() const
 const String& IDBRequest::readyState() const
 {
     ASSERT(m_readyState == PENDING || m_readyState == DONE);
-    DEFINE_STATIC_LOCAL(AtomicString, pending, ("pending", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(AtomicString, done, ("done", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, pending, ("pending"));
+    DEFINE_STATIC_LOCAL(AtomicString, done, ("done"));
 
     if (m_readyState == PENDING)
         return pending;
diff --git a/Source/WebCore/Modules/indexeddb/IDBTransaction.cpp b/Source/WebCore/Modules/indexeddb/IDBTransaction.cpp
index 5d8ac5fca..47005c3b7 100644
--- a/Source/WebCore/Modules/indexeddb/IDBTransaction.cpp
+++ b/Source/WebCore/Modules/indexeddb/IDBTransaction.cpp
@@ -59,31 +59,31 @@ PassRefPtr<IDBTransaction> IDBTransaction::create(ScriptExecutionContext* contex
 
 const AtomicString& IDBTransaction::modeReadOnly()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, readonly, ("readonly", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, readonly, ("readonly"));
     return readonly;
 }
 
 const AtomicString& IDBTransaction::modeReadWrite()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, readwrite, ("readwrite", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, readwrite, ("readwrite"));
     return readwrite;
 }
 
 const AtomicString& IDBTransaction::modeVersionChange()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, versionchange, ("versionchange", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, versionchange, ("versionchange"));
     return versionchange;
 }
 
 const AtomicString& IDBTransaction::modeReadOnlyLegacy()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, readonly, ("0", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, readonly, ("0"));
     return readonly;
 }
 
 const AtomicString& IDBTransaction::modeReadWriteLegacy()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, readwrite, ("1", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, readwrite, ("1"));
     return readwrite;
 }
 
diff --git a/Source/WebCore/Modules/indexeddb/PageGroupIndexedDatabase.cpp b/Source/WebCore/Modules/indexeddb/PageGroupIndexedDatabase.cpp
index ad3d59658..5803fc0c5 100644
--- a/Source/WebCore/Modules/indexeddb/PageGroupIndexedDatabase.cpp
+++ b/Source/WebCore/Modules/indexeddb/PageGroupIndexedDatabase.cpp
@@ -43,7 +43,7 @@ PageGroupIndexedDatabase::~PageGroupIndexedDatabase()
 
 PageGroupIndexedDatabase* PageGroupIndexedDatabase::from(PageGroup& group)
 {
-    DEFINE_STATIC_LOCAL(AtomicString, name, ("PageGroupIndexedDatabase", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, name, ("PageGroupIndexedDatabase"));
     PageGroupIndexedDatabase* supplement = static_cast<PageGroupIndexedDatabase*>(Supplement<PageGroup>::from(&group, name));
     if (!supplement) {
         supplement = new PageGroupIndexedDatabase();
diff --git a/Source/WebCore/Modules/intents/DOMWindowIntents.cpp b/Source/WebCore/Modules/intents/DOMWindowIntents.cpp
index 7addb0610..b89fefe2a 100644
--- a/Source/WebCore/Modules/intents/DOMWindowIntents.cpp
+++ b/Source/WebCore/Modules/intents/DOMWindowIntents.cpp
@@ -46,7 +46,7 @@ DOMWindowIntents::~DOMWindowIntents()
 DOMWindowIntents* DOMWindowIntents::from(DOMWindow* window)
 {
     ASSERT(window);
-    DEFINE_STATIC_LOCAL(AtomicString, name, ("DOMWindowIntents", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, name, ("DOMWindowIntents"));
     DOMWindowIntents* supplement = static_cast<DOMWindowIntents*>(Supplement<DOMWindow>::from(window, name));
     if (!supplement) {
         supplement = new DOMWindowIntents(window);
diff --git a/Source/WebCore/Modules/mediastream/UserMediaController.cpp b/Source/WebCore/Modules/mediastream/UserMediaController.cpp
index 69bf014d0..3077d411b 100644
--- a/Source/WebCore/Modules/mediastream/UserMediaController.cpp
+++ b/Source/WebCore/Modules/mediastream/UserMediaController.cpp
@@ -31,7 +31,7 @@ namespace WebCore {
 
 const AtomicString& UserMediaController::supplementName()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, name, ("UserMediaController", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, name, ("UserMediaController"));
     return name;
 }
 
diff --git a/Source/WebCore/Modules/navigatorcontentutils/NavigatorContentUtils.cpp b/Source/WebCore/Modules/navigatorcontentutils/NavigatorContentUtils.cpp
index e8dd49339..0bc7f12c2 100644
--- a/Source/WebCore/Modules/navigatorcontentutils/NavigatorContentUtils.cpp
+++ b/Source/WebCore/Modules/navigatorcontentutils/NavigatorContentUtils.cpp
@@ -203,7 +203,7 @@ void NavigatorContentUtils::unregisterProtocolHandler(Navigator* navigator, cons
 
 const AtomicString& NavigatorContentUtils::supplementName()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, name, ("NavigatorContentUtils", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, name, ("NavigatorContentUtils"));
     return name;
 }
 
diff --git a/Source/WebCore/Modules/networkinfo/NavigatorNetworkInfoConnection.cpp b/Source/WebCore/Modules/networkinfo/NavigatorNetworkInfoConnection.cpp
index fd7697175..c226d747f 100644
--- a/Source/WebCore/Modules/networkinfo/NavigatorNetworkInfoConnection.cpp
+++ b/Source/WebCore/Modules/networkinfo/NavigatorNetworkInfoConnection.cpp
@@ -45,7 +45,7 @@ NavigatorNetworkInfoConnection::~NavigatorNetworkInfoConnection()
 
 NavigatorNetworkInfoConnection* NavigatorNetworkInfoConnection::from(Navigator* navigator)
 {
-    DEFINE_STATIC_LOCAL(AtomicString, name, ("NavigatorNetworkInfoConnection", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, name, ("NavigatorNetworkInfoConnection"));
     NavigatorNetworkInfoConnection* supplement = static_cast<NavigatorNetworkInfoConnection*>(Supplement<Navigator>::from(navigator, name));
     if (!supplement) {
         supplement = new NavigatorNetworkInfoConnection();
diff --git a/Source/WebCore/Modules/networkinfo/NetworkInfoController.cpp b/Source/WebCore/Modules/networkinfo/NetworkInfoController.cpp
index e70671ae8..aa695ec1c 100644
--- a/Source/WebCore/Modules/networkinfo/NetworkInfoController.cpp
+++ b/Source/WebCore/Modules/networkinfo/NetworkInfoController.cpp
@@ -77,7 +77,7 @@ void NetworkInfoController::didChangeNetworkInformation(const AtomicString& even
 
 const AtomicString& NetworkInfoController::supplementName()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, name, ("NetworkInfoController", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, name, ("NetworkInfoController"));
     return name;
 }
 
diff --git a/Source/WebCore/Modules/notifications/DOMWindowNotifications.cpp b/Source/WebCore/Modules/notifications/DOMWindowNotifications.cpp
index 4c556de16..40173ee75 100644
--- a/Source/WebCore/Modules/notifications/DOMWindowNotifications.cpp
+++ b/Source/WebCore/Modules/notifications/DOMWindowNotifications.cpp
@@ -49,7 +49,7 @@ DOMWindowNotifications::~DOMWindowNotifications()
 
 DOMWindowNotifications* DOMWindowNotifications::from(DOMWindow* window)
 {
-    DEFINE_STATIC_LOCAL(AtomicString, supplementName, ("DOMWindowNotifications", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, supplementName, ("DOMWindowNotifications"));
     DOMWindowNotifications* supplement = static_cast<DOMWindowNotifications*>(Supplement<DOMWindow>::from(window, supplementName));
     if (!supplement) {
         supplement = new DOMWindowNotifications(window);
diff --git a/Source/WebCore/Modules/notifications/NotificationController.cpp b/Source/WebCore/Modules/notifications/NotificationController.cpp
index 0dc197369..9bbd9bf3c 100644
--- a/Source/WebCore/Modules/notifications/NotificationController.cpp
+++ b/Source/WebCore/Modules/notifications/NotificationController.cpp
@@ -58,7 +58,7 @@ NotificationClient* NotificationController::clientFrom(Page* page)
 
 const AtomicString& NotificationController::supplementName()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, name, ("NotificationController", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, name, ("NotificationController"));
     return name;
 }
 
diff --git a/Source/WebCore/Modules/quota/DOMWindowQuota.cpp b/Source/WebCore/Modules/quota/DOMWindowQuota.cpp
index f6e28926d..65fe82490 100644
--- a/Source/WebCore/Modules/quota/DOMWindowQuota.cpp
+++ b/Source/WebCore/Modules/quota/DOMWindowQuota.cpp
@@ -51,7 +51,7 @@ DOMWindowQuota::~DOMWindowQuota()
 // static
 DOMWindowQuota* DOMWindowQuota::from(DOMWindow* window)
 {
-    DEFINE_STATIC_LOCAL(AtomicString, name, ("DOMWindowQuota", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, name, ("DOMWindowQuota"));
     DOMWindowQuota* supplement = static_cast<DOMWindowQuota*>(Supplement<DOMWindow>::from(window, name));
     if (!supplement) {
         supplement = new DOMWindowQuota(window);
diff --git a/Source/WebCore/Modules/speech/SpeechRecognitionController.cpp b/Source/WebCore/Modules/speech/SpeechRecognitionController.cpp
index 5148110a0..d4bcc85fe 100644
--- a/Source/WebCore/Modules/speech/SpeechRecognitionController.cpp
+++ b/Source/WebCore/Modules/speech/SpeechRecognitionController.cpp
@@ -32,7 +32,7 @@ namespace WebCore {
 
 const AtomicString& SpeechRecognitionController::supplementName()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, name, ("SpeechRecognitionController", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, name, ("SpeechRecognitionController"));
     return name;
 }
 
diff --git a/Source/WebCore/Modules/vibration/Vibration.cpp b/Source/WebCore/Modules/vibration/Vibration.cpp
index 936f7768d..2a531fddd 100644
--- a/Source/WebCore/Modules/vibration/Vibration.cpp
+++ b/Source/WebCore/Modules/vibration/Vibration.cpp
@@ -128,7 +128,7 @@ void Vibration::timerStopFired(Timer<Vibration>* timer)
 
 const AtomicString& Vibration::supplementName()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, name, ("Vibration", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, name, ("Vibration"));
     return name;
 }
 
diff --git a/Source/WebCore/Target.pri b/Source/WebCore/Target.pri
index 74665e1a9..3bd4619ee 100644
--- a/Source/WebCore/Target.pri
+++ b/Source/WebCore/Target.pri
@@ -2736,10 +2736,10 @@ HEADERS += \
     workers/WorkerRunLoop.h \
     workers/WorkerScriptLoader.h \
     workers/WorkerThread.h \
-    xml/parser/CharacterReferenceParserInlines.h \
+    xml/parser/CharacterReferenceParserInlineMethods.h \
     xml/parser/MarkupTokenBase.h \
     xml/parser/MarkupTokenizerBase.h \
-    xml/parser/MarkupTokenizerInlines.h \
+    xml/parser/MarkupTokenizerInlineMethods.h \
     xml/parser/NewXMLDocumentParser.h \
     xml/parser/XMLCharacterReferenceParser.h \
     xml/parser/XMLDocumentParser.h \
diff --git a/Source/WebCore/WebCore.exp.in b/Source/WebCore/WebCore.exp.in
index a5f2367ab..b6871852f 100644
--- a/Source/WebCore/WebCore.exp.in
+++ b/Source/WebCore/WebCore.exp.in
@@ -273,16 +273,10 @@ __ZN7WebCore9FrameView17setTracksRepaintsEb
 __ZN7WebCore9FrameView20resetTrackedRepaintsEv
 __ZN7WebCore14PluginDocument12pluginWidgetEv
 __ZN7WebCore14ResourceBuffer12createNSDataEv
-__ZN7WebCore14ResourceBuffer6appendEPKcj
-__ZN7WebCore14ResourceBufferC1EPKci
-__ZN7WebCore14ResourceBufferC1Ev
-__ZN7WebCore14ResourceBufferC2Ev
 __ZN7WebCore14ResourceBufferD1Ev
-__ZN7WebCore14ResourceBufferD2Ev
 __ZN7WebCore14ResourceHandle20forceContentSniffingEv
 __ZN7WebCore14ResourceHandle26synchronousLoadRunLoopModeEv
 __ZN7WebCore14ResourceHandle35createPrivateBrowsingStorageSessionEPK10__CFString
-__ZN7WebCore14ResourceHandle6createEPNS_17NetworkingContextERKNS_15ResourceRequestEPNS_20ResourceHandleClientEbb
 __ZN7WebCore14ResourceLoader13setIdentifierEm
 __ZN7WebCore14ResourceLoader14cancelledErrorEv
 __ZN7WebCore14SchemeRegistry24registerURLSchemeAsLocalERKN3WTF6StringE
@@ -1250,7 +1244,6 @@ __ZNK7WebCore14InsertionPoint8isActiveEv
 __ZNK7WebCore14RenderListItem10markerTextEv
 __ZNK7WebCore14ResourceBuffer4dataEv
 __ZNK7WebCore14ResourceBuffer4sizeEv
-__ZNK7WebCore14ResourceBuffer7isEmptyEv
 __ZNK7WebCore14ResourceHandle10connectionEv
 __ZNK7WebCore14ResourceLoader11frameLoaderEv
 __ZNK7WebCore14ScrollableArea14scrollAnimatorEv
diff --git a/Source/WebCore/WebCore.gypi b/Source/WebCore/WebCore.gypi
index 8bd1fc4cd..9e75c8d8b 100644
--- a/Source/WebCore/WebCore.gypi
+++ b/Source/WebCore/WebCore.gypi
@@ -3670,10 +3670,10 @@
             'workers/WorkerScriptLoader.h',
             'workers/WorkerScriptLoaderClient.h',
             'workers/WorkerThread.cpp',
-            'xml/parser/CharacterReferenceParserInlines.h',
+            'xml/parser/CharacterReferenceParserInlineMethods.h',
             'xml/parser/MarkupTokenBase.h',
             'xml/parser/MarkupTokenizerBase.h',
-            'xml/parser/MarkupTokenizerInlines.h',
+            'xml/parser/MarkupTokenizerInlineMethods.h',
             'xml/parser/NewXMLDocumentParser.cpp',
             'xml/parser/NewXMLDocumentParser.h',
             'xml/parser/XMLCharacterReferenceParser.cpp',
diff --git a/Source/WebCore/WebCore.vcproj/WebCore.vcproj b/Source/WebCore/WebCore.vcproj/WebCore.vcproj
index f1a4cf163..5b69c1561 100755
--- a/Source/WebCore/WebCore.vcproj/WebCore.vcproj
+++ b/Source/WebCore/WebCore.vcproj/WebCore.vcproj
@@ -48398,7 +48398,7 @@
 				Name="parser"
 				>
 				<File
-					RelativePath="..\xml\parser\CharacterReferenceInlines.h"
+					RelativePath="..\xml\parser\CharacterReferenceInlineMethods.h"
 					>
 				</File>
 				<File
@@ -48410,7 +48410,7 @@
 					>
 				</File>
 				<File
-					RelativePath="..\xml\parser\MarkupTokenizerInlines.h"
+					RelativePath="..\xml\parser\MarkupTokenizerInlineMethods.h"
 					>
 				</File>
 				<File
diff --git a/Source/WebCore/WebCore.xcodeproj/project.pbxproj b/Source/WebCore/WebCore.xcodeproj/project.pbxproj
index 18933264b..41e9af371 100644
--- a/Source/WebCore/WebCore.xcodeproj/project.pbxproj
+++ b/Source/WebCore/WebCore.xcodeproj/project.pbxproj
@@ -45,7 +45,7 @@
 /* End PBXAggregateTarget section */
 
 /* Begin PBXBuildFile section */
-		00022E6913CE1BBA00282D5B /* CharacterReferenceParserInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = 00022E6813CE1BBA00282D5B /* CharacterReferenceParserInlines.h */; };
+		00022E6913CE1BBA00282D5B /* CharacterReferenceParserInlineMethods.h in Headers */ = {isa = PBXBuildFile; fileRef = 00022E6813CE1BBA00282D5B /* CharacterReferenceParserInlineMethods.h */; };
 		0002EC5813C3F67D00040D47 /* XMLToken.h in Headers */ = {isa = PBXBuildFile; fileRef = 0002EC5513C3F67D00040D47 /* XMLToken.h */; };
 		0002EC5913C3F67D00040D47 /* XMLTokenizer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0002EC5613C3F67D00040D47 /* XMLTokenizer.cpp */; };
 		0002EC5A13C3F67D00040D47 /* XMLTokenizer.h in Headers */ = {isa = PBXBuildFile; fileRef = 0002EC5713C3F67D00040D47 /* XMLTokenizer.h */; };
@@ -60,7 +60,7 @@
 		00B9318913BA8DBC0035A948 /* XMLDocumentParserLibxml2.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 00B9318313BA867F0035A948 /* XMLDocumentParserLibxml2.cpp */; };
 		00B9318B13BA8DC90035A948 /* XMLDocumentParserScope.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 00B9318513BA867F0035A948 /* XMLDocumentParserScope.cpp */; };
 		00B9318C13BA8DCC0035A948 /* XMLDocumentParserScope.h in Headers */ = {isa = PBXBuildFile; fileRef = 00B9318613BA867F0035A948 /* XMLDocumentParserScope.h */; };
-		00C60E3F13D76D7E0092A275 /* MarkupTokenizerInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = 00C60E3E13D76D7E0092A275 /* MarkupTokenizerInlines.h */; };
+		00C60E3F13D76D7E0092A275 /* MarkupTokenizerInlineMethods.h in Headers */ = {isa = PBXBuildFile; fileRef = 00C60E3E13D76D7E0092A275 /* MarkupTokenizerInlineMethods.h */; };
 		00C60E4213D797AE0092A275 /* MarkupTokenizerBase.h in Headers */ = {isa = PBXBuildFile; fileRef = 00C60E4113D797AE0092A275 /* MarkupTokenizerBase.h */; };
 		00CA93B213C6691600F7FE95 /* NewXMLDocumentParser.h in Headers */ = {isa = PBXBuildFile; fileRef = 00CA93B113C6691600F7FE95 /* NewXMLDocumentParser.h */; };
 		00CA93B513C6697C00F7FE95 /* NewXMLDocumentParser.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 00CA93B413C6697C00F7FE95 /* NewXMLDocumentParser.cpp */; };
@@ -7094,7 +7094,7 @@
 /* End PBXCopyFilesBuildPhase section */
 
 /* Begin PBXFileReference section */
-		00022E6813CE1BBA00282D5B /* CharacterReferenceParserInlines.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CharacterReferenceParserInlines.h; sourceTree = "<group>"; };
+		00022E6813CE1BBA00282D5B /* CharacterReferenceParserInlineMethods.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CharacterReferenceParserInlineMethods.h; sourceTree = "<group>"; };
 		0002EC5513C3F67D00040D47 /* XMLToken.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = XMLToken.h; sourceTree = "<group>"; };
 		0002EC5613C3F67D00040D47 /* XMLTokenizer.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = XMLTokenizer.cpp; sourceTree = "<group>"; };
 		0002EC5713C3F67D00040D47 /* XMLTokenizer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = XMLTokenizer.h; sourceTree = "<group>"; };
@@ -7109,7 +7109,7 @@
 		00B9318313BA867F0035A948 /* XMLDocumentParserLibxml2.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = XMLDocumentParserLibxml2.cpp; sourceTree = "<group>"; };
 		00B9318513BA867F0035A948 /* XMLDocumentParserScope.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = XMLDocumentParserScope.cpp; sourceTree = "<group>"; };
 		00B9318613BA867F0035A948 /* XMLDocumentParserScope.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = XMLDocumentParserScope.h; sourceTree = "<group>"; };
-		00C60E3E13D76D7E0092A275 /* MarkupTokenizerInlines.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MarkupTokenizerInlines.h; sourceTree = "<group>"; };
+		00C60E3E13D76D7E0092A275 /* MarkupTokenizerInlineMethods.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MarkupTokenizerInlineMethods.h; sourceTree = "<group>"; };
 		00C60E4113D797AE0092A275 /* MarkupTokenizerBase.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MarkupTokenizerBase.h; sourceTree = "<group>"; };
 		00CA93B113C6691600F7FE95 /* NewXMLDocumentParser.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = NewXMLDocumentParser.h; sourceTree = "<group>"; };
 		00CA93B413C6697C00F7FE95 /* NewXMLDocumentParser.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = NewXMLDocumentParser.cpp; sourceTree = "<group>"; };
@@ -14139,10 +14139,10 @@
 		00B9318013BA867F0035A948 /* parser */ = {
 			isa = PBXGroup;
 			children = (
-				00022E6813CE1BBA00282D5B /* CharacterReferenceParserInlines.h */,
+				00022E6813CE1BBA00282D5B /* CharacterReferenceParserInlineMethods.h */,
 				00A629C013D0BEC70050AC52 /* MarkupTokenBase.h */,
 				00C60E4113D797AE0092A275 /* MarkupTokenizerBase.h */,
-				00C60E3E13D76D7E0092A275 /* MarkupTokenizerInlines.h */,
+				00C60E3E13D76D7E0092A275 /* MarkupTokenizerInlineMethods.h */,
 				00CA93B413C6697C00F7FE95 /* NewXMLDocumentParser.cpp */,
 				00CA93B113C6691600F7FE95 /* NewXMLDocumentParser.h */,
 				00D0464813C4D14500326FCC /* XMLCharacterReferenceParser.cpp */,
@@ -22568,7 +22568,7 @@
 				FD315FFF12B0267600C1A359 /* ChannelMergerNode.h in Headers */,
 				FD31600212B0267600C1A359 /* ChannelSplitterNode.h in Headers */,
 				6550B6A0099DF0270090D781 /* CharacterData.h in Headers */,
-				00022E6913CE1BBA00282D5B /* CharacterReferenceParserInlines.h in Headers */,
+				00022E6913CE1BBA00282D5B /* CharacterReferenceParserInlineMethods.h in Headers */,
 				B2C3DA2A0D006C1D00EF6F26 /* CharsetData.h in Headers */,
 				F55B3DB21251F12D003EF269 /* CheckboxInputType.h in Headers */,
 				A00B721A11DE6428008AB9FF /* CheckedInt.h in Headers */,
@@ -24524,7 +24524,7 @@
 				9728C3141268E4390041E89B /* MarkupAccumulator.h in Headers */,
 				00A629C113D0BEC70050AC52 /* MarkupTokenBase.h in Headers */,
 				00C60E4213D797AE0092A275 /* MarkupTokenizerBase.h in Headers */,
-				00C60E3F13D76D7E0092A275 /* MarkupTokenizerInlines.h in Headers */,
+				00C60E3F13D76D7E0092A275 /* MarkupTokenizerInlineMethods.h in Headers */,
 				FABE72F51059C1EB00D999DD /* MathMLElement.h in Headers */,
 				44A28AAC12DFB8AC00AE923B /* MathMLElementFactory.h in Headers */,
 				FABE72F71059C1EB00D999DD /* MathMLInlineContainerElement.h in Headers */,
diff --git a/Source/WebCore/accessibility/AccessibilityObject.cpp b/Source/WebCore/accessibility/AccessibilityObject.cpp
index 3ef84370c..e675be2f3 100644
--- a/Source/WebCore/accessibility/AccessibilityObject.cpp
+++ b/Source/WebCore/accessibility/AccessibilityObject.cpp
@@ -1284,7 +1284,7 @@ bool AccessibilityObject::ariaIsMultiline() const
 
 const AtomicString& AccessibilityObject::invalidStatus() const
 {
-    DEFINE_STATIC_LOCAL(const AtomicString, invalidStatusFalse, ("false", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(const AtomicString, invalidStatusFalse, ("false"));
     
     // aria-invalid can return false (default), grammer, spelling, or true.
     const AtomicString& ariaInvalid = getAttribute(aria_invalidAttr);
diff --git a/Source/WebCore/accessibility/AccessibilityRenderObject.cpp b/Source/WebCore/accessibility/AccessibilityRenderObject.cpp
index 429adc7e7..6d67328d7 100644
--- a/Source/WebCore/accessibility/AccessibilityRenderObject.cpp
+++ b/Source/WebCore/accessibility/AccessibilityRenderObject.cpp
@@ -2866,9 +2866,9 @@ bool AccessibilityRenderObject::canHaveChildren() const
 
 const AtomicString& AccessibilityRenderObject::ariaLiveRegionStatus() const
 {
-    DEFINE_STATIC_LOCAL(const AtomicString, liveRegionStatusAssertive, ("assertive", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(const AtomicString, liveRegionStatusPolite, ("polite", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(const AtomicString, liveRegionStatusOff, ("off", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(const AtomicString, liveRegionStatusAssertive, ("assertive"));
+    DEFINE_STATIC_LOCAL(const AtomicString, liveRegionStatusPolite, ("polite"));
+    DEFINE_STATIC_LOCAL(const AtomicString, liveRegionStatusOff, ("off"));
     
     const AtomicString& liveRegionStatus = getAttribute(aria_liveAttr);
     // These roles have implicit live region status.
@@ -2893,7 +2893,7 @@ const AtomicString& AccessibilityRenderObject::ariaLiveRegionStatus() const
 
 const AtomicString& AccessibilityRenderObject::ariaLiveRegionRelevant() const
 {
-    DEFINE_STATIC_LOCAL(const AtomicString, defaultLiveRegionRelevant, ("additions text", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(const AtomicString, defaultLiveRegionRelevant, ("additions text"));
     const AtomicString& relevant = getAttribute(aria_relevantAttr);
 
     // Default aria-relevant = "additions text".
diff --git a/Source/WebCore/bindings/js/JSCanvasRenderingContext2DCustom.cpp b/Source/WebCore/bindings/js/JSCanvasRenderingContext2DCustom.cpp
index bc9c8ee28..da0fea9b8 100644
--- a/Source/WebCore/bindings/js/JSCanvasRenderingContext2DCustom.cpp
+++ b/Source/WebCore/bindings/js/JSCanvasRenderingContext2DCustom.cpp
@@ -100,7 +100,7 @@ JSValue JSCanvasRenderingContext2D::webkitLineDash(ExecState* exec) const
     Vector<float>::const_iterator end = dash.end();
     for (Vector<float>::const_iterator it = dash.begin(); it != end; ++it)
         list.append(JSValue(*it));
-    return constructArray(exec, 0, globalObject(), list);
+    return constructArray(exec, globalObject(), list);
 }
 
 void JSCanvasRenderingContext2D::setWebkitLineDash(ExecState* exec, JSValue value)
diff --git a/Source/WebCore/bindings/js/JSClipboardCustom.cpp b/Source/WebCore/bindings/js/JSClipboardCustom.cpp
index e36c6032f..09b87d69d 100644
--- a/Source/WebCore/bindings/js/JSClipboardCustom.cpp
+++ b/Source/WebCore/bindings/js/JSClipboardCustom.cpp
@@ -59,7 +59,7 @@ JSValue JSClipboard::types(ExecState* exec) const
     ListHashSet<String>::const_iterator end = types.end();
     for (ListHashSet<String>::const_iterator it = types.begin(); it != end; ++it)
         list.append(jsStringWithCache(exec, *it));
-    return constructArray(exec, 0, globalObject(), list);
+    return constructArray(exec, globalObject(), list);
 }
 
 JSValue JSClipboard::clearData(ExecState* exec)
diff --git a/Source/WebCore/bindings/js/JSDOMBinding.cpp b/Source/WebCore/bindings/js/JSDOMBinding.cpp
index d76e0e1dc..df7d15f2b 100644
--- a/Source/WebCore/bindings/js/JSDOMBinding.cpp
+++ b/Source/WebCore/bindings/js/JSDOMBinding.cpp
@@ -142,7 +142,7 @@ JSC::JSValue jsArray(JSC::ExecState* exec, JSDOMGlobalObject* globalObject, Pass
         for (unsigned i = 0; i < stringList->length(); ++i)
             list.append(jsStringWithCache(exec, stringList->item(i)));
     }
-    return JSC::constructArray(exec, 0, globalObject, list);
+    return JSC::constructArray(exec, globalObject, list);
 }
 
 void reportException(ExecState* exec, JSValue exception)
diff --git a/Source/WebCore/bindings/js/JSDOMBinding.h b/Source/WebCore/bindings/js/JSDOMBinding.h
index 3c2f1153e..0812cbeef 100644
--- a/Source/WebCore/bindings/js/JSDOMBinding.h
+++ b/Source/WebCore/bindings/js/JSDOMBinding.h
@@ -369,7 +369,7 @@ enum ParameterDefaultPolicy {
         for (typename Vector<T, inlineCapacity>::const_iterator iter = iterator.begin(); iter != end; ++iter)
             list.append(TraitsType::arrayJSValue(exec, globalObject, *iter));
 
-        return JSC::constructArray(exec, 0, globalObject, list);
+        return JSC::constructArray(exec, globalObject, list);
     }
 
     JSC::JSValue jsArray(JSC::ExecState*, JSDOMGlobalObject*, PassRefPtr<DOMStringList>);
diff --git a/Source/WebCore/bindings/js/JSInjectedScriptHostCustom.cpp b/Source/WebCore/bindings/js/JSInjectedScriptHostCustom.cpp
index 7e66e601a..fe673f5c3 100644
--- a/Source/WebCore/bindings/js/JSInjectedScriptHostCustom.cpp
+++ b/Source/WebCore/bindings/js/JSInjectedScriptHostCustom.cpp
@@ -197,7 +197,7 @@ JSValue JSInjectedScriptHost::getInternalProperties(ExecState*)
 
 static JSArray* getJSListenerFunctions(ExecState* exec, Document* document, const EventListenerInfo& listenerInfo)
 {
-    JSArray* result = constructEmptyArray(exec, 0);
+    JSArray* result = constructEmptyArray(exec);
     size_t handlersCount = listenerInfo.eventListenerVector.size();
     for (size_t i = 0, outputIndex = 0; i < handlersCount; ++i) {
         const JSEventListener* jsListener = JSEventListener::cast(listenerInfo.eventListenerVector[i].listener.get());
diff --git a/Source/WebCore/bindings/js/JSJavaScriptCallFrameCustom.cpp b/Source/WebCore/bindings/js/JSJavaScriptCallFrameCustom.cpp
index a068084af..a71ff0c51 100644
--- a/Source/WebCore/bindings/js/JSJavaScriptCallFrameCustom.cpp
+++ b/Source/WebCore/bindings/js/JSJavaScriptCallFrameCustom.cpp
@@ -90,7 +90,7 @@ JSValue JSJavaScriptCallFrame::scopeChain(ExecState* exec) const
         ++iter;
     } while (iter != end);
 
-    return constructArray(exec, 0, globalObject(), list);
+    return constructArray(exec, globalObject(), list);
 }
 
 JSValue JSJavaScriptCallFrame::scopeType(ExecState* exec)
diff --git a/Source/WebCore/bindings/js/JSMessageEventCustom.cpp b/Source/WebCore/bindings/js/JSMessageEventCustom.cpp
index 0df73957b..e44cddda9 100644
--- a/Source/WebCore/bindings/js/JSMessageEventCustom.cpp
+++ b/Source/WebCore/bindings/js/JSMessageEventCustom.cpp
@@ -92,12 +92,12 @@ JSValue JSMessageEvent::ports(ExecState* exec) const
 {
     MessagePortArray* ports = static_cast<MessageEvent*>(impl())->ports();
     if (!ports)
-        return constructEmptyArray(exec, 0, globalObject());
+        return constructEmptyArray(exec, globalObject());
 
     MarkedArgumentBuffer list;
     for (size_t i = 0; i < ports->size(); i++)
         list.append(toJS(exec, globalObject(), (*ports)[i].get()));
-    return constructArray(exec, 0, globalObject(), list);
+    return constructArray(exec, globalObject(), list);
 }
 
 static JSC::JSValue handleInitMessageEvent(JSMessageEvent* jsEvent, JSC::ExecState* exec)
diff --git a/Source/WebCore/bindings/js/JSMutationCallbackCustom.cpp b/Source/WebCore/bindings/js/JSMutationCallbackCustom.cpp
index 68c4e6663..e3de7b794 100644
--- a/Source/WebCore/bindings/js/JSMutationCallbackCustom.cpp
+++ b/Source/WebCore/bindings/js/JSMutationCallbackCustom.cpp
@@ -62,7 +62,7 @@ bool JSMutationCallback::handleEvent(MutationRecordArray* mutations, MutationObs
     JSValue jsObserver = toJS(exec, m_data->globalObject(), observer);
 
     MarkedArgumentBuffer args;
-    args.append(constructArray(exec, 0, m_data->globalObject(), mutationList));
+    args.append(constructArray(exec, m_data->globalObject(), mutationList));
     args.append(jsObserver);
 
     bool raisedException = false;
diff --git a/Source/WebCore/bindings/js/JSWebGLRenderingContextCustom.cpp b/Source/WebCore/bindings/js/JSWebGLRenderingContextCustom.cpp
index 243afa15e..c93f3401e 100644
--- a/Source/WebCore/bindings/js/JSWebGLRenderingContextCustom.cpp
+++ b/Source/WebCore/bindings/js/JSWebGLRenderingContextCustom.cpp
@@ -100,7 +100,7 @@ static JSValue toJS(ExecState* exec, JSDOMGlobalObject* globalObject, const WebG
         const Vector<bool>& value = info.getBoolArray();
         for (size_t ii = 0; ii < value.size(); ++ii)
             list.append(jsBoolean(value[ii]));
-        return constructArray(exec, 0, globalObject, list);
+        return constructArray(exec, globalObject, list);
     }
     case WebGLGetInfo::kTypeFloat:
         return jsNumber(info.getFloat());
@@ -249,7 +249,7 @@ JSValue JSWebGLRenderingContext::getAttachedShaders(ExecState* exec)
     MarkedArgumentBuffer list;
     for (size_t ii = 0; ii < shaders.size(); ++ii)
         list.append(toJS(exec, globalObject(), shaders[ii].get()));
-    return constructArray(exec, 0, globalObject(), list);
+    return constructArray(exec, globalObject(), list);
 }
 
 JSValue JSWebGLRenderingContext::getExtension(ExecState* exec)
@@ -368,7 +368,7 @@ JSValue JSWebGLRenderingContext::getSupportedExtensions(ExecState* exec)
     MarkedArgumentBuffer list;
     for (size_t ii = 0; ii < value.size(); ++ii)
         list.append(jsStringWithCache(exec, value[ii]));
-    return constructArray(exec, 0, globalObject(), list);
+    return constructArray(exec, globalObject(), list);
 }
 
 JSValue JSWebGLRenderingContext::getTexParameter(ExecState* exec)
diff --git a/Source/WebCore/bindings/js/SerializedScriptValue.cpp b/Source/WebCore/bindings/js/SerializedScriptValue.cpp
index 45812bb21..520814ea3 100644
--- a/Source/WebCore/bindings/js/SerializedScriptValue.cpp
+++ b/Source/WebCore/bindings/js/SerializedScriptValue.cpp
@@ -1628,7 +1628,7 @@ DeserializationResult CloneDeserializer::deserialize()
                 fail();
                 goto error;
             }
-            JSArray* outArray = constructEmptyArray(m_exec, 0, m_globalObject, length);
+            JSArray* outArray = constructEmptyArray(m_exec, m_globalObject, length);
             m_gcBuffer.append(outArray);
             outputArrayStack.append(outArray);
             // fallthrough
diff --git a/Source/WebCore/bindings/scripts/CodeGeneratorV8.pm b/Source/WebCore/bindings/scripts/CodeGeneratorV8.pm
index fbddae7ba..1cd92ffec 100644
--- a/Source/WebCore/bindings/scripts/CodeGeneratorV8.pm
+++ b/Source/WebCore/bindings/scripts/CodeGeneratorV8.pm
@@ -379,7 +379,7 @@ END
     static v8::Persistent<v8::FunctionTemplate> GetTemplate();
     static ${nativeType}* toNative(v8::Handle<v8::Object> object)
     {
-        return reinterpret_cast<${nativeType}*>(object->GetPointerFromInternalField(v8DOMWrapperObjectIndex));
+        return reinterpret_cast<${nativeType}*>(object->GetAlignedPointerFromInternalField(v8DOMWrapperObjectIndex));
     }
     inline static v8::Handle<v8::Object> wrap(${nativeType}*, v8::Handle<v8::Object> creationContext = v8::Handle<v8::Object>(), v8::Isolate* = 0);
     static void derefObject(void*);
diff --git a/Source/WebCore/bindings/scripts/test/V8/V8Float64Array.h b/Source/WebCore/bindings/scripts/test/V8/V8Float64Array.h
index be01b1c06..213466f00 100644
--- a/Source/WebCore/bindings/scripts/test/V8/V8Float64Array.h
+++ b/Source/WebCore/bindings/scripts/test/V8/V8Float64Array.h
@@ -40,7 +40,7 @@ public:
     static v8::Persistent<v8::FunctionTemplate> GetTemplate();
     static Float64Array* toNative(v8::Handle<v8::Object> object)
     {
-        return reinterpret_cast<Float64Array*>(object->GetPointerFromInternalField(v8DOMWrapperObjectIndex));
+        return reinterpret_cast<Float64Array*>(object->GetAlignedPointerFromInternalField(v8DOMWrapperObjectIndex));
     }
     inline static v8::Handle<v8::Object> wrap(Float64Array*, v8::Handle<v8::Object> creationContext = v8::Handle<v8::Object>(), v8::Isolate* = 0);
     static void derefObject(void*);
diff --git a/Source/WebCore/bindings/scripts/test/V8/V8TestActiveDOMObject.h b/Source/WebCore/bindings/scripts/test/V8/V8TestActiveDOMObject.h
index 1923810ab..28af94528 100644
--- a/Source/WebCore/bindings/scripts/test/V8/V8TestActiveDOMObject.h
+++ b/Source/WebCore/bindings/scripts/test/V8/V8TestActiveDOMObject.h
@@ -39,7 +39,7 @@ public:
     static v8::Persistent<v8::FunctionTemplate> GetTemplate();
     static TestActiveDOMObject* toNative(v8::Handle<v8::Object> object)
     {
-        return reinterpret_cast<TestActiveDOMObject*>(object->GetPointerFromInternalField(v8DOMWrapperObjectIndex));
+        return reinterpret_cast<TestActiveDOMObject*>(object->GetAlignedPointerFromInternalField(v8DOMWrapperObjectIndex));
     }
     inline static v8::Handle<v8::Object> wrap(TestActiveDOMObject*, v8::Handle<v8::Object> creationContext = v8::Handle<v8::Object>(), v8::Isolate* = 0);
     static void derefObject(void*);
diff --git a/Source/WebCore/bindings/scripts/test/V8/V8TestCustomNamedGetter.h b/Source/WebCore/bindings/scripts/test/V8/V8TestCustomNamedGetter.h
index 8c89c0a29..0d7aff19f 100644
--- a/Source/WebCore/bindings/scripts/test/V8/V8TestCustomNamedGetter.h
+++ b/Source/WebCore/bindings/scripts/test/V8/V8TestCustomNamedGetter.h
@@ -39,7 +39,7 @@ public:
     static v8::Persistent<v8::FunctionTemplate> GetTemplate();
     static TestCustomNamedGetter* toNative(v8::Handle<v8::Object> object)
     {
-        return reinterpret_cast<TestCustomNamedGetter*>(object->GetPointerFromInternalField(v8DOMWrapperObjectIndex));
+        return reinterpret_cast<TestCustomNamedGetter*>(object->GetAlignedPointerFromInternalField(v8DOMWrapperObjectIndex));
     }
     inline static v8::Handle<v8::Object> wrap(TestCustomNamedGetter*, v8::Handle<v8::Object> creationContext = v8::Handle<v8::Object>(), v8::Isolate* = 0);
     static void derefObject(void*);
diff --git a/Source/WebCore/bindings/scripts/test/V8/V8TestEventConstructor.h b/Source/WebCore/bindings/scripts/test/V8/V8TestEventConstructor.h
index 629a5b55e..0488a48c4 100644
--- a/Source/WebCore/bindings/scripts/test/V8/V8TestEventConstructor.h
+++ b/Source/WebCore/bindings/scripts/test/V8/V8TestEventConstructor.h
@@ -40,7 +40,7 @@ public:
     static v8::Persistent<v8::FunctionTemplate> GetTemplate();
     static TestEventConstructor* toNative(v8::Handle<v8::Object> object)
     {
-        return reinterpret_cast<TestEventConstructor*>(object->GetPointerFromInternalField(v8DOMWrapperObjectIndex));
+        return reinterpret_cast<TestEventConstructor*>(object->GetAlignedPointerFromInternalField(v8DOMWrapperObjectIndex));
     }
     inline static v8::Handle<v8::Object> wrap(TestEventConstructor*, v8::Handle<v8::Object> creationContext = v8::Handle<v8::Object>(), v8::Isolate* = 0);
     static void derefObject(void*);
diff --git a/Source/WebCore/bindings/scripts/test/V8/V8TestEventTarget.h b/Source/WebCore/bindings/scripts/test/V8/V8TestEventTarget.h
index 9b68e34e1..a52e8a4e0 100644
--- a/Source/WebCore/bindings/scripts/test/V8/V8TestEventTarget.h
+++ b/Source/WebCore/bindings/scripts/test/V8/V8TestEventTarget.h
@@ -39,7 +39,7 @@ public:
     static v8::Persistent<v8::FunctionTemplate> GetTemplate();
     static TestEventTarget* toNative(v8::Handle<v8::Object> object)
     {
-        return reinterpret_cast<TestEventTarget*>(object->GetPointerFromInternalField(v8DOMWrapperObjectIndex));
+        return reinterpret_cast<TestEventTarget*>(object->GetAlignedPointerFromInternalField(v8DOMWrapperObjectIndex));
     }
     inline static v8::Handle<v8::Object> wrap(TestEventTarget*, v8::Handle<v8::Object> creationContext = v8::Handle<v8::Object>(), v8::Isolate* = 0);
     static void derefObject(void*);
diff --git a/Source/WebCore/bindings/scripts/test/V8/V8TestException.h b/Source/WebCore/bindings/scripts/test/V8/V8TestException.h
index 71b9478d3..efbaac91f 100644
--- a/Source/WebCore/bindings/scripts/test/V8/V8TestException.h
+++ b/Source/WebCore/bindings/scripts/test/V8/V8TestException.h
@@ -39,7 +39,7 @@ public:
     static v8::Persistent<v8::FunctionTemplate> GetTemplate();
     static TestException* toNative(v8::Handle<v8::Object> object)
     {
-        return reinterpret_cast<TestException*>(object->GetPointerFromInternalField(v8DOMWrapperObjectIndex));
+        return reinterpret_cast<TestException*>(object->GetAlignedPointerFromInternalField(v8DOMWrapperObjectIndex));
     }
     inline static v8::Handle<v8::Object> wrap(TestException*, v8::Handle<v8::Object> creationContext = v8::Handle<v8::Object>(), v8::Isolate* = 0);
     static void derefObject(void*);
diff --git a/Source/WebCore/bindings/scripts/test/V8/V8TestInterface.h b/Source/WebCore/bindings/scripts/test/V8/V8TestInterface.h
index 75fd11ff2..08082c3a9 100644
--- a/Source/WebCore/bindings/scripts/test/V8/V8TestInterface.h
+++ b/Source/WebCore/bindings/scripts/test/V8/V8TestInterface.h
@@ -41,7 +41,7 @@ public:
     static v8::Persistent<v8::FunctionTemplate> GetTemplate();
     static TestInterface* toNative(v8::Handle<v8::Object> object)
     {
-        return reinterpret_cast<TestInterface*>(object->GetPointerFromInternalField(v8DOMWrapperObjectIndex));
+        return reinterpret_cast<TestInterface*>(object->GetAlignedPointerFromInternalField(v8DOMWrapperObjectIndex));
     }
     inline static v8::Handle<v8::Object> wrap(TestInterface*, v8::Handle<v8::Object> creationContext = v8::Handle<v8::Object>(), v8::Isolate* = 0);
     static void derefObject(void*);
diff --git a/Source/WebCore/bindings/scripts/test/V8/V8TestMediaQueryListListener.h b/Source/WebCore/bindings/scripts/test/V8/V8TestMediaQueryListListener.h
index 7ba4a5641..8afda72cc 100644
--- a/Source/WebCore/bindings/scripts/test/V8/V8TestMediaQueryListListener.h
+++ b/Source/WebCore/bindings/scripts/test/V8/V8TestMediaQueryListListener.h
@@ -39,7 +39,7 @@ public:
     static v8::Persistent<v8::FunctionTemplate> GetTemplate();
     static TestMediaQueryListListener* toNative(v8::Handle<v8::Object> object)
     {
-        return reinterpret_cast<TestMediaQueryListListener*>(object->GetPointerFromInternalField(v8DOMWrapperObjectIndex));
+        return reinterpret_cast<TestMediaQueryListListener*>(object->GetAlignedPointerFromInternalField(v8DOMWrapperObjectIndex));
     }
     inline static v8::Handle<v8::Object> wrap(TestMediaQueryListListener*, v8::Handle<v8::Object> creationContext = v8::Handle<v8::Object>(), v8::Isolate* = 0);
     static void derefObject(void*);
diff --git a/Source/WebCore/bindings/scripts/test/V8/V8TestNamedConstructor.h b/Source/WebCore/bindings/scripts/test/V8/V8TestNamedConstructor.h
index b0f3471c8..5d33fea16 100644
--- a/Source/WebCore/bindings/scripts/test/V8/V8TestNamedConstructor.h
+++ b/Source/WebCore/bindings/scripts/test/V8/V8TestNamedConstructor.h
@@ -45,7 +45,7 @@ public:
     static v8::Persistent<v8::FunctionTemplate> GetTemplate();
     static TestNamedConstructor* toNative(v8::Handle<v8::Object> object)
     {
-        return reinterpret_cast<TestNamedConstructor*>(object->GetPointerFromInternalField(v8DOMWrapperObjectIndex));
+        return reinterpret_cast<TestNamedConstructor*>(object->GetAlignedPointerFromInternalField(v8DOMWrapperObjectIndex));
     }
     inline static v8::Handle<v8::Object> wrap(TestNamedConstructor*, v8::Handle<v8::Object> creationContext = v8::Handle<v8::Object>(), v8::Isolate* = 0);
     static void derefObject(void*);
diff --git a/Source/WebCore/bindings/scripts/test/V8/V8TestNode.h b/Source/WebCore/bindings/scripts/test/V8/V8TestNode.h
index fd3338839..5e8ec28f5 100644
--- a/Source/WebCore/bindings/scripts/test/V8/V8TestNode.h
+++ b/Source/WebCore/bindings/scripts/test/V8/V8TestNode.h
@@ -39,7 +39,7 @@ public:
     static v8::Persistent<v8::FunctionTemplate> GetTemplate();
     static TestNode* toNative(v8::Handle<v8::Object> object)
     {
-        return reinterpret_cast<TestNode*>(object->GetPointerFromInternalField(v8DOMWrapperObjectIndex));
+        return reinterpret_cast<TestNode*>(object->GetAlignedPointerFromInternalField(v8DOMWrapperObjectIndex));
     }
     inline static v8::Handle<v8::Object> wrap(TestNode*, v8::Handle<v8::Object> creationContext = v8::Handle<v8::Object>(), v8::Isolate* = 0);
     static void derefObject(void*);
diff --git a/Source/WebCore/bindings/scripts/test/V8/V8TestObj.h b/Source/WebCore/bindings/scripts/test/V8/V8TestObj.h
index 9438952c8..b1855b492 100644
--- a/Source/WebCore/bindings/scripts/test/V8/V8TestObj.h
+++ b/Source/WebCore/bindings/scripts/test/V8/V8TestObj.h
@@ -39,7 +39,7 @@ public:
     static v8::Persistent<v8::FunctionTemplate> GetTemplate();
     static TestObj* toNative(v8::Handle<v8::Object> object)
     {
-        return reinterpret_cast<TestObj*>(object->GetPointerFromInternalField(v8DOMWrapperObjectIndex));
+        return reinterpret_cast<TestObj*>(object->GetAlignedPointerFromInternalField(v8DOMWrapperObjectIndex));
     }
     inline static v8::Handle<v8::Object> wrap(TestObj*, v8::Handle<v8::Object> creationContext = v8::Handle<v8::Object>(), v8::Isolate* = 0);
     static void derefObject(void*);
diff --git a/Source/WebCore/bindings/scripts/test/V8/V8TestSerializedScriptValueInterface.h b/Source/WebCore/bindings/scripts/test/V8/V8TestSerializedScriptValueInterface.h
index 397016850..94d9d06cd 100644
--- a/Source/WebCore/bindings/scripts/test/V8/V8TestSerializedScriptValueInterface.h
+++ b/Source/WebCore/bindings/scripts/test/V8/V8TestSerializedScriptValueInterface.h
@@ -41,7 +41,7 @@ public:
     static v8::Persistent<v8::FunctionTemplate> GetTemplate();
     static TestSerializedScriptValueInterface* toNative(v8::Handle<v8::Object> object)
     {
-        return reinterpret_cast<TestSerializedScriptValueInterface*>(object->GetPointerFromInternalField(v8DOMWrapperObjectIndex));
+        return reinterpret_cast<TestSerializedScriptValueInterface*>(object->GetAlignedPointerFromInternalField(v8DOMWrapperObjectIndex));
     }
     inline static v8::Handle<v8::Object> wrap(TestSerializedScriptValueInterface*, v8::Handle<v8::Object> creationContext = v8::Handle<v8::Object>(), v8::Isolate* = 0);
     static void derefObject(void*);
diff --git a/Source/WebCore/bindings/v8/NPV8Object.cpp b/Source/WebCore/bindings/v8/NPV8Object.cpp
index 9cf9e5fad..2f273e12c 100644
--- a/Source/WebCore/bindings/v8/NPV8Object.cpp
+++ b/Source/WebCore/bindings/v8/NPV8Object.cpp
@@ -120,7 +120,7 @@ static v8::Local<v8::String> npIdentifierToV8Identifier(NPIdentifier name)
 
 NPObject* v8ObjectToNPObject(v8::Handle<v8::Object> object)
 {
-    return reinterpret_cast<NPObject*>(object->GetPointerFromInternalField(v8DOMWrapperObjectIndex)); 
+    return reinterpret_cast<NPObject*>(object->GetAlignedPointerFromInternalField(v8DOMWrapperObjectIndex)); 
 }
 
 static NPClass V8NPObjectClass = { NP_CLASS_STRUCT_VERSION,
@@ -135,7 +135,7 @@ NPObject* npCreateV8ScriptObject(NPP npp, v8::Handle<v8::Object> object, DOMWind
 {
     // Check to see if this object is already wrapped.
     if (object->InternalFieldCount() == npObjectInternalFieldCount) {
-        WrapperTypeInfo* typeInfo = static_cast<WrapperTypeInfo*>(object->GetPointerFromInternalField(v8DOMWrapperTypeIndex));
+        WrapperTypeInfo* typeInfo = static_cast<WrapperTypeInfo*>(object->GetAlignedPointerFromInternalField(v8DOMWrapperTypeIndex));
         if (typeInfo == npObjectTypeInfo()) {
 
             NPObject* returnValue = v8ObjectToNPObject(object);
diff --git a/Source/WebCore/bindings/v8/V8Collection.h b/Source/WebCore/bindings/v8/V8Collection.h
index fc80a5a7e..f739f50bc 100644
--- a/Source/WebCore/bindings/v8/V8Collection.h
+++ b/Source/WebCore/bindings/v8/V8Collection.h
@@ -50,7 +50,7 @@ template<class T> static v8::Handle<v8::Value> getV8Object(T* implementation, v8
 
 template<class Collection> static Collection* toNativeCollection(v8::Local<v8::Object> object)
 {
-    return reinterpret_cast<Collection*>(object->GetPointerFromInternalField(v8DOMWrapperObjectIndex));
+    return reinterpret_cast<Collection*>(object->GetAlignedPointerFromInternalField(v8DOMWrapperObjectIndex));
 }
 
 template<class T> static v8::Handle<v8::Value> getV8Object(PassRefPtr<T> implementation, v8::Handle<v8::Object> creationContext, v8::Isolate* isolate)
diff --git a/Source/WebCore/bindings/v8/V8DOMWindowShell.cpp b/Source/WebCore/bindings/v8/V8DOMWindowShell.cpp
index 02b347dc2..94eee8e54 100644
--- a/Source/WebCore/bindings/v8/V8DOMWindowShell.cpp
+++ b/Source/WebCore/bindings/v8/V8DOMWindowShell.cpp
@@ -171,12 +171,12 @@ static void checkDocumentWrapper(v8::Handle<v8::Object> wrapper, Document* docum
 
 static void setIsolatedWorldField(V8DOMWindowShell* shell, v8::Local<v8::Context> context)
 {
-    toInnerGlobalObject(context)->SetPointerInInternalField(V8DOMWindow::enteredIsolatedWorldIndex, shell);
+    toInnerGlobalObject(context)->SetAlignedPointerInInternalField(V8DOMWindow::enteredIsolatedWorldIndex, shell);
 }
 
 V8DOMWindowShell* V8DOMWindowShell::enteredIsolatedWorldContext()
 {
-    return static_cast<V8DOMWindowShell*>(toInnerGlobalObject(v8::Context::GetEntered())->GetPointerFromInternalField(V8DOMWindow::enteredIsolatedWorldIndex));
+    return static_cast<V8DOMWindowShell*>(toInnerGlobalObject(v8::Context::GetEntered())->GetAlignedPointerFromInternalField(V8DOMWindow::enteredIsolatedWorldIndex));
 }
 
 static void setInjectedScriptContextDebugId(v8::Handle<v8::Context> targetContext, int debugId)
diff --git a/Source/WebCore/bindings/v8/V8DOMWrapper.cpp b/Source/WebCore/bindings/v8/V8DOMWrapper.cpp
index aac95dbee..e10997707 100644
--- a/Source/WebCore/bindings/v8/V8DOMWrapper.cpp
+++ b/Source/WebCore/bindings/v8/V8DOMWrapper.cpp
@@ -157,7 +157,7 @@ bool V8DOMWrapper::isWrapperOfType(v8::Handle<v8::Value> value, WrapperTypeInfo*
     v8::Handle<v8::Value> wrapper = object->GetInternalField(v8DOMWrapperObjectIndex);
     ASSERT_UNUSED(wrapper, wrapper->IsNumber() || wrapper->IsExternal());
 
-    WrapperTypeInfo* typeInfo = static_cast<WrapperTypeInfo*>(object->GetPointerFromInternalField(v8DOMWrapperTypeIndex));
+    WrapperTypeInfo* typeInfo = static_cast<WrapperTypeInfo*>(object->GetAlignedPointerFromInternalField(v8DOMWrapperTypeIndex));
     return typeInfo == type;
 }
 
diff --git a/Source/WebCore/bindings/v8/V8DOMWrapper.h b/Source/WebCore/bindings/v8/V8DOMWrapper.h
index ab6c2cd48..824c239ef 100644
--- a/Source/WebCore/bindings/v8/V8DOMWrapper.h
+++ b/Source/WebCore/bindings/v8/V8DOMWrapper.h
@@ -69,16 +69,16 @@ namespace WebCore {
         static void setDOMWrapper(v8::Handle<v8::Object> object, WrapperTypeInfo* type, void* cptr)
         {
             ASSERT(object->InternalFieldCount() >= 2);
-            object->SetPointerInInternalField(v8DOMWrapperObjectIndex, cptr);
-            object->SetPointerInInternalField(v8DOMWrapperTypeIndex, type);
+            object->SetAlignedPointerInInternalField(v8DOMWrapperObjectIndex, cptr);
+            object->SetAlignedPointerInInternalField(v8DOMWrapperTypeIndex, type);
         }
 
         static void clearDOMWrapper(v8::Handle<v8::Object> object, WrapperTypeInfo* type)
         {
             ASSERT(object->InternalFieldCount() >= 2);
             ASSERT(type);
-            object->SetPointerInInternalField(v8DOMWrapperTypeIndex, type);
-            object->SetPointerInInternalField(v8DOMWrapperObjectIndex, 0);
+            object->SetAlignedPointerInInternalField(v8DOMWrapperTypeIndex, type);
+            object->SetAlignedPointerInInternalField(v8DOMWrapperObjectIndex, 0);
         }
 
         static v8::Handle<v8::Object> lookupDOMWrapper(v8::Handle<v8::FunctionTemplate> functionTemplate, v8::Handle<v8::Object> object)
diff --git a/Source/WebCore/bindings/v8/WrapperTypeInfo.h b/Source/WebCore/bindings/v8/WrapperTypeInfo.h
index 0cb4b959b..ebec2de02 100644
--- a/Source/WebCore/bindings/v8/WrapperTypeInfo.h
+++ b/Source/WebCore/bindings/v8/WrapperTypeInfo.h
@@ -122,13 +122,13 @@ namespace WebCore {
     inline void* toNative(v8::Handle<v8::Object> object)
     {
         ASSERT(object->InternalFieldCount() >= v8DOMWrapperObjectIndex);
-        return object->GetPointerFromInternalField(v8DOMWrapperObjectIndex);
+        return object->GetAlignedPointerFromInternalField(v8DOMWrapperObjectIndex);
     }
 
     inline WrapperTypeInfo* toWrapperTypeInfo(v8::Handle<v8::Object> object)
     {
         ASSERT(object->InternalFieldCount() >= v8DOMWrapperTypeIndex);
-        return static_cast<WrapperTypeInfo*>(object->GetPointerFromInternalField(v8DOMWrapperTypeIndex));
+        return static_cast<WrapperTypeInfo*>(object->GetAlignedPointerFromInternalField(v8DOMWrapperTypeIndex));
     }
 
 }
diff --git a/Source/WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp b/Source/WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp
index a559bedb3..7c9af3721 100644
--- a/Source/WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp
+++ b/Source/WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp
@@ -557,7 +557,7 @@ bool V8DOMWindow::namedSecurityCheck(v8::Local<v8::Object> host, v8::Local<v8::V
         return false;
 
     if (key->IsString()) {
-        DEFINE_STATIC_LOCAL(AtomicString, nameOfProtoProperty, ("__proto__", AtomicString::ConstructFromLiteral));
+        DEFINE_STATIC_LOCAL(AtomicString, nameOfProtoProperty, ("__proto__"));
 
         String name = toWebCoreString(key);
         Frame* childFrame = target->tree()->scopedChild(name);
diff --git a/Source/WebCore/bindings/v8/custom/V8NodeListCustom.cpp b/Source/WebCore/bindings/v8/custom/V8NodeListCustom.cpp
index e8b704c7a..e42589e69 100644
--- a/Source/WebCore/bindings/v8/custom/V8NodeListCustom.cpp
+++ b/Source/WebCore/bindings/v8/custom/V8NodeListCustom.cpp
@@ -49,7 +49,7 @@ v8::Handle<v8::Value> V8NodeList::namedPropertyGetter(v8::Local<v8::String> name
     AtomicString key = toWebCoreAtomicString(name);
 
     // Length property cannot be overridden.
-    DEFINE_STATIC_LOCAL(const AtomicString, length, ("length", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(const AtomicString, length, ("length"));
     if (key == length)
         return v8Integer(list->length(), info.GetIsolate());
 
diff --git a/Source/WebCore/css/RuleFeature.cpp b/Source/WebCore/css/RuleFeature.cpp
index 1b11c8fae..b1f929687 100644
--- a/Source/WebCore/css/RuleFeature.cpp
+++ b/Source/WebCore/css/RuleFeature.cpp
@@ -29,7 +29,6 @@
 #include "config.h"
 #include "RuleFeature.h"
 
-#include "CSSSelector.h"
 #include "WebCoreMemoryInstrumentation.h"
 #include <wtf/MemoryInstrumentationHashMap.h>
 #include <wtf/MemoryInstrumentationHashSet.h>
@@ -37,27 +36,6 @@
 
 namespace WebCore {
 
-void RuleFeatureSet::collectFeaturesFromSelector(const CSSSelector* selector)
-{
-    if (selector->m_match == CSSSelector::Id)
-        idsInRules.add(selector->value().impl());
-    else if (selector->m_match == CSSSelector::Class)
-        classesInRules.add(selector->value().impl());
-    else if (selector->isAttributeSelector())
-        attrsInRules.add(selector->attribute().localName().impl());
-    switch (selector->pseudoType()) {
-    case CSSSelector::PseudoFirstLine:
-        usesFirstLineRules = true;
-        break;
-    case CSSSelector::PseudoBefore:
-    case CSSSelector::PseudoAfter:
-        usesBeforeAfterRules = true;
-        break;
-    default:
-        break;
-    }
-}
-
 void RuleFeatureSet::add(const RuleFeatureSet& other)
 {
     HashSet<AtomicStringImpl*>::const_iterator end = other.idsInRules.end();
diff --git a/Source/WebCore/css/RuleFeature.h b/Source/WebCore/css/RuleFeature.h
index 0ffc6e5ee..ce6d04e66 100644
--- a/Source/WebCore/css/RuleFeature.h
+++ b/Source/WebCore/css/RuleFeature.h
@@ -30,7 +30,6 @@
 namespace WebCore {
 
 class StyleRule;
-class CSSSelector;
 
 struct RuleFeature {
     RuleFeature(StyleRule* rule, unsigned selectorIndex, bool hasDocumentSecurityOrigin)
@@ -52,11 +51,7 @@ struct RuleFeatureSet {
 
     void add(const RuleFeatureSet&);
     void clear();
-
-    void collectFeaturesFromSelector(const CSSSelector*);
-
     void reportMemoryUsage(MemoryObjectInfo*) const;
-
     HashSet<AtomicStringImpl*> idsInRules;
     HashSet<AtomicStringImpl*> classesInRules;
     HashSet<AtomicStringImpl*> attrsInRules;
diff --git a/Source/WebCore/css/RuleSet.cpp b/Source/WebCore/css/RuleSet.cpp
index a5367ee82..e92d1768b 100644
--- a/Source/WebCore/css/RuleSet.cpp
+++ b/Source/WebCore/css/RuleSet.cpp
@@ -157,17 +157,38 @@ void RuleSet::RuleSetSelectorPair::reportMemoryUsage(MemoryObjectInfo* memoryObj
     info.addMember(ruleSet);
 }
 
+static inline void collectFeaturesFromSelector(RuleFeatureSet& features, const CSSSelector* selector)
+{
+    if (selector->m_match == CSSSelector::Id)
+        features.idsInRules.add(selector->value().impl());
+    else if (selector->m_match == CSSSelector::Class)
+        features.classesInRules.add(selector->value().impl());
+    else if (selector->isAttributeSelector())
+        features.attrsInRules.add(selector->attribute().localName().impl());
+    switch (selector->pseudoType()) {
+    case CSSSelector::PseudoFirstLine:
+        features.usesFirstLineRules = true;
+        break;
+    case CSSSelector::PseudoBefore:
+    case CSSSelector::PseudoAfter:
+        features.usesBeforeAfterRules = true;
+        break;
+    default:
+        break;
+    }
+}
+
 static void collectFeaturesFromRuleData(RuleFeatureSet& features, const RuleData& ruleData)
 {
     bool foundSiblingSelector = false;
     for (CSSSelector* selector = ruleData.selector(); selector; selector = selector->tagHistory()) {
-        features.collectFeaturesFromSelector(selector);
+        collectFeaturesFromSelector(features, selector);
         
         if (CSSSelectorList* selectorList = selector->selectorList()) {
             for (CSSSelector* subSelector = selectorList->first(); subSelector; subSelector = CSSSelectorList::next(subSelector)) {
                 if (!foundSiblingSelector && selector->isSiblingSelector())
                     foundSiblingSelector = true;
-                features.collectFeaturesFromSelector(subSelector);
+                collectFeaturesFromSelector(features, subSelector);
             }
         } else if (!foundSiblingSelector && selector->isSiblingSelector())
             foundSiblingSelector = true;
diff --git a/Source/WebCore/dom/ContextFeatures.cpp b/Source/WebCore/dom/ContextFeatures.cpp
index 71ce8ac50..3afbe3889 100644
--- a/Source/WebCore/dom/ContextFeatures.cpp
+++ b/Source/WebCore/dom/ContextFeatures.cpp
@@ -41,7 +41,7 @@ ContextFeaturesClient* ContextFeaturesClient::empty()
 
 const AtomicString& ContextFeatures::supplementName()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, name, ("ContextFeatures", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, name, ("ContextFeatures"));
     return name;
 }
 
diff --git a/Source/WebCore/dom/DeviceMotionController.cpp b/Source/WebCore/dom/DeviceMotionController.cpp
index cedfa4a26..23d60549a 100644
--- a/Source/WebCore/dom/DeviceMotionController.cpp
+++ b/Source/WebCore/dom/DeviceMotionController.cpp
@@ -137,7 +137,7 @@ void DeviceMotionController::didChangeDeviceMotion(DeviceMotionData* deviceMotio
 
 const AtomicString& DeviceMotionController::supplementName()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, name, ("DeviceMotionController", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, name, ("DeviceMotionController"));
     return name;
 }
 
diff --git a/Source/WebCore/dom/DeviceOrientationController.cpp b/Source/WebCore/dom/DeviceOrientationController.cpp
index 91bfffc4a..302db6124 100644
--- a/Source/WebCore/dom/DeviceOrientationController.cpp
+++ b/Source/WebCore/dom/DeviceOrientationController.cpp
@@ -141,7 +141,7 @@ void DeviceOrientationController::didChangeDeviceOrientation(DeviceOrientationDa
 
 const AtomicString& DeviceOrientationController::supplementName()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, name, ("DeviceOrientationController", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, name, ("DeviceOrientationController"));
     return name;
 }
 
diff --git a/Source/WebCore/dom/Element.cpp b/Source/WebCore/dom/Element.cpp
index 8c112dfa5..d84ce37a1 100644
--- a/Source/WebCore/dom/Element.cpp
+++ b/Source/WebCore/dom/Element.cpp
@@ -2166,21 +2166,21 @@ const AtomicString& Element::webkitRegionOverset() const
 {
     document()->updateLayoutIgnorePendingStylesheets();
 
-    DEFINE_STATIC_LOCAL(AtomicString, undefinedState, ("undefined", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, undefinedState, ("undefined"));
     if (!document()->cssRegionsEnabled() || !renderRegion())
         return undefinedState;
 
     switch (renderRegion()->regionState()) {
     case RenderRegion::RegionFit: {
-        DEFINE_STATIC_LOCAL(AtomicString, fitState, ("fit", AtomicString::ConstructFromLiteral));
+        DEFINE_STATIC_LOCAL(AtomicString, fitState, ("fit"));
         return fitState;
     }
     case RenderRegion::RegionEmpty: {
-        DEFINE_STATIC_LOCAL(AtomicString, emptyState, ("empty", AtomicString::ConstructFromLiteral));
+        DEFINE_STATIC_LOCAL(AtomicString, emptyState, ("empty"));
         return emptyState;
     }
     case RenderRegion::RegionOverset: {
-        DEFINE_STATIC_LOCAL(AtomicString, overflowState, ("overset", AtomicString::ConstructFromLiteral));
+        DEFINE_STATIC_LOCAL(AtomicString, overflowState, ("overset"));
         return overflowState;
     }
     case RenderRegion::RegionUndefined:
diff --git a/Source/WebCore/dom/MutationRecord.cpp b/Source/WebCore/dom/MutationRecord.cpp
index 1eaaa4484..1fedd1dbf 100644
--- a/Source/WebCore/dom/MutationRecord.cpp
+++ b/Source/WebCore/dom/MutationRecord.cpp
@@ -134,19 +134,19 @@ private:
 
 const AtomicString& ChildListRecord::type()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, childList, ("childList", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, childList, ("childList"));
     return childList;
 }
 
 const AtomicString& AttributesRecord::type()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, attributes, ("attributes", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, attributes, ("attributes"));
     return attributes;
 }
 
 const AtomicString& CharacterDataRecord::type()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, characterData, ("characterData", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, characterData, ("characterData"));
     return characterData;
 }
 
diff --git a/Source/WebCore/html/FileInputType.cpp b/Source/WebCore/html/FileInputType.cpp
index f6105ca94..89fcc878e 100644
--- a/Source/WebCore/html/FileInputType.cpp
+++ b/Source/WebCore/html/FileInputType.cpp
@@ -82,7 +82,7 @@ UploadButtonElement::UploadButtonElement(Document* document)
 
 const AtomicString& UploadButtonElement::shadowPseudoId() const
 {
-    DEFINE_STATIC_LOCAL(AtomicString, pseudoId, ("-webkit-file-upload-button", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, pseudoId, ("-webkit-file-upload-button"));
     return pseudoId;
 }
 
diff --git a/Source/WebCore/html/FormController.cpp b/Source/WebCore/html/FormController.cpp
index 8a8af05a9..7f87b97ff 100644
--- a/Source/WebCore/html/FormController.cpp
+++ b/Source/WebCore/html/FormController.cpp
@@ -272,7 +272,7 @@ Vector<String> SavedFormState::getReferencedFilePaths() const
     Vector<String> toReturn;
     for (FormElementStateMap::const_iterator it = m_stateForNewFormElements.begin(); it != m_stateForNewFormElements.end(); ++it) {
         const FormElementKey& key = it->key;
-        if (!equal(key.type(), "file", 4))
+        if (AtomicString(key.type()) != AtomicString("file"))
             continue;
         const Deque<FormControlState>& queue = it->value;
         for (Deque<FormControlState>::const_iterator queIterator = queue.begin(); queIterator != queue.end(); ++queIterator) {
@@ -344,7 +344,7 @@ AtomicString FormKeyGenerator::formKey(const HTMLFormControlElementWithState& co
 {
     HTMLFormElement* form = ownerFormForState(control);
     if (!form) {
-        DEFINE_STATIC_LOCAL(AtomicString, formKeyForNoOwner, ("No owner", AtomicString::ConstructFromLiteral));
+        DEFINE_STATIC_LOCAL(AtomicString, formKeyForNoOwner, ("No owner"));
         return formKeyForNoOwner;
     }
     FormToKeyMap::const_iterator it = m_formToKeyMap.find(form);
diff --git a/Source/WebCore/html/HTMLButtonElement.cpp b/Source/WebCore/html/HTMLButtonElement.cpp
index 205e96269..cbd1f2998 100644
--- a/Source/WebCore/html/HTMLButtonElement.cpp
+++ b/Source/WebCore/html/HTMLButtonElement.cpp
@@ -71,15 +71,15 @@ const AtomicString& HTMLButtonElement::formControlType() const
 {
     switch (m_type) {
         case SUBMIT: {
-            DEFINE_STATIC_LOCAL(const AtomicString, submit, ("submit", AtomicString::ConstructFromLiteral));
+            DEFINE_STATIC_LOCAL(const AtomicString, submit, ("submit"));
             return submit;
         }
         case BUTTON: {
-            DEFINE_STATIC_LOCAL(const AtomicString, button, ("button", AtomicString::ConstructFromLiteral));
+            DEFINE_STATIC_LOCAL(const AtomicString, button, ("button"));
             return button;
         }
         case RESET: {
-            DEFINE_STATIC_LOCAL(const AtomicString, reset, ("reset", AtomicString::ConstructFromLiteral));
+            DEFINE_STATIC_LOCAL(const AtomicString, reset, ("reset"));
             return reset;
         }
     }
diff --git a/Source/WebCore/html/HTMLDetailsElement.cpp b/Source/WebCore/html/HTMLDetailsElement.cpp
index ce53ce1cc..86a7b48ca 100644
--- a/Source/WebCore/html/HTMLDetailsElement.cpp
+++ b/Source/WebCore/html/HTMLDetailsElement.cpp
@@ -39,7 +39,7 @@ using namespace HTMLNames;
 
 static const AtomicString& summaryQuerySelector()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, selector, ("summary:first-of-type", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, selector, ("summary:first-of-type"));
     return selector;
 };
 
diff --git a/Source/WebCore/html/HTMLFieldSetElement.cpp b/Source/WebCore/html/HTMLFieldSetElement.cpp
index 73ff537cd..6b01019be 100644
--- a/Source/WebCore/html/HTMLFieldSetElement.cpp
+++ b/Source/WebCore/html/HTMLFieldSetElement.cpp
@@ -79,7 +79,7 @@ bool HTMLFieldSetElement::supportsFocus() const
 
 const AtomicString& HTMLFieldSetElement::formControlType() const
 {
-    DEFINE_STATIC_LOCAL(const AtomicString, fieldset, ("fieldset", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(const AtomicString, fieldset, ("fieldset"));
     return fieldset;
 }
 
diff --git a/Source/WebCore/html/HTMLKeygenElement.cpp b/Source/WebCore/html/HTMLKeygenElement.cpp
index 7436496a2..cfe2d8e49 100644
--- a/Source/WebCore/html/HTMLKeygenElement.cpp
+++ b/Source/WebCore/html/HTMLKeygenElement.cpp
@@ -52,7 +52,7 @@ public:
 
     virtual const AtomicString& shadowPseudoId() const
     {
-        DEFINE_STATIC_LOCAL(AtomicString, pseudoId, ("-webkit-keygen-select", AtomicString::ConstructFromLiteral));
+        DEFINE_STATIC_LOCAL(AtomicString, pseudoId, ("-webkit-keygen-select"));
         return pseudoId;
     }
 
@@ -120,7 +120,7 @@ bool HTMLKeygenElement::appendFormData(FormDataList& encoded_values, bool)
 
 const AtomicString& HTMLKeygenElement::formControlType() const
 {
-    DEFINE_STATIC_LOCAL(const AtomicString, keygen, ("keygen", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(const AtomicString, keygen, ("keygen"));
     return keygen;
 }
 
diff --git a/Source/WebCore/html/HTMLOptGroupElement.cpp b/Source/WebCore/html/HTMLOptGroupElement.cpp
index c5e526f54..c95b1ff41 100644
--- a/Source/WebCore/html/HTMLOptGroupElement.cpp
+++ b/Source/WebCore/html/HTMLOptGroupElement.cpp
@@ -68,7 +68,7 @@ bool HTMLOptGroupElement::isFocusable() const
 
 const AtomicString& HTMLOptGroupElement::formControlType() const
 {
-    DEFINE_STATIC_LOCAL(const AtomicString, optgroup, ("optgroup", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(const AtomicString, optgroup, ("optgroup"));
     return optgroup;
 }
 
diff --git a/Source/WebCore/html/HTMLOutputElement.cpp b/Source/WebCore/html/HTMLOutputElement.cpp
index 277fe5aa7..5432c92f1 100644
--- a/Source/WebCore/html/HTMLOutputElement.cpp
+++ b/Source/WebCore/html/HTMLOutputElement.cpp
@@ -52,7 +52,7 @@ PassRefPtr<HTMLOutputElement> HTMLOutputElement::create(const QualifiedName& tag
 
 const AtomicString& HTMLOutputElement::formControlType() const
 {
-    DEFINE_STATIC_LOCAL(const AtomicString, output, ("output", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(const AtomicString, output, ("output"));
     return output;
 }
 
diff --git a/Source/WebCore/html/HTMLSelectElement.cpp b/Source/WebCore/html/HTMLSelectElement.cpp
index 1ceae8c18..9583dae5f 100644
--- a/Source/WebCore/html/HTMLSelectElement.cpp
+++ b/Source/WebCore/html/HTMLSelectElement.cpp
@@ -90,8 +90,8 @@ PassRefPtr<HTMLSelectElement> HTMLSelectElement::create(const QualifiedName& tag
 
 const AtomicString& HTMLSelectElement::formControlType() const
 {
-    DEFINE_STATIC_LOCAL(const AtomicString, selectMultiple, ("select-multiple", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(const AtomicString, selectOne, ("select-one", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(const AtomicString, selectMultiple, ("select-multiple"));
+    DEFINE_STATIC_LOCAL(const AtomicString, selectOne, ("select-one"));
     return m_multiple ? selectMultiple : selectOne;
 }
 
diff --git a/Source/WebCore/html/HTMLTextAreaElement.cpp b/Source/WebCore/html/HTMLTextAreaElement.cpp
index 0585e914e..c8c2ae972 100644
--- a/Source/WebCore/html/HTMLTextAreaElement.cpp
+++ b/Source/WebCore/html/HTMLTextAreaElement.cpp
@@ -111,7 +111,7 @@ void HTMLTextAreaElement::createShadowSubtree()
 
 const AtomicString& HTMLTextAreaElement::formControlType() const
 {
-    DEFINE_STATIC_LOCAL(const AtomicString, textarea, ("textarea", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(const AtomicString, textarea, ("textarea"));
     return textarea;
 }
 
diff --git a/Source/WebCore/html/HTMLTextFormControlElement.cpp b/Source/WebCore/html/HTMLTextFormControlElement.cpp
index a2f952a53..d52a82571 100644
--- a/Source/WebCore/html/HTMLTextFormControlElement.cpp
+++ b/Source/WebCore/html/HTMLTextFormControlElement.cpp
@@ -394,9 +394,9 @@ int HTMLTextFormControlElement::computeSelectionEnd() const
 
 static const AtomicString& directionString(TextFieldSelectionDirection direction)
 {
-    DEFINE_STATIC_LOCAL(const AtomicString, none, ("none", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(const AtomicString, forward, ("forward", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(const AtomicString, backward, ("backward", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(const AtomicString, none, ("none"));
+    DEFINE_STATIC_LOCAL(const AtomicString, forward, ("forward"));
+    DEFINE_STATIC_LOCAL(const AtomicString, backward, ("backward"));
 
     switch (direction) {
     case SelectionHasNoDirection:
diff --git a/Source/WebCore/html/parser/HTMLEntityParser.cpp b/Source/WebCore/html/parser/HTMLEntityParser.cpp
index 72f91cb78..18718054b 100644
--- a/Source/WebCore/html/parser/HTMLEntityParser.cpp
+++ b/Source/WebCore/html/parser/HTMLEntityParser.cpp
@@ -28,7 +28,7 @@
 #include "config.h"
 #include "HTMLEntityParser.h"
 
-#include "CharacterReferenceParserInlines.h"
+#include "CharacterReferenceParserInlineMethods.h"
 #include "HTMLEntitySearch.h"
 #include "HTMLEntityTable.h"
 #include <wtf/text/StringBuilder.h>
diff --git a/Source/WebCore/html/parser/HTMLTokenizer.cpp b/Source/WebCore/html/parser/HTMLTokenizer.cpp
index c3856780e..4ffd319c0 100644
--- a/Source/WebCore/html/parser/HTMLTokenizer.cpp
+++ b/Source/WebCore/html/parser/HTMLTokenizer.cpp
@@ -32,7 +32,7 @@
 #include "HTMLToken.h"
 #include "HTMLTreeBuilder.h"
 #include "HTMLNames.h"
-#include "MarkupTokenizerInlines.h"
+#include "MarkupTokenizerInlineMethods.h"
 #include "NotImplemented.h"
 #include <wtf/ASCIICType.h>
 #include <wtf/CurrentTime.h>
diff --git a/Source/WebCore/html/shadow/ContentSelectorQuery.cpp b/Source/WebCore/html/shadow/ContentSelectorQuery.cpp
index dbe5a8e95..0a6ec32ee 100644
--- a/Source/WebCore/html/shadow/ContentSelectorQuery.cpp
+++ b/Source/WebCore/html/shadow/ContentSelectorQuery.cpp
@@ -27,6 +27,7 @@
 #include "config.h"
 #include "ContentSelectorQuery.h"
 
+#include "CSSParser.h"
 #include "CSSSelectorList.h"
 #include "InsertionPoint.h"
 #include "SelectorChecker.h"
@@ -64,12 +65,26 @@ bool ContentSelectorDataList::matches(const ContentSelectorChecker& selectorChec
     return false;
 }
 
-ContentSelectorQuery::ContentSelectorQuery(InsertionPoint* insertionPoint)
+ContentSelectorQuery::ContentSelectorQuery(const InsertionPoint* insertionPoint)
     : m_insertionPoint(insertionPoint)
     , m_selectorChecker(insertionPoint->document(), !insertionPoint->document()->inQuirksMode())
 {
-    if (insertionPoint->isSelectValid())
-        m_selectors.initialize(insertionPoint->selectorList());
+    if (insertionPoint->select().isNull() || insertionPoint->select().isEmpty()) {
+        m_isValidSelector = true;
+        return;
+    }
+
+    CSSParser parser(insertionPoint->document());
+    parser.parseSelector(insertionPoint->select(), m_selectorList);
+
+    m_isValidSelector = ContentSelectorQuery::validateSelectorList();
+    if (m_isValidSelector)
+        m_selectors.initialize(m_selectorList);
+}
+
+bool ContentSelectorQuery::isValidSelector() const
+{
+    return m_isValidSelector;
 }
 
 bool ContentSelectorQuery::matches(const Vector<RefPtr<Node> >& siblings, int nth) const
@@ -80,7 +95,7 @@ bool ContentSelectorQuery::matches(const Vector<RefPtr<Node> >& siblings, int nt
     if (m_insertionPoint->select().isNull() || m_insertionPoint->select().isEmpty())
         return true;
 
-    if (!m_insertionPoint->isSelectValid())
+    if (!m_isValidSelector)
         return false;
 
     if (!node->isElementNode())
@@ -89,4 +104,85 @@ bool ContentSelectorQuery::matches(const Vector<RefPtr<Node> >& siblings, int nt
     return m_selectors.matches(m_selectorChecker, siblings, nth);
 }
 
+static bool validateSubSelector(CSSSelector* selector)
+{
+    switch (selector->m_match) {
+    case CSSSelector::None:
+    case CSSSelector::Id:
+    case CSSSelector::Class:
+    case CSSSelector::Exact:
+    case CSSSelector::Set:
+    case CSSSelector::List:
+    case CSSSelector::Hyphen:
+    case CSSSelector::Contain:
+    case CSSSelector::Begin:
+    case CSSSelector::End:
+        return true;
+    case CSSSelector::PseudoElement:
+        return false;
+    case CSSSelector::PagePseudoClass:
+    case CSSSelector::PseudoClass:
+        break;
+    }
+
+    switch (selector->pseudoType()) {
+    case CSSSelector::PseudoEmpty:
+    case CSSSelector::PseudoLink:
+    case CSSSelector::PseudoVisited:
+    case CSSSelector::PseudoTarget:
+    case CSSSelector::PseudoEnabled:
+    case CSSSelector::PseudoDisabled:
+    case CSSSelector::PseudoChecked:
+    case CSSSelector::PseudoIndeterminate:
+    case CSSSelector::PseudoNthChild:
+    case CSSSelector::PseudoNthLastChild:
+    case CSSSelector::PseudoNthOfType:
+    case CSSSelector::PseudoNthLastOfType:
+    case CSSSelector::PseudoFirstChild:
+    case CSSSelector::PseudoLastChild:
+    case CSSSelector::PseudoFirstOfType:
+    case CSSSelector::PseudoLastOfType:
+    case CSSSelector::PseudoOnlyOfType:
+        return true;
+    default:
+        return false;
+    }
+}
+
+static bool validateSelector(CSSSelector* selector)
+{
+    ASSERT(selector);
+
+    if (!validateSubSelector(selector))
+        return false;
+
+    CSSSelector* prevSubSelector = selector;
+    CSSSelector* subSelector = selector->tagHistory();
+
+    while (subSelector) {
+        if (prevSubSelector->relation() != CSSSelector::SubSelector)
+            return false;
+        if (!validateSubSelector(subSelector))
+            return false;
+
+        prevSubSelector = subSelector;
+        subSelector = subSelector->tagHistory();
+    }
+
+    return true;
+}
+
+bool ContentSelectorQuery::validateSelectorList()
+{
+    if (!m_selectorList.first())
+        return false;
+
+    for (CSSSelector* selector = m_selectorList.first(); selector; selector = m_selectorList.next(selector)) {
+        if (!validateSelector(selector))
+            return false;
+    }
+
+    return true;
+}
+
 }
diff --git a/Source/WebCore/html/shadow/ContentSelectorQuery.h b/Source/WebCore/html/shadow/ContentSelectorQuery.h
index 78a082454..2c710a585 100644
--- a/Source/WebCore/html/shadow/ContentSelectorQuery.h
+++ b/Source/WebCore/html/shadow/ContentSelectorQuery.h
@@ -64,14 +64,18 @@ private:
 class ContentSelectorQuery {
     WTF_MAKE_NONCOPYABLE(ContentSelectorQuery);
 public:
-    explicit ContentSelectorQuery(InsertionPoint*);
+    explicit ContentSelectorQuery(const InsertionPoint*);
 
+    bool isValidSelector() const;
     bool matches(const Vector<RefPtr<Node> >& siblings, int nthNode) const;
 private:
+    bool validateSelectorList();
 
-    InsertionPoint* m_insertionPoint;
+    const InsertionPoint* m_insertionPoint;
     ContentSelectorDataList m_selectors;
+    CSSSelectorList m_selectorList;
     ContentSelectorChecker m_selectorChecker;
+    bool m_isValidSelector;
 };
 
 }
diff --git a/Source/WebCore/html/shadow/DateTimeFieldElements.cpp b/Source/WebCore/html/shadow/DateTimeFieldElements.cpp
index 84dc52da3..b5c9ef1e6 100644
--- a/Source/WebCore/html/shadow/DateTimeFieldElements.cpp
+++ b/Source/WebCore/html/shadow/DateTimeFieldElements.cpp
@@ -42,7 +42,7 @@ DateTimeAMPMFieldElement::DateTimeAMPMFieldElement(Document* document, FieldOwne
 
 PassRefPtr<DateTimeAMPMFieldElement> DateTimeAMPMFieldElement::create(Document* document, FieldOwner& fieldOwner, const Vector<String>& ampmLabels)
 {
-    DEFINE_STATIC_LOCAL(AtomicString, ampmPsuedoId, ("-webkit-datetime-edit-ampm-field", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, ampmPsuedoId, ("-webkit-datetime-edit-ampm-field"));
     RefPtr<DateTimeAMPMFieldElement> field = adoptRef(new DateTimeAMPMFieldElement(document, fieldOwner, ampmLabels));
     field->initialize(ampmPsuedoId, AXAMPMFieldText());
     return field.release();
@@ -78,7 +78,7 @@ DateTimeDayFieldElement::DateTimeDayFieldElement(Document* document, FieldOwner&
 
 PassRefPtr<DateTimeDayFieldElement> DateTimeDayFieldElement::create(Document* document, FieldOwner& fieldOwner, const String& placeholder)
 {
-    DEFINE_STATIC_LOCAL(AtomicString, dayPsuedoId, ("-webkit-datetime-edit-day-field", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, dayPsuedoId, ("-webkit-datetime-edit-day-field"));
     RefPtr<DateTimeDayFieldElement> field = adoptRef(new DateTimeDayFieldElement(document, fieldOwner, placeholder.isEmpty() ? ASCIILiteral("--") : placeholder));
     field->initialize(dayPsuedoId, AXDayOfMonthFieldText());
     return field.release();
@@ -121,7 +121,7 @@ DateTimeHourFieldElement::DateTimeHourFieldElement(Document* document, FieldOwne
 
 PassRefPtr<DateTimeHourFieldElement> DateTimeHourFieldElement::create(Document* document, FieldOwner& fieldOwner, int minimum, int maximum)
 {
-    DEFINE_STATIC_LOCAL(AtomicString, hourPsuedoId, ("-webkit-datetime-edit-hour-field", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, hourPsuedoId, ("-webkit-datetime-edit-hour-field"));
     RefPtr<DateTimeHourFieldElement> field = adoptRef(new DateTimeHourFieldElement(document, fieldOwner, minimum, maximum));
     field->initialize(hourPsuedoId, AXHourFieldText());
     return field.release();
@@ -224,7 +224,7 @@ DateTimeMillisecondFieldElement::DateTimeMillisecondFieldElement(Document* docum
 
 PassRefPtr<DateTimeMillisecondFieldElement> DateTimeMillisecondFieldElement::create(Document* document, FieldOwner& fieldOwner)
 {
-    DEFINE_STATIC_LOCAL(AtomicString, millisecondPsuedoId, ("-webkit-datetime-edit-millisecond-field", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, millisecondPsuedoId, ("-webkit-datetime-edit-millisecond-field"));
     RefPtr<DateTimeMillisecondFieldElement> field = adoptRef(new DateTimeMillisecondFieldElement(document, fieldOwner));
     field->initialize(millisecondPsuedoId, AXMillisecondFieldText());
     return field.release();
@@ -265,7 +265,7 @@ DateTimeMinuteFieldElement::DateTimeMinuteFieldElement(Document* document, Field
 
 PassRefPtr<DateTimeMinuteFieldElement> DateTimeMinuteFieldElement::create(Document* document, FieldOwner& fieldOwner)
 {
-    DEFINE_STATIC_LOCAL(AtomicString, minutePsuedoId, ("-webkit-datetime-edit-minute-field", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, minutePsuedoId, ("-webkit-datetime-edit-minute-field"));
     RefPtr<DateTimeMinuteFieldElement> field = adoptRef(new DateTimeMinuteFieldElement(document, fieldOwner));
     field->initialize(minutePsuedoId, AXMinuteFieldText());
     return field.release();
@@ -306,7 +306,7 @@ DateTimeMonthFieldElement::DateTimeMonthFieldElement(Document* document, FieldOw
 
 PassRefPtr<DateTimeMonthFieldElement> DateTimeMonthFieldElement::create(Document* document, FieldOwner& fieldOwner, const String& placeholder)
 {
-    DEFINE_STATIC_LOCAL(AtomicString, monthPsuedoId, ("-webkit-datetime-edit-month-field", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, monthPsuedoId, ("-webkit-datetime-edit-month-field"));
     RefPtr<DateTimeMonthFieldElement> field = adoptRef(new DateTimeMonthFieldElement(document, fieldOwner, placeholder.isEmpty() ? ASCIILiteral("--") : placeholder));
     field->initialize(monthPsuedoId, AXMonthFieldText());
     return field.release();
@@ -347,7 +347,7 @@ DateTimeSecondFieldElement::DateTimeSecondFieldElement(Document* document, Field
 
 PassRefPtr<DateTimeSecondFieldElement> DateTimeSecondFieldElement::create(Document* document, FieldOwner& fieldOwner)
 {
-    DEFINE_STATIC_LOCAL(AtomicString, secondPsuedoId, ("-webkit-datetime-edit-second-field", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, secondPsuedoId, ("-webkit-datetime-edit-second-field"));
     RefPtr<DateTimeSecondFieldElement> field = adoptRef(new DateTimeSecondFieldElement(document, fieldOwner));
     field->initialize(secondPsuedoId, AXSecondFieldText());
     return field.release();
@@ -388,7 +388,7 @@ DateTimeSymbolicMonthFieldElement::DateTimeSymbolicMonthFieldElement(Document* d
 
 PassRefPtr<DateTimeSymbolicMonthFieldElement> DateTimeSymbolicMonthFieldElement::create(Document* document, FieldOwner& fieldOwner, const Vector<String>& labels)
 {
-    DEFINE_STATIC_LOCAL(AtomicString, monthPsuedoId, ("-webkit-datetime-edit-month-field", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, monthPsuedoId, ("-webkit-datetime-edit-month-field"));
     RefPtr<DateTimeSymbolicMonthFieldElement> field = adoptRef(new DateTimeSymbolicMonthFieldElement(document, fieldOwner, labels));
     field->initialize(monthPsuedoId, AXMonthFieldText());
     return field.release();
@@ -432,7 +432,7 @@ DateTimeWeekFieldElement::DateTimeWeekFieldElement(Document* document, FieldOwne
 
 PassRefPtr<DateTimeWeekFieldElement> DateTimeWeekFieldElement::create(Document* document, FieldOwner& fieldOwner)
 {
-    DEFINE_STATIC_LOCAL(AtomicString, weekPsuedoId, ("-webkit-datetime-edit-week-field", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, weekPsuedoId, ("-webkit-datetime-edit-week-field"));
     RefPtr<DateTimeWeekFieldElement> field = adoptRef(new DateTimeWeekFieldElement(document, fieldOwner));
     field->initialize(weekPsuedoId, AXWeekOfYearFieldText());
     return field.release();
@@ -477,7 +477,7 @@ DateTimeYearFieldElement::DateTimeYearFieldElement(Document* document, FieldOwne
 
 PassRefPtr<DateTimeYearFieldElement> DateTimeYearFieldElement::create(Document* document, FieldOwner& fieldOwner, const DateTimeYearFieldElement::Parameters& parameters)
 {
-    DEFINE_STATIC_LOCAL(AtomicString, yearPsuedoId, ("-webkit-datetime-edit-year-field", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, yearPsuedoId, ("-webkit-datetime-edit-year-field"));
     RefPtr<DateTimeYearFieldElement> field = adoptRef(new DateTimeYearFieldElement(document, fieldOwner, parameters));
     field->initialize(yearPsuedoId, AXYearFieldText());
     return field.release();
diff --git a/Source/WebCore/html/shadow/DetailsMarkerControl.cpp b/Source/WebCore/html/shadow/DetailsMarkerControl.cpp
index 7b83b7ba8..b109ef8eb 100644
--- a/Source/WebCore/html/shadow/DetailsMarkerControl.cpp
+++ b/Source/WebCore/html/shadow/DetailsMarkerControl.cpp
@@ -57,7 +57,7 @@ bool DetailsMarkerControl::rendererIsNeeded(const NodeRenderingContext& context)
 
 const AtomicString& DetailsMarkerControl::shadowPseudoId() const
 {
-    DEFINE_STATIC_LOCAL(AtomicString, pseudId, ("-webkit-details-marker", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, pseudId, ("-webkit-details-marker"));
     return pseudId;
 }
 
diff --git a/Source/WebCore/html/shadow/HTMLContentElement.cpp b/Source/WebCore/html/shadow/HTMLContentElement.cpp
index 71489f9f3..c0b9bba80 100644
--- a/Source/WebCore/html/shadow/HTMLContentElement.cpp
+++ b/Source/WebCore/html/shadow/HTMLContentElement.cpp
@@ -27,7 +27,6 @@
 #include "config.h"
 #include "HTMLContentElement.h"
 
-#include "CSSParser.h"
 #include "ContentDistributor.h"
 #include "ContentSelectorQuery.h"
 #include "ElementShadow.h"
@@ -65,8 +64,6 @@ PassRefPtr<HTMLContentElement> HTMLContentElement::create(const QualifiedName& t
 HTMLContentElement::HTMLContentElement(const QualifiedName& name, Document* document)
     : InsertionPoint(name, document)
     , m_registeredWithShadowRoot(false)
-    , m_shouldParseSelectorList(false)
-    , m_isValidSelector(true)
 {
 }
 
@@ -79,23 +76,15 @@ const AtomicString& HTMLContentElement::select() const
     return getAttribute(selectAttr);
 }
 
-bool HTMLContentElement::isSelectValid()
+bool HTMLContentElement::isSelectValid() const
 {
-    ensureSelectParsed();
-    return m_isValidSelector;
+    ContentSelectorQuery query(this);
+    return query.isValidSelector();
 }
 
-void HTMLContentElement::ensureSelectParsed()
+void HTMLContentElement::setSelect(const AtomicString& selectValue)
 {
-    if (!m_shouldParseSelectorList)
-        return;
-
-    CSSParser parser(document());
-    parser.parseSelector(select(), m_selectorList);
-    m_shouldParseSelectorList = false;
-    m_isValidSelector = validateSelect();
-    if (!m_isValidSelector)
-        m_selectorList = CSSSelectorList();
+    setAttribute(selectAttr, selectValue);
 }
 
 void HTMLContentElement::parseAttribute(const Attribute& attribute)
@@ -103,7 +92,6 @@ void HTMLContentElement::parseAttribute(const Attribute& attribute)
     if (attribute.name() == selectAttr) {
         if (ShadowRoot* root = shadowRoot())
             root->owner()->invalidateDistribution();
-        m_shouldParseSelectorList = true;
     } else
         InsertionPoint::parseAttribute(attribute);
 }
@@ -133,91 +121,4 @@ void HTMLContentElement::removedFrom(ContainerNode* insertionPoint)
     InsertionPoint::removedFrom(insertionPoint);
 }
 
-static bool validateSubSelector(CSSSelector* selector)
-{
-    switch (selector->m_match) {
-    case CSSSelector::None:
-    case CSSSelector::Id:
-    case CSSSelector::Class:
-    case CSSSelector::Exact:
-    case CSSSelector::Set:
-    case CSSSelector::List:
-    case CSSSelector::Hyphen:
-    case CSSSelector::Contain:
-    case CSSSelector::Begin:
-    case CSSSelector::End:
-        return true;
-    case CSSSelector::PseudoElement:
-        return false;
-    case CSSSelector::PagePseudoClass:
-    case CSSSelector::PseudoClass:
-        break;
-    }
-
-    switch (selector->pseudoType()) {
-    case CSSSelector::PseudoEmpty:
-    case CSSSelector::PseudoLink:
-    case CSSSelector::PseudoVisited:
-    case CSSSelector::PseudoTarget:
-    case CSSSelector::PseudoEnabled:
-    case CSSSelector::PseudoDisabled:
-    case CSSSelector::PseudoChecked:
-    case CSSSelector::PseudoIndeterminate:
-    case CSSSelector::PseudoNthChild:
-    case CSSSelector::PseudoNthLastChild:
-    case CSSSelector::PseudoNthOfType:
-    case CSSSelector::PseudoNthLastOfType:
-    case CSSSelector::PseudoFirstChild:
-    case CSSSelector::PseudoLastChild:
-    case CSSSelector::PseudoFirstOfType:
-    case CSSSelector::PseudoLastOfType:
-    case CSSSelector::PseudoOnlyOfType:
-        return true;
-    default:
-        return false;
-    }
-}
-
-static bool validateSelector(CSSSelector* selector)
-{
-    ASSERT(selector);
-
-    if (!validateSubSelector(selector))
-        return false;
-
-    CSSSelector* prevSubSelector = selector;
-    CSSSelector* subSelector = selector->tagHistory();
-
-    while (subSelector) {
-        if (prevSubSelector->relation() != CSSSelector::SubSelector)
-            return false;
-        if (!validateSubSelector(subSelector))
-            return false;
-
-        prevSubSelector = subSelector;
-        subSelector = subSelector->tagHistory();
-    }
-
-    return true;
-}
-
-bool HTMLContentElement::validateSelect() const
-{
-    ASSERT(!m_shouldParseSelectorList);
-
-    if (select().isNull() || select().isEmpty())
-        return true;
-
-    if (!m_selectorList.first())
-        return false;
-
-    for (CSSSelector* selector = m_selectorList.first(); selector; selector = m_selectorList.next(selector)) {
-        if (!validateSelector(selector))
-            return false;
-    }
-
-    return true;
-}
-
-
 }
diff --git a/Source/WebCore/html/shadow/HTMLContentElement.h b/Source/WebCore/html/shadow/HTMLContentElement.h
index 04254e12b..2a3a32cea 100644
--- a/Source/WebCore/html/shadow/HTMLContentElement.h
+++ b/Source/WebCore/html/shadow/HTMLContentElement.h
@@ -31,7 +31,6 @@
 #ifndef HTMLContentElement_h
 #define HTMLContentElement_h
 
-#include "CSSSelectorList.h"
 #include "InsertionPoint.h"
 #include <wtf/Forward.h>
 
@@ -45,10 +44,9 @@ public:
 
     virtual ~HTMLContentElement();
 
+    const AtomicString& select() const;
     void setSelect(const AtomicString&);
-    virtual const AtomicString& select() const;
-    virtual bool isSelectValid();
-    virtual const CSSSelectorList& selectorList();
+    virtual bool isSelectValid() const;
 
 protected:
     HTMLContentElement(const QualifiedName&, Document*);
@@ -58,28 +56,10 @@ protected:
 
 private:
     virtual void parseAttribute(const Attribute&) OVERRIDE;
-    void ensureSelectParsed();
-    bool validateSelect() const;
 
     bool m_registeredWithShadowRoot;
-
-    bool m_shouldParseSelectorList;
-    bool m_isValidSelector;
-    CSSSelectorList m_selectorList;
 };
 
-inline void HTMLContentElement::setSelect(const AtomicString& selectValue)
-{
-    setAttribute(HTMLNames::selectAttr, selectValue);
-    m_shouldParseSelectorList = true;
-}
-
-inline const CSSSelectorList& HTMLContentElement::selectorList()
-{
-    ensureSelectParsed();
-    return m_selectorList;
-}
-
 inline bool isHTMLContentElement(const Node* node)
 {
     ASSERT(node);
diff --git a/Source/WebCore/html/shadow/HTMLShadowElement.cpp b/Source/WebCore/html/shadow/HTMLShadowElement.cpp
index da18ba8ea..7d7e41529 100644
--- a/Source/WebCore/html/shadow/HTMLShadowElement.cpp
+++ b/Source/WebCore/html/shadow/HTMLShadowElement.cpp
@@ -87,10 +87,4 @@ void HTMLShadowElement::removedFrom(ContainerNode* insertionPoint)
     InsertionPoint::removedFrom(insertionPoint);
 }
 
-const CSSSelectorList& HTMLShadowElement::emptySelectorList()
-{
-    DEFINE_STATIC_LOCAL(CSSSelectorList, selectorList, (CSSSelectorList()));
-    return selectorList;
-}
-
 } // namespace WebCore
diff --git a/Source/WebCore/html/shadow/HTMLShadowElement.h b/Source/WebCore/html/shadow/HTMLShadowElement.h
index 87059896f..bac2b92b5 100644
--- a/Source/WebCore/html/shadow/HTMLShadowElement.h
+++ b/Source/WebCore/html/shadow/HTMLShadowElement.h
@@ -42,9 +42,8 @@ public:
 
     virtual ~HTMLShadowElement();
 
-    virtual const AtomicString& select() const;
-    virtual bool isSelectValid() OVERRIDE { return true; }
-    virtual const CSSSelectorList& selectorList() { return emptySelectorList(); }
+    const AtomicString& select() const;
+    bool isSelectValid() const OVERRIDE { return true; }
 
 protected:
     virtual InsertionNotificationRequest insertedInto(ContainerNode*) OVERRIDE;
@@ -53,8 +52,6 @@ protected:
 private:
     HTMLShadowElement(const QualifiedName&, Document*);
 
-    static const CSSSelectorList& emptySelectorList();
-
     bool m_registeredWithShadowRoot;
 };
 
diff --git a/Source/WebCore/html/shadow/ImageInnerElement.cpp b/Source/WebCore/html/shadow/ImageInnerElement.cpp
index 839cc9203..b23d6b1a5 100644
--- a/Source/WebCore/html/shadow/ImageInnerElement.cpp
+++ b/Source/WebCore/html/shadow/ImageInnerElement.cpp
@@ -70,7 +70,7 @@ RenderObject* ImageInnerElement::createRenderer(RenderArena* arena, RenderStyle*
 
 const AtomicString& ImageInnerElement::shadowPseudoId() const
 {
-    DEFINE_STATIC_LOCAL(AtomicString, pseudoId, ("-webkit-image-inner-element", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, pseudoId, ("-webkit-image-inner-element"));
     return pseudoId;
 }
 
diff --git a/Source/WebCore/html/shadow/InsertionPoint.h b/Source/WebCore/html/shadow/InsertionPoint.h
index 23dad8dca..243a08c18 100644
--- a/Source/WebCore/html/shadow/InsertionPoint.h
+++ b/Source/WebCore/html/shadow/InsertionPoint.h
@@ -31,7 +31,6 @@
 #ifndef InsertionPoint_h
 #define InsertionPoint_h
 
-#include "CSSSelectorList.h"
 #include "ContentDistributor.h"
 #include "ElementShadow.h"
 #include "HTMLElement.h"
@@ -54,8 +53,7 @@ public:
     PassRefPtr<NodeList> getDistributedNodes() const;
 
     virtual const AtomicString& select() const = 0;
-    virtual bool isSelectValid() = 0;
-    virtual const CSSSelectorList& selectorList() = 0;
+    virtual bool isSelectValid() const = 0;
 
     bool resetStyleInheritance() const;
     void setResetStyleInheritance(bool);
diff --git a/Source/WebCore/html/shadow/MediaControlElements.cpp b/Source/WebCore/html/shadow/MediaControlElements.cpp
index 0bbf763a8..906466013 100644
--- a/Source/WebCore/html/shadow/MediaControlElements.cpp
+++ b/Source/WebCore/html/shadow/MediaControlElements.cpp
@@ -138,7 +138,7 @@ MediaControlElementType MediaControlPanelElement::displayType() const
 
 const AtomicString& MediaControlPanelElement::shadowPseudoId() const
 {
-    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls-panel", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls-panel"));
     return id;
 }
 
@@ -334,7 +334,7 @@ MediaControlElementType MediaControlTimelineContainerElement::displayType() cons
 
 const AtomicString& MediaControlTimelineContainerElement::shadowPseudoId() const
 {
-    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls-timeline-container", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls-timeline-container"));
     return id;
 }
 
@@ -410,7 +410,7 @@ MediaControlElementType MediaControlVolumeSliderContainerElement::displayType()
 
 const AtomicString& MediaControlVolumeSliderContainerElement::shadowPseudoId() const
 {
-    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls-volume-slider-container", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls-volume-slider-container"));
     return id;
 }
 
@@ -471,7 +471,7 @@ MediaControlElementType MediaControlStatusDisplayElement::displayType() const
 
 const AtomicString& MediaControlStatusDisplayElement::shadowPseudoId() const
 {
-    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls-status-display", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls-status-display"));
     return id;
 }
 
@@ -560,7 +560,7 @@ void MediaControlPanelMuteButtonElement::defaultEventHandler(Event* event)
 
 const AtomicString& MediaControlPanelMuteButtonElement::shadowPseudoId() const
 {
-    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls-mute-button", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls-mute-button"));
     return id;
 }
 
@@ -581,7 +581,7 @@ PassRefPtr<MediaControlVolumeSliderMuteButtonElement> MediaControlVolumeSliderMu
 
 const AtomicString& MediaControlVolumeSliderMuteButtonElement::shadowPseudoId() const
 {
-    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls-volume-slider-mute-button", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls-volume-slider-mute-button"));
     return id;
 }
 
@@ -620,7 +620,7 @@ void MediaControlPlayButtonElement::updateDisplayType()
 
 const AtomicString& MediaControlPlayButtonElement::shadowPseudoId() const
 {
-    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls-play-button", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls-play-button"));
     return id;
 }
 
@@ -660,7 +660,7 @@ void MediaControlOverlayPlayButtonElement::updateDisplayType()
 
 const AtomicString& MediaControlOverlayPlayButtonElement::shadowPseudoId() const
 {
-    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls-overlay-play-button", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls-overlay-play-button"));
     return id;
 }
 
@@ -762,7 +762,7 @@ PassRefPtr<MediaControlSeekForwardButtonElement> MediaControlSeekForwardButtonEl
 
 const AtomicString& MediaControlSeekForwardButtonElement::shadowPseudoId() const
 {
-    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls-seek-forward-button", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls-seek-forward-button"));
     return id;
 }
 
@@ -783,7 +783,7 @@ PassRefPtr<MediaControlSeekBackButtonElement> MediaControlSeekBackButtonElement:
 
 const AtomicString& MediaControlSeekBackButtonElement::shadowPseudoId() const
 {
-    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls-seek-back-button", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls-seek-back-button"));
     return id;
 }
 
@@ -814,7 +814,7 @@ void MediaControlRewindButtonElement::defaultEventHandler(Event* event)
 
 const AtomicString& MediaControlRewindButtonElement::shadowPseudoId() const
 {
-    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls-rewind-button", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls-rewind-button"));
     return id;
 }
 
@@ -845,7 +845,7 @@ void MediaControlReturnToRealtimeButtonElement::defaultEventHandler(Event* event
 
 const AtomicString& MediaControlReturnToRealtimeButtonElement::shadowPseudoId() const
 {
-    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls-return-to-realtime-button", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls-return-to-realtime-button"));
     return id;
 }
 
@@ -884,7 +884,7 @@ void MediaControlToggleClosedCaptionsButtonElement::updateDisplayType()
 
 const AtomicString& MediaControlToggleClosedCaptionsButtonElement::shadowPseudoId() const
 {
-    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls-toggle-closed-captions-button", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls-toggle-closed-captions-button"));
     return id;
 }
 
@@ -959,7 +959,7 @@ void MediaControlTimelineElement::setDuration(float duration)
 
 const AtomicString& MediaControlTimelineElement::shadowPseudoId() const
 {
-    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls-timeline", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls-timeline"));
     return id;
 }
 
@@ -1034,7 +1034,7 @@ void MediaControlVolumeSliderElement::setClearMutedOnUserInteraction(bool clearM
 
 const AtomicString& MediaControlVolumeSliderElement::shadowPseudoId() const
 {
-    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls-volume-slider", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls-volume-slider"));
     return id;
 }
 
@@ -1057,7 +1057,7 @@ PassRefPtr<MediaControlFullscreenVolumeSliderElement> MediaControlFullscreenVolu
 
 const AtomicString& MediaControlFullscreenVolumeSliderElement::shadowPseudoId() const
 {
-    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls-fullscreen-volume-slider", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls-fullscreen-volume-slider"));
     return id;
 }
 
@@ -1103,7 +1103,7 @@ void MediaControlFullscreenButtonElement::defaultEventHandler(Event* event)
 
 const AtomicString& MediaControlFullscreenButtonElement::shadowPseudoId() const
 {
-    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls-fullscreen-button", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls-fullscreen-button"));
     return id;
 }
 
@@ -1139,7 +1139,7 @@ void MediaControlFullscreenVolumeMinButtonElement::defaultEventHandler(Event* ev
 
 const AtomicString& MediaControlFullscreenVolumeMinButtonElement::shadowPseudoId() const
 {
-    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls-fullscreen-volume-min-button", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls-fullscreen-volume-min-button"));
     return id;
 }
 
@@ -1170,7 +1170,7 @@ void MediaControlFullscreenVolumeMaxButtonElement::defaultEventHandler(Event* ev
 
 const AtomicString& MediaControlFullscreenVolumeMaxButtonElement::shadowPseudoId() const
 {
-    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls-fullscreen-volume-max-button", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls-fullscreen-volume-max-button"));
     return id;
 }
 
@@ -1239,7 +1239,7 @@ MediaControlElementType MediaControlTimeRemainingDisplayElement::displayType() c
 
 const AtomicString& MediaControlTimeRemainingDisplayElement::shadowPseudoId() const
 {
-    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls-time-remaining-display", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls-time-remaining-display"));
     return id;
 }
 
@@ -1262,7 +1262,7 @@ MediaControlElementType MediaControlCurrentTimeDisplayElement::displayType() con
 
 const AtomicString& MediaControlCurrentTimeDisplayElement::shadowPseudoId() const
 {
-    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls-current-time-display", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls-current-time-display"));
     return id;
 }
 
@@ -1315,7 +1315,7 @@ RenderObject* MediaControlTextTrackContainerElement::createRenderer(RenderArena*
 
 const AtomicString& MediaControlTextTrackContainerElement::shadowPseudoId() const
 {
-    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-text-track-container", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-text-track-container"));
     return id;
 }
 
diff --git a/Source/WebCore/html/shadow/MediaControlRootElement.cpp b/Source/WebCore/html/shadow/MediaControlRootElement.cpp
index 22a018fd9..ef541baa3 100644
--- a/Source/WebCore/html/shadow/MediaControlRootElement.cpp
+++ b/Source/WebCore/html/shadow/MediaControlRootElement.cpp
@@ -656,7 +656,7 @@ void MediaControlRootElement::updateTextTrackDisplay()
 
 const AtomicString& MediaControlRootElement::shadowPseudoId() const
 {
-    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls"));
     return id;
 }
 
diff --git a/Source/WebCore/html/shadow/MediaControlRootElementChromium.cpp b/Source/WebCore/html/shadow/MediaControlRootElementChromium.cpp
index 82d8f9260..6b3913bb6 100644
--- a/Source/WebCore/html/shadow/MediaControlRootElementChromium.cpp
+++ b/Source/WebCore/html/shadow/MediaControlRootElementChromium.cpp
@@ -71,7 +71,7 @@ PassRefPtr<MediaControlPanelEnclosureElement> MediaControlPanelEnclosureElement:
 
 const AtomicString& MediaControlPanelEnclosureElement::shadowPseudoId() const
 {
-    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls-enclosure", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls-enclosure"));
     return id;
 }
 
@@ -519,7 +519,7 @@ void MediaControlRootElementChromium::updateTextTrackDisplay()
 
 const AtomicString& MediaControlRootElementChromium::shadowPseudoId() const
 {
-    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls"));
     return id;
 }
 
diff --git a/Source/WebCore/html/shadow/MediaControlRootElementChromiumAndroid.cpp b/Source/WebCore/html/shadow/MediaControlRootElementChromiumAndroid.cpp
index dfe848dc8..45634a847 100644
--- a/Source/WebCore/html/shadow/MediaControlRootElementChromiumAndroid.cpp
+++ b/Source/WebCore/html/shadow/MediaControlRootElementChromiumAndroid.cpp
@@ -44,7 +44,7 @@ PassRefPtr<MediaControlOverlayEnclosureElement> MediaControlOverlayEnclosureElem
 
 const AtomicString& MediaControlOverlayEnclosureElement::shadowPseudoId() const
 {
-    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls-overlay-enclosure", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls-overlay-enclosure"));
     return id;
 }
 
diff --git a/Source/WebCore/html/shadow/MeterShadowElement.cpp b/Source/WebCore/html/shadow/MeterShadowElement.cpp
index 3c48b5f2b..441f01397 100644
--- a/Source/WebCore/html/shadow/MeterShadowElement.cpp
+++ b/Source/WebCore/html/shadow/MeterShadowElement.cpp
@@ -81,21 +81,21 @@ RenderObject* MeterInnerElement::createRenderer(RenderArena* arena, RenderStyle*
 
 const AtomicString& MeterInnerElement::shadowPseudoId() const
 {
-    DEFINE_STATIC_LOCAL(AtomicString, pseudId, ("-webkit-meter-inner-element", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, pseudId, ("-webkit-meter-inner-element"));
     return pseudId;
 }
 
 const AtomicString& MeterBarElement::shadowPseudoId() const
 {
-    DEFINE_STATIC_LOCAL(AtomicString, pseudId, ("-webkit-meter-bar", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, pseudId, ("-webkit-meter-bar"));
     return pseudId;
 }
 
 const AtomicString& MeterValueElement::shadowPseudoId() const
 {
-    DEFINE_STATIC_LOCAL(AtomicString, optimumPseudId, ("-webkit-meter-optimum-value", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(AtomicString, suboptimumPseudId, ("-webkit-meter-suboptimum-value", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(AtomicString, evenLessGoodPseudId, ("-webkit-meter-even-less-good-value", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, optimumPseudId, ("-webkit-meter-optimum-value"));
+    DEFINE_STATIC_LOCAL(AtomicString, suboptimumPseudId, ("-webkit-meter-suboptimum-value"));
+    DEFINE_STATIC_LOCAL(AtomicString, evenLessGoodPseudId, ("-webkit-meter-even-less-good-value"));
 
     HTMLMeterElement* meter = meterElement();
     if (!meter)
diff --git a/Source/WebCore/html/shadow/ProgressShadowElement.cpp b/Source/WebCore/html/shadow/ProgressShadowElement.cpp
index fdfae05f0..465d5ba8f 100644
--- a/Source/WebCore/html/shadow/ProgressShadowElement.cpp
+++ b/Source/WebCore/html/shadow/ProgressShadowElement.cpp
@@ -68,7 +68,7 @@ PassRefPtr<ProgressInnerElement> ProgressInnerElement::create(Document* document
 
 const AtomicString& ProgressInnerElement::shadowPseudoId() const
 {
-    DEFINE_STATIC_LOCAL(AtomicString, pseudId, ("-webkit-progress-inner-element", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, pseudId, ("-webkit-progress-inner-element"));
     return pseudId;
 }
 
@@ -88,14 +88,14 @@ bool ProgressInnerElement::rendererIsNeeded(const NodeRenderingContext& context)
 
 const AtomicString& ProgressBarElement::shadowPseudoId() const
 {
-    DEFINE_STATIC_LOCAL(AtomicString, pseudId, ("-webkit-progress-bar", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, pseudId, ("-webkit-progress-bar"));
     return pseudId;
 }
 
 
 const AtomicString& ProgressValueElement::shadowPseudoId() const
 {
-    DEFINE_STATIC_LOCAL(AtomicString, pseudId, ("-webkit-progress-value", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, pseudId, ("-webkit-progress-value"));
     return pseudId;
 }
 
diff --git a/Source/WebCore/html/shadow/SliderThumbElement.cpp b/Source/WebCore/html/shadow/SliderThumbElement.cpp
index 8dc0fd2eb..5e53eced1 100644
--- a/Source/WebCore/html/shadow/SliderThumbElement.cpp
+++ b/Source/WebCore/html/shadow/SliderThumbElement.cpp
@@ -400,13 +400,13 @@ HTMLInputElement* SliderThumbElement::hostInput() const
 
 static const AtomicString& sliderThumbShadowPseudoId()
 {
-    DEFINE_STATIC_LOCAL(const AtomicString, sliderThumb, ("-webkit-slider-thumb", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(const AtomicString, sliderThumb, ("-webkit-slider-thumb"));
     return sliderThumb;
 }
 
 static const AtomicString& mediaSliderThumbShadowPseudoId()
 {
-    DEFINE_STATIC_LOCAL(const AtomicString, mediaSliderThumb, ("-webkit-media-slider-thumb", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(const AtomicString, mediaSliderThumb, ("-webkit-media-slider-thumb"));
     return mediaSliderThumb;
 }
 
@@ -501,8 +501,8 @@ RenderObject* SliderContainerElement::createRenderer(RenderArena* arena, RenderS
 
 const AtomicString& SliderContainerElement::shadowPseudoId() const
 {
-    DEFINE_STATIC_LOCAL(const AtomicString, mediaSliderContainer, ("-webkit-media-slider-container", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(const AtomicString, sliderContainer, ("-webkit-slider-container", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(const AtomicString, mediaSliderContainer, ("-webkit-media-slider-container"));
+    DEFINE_STATIC_LOCAL(const AtomicString, sliderContainer, ("-webkit-slider-container"));
 
     HTMLInputElement* input = shadowHost()->toInputElement();
     if (!input)
diff --git a/Source/WebCore/html/shadow/SpinButtonElement.cpp b/Source/WebCore/html/shadow/SpinButtonElement.cpp
index e9b0eec66..99dd71947 100644
--- a/Source/WebCore/html/shadow/SpinButtonElement.cpp
+++ b/Source/WebCore/html/shadow/SpinButtonElement.cpp
@@ -57,7 +57,7 @@ PassRefPtr<SpinButtonElement> SpinButtonElement::create(Document* document, Spin
 
 const AtomicString& SpinButtonElement::shadowPseudoId() const
 {
-    DEFINE_STATIC_LOCAL(AtomicString, innerPseudoId, ("-webkit-inner-spin-button", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, innerPseudoId, ("-webkit-inner-spin-button"));
     return innerPseudoId;
 }
 
diff --git a/Source/WebCore/html/shadow/TextControlInnerElements.cpp b/Source/WebCore/html/shadow/TextControlInnerElements.cpp
index c79c5b881..6a565b300 100644
--- a/Source/WebCore/html/shadow/TextControlInnerElements.cpp
+++ b/Source/WebCore/html/shadow/TextControlInnerElements.cpp
@@ -124,9 +124,9 @@ PassRefPtr<SearchFieldResultsButtonElement> SearchFieldResultsButtonElement::cre
 
 const AtomicString& SearchFieldResultsButtonElement::shadowPseudoId() const
 {
-    DEFINE_STATIC_LOCAL(AtomicString, resultsId, ("-webkit-search-results-button", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(AtomicString, resultsDecorationId, ("-webkit-search-results-decoration", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(AtomicString, decorationId, ("-webkit-search-decoration", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, resultsId, ("-webkit-search-results-button"));
+    DEFINE_STATIC_LOCAL(AtomicString, resultsDecorationId, ("-webkit-search-results-decoration"));
+    DEFINE_STATIC_LOCAL(AtomicString, decorationId, ("-webkit-search-decoration"));
     Element* host = shadowHost();
     if (!host)
         return resultsId;
@@ -179,7 +179,7 @@ PassRefPtr<SearchFieldCancelButtonElement> SearchFieldCancelButtonElement::creat
 
 const AtomicString& SearchFieldCancelButtonElement::shadowPseudoId() const
 {
-    DEFINE_STATIC_LOCAL(AtomicString, pseudoId, ("-webkit-search-cancel-button", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, pseudoId, ("-webkit-search-cancel-button"));
     return pseudoId;
 }
 
@@ -438,7 +438,7 @@ void InputFieldSpeechButtonElement::stopSpeechInput()
 
 const AtomicString& InputFieldSpeechButtonElement::shadowPseudoId() const
 {
-    DEFINE_STATIC_LOCAL(AtomicString, pseudoId, ("-webkit-input-speech-button", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, pseudoId, ("-webkit-input-speech-button"));
     return pseudoId;
 }
 
diff --git a/Source/WebCore/html/track/TextTrackCue.cpp b/Source/WebCore/html/track/TextTrackCue.cpp
index 39d02e52f..29a393ff7 100644
--- a/Source/WebCore/html/track/TextTrackCue.cpp
+++ b/Source/WebCore/html/track/TextTrackCue.cpp
@@ -95,7 +95,6 @@ TextTrackCueBox::TextTrackCueBox(Document* document, TextTrackCue* cue)
     : HTMLElement(divTag, document)
     , m_cue(cue)
 {
-    setPseudo(textTrackCueBoxShadowPseudoId());
 }
 
 TextTrackCue* TextTrackCueBox::getCue() const
@@ -170,10 +169,15 @@ void TextTrackCueBox::applyCSSProperties()
 
 const AtomicString& TextTrackCueBox::textTrackCueBoxShadowPseudoId()
 {
-    DEFINE_STATIC_LOCAL(const AtomicString, trackDisplayBoxShadowPseudoId, ("-webkit-media-text-track-display", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(const AtomicString, trackDisplayBoxShadowPseudoId, ("-webkit-media-text-track-display"));
     return trackDisplayBoxShadowPseudoId;
 }
 
+const AtomicString& TextTrackCueBox::shadowPseudoId() const
+{
+    return textTrackCueBoxShadowPseudoId();
+}
+
 RenderObject* TextTrackCueBox::createRenderer(RenderArena* arena, RenderStyle*)
 {
     return new (arena) RenderTextTrackCue(this);
diff --git a/Source/WebCore/html/track/TextTrackCue.h b/Source/WebCore/html/track/TextTrackCue.h
index 5b8e3f131..01a0e6603 100644
--- a/Source/WebCore/html/track/TextTrackCue.h
+++ b/Source/WebCore/html/track/TextTrackCue.h
@@ -59,6 +59,7 @@ public:
     TextTrackCue* getCue() const;
     void applyCSSProperties();
 
+    virtual const AtomicString& shadowPseudoId() const OVERRIDE;
     static const AtomicString& textTrackCueBoxShadowPseudoId();
 
 private:
diff --git a/Source/WebCore/html/track/WebVTTTokenizer.cpp b/Source/WebCore/html/track/WebVTTTokenizer.cpp
index 3b3f38ace..4d2d8b300 100644
--- a/Source/WebCore/html/track/WebVTTTokenizer.cpp
+++ b/Source/WebCore/html/track/WebVTTTokenizer.cpp
@@ -34,7 +34,7 @@
 
 #include "WebVTTTokenizer.h"
 
-#include "MarkupTokenizerInlines.h"
+#include "MarkupTokenizerInlineMethods.h"
 
 namespace WebCore {
 
diff --git a/Source/WebCore/inspector/InspectorTimelineAgent.cpp b/Source/WebCore/inspector/InspectorTimelineAgent.cpp
index e12101010..aad827ef7 100644
--- a/Source/WebCore/inspector/InspectorTimelineAgent.cpp
+++ b/Source/WebCore/inspector/InspectorTimelineAgent.cpp
@@ -398,8 +398,19 @@ void InspectorTimelineAgent::didScheduleResourceRequest(const String& url, Frame
 
 void InspectorTimelineAgent::willSendResourceRequest(unsigned long identifier, const ResourceRequest& request, Frame* frame)
 {
+    pushGCEventRecords();
+    RefPtr<InspectorObject> recordRaw = TimelineRecordFactory::createGenericRecord(timestamp(), m_maxCallStackDepth);
     String requestId = IdentifiersFactory::requestId(identifier);
-    appendRecord(TimelineRecordFactory::createResourceSendRequestData(requestId, request), TimelineRecordType::ResourceSendRequest, true, frame);
+    recordRaw->setObject("data", TimelineRecordFactory::createResourceSendRequestData(requestId, request));
+    recordRaw->setString("type", TimelineRecordType::ResourceSendRequest);
+    if (frame && m_pageAgent) {
+        String frameId(m_pageAgent->frameId(frame));
+        recordRaw->setString("frameId", frameId);
+    }
+    setHeapSizeStatistics(recordRaw.get());
+    // FIXME: runtimeCast is a hack. We do it because we can't build TimelineEvent directly now.
+    RefPtr<TypeBuilder::Timeline::TimelineEvent> record = TypeBuilder::Timeline::TimelineEvent::runtimeCast(recordRaw.release());
+    m_frontend->eventRecorded(record.release());
 }
 
 void InspectorTimelineAgent::willReceiveResourceData(unsigned long identifier, Frame* frame, int length)
diff --git a/Source/WebCore/inspector/front-end/CodeMirrorTextEditor.js b/Source/WebCore/inspector/front-end/CodeMirrorTextEditor.js
index ff61bdbf0..7af304679 100644
--- a/Source/WebCore/inspector/front-end/CodeMirrorTextEditor.js
+++ b/Source/WebCore/inspector/front-end/CodeMirrorTextEditor.js
@@ -54,9 +54,8 @@ WebInspector.CodeMirrorTextEditor = function(url, delegate)
         lineNumbers: true,
         gutters: ["CodeMirror-linenumbers", "breakpoints"]
     });
-
-    this._codeMirror.on("change", this._change.bind(this));
-    this._codeMirror.on("gutterClick", this._gutterClick.bind(this));
+    CodeMirror.on(this._codeMirror, "change", this._change.bind(this));
+    CodeMirror.on(this._codeMirror, "gutterClick", this._gutterClick.bind(this));
 
     this._lastRange = this.range();
 
@@ -118,7 +117,8 @@ WebInspector.CodeMirrorTextEditor.prototype = {
     revealLine: function(lineNumber)
     {
         this._codeMirror.setCursor({ line: lineNumber, ch: 0 });
-        this._codeMirror.scrollIntoView();
+        var coords = this._codeMirror.cursorCoords();
+        this._codeMirror.scrollTo(coords.x, coords.y);
     },
 
     _gutterClick: function(instance, lineNumber, gutter, event)
@@ -276,8 +276,8 @@ WebInspector.CodeMirrorTextEditor.prototype = {
      */
     selection: function(textRange)
     {
-        var start = this._codeMirror.getCursor(true);
-        var end = this._codeMirror.getCursor(false);
+        var start = this._codeMirror.cursorCoords(true);
+        var end = this._codeMirror.cursorCoords(false);
 
         if (start.line > end.line || (start.line == end.line && start.ch > end.ch))
             return this._toRange(end, start);
diff --git a/Source/WebCore/inspector/front-end/NativeMemorySnapshotView.js b/Source/WebCore/inspector/front-end/NativeMemorySnapshotView.js
index 8f1b01872..8a5cf157e 100644
--- a/Source/WebCore/inspector/front-end/NativeMemorySnapshotView.js
+++ b/Source/WebCore/inspector/front-end/NativeMemorySnapshotView.js
@@ -314,7 +314,7 @@ WebInspector.MemoryBlockViewProperties._initialize = function()
     }
     addBlock("hsl(  0,  0%,  60%)", "ProcessPrivateMemory", "Total");
     addBlock("hsl(  0,  0%,  80%)", "OwnersTypePlaceholder", "OwnersTypePlaceholder");
-    addBlock("hsl(  0,  0%,  60%)", "Other", "Other");
+    addBlock("hsl(  0,  0%,  80%)", "Other", "Other");
     addBlock("hsl(220, 80%,  70%)", "Page", "Page structures");
     addBlock("hsl(100, 60%,  50%)", "JSHeap", "JavaScript heap");
     addBlock("hsl( 90, 40%,  80%)", "JSExternalResources", "JavaScript external resources");
diff --git a/Source/WebCore/inspector/front-end/TimelinePresentationModel.js b/Source/WebCore/inspector/front-end/TimelinePresentationModel.js
index cce0c3ad3..ceb271fa6 100644
--- a/Source/WebCore/inspector/front-end/TimelinePresentationModel.js
+++ b/Source/WebCore/inspector/front-end/TimelinePresentationModel.js
@@ -368,9 +368,6 @@ WebInspector.TimelinePresentationModel.prototype = {
         case recordTypes.ResourceReceivedData:
             return this._sendRequestRecords[record.data["requestId"]];
 
-        case recordTypes.ResourceSendRequest:
-            return this._rootRecord;
-
         case recordTypes.TimerFire:
             return this._timerRecords[record.data["timerId"]];
 
diff --git a/Source/WebCore/loader/CrossOriginAccessControl.cpp b/Source/WebCore/loader/CrossOriginAccessControl.cpp
index 23c6e1cc7..9b26fc86c 100644
--- a/Source/WebCore/loader/CrossOriginAccessControl.cpp
+++ b/Source/WebCore/loader/CrossOriginAccessControl.cpp
@@ -134,8 +134,8 @@ ResourceRequest createAccessControlPreflightRequest(const ResourceRequest& reque
 
 bool passesAccessControlCheck(const ResourceResponse& response, StoredCredentials includeCredentials, SecurityOrigin* securityOrigin, String& errorDescription)
 {
-    AtomicallyInitializedStatic(AtomicString&, accessControlAllowOrigin = *new AtomicString("access-control-allow-origin", AtomicString::ConstructFromLiteral));
-    AtomicallyInitializedStatic(AtomicString&, accessControlAllowCredentials = *new AtomicString("access-control-allow-credentials", AtomicString::ConstructFromLiteral));
+    AtomicallyInitializedStatic(AtomicString&, accessControlAllowOrigin = *new AtomicString("access-control-allow-origin"));
+    AtomicallyInitializedStatic(AtomicString&, accessControlAllowCredentials = *new AtomicString("access-control-allow-credentials"));
 
     // A wildcard Access-Control-Allow-Origin can not be used if credentials are to be sent,
     // even with Access-Control-Allow-Credentials set to true.
diff --git a/Source/WebCore/loader/DocumentLoader.cpp b/Source/WebCore/loader/DocumentLoader.cpp
index 218db822f..950cdccdb 100644
--- a/Source/WebCore/loader/DocumentLoader.cpp
+++ b/Source/WebCore/loader/DocumentLoader.cpp
@@ -714,7 +714,6 @@ void DocumentLoader::addResponse(const ResourceResponse& r)
 void DocumentLoader::stopRecordingResponses()
 {
     m_stopRecordingResponses = true;
-    m_responses.shrinkToFit();
 }
 
 void DocumentLoader::setTitle(const StringWithDirection& title)
diff --git a/Source/WebCore/loader/MainResourceLoader.cpp b/Source/WebCore/loader/MainResourceLoader.cpp
index 1b113a0d3..805cd15ab 100644
--- a/Source/WebCore/loader/MainResourceLoader.cpp
+++ b/Source/WebCore/loader/MainResourceLoader.cpp
@@ -368,8 +368,7 @@ void MainResourceLoader::didReceiveResponse(const ResourceResponse& r)
     if (documentLoader()->applicationCacheHost()->maybeLoadFallbackForMainResponse(request(), r))
         return;
 
-    DEFINE_STATIC_LOCAL(AtomicString, xFrameOptionHeader, ("x-frame-options", AtomicString::ConstructFromLiteral));
-    HTTPHeaderMap::const_iterator it = r.httpHeaderFields().find(xFrameOptionHeader);
+    HTTPHeaderMap::const_iterator it = r.httpHeaderFields().find(AtomicString("x-frame-options"));
     if (it != r.httpHeaderFields().end()) {
         String content = it->value;
         if (m_frame->loader()->shouldInterruptLoadForXFrameOptions(content, r.url(), identifier())) {
diff --git a/Source/WebCore/loader/PrerendererClient.cpp b/Source/WebCore/loader/PrerendererClient.cpp
index dad289c51..f8c298928 100644
--- a/Source/WebCore/loader/PrerendererClient.cpp
+++ b/Source/WebCore/loader/PrerendererClient.cpp
@@ -43,7 +43,7 @@ namespace WebCore {
 // static
 const AtomicString& PrerendererClient::supplementName()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, name, ("PrerendererClient", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, name, ("PrerendererClient"));
     return name;
 }
 
diff --git a/Source/WebCore/loader/ResourceBuffer.h b/Source/WebCore/loader/ResourceBuffer.h
index b809a4355..6dc2dc7fc 100644
--- a/Source/WebCore/loader/ResourceBuffer.h
+++ b/Source/WebCore/loader/ResourceBuffer.h
@@ -48,10 +48,10 @@ public:
     static PassRefPtr<ResourceBuffer> create(const char* data, int size) { return adoptRef(new ResourceBuffer(data, size)); }
     static PassRefPtr<ResourceBuffer> adoptSharedBuffer(PassRefPtr<SharedBuffer> shared) { return shared ? adoptRef(new ResourceBuffer(shared)) : 0; }
 
-    virtual ~ResourceBuffer();
+    ~ResourceBuffer();
 
-    virtual const char* data() const;
-    virtual unsigned size() const;
+    const char* data() const;
+    unsigned size() const;
     bool isEmpty() const;
 
     void append(const char*, unsigned);
@@ -79,13 +79,11 @@ public:
 
     void reportMemoryUsage(MemoryObjectInfo*) const;
 
-protected:
-    ResourceBuffer();
-
 private:
+    ResourceBuffer();
     ResourceBuffer(const char*, int);
     ResourceBuffer(PassRefPtr<SharedBuffer>);
-
+    
     RefPtr<SharedBuffer> m_sharedBuffer;
 };
 
diff --git a/Source/WebCore/loader/cache/CachedResource.cpp b/Source/WebCore/loader/cache/CachedResource.cpp
index 109b76bcc..ca3fe1363 100644
--- a/Source/WebCore/loader/cache/CachedResource.cpp
+++ b/Source/WebCore/loader/cache/CachedResource.cpp
@@ -710,7 +710,7 @@ void CachedResource::updateResponseAfterRevalidation(const ResourceResponse& val
 {
     m_responseTimestamp = currentTime();
 
-    DEFINE_STATIC_LOCAL(const AtomicString, contentHeaderPrefix, ("content-", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(const AtomicString, contentHeaderPrefix, ("content-"));
     // RFC2616 10.3.5
     // Update cached headers from the 304 response
     const HTTPHeaderMap& newHeaders = validatingResponse.httpHeaderFields();
diff --git a/Source/WebCore/page/DOMWindowPagePopup.cpp b/Source/WebCore/page/DOMWindowPagePopup.cpp
index b9fc7ca69..86076dab6 100644
--- a/Source/WebCore/page/DOMWindowPagePopup.cpp
+++ b/Source/WebCore/page/DOMWindowPagePopup.cpp
@@ -50,7 +50,7 @@ DOMWindowPagePopup::~DOMWindowPagePopup()
 
 const AtomicString& DOMWindowPagePopup::supplementName()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, name, ("DOMWindowPagePopup", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, name, ("DOMWindowPagePopup"));
     return name;
 }
 
diff --git a/Source/WebCore/page/EventHandler.cpp b/Source/WebCore/page/EventHandler.cpp
index 07e1b73ab..92055a123 100644
--- a/Source/WebCore/page/EventHandler.cpp
+++ b/Source/WebCore/page/EventHandler.cpp
@@ -1985,7 +1985,7 @@ bool EventHandler::handlePasteGlobalSelection(const PlatformMouseEvent& mouseEve
     Frame* focusFrame = m_frame->page()->focusController()->focusedOrMainFrame();
     // Do not paste here if the focus was moved somewhere else.
     if (m_frame == focusFrame && m_frame->editor()->client()->supportsGlobalSelection())
-        return m_frame->editor()->command(ASCIILiteral("PasteGlobalSelection")).execute();
+        return m_frame->editor()->command(AtomicString("PasteGlobalSelection")).execute();
 
     return false;
 }
@@ -3112,10 +3112,10 @@ bool EventHandler::keyEvent(const PlatformKeyboardEvent& initialKeyEvent)
 
 static FocusDirection focusDirectionForKey(const AtomicString& keyIdentifier)
 {
-    DEFINE_STATIC_LOCAL(AtomicString, Down, ("Down", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(AtomicString, Up, ("Up", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(AtomicString, Left, ("Left", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(AtomicString, Right, ("Right", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, Down, ("Down"));
+    DEFINE_STATIC_LOCAL(AtomicString, Up, ("Up"));
+    DEFINE_STATIC_LOCAL(AtomicString, Left, ("Left"));
+    DEFINE_STATIC_LOCAL(AtomicString, Right, ("Right"));
 
     FocusDirection retVal = FocusDirectionNone;
 
diff --git a/Source/WebCore/page/FrameView.cpp b/Source/WebCore/page/FrameView.cpp
index 768d5d256..6acd1087f 100644
--- a/Source/WebCore/page/FrameView.cpp
+++ b/Source/WebCore/page/FrameView.cpp
@@ -1465,14 +1465,45 @@ void FrameView::removeViewportConstrainedObject(RenderObject* object)
     }
 }
 
+static int fixedPositionScrollOffset(int scrollPosition, int maxValue, int scrollOrigin, float dragFactor)
+{
+    if (!maxValue)
+        return 0;
+
+    if (!scrollOrigin) {
+        if (scrollPosition < 0)
+            scrollPosition = 0;
+        else if (scrollPosition > maxValue)
+            scrollPosition = maxValue;
+    } else {
+        if (scrollPosition > 0)
+            scrollPosition = 0;
+        else if (scrollPosition < -maxValue)
+            scrollPosition = -maxValue;
+    }
+    
+    return scrollPosition * dragFactor;
+}
+
 IntSize FrameView::scrollOffsetForFixedPosition() const
 {
     IntRect visibleContentRect = this->visibleContentRect();
     IntSize contentsSize = this->contentsSize();
     IntPoint scrollPosition = this->scrollPosition();
     IntPoint scrollOrigin = this->scrollOrigin();
+    
+    IntSize maxOffset(contentsSize.width() - visibleContentRect.width(), contentsSize.height() - visibleContentRect.height());
+    
     float frameScaleFactor = m_frame ? m_frame->frameScaleFactor() : 1;
-    return WebCore::scrollOffsetForFixedPosition(visibleContentRect, contentsSize, scrollPosition, scrollOrigin, frameScaleFactor, fixedElementsLayoutRelativeToFrame());
+
+    FloatSize dragFactor = fixedElementsLayoutRelativeToFrame() ? FloatSize(1, 1) : FloatSize(
+        (contentsSize.width() - visibleContentRect.width() * frameScaleFactor) / maxOffset.width(),
+        (contentsSize.height() - visibleContentRect.height() * frameScaleFactor) / maxOffset.height());
+
+    int x = fixedPositionScrollOffset(scrollPosition.x(), maxOffset.width(), scrollOrigin.x(), dragFactor.width() / frameScaleFactor);
+    int y = fixedPositionScrollOffset(scrollPosition.y(), maxOffset.height(), scrollOrigin.y(), dragFactor.height() / frameScaleFactor);
+
+    return IntSize(x, y);
 }
 
 bool FrameView::fixedElementsLayoutRelativeToFrame() const
diff --git a/Source/WebCore/page/SpeechInput.cpp b/Source/WebCore/page/SpeechInput.cpp
index cb4a21f2d..8328c5d4d 100644
--- a/Source/WebCore/page/SpeechInput.cpp
+++ b/Source/WebCore/page/SpeechInput.cpp
@@ -119,7 +119,7 @@ void SpeechInput::cancelRecognition(int listenerId)
 
 const AtomicString& SpeechInput::supplementName()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, name, ("SpeechInput", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, name, ("SpeechInput"));
     return name;
 }
 
diff --git a/Source/WebCore/page/animation/CompositeAnimation.cpp b/Source/WebCore/page/animation/CompositeAnimation.cpp
index 1bb5059e6..0b0f379d5 100644
--- a/Source/WebCore/page/animation/CompositeAnimation.cpp
+++ b/Source/WebCore/page/animation/CompositeAnimation.cpp
@@ -218,7 +218,7 @@ void CompositeAnimation::updateKeyframeAnimations(RenderObject* renderer, Render
         // Toss the animation order map.
         m_keyframeAnimationOrderMap.clear();
 
-        DEFINE_STATIC_LOCAL(const AtomicString, none, ("none", AtomicString::ConstructFromLiteral));
+        DEFINE_STATIC_LOCAL(const AtomicString, none, ("none"));
         
         // Now mark any still active animations as active and add any new animations.
         if (targetStyle->animations()) {
diff --git a/Source/WebCore/page/scrolling/ScrollingCoordinator.cpp b/Source/WebCore/page/scrolling/ScrollingCoordinator.cpp
index 4d373cb4c..cb79f3d4d 100644
--- a/Source/WebCore/page/scrolling/ScrollingCoordinator.cpp
+++ b/Source/WebCore/page/scrolling/ScrollingCoordinator.cpp
@@ -65,40 +65,6 @@ PassRefPtr<ScrollingCoordinator> ScrollingCoordinator::create(Page* page)
     return adoptRef(new ScrollingCoordinator(page));
 }
 
-static int fixedPositionScrollOffset(int scrollPosition, int maxValue, int scrollOrigin, float dragFactor)
-{
-    if (!maxValue)
-        return 0;
-
-    if (!scrollOrigin) {
-        if (scrollPosition < 0)
-            scrollPosition = 0;
-        else if (scrollPosition > maxValue)
-            scrollPosition = maxValue;
-    } else {
-        if (scrollPosition > 0)
-            scrollPosition = 0;
-        else if (scrollPosition < -maxValue)
-            scrollPosition = -maxValue;
-    }
-    
-    return scrollPosition * dragFactor;
-}
-
-IntSize scrollOffsetForFixedPosition(const IntRect& visibleContentRect, const IntSize& contentsSize, const IntPoint& scrollPosition, const IntPoint& scrollOrigin, float frameScaleFactor, bool fixedElementsLayoutRelativeToFrame)
-{
-    IntSize maxOffset(contentsSize.width() - visibleContentRect.width(), contentsSize.height() - visibleContentRect.height());
-    
-    FloatSize dragFactor = fixedElementsLayoutRelativeToFrame ? FloatSize(1, 1) : FloatSize(
-        (contentsSize.width() - visibleContentRect.width() * frameScaleFactor) / maxOffset.width(),
-        (contentsSize.height() - visibleContentRect.height() * frameScaleFactor) / maxOffset.height());
-
-    int x = fixedPositionScrollOffset(scrollPosition.x(), maxOffset.width(), scrollOrigin.x(), dragFactor.width() / frameScaleFactor);
-    int y = fixedPositionScrollOffset(scrollPosition.y(), maxOffset.height(), scrollOrigin.y(), dragFactor.height() / frameScaleFactor);
-
-    return IntSize(x, y);
-}
-
 ScrollingCoordinator::ScrollingCoordinator(Page* page)
     : m_page(page)
     , m_forceMainThreadScrollLayerPositionUpdates(false)
@@ -276,9 +242,7 @@ void ScrollingCoordinator::updateMainFrameScrollPosition(const IntPoint& scrollP
             scrollLayer->setPosition(-frameView->scrollPosition());
         else {
             scrollLayer->syncPosition(-frameView->scrollPosition());
-            LayoutRect viewportRect = frameView->visibleContentRect();
-            viewportRect.setLocation(toPoint(frameView->scrollOffsetForFixedPosition()));
-            syncChildPositions(viewportRect);
+            syncChildPositions(frameView->visibleContentRect());
         }
     }
 #endif
diff --git a/Source/WebCore/page/scrolling/ScrollingCoordinator.h b/Source/WebCore/page/scrolling/ScrollingCoordinator.h
index e96e96f80..13591cd6c 100644
--- a/Source/WebCore/page/scrolling/ScrollingCoordinator.h
+++ b/Source/WebCore/page/scrolling/ScrollingCoordinator.h
@@ -62,9 +62,6 @@ class ViewportConstraints;
 class ScrollingTree;
 #endif
 
-IntSize scrollOffsetForFixedPosition(const IntRect& visibleContentRect, const IntSize& contentsSize, const IntPoint& scrollPosition,
-    const IntPoint& scrollOrigin, float frameScaleFactor, bool fixedElementsLayoutRelativeToFrame);
-
 class ScrollingCoordinator : public ThreadSafeRefCounted<ScrollingCoordinator> {
 public:
     static PassRefPtr<ScrollingCoordinator> create(Page*);
diff --git a/Source/WebCore/page/scrolling/mac/ScrollingTreeScrollingNodeMac.mm b/Source/WebCore/page/scrolling/mac/ScrollingTreeScrollingNodeMac.mm
index 0376159d4..bd6d7280a 100644
--- a/Source/WebCore/page/scrolling/mac/ScrollingTreeScrollingNodeMac.mm
+++ b/Source/WebCore/page/scrolling/mac/ScrollingTreeScrollingNodeMac.mm
@@ -279,14 +279,9 @@ void ScrollingTreeScrollingNodeMac::setScrollLayerPosition(const IntPoint& posit
     if (!m_children)
         return;
 
-    IntSize scrollOffsetForFixedChildren = WebCore::scrollOffsetForFixedPosition(viewportRect(), contentsSize(), position,
-        scrollOrigin(), 1, false);
-    IntRect viewportRect = this->viewportRect();
-    viewportRect.setLocation(toPoint(scrollOffsetForFixedChildren));
-
     size_t size = m_children->size();
     for (size_t i = 0; i < size; ++i)
-        m_children->at(i)->parentScrollPositionDidChange(viewportRect);
+        m_children->at(i)->parentScrollPositionDidChange(IntRect(position, viewportRect().size()));
 }
 
 IntPoint ScrollingTreeScrollingNodeMac::minimumScrollPosition() const
diff --git a/Source/WebCore/platform/blackberry/CookieManager.cpp b/Source/WebCore/platform/blackberry/CookieManager.cpp
index 1377658ad..f2554941b 100644
--- a/Source/WebCore/platform/blackberry/CookieManager.cpp
+++ b/Source/WebCore/platform/blackberry/CookieManager.cpp
@@ -118,10 +118,10 @@ static bool cookieSorter(ParsedCookie* a, ParsedCookie* b)
     return a->path().length() > b->path().length();
 }
 
-// Return whether we should ignore the scheme
-static bool shouldIgnoreScheme(const String& protocol)
+// Returns whether the protocol supports domains
+static bool shouldIgnoreDomain(const String protocol)
 {
-    // We want to ignore file and local schemes
+    // ignore domain security for file and local
     return protocol == "file" || protocol == "local";
 }
 
@@ -212,9 +212,8 @@ void CookieManager::getRawCookies(Vector<ParsedCookie*> &stackOfCookies, const K
 {
     CookieLog("CookieManager - getRawCookies - processing url with domain - %s & protocol: %s & path: %s\n", requestURL.host().utf8().data(), requestURL.protocol().utf8().data(), requestURL.path().utf8().data());
 
-    const bool invalidScheme = shouldIgnoreScheme(requestURL.protocol());
-    const bool specialCaseForWebWorks = invalidScheme && m_shouldDumpAllCookies;
-    const bool isConnectionSecure = requestURL.protocolIs("https") || requestURL.protocolIs("wss") || specialCaseForWebWorks;
+    bool specialCaseForLocal = (requestURL.protocolIs("local") || requestURL.protocolIs("file")) && m_shouldDumpAllCookies;
+    bool isConnectionSecure = requestURL.protocolIs("https") || requestURL.protocolIs("wss") || specialCaseForLocal;
 
     Vector<ParsedCookie*> cookieCandidates;
     Vector<CookieMap*> protocolsToSearch;
@@ -231,13 +230,8 @@ void CookieManager::getRawCookies(Vector<ParsedCookie*> &stackOfCookies, const K
             targetMap = m_managerMap.get("ws");
     }
 
-    // Decide which scheme tree we should look at.
-    // Return on invalid schemes. cookies are currently disabled on file and local.
-    // We only want to enable them for WebWorks that enabled a special flag.
-    if (specialCaseForWebWorks)
+    if (specialCaseForLocal)
         copyValuesToVector(m_managerMap, protocolsToSearch);
-    else if (invalidScheme)
-        return;
     else {
         protocolsToSearch.append(targetMap);
         // FIXME: this is a hack for webworks apps; RFC 6265 says "Cookies do not provide isolation by scheme"
@@ -270,7 +264,7 @@ void CookieManager::getRawCookies(Vector<ParsedCookie*> &stackOfCookies, const K
         CookieLog("CookieManager - looking at protocol map %s \n", currentMap->getName().utf8().data());
 
         // Special case for local and files - because WebApps expect to get ALL cookies from the backing-store on local protocol
-        if (specialCaseForWebWorks) {
+        if (specialCaseForLocal) {
             CookieLog("CookieManager - special case find in protocol map - %s\n", currentMap->getName().utf8().data());
             currentMap->getAllChildCookies(&cookieCandidates);
         } else {
@@ -306,7 +300,7 @@ void CookieManager::getRawCookies(Vector<ParsedCookie*> &stackOfCookies, const K
         if (!equalIgnoringCase(path, requestURL.path()) && !path.endsWith("/", false))
             path = path + "/";
 
-        // Only secure connections have access to secure cookies. Unless specialCaseForWebWorks is true.
+        // Only secure connections have access to secure cookies. Unless specialCaseForLocal is true
         // Get the cookies filtering out HttpOnly cookies if requested.
         if (requestURL.path().startsWith(path, false) && (isConnectionSecure || !cookie->isSecure()) && (filter == WithHttpOnlyCookies || !cookie->isHttpOnly())) {
             CookieLog("CookieManager - cookie chosen - %s\n", cookie->toString().utf8().data());
@@ -340,15 +334,13 @@ void CookieManager::checkAndTreatCookie(ParsedCookie* candidateCookie, BackingSt
 {
     CookieLog("CookieManager - checkAndTreatCookie - processing url with domain - %s & protocol %s\n", candidateCookie->domain().utf8().data(), candidateCookie->protocol().utf8().data());
 
-    // Delete invalid cookies:
-    // 1) A cookie which is not from http shouldn't have a httpOnly property.
-    // 2) Cookies coming from schemes that we do not support and the special flag isn't on
-    if ((filter == NoHttpOnlyCookie && candidateCookie->isHttpOnly()) || (shouldIgnoreScheme(candidateCookie->protocol()) && !m_shouldDumpAllCookies)) {
+    // A cookie which is not from http shouldn't have a httpOnly property.
+    if (filter == NoHttpOnlyCookie && candidateCookie->isHttpOnly()) {
         delete candidateCookie;
         return;
     }
 
-    const bool ignoreDomain = (candidateCookie->protocol() == "file" || candidateCookie->protocol() == "local");
+    const bool ignoreDomain = shouldIgnoreDomain(candidateCookie->protocol());
 
     // Determine which protocol tree to add the cookie to. Create one if necessary.
     CookieMap* curMap = 0;
diff --git a/Source/WebCore/platform/graphics/FontCache.cpp b/Source/WebCore/platform/graphics/FontCache.cpp
index a4ac7ea36..f60883ab3 100644
--- a/Source/WebCore/platform/graphics/FontCache.cpp
+++ b/Source/WebCore/platform/graphics/FontCache.cpp
@@ -134,8 +134,8 @@ static FontPlatformDataCache* gFontPlatformDataCache = 0;
 static const AtomicString& alternateFamilyName(const AtomicString& familyName)
 {
     // Alias Courier <-> Courier New
-    DEFINE_STATIC_LOCAL(AtomicString, courier, ("Courier", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(AtomicString, courierNew, ("Courier New", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, courier, ("Courier"));
+    DEFINE_STATIC_LOCAL(AtomicString, courierNew, ("Courier New"));
     if (equalIgnoringCase(familyName, courier))
         return courierNew;
 #if !OS(WINDOWS)
@@ -147,16 +147,16 @@ static const AtomicString& alternateFamilyName(const AtomicString& familyName)
 #endif
 
     // Alias Times and Times New Roman.
-    DEFINE_STATIC_LOCAL(AtomicString, times, ("Times", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(AtomicString, timesNewRoman, ("Times New Roman", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, times, ("Times"));
+    DEFINE_STATIC_LOCAL(AtomicString, timesNewRoman, ("Times New Roman"));
     if (equalIgnoringCase(familyName, times))
         return timesNewRoman;
     if (equalIgnoringCase(familyName, timesNewRoman))
         return times;
     
     // Alias Arial and Helvetica
-    DEFINE_STATIC_LOCAL(AtomicString, arial, ("Arial", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(AtomicString, helvetica, ("Helvetica", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, arial, ("Arial"));
+    DEFINE_STATIC_LOCAL(AtomicString, helvetica, ("Helvetica"));
     if (equalIgnoringCase(familyName, arial))
         return helvetica;
     if (equalIgnoringCase(familyName, helvetica))
@@ -165,14 +165,14 @@ static const AtomicString& alternateFamilyName(const AtomicString& familyName)
 #if OS(WINDOWS)
     // On Windows, bitmap fonts are blocked altogether so that we have to 
     // alias MS Sans Serif (bitmap font) -> Microsoft Sans Serif (truetype font)
-    DEFINE_STATIC_LOCAL(AtomicString, msSans, ("MS Sans Serif", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(AtomicString, microsoftSans, ("Microsoft Sans Serif", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, msSans, ("MS Sans Serif"));
+    DEFINE_STATIC_LOCAL(AtomicString, microsoftSans, ("Microsoft Sans Serif"));
     if (equalIgnoringCase(familyName, msSans))
         return microsoftSans;
 
     // Alias MS Serif (bitmap) -> Times New Roman (truetype font). There's no 
-    // 'Microsoft Sans Serif-equivalent' for Serif.
-    DEFINE_STATIC_LOCAL(AtomicString, msSerif, ("MS Serif", AtomicString::ConstructFromLiteral));
+    // 'Microsoft Sans Serif-equivalent' for Serif. 
+    static AtomicString msSerif("MS Serif");
     if (equalIgnoringCase(familyName, msSerif))
         return timesNewRoman;
 #endif
diff --git a/Source/WebCore/platform/graphics/MediaPlayer.cpp b/Source/WebCore/platform/graphics/MediaPlayer.cpp
index da93570a0..377e8dc7a 100644
--- a/Source/WebCore/platform/graphics/MediaPlayer.cpp
+++ b/Source/WebCore/platform/graphics/MediaPlayer.cpp
@@ -239,19 +239,19 @@ static void addMediaEngine(CreateMediaEnginePlayer constructor, MediaEngineSuppo
 
 static const AtomicString& applicationOctetStream()
 {
-    DEFINE_STATIC_LOCAL(const AtomicString, applicationOctetStream, ("application/octet-stream", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(const AtomicString, applicationOctetStream, ("application/octet-stream"));
     return applicationOctetStream;
 }
 
 static const AtomicString& textPlain()
 {
-    DEFINE_STATIC_LOCAL(const AtomicString, textPlain, ("text/plain", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(const AtomicString, textPlain, ("text/plain"));
     return textPlain;
 }
 
 static const AtomicString& codecs()
 {
-    DEFINE_STATIC_LOCAL(const AtomicString, codecs, ("codecs", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(const AtomicString, codecs, ("codecs"));
     return codecs;
 }
 
diff --git a/Source/WebCore/platform/graphics/blackberry/MediaPlayerPrivateBlackBerry.cpp b/Source/WebCore/platform/graphics/blackberry/MediaPlayerPrivateBlackBerry.cpp
index cdf6006d7..431e96545 100644
--- a/Source/WebCore/platform/graphics/blackberry/MediaPlayerPrivateBlackBerry.cpp
+++ b/Source/WebCore/platform/graphics/blackberry/MediaPlayerPrivateBlackBerry.cpp
@@ -402,7 +402,7 @@ bool MediaPlayerPrivate::hasAvailableVideoFrame() const
 
 bool MediaPlayerPrivate::hasSingleSecurityOrigin() const
 {
-    return true;
+    return false;
 }
 
 MediaPlayer::MovieLoadType MediaPlayerPrivate::movieLoadType() const
diff --git a/Source/WebCore/platform/graphics/chromium/DeferredImageDecoder.cpp b/Source/WebCore/platform/graphics/chromium/DeferredImageDecoder.cpp
index 863ca127e..e9424dfc5 100644
--- a/Source/WebCore/platform/graphics/chromium/DeferredImageDecoder.cpp
+++ b/Source/WebCore/platform/graphics/chromium/DeferredImageDecoder.cpp
@@ -34,7 +34,6 @@ namespace WebCore {
 DeferredImageDecoder::DeferredImageDecoder(ImageDecoder* actualDecoder)
     : m_allDataReceived(false)
     , m_actualDecoder(adoptPtr(actualDecoder))
-    , m_orientation(DefaultImageOrientation)
 {
 }
 
@@ -73,7 +72,6 @@ ImageFrame* DeferredImageDecoder::frameBufferAtIndex(size_t index)
 
         m_size = m_actualDecoder->size();
         m_filenameExtension = m_actualDecoder->filenameExtension();
-        m_orientation = m_actualDecoder->orientation();
 
         SkBitmap lazyDecodedSkBitmap = ImageDecodingStore::instanceOnMainThread()->createLazyDecodedSkBitmap(m_actualDecoder.release());
         m_lazyDecodedFrame.setSkBitmap(lazyDecodedSkBitmap);
@@ -155,7 +153,8 @@ unsigned DeferredImageDecoder::frameBytesAtIndex(size_t index) const
 
 ImageOrientation DeferredImageDecoder::orientation() const
 {
-    return m_actualDecoder ? m_actualDecoder->orientation() : m_orientation;
+    // FIXME: Make this work with deferred decoding.
+    return m_actualDecoder ? m_actualDecoder->orientation() : DefaultImageOrientation;
 }
 
 } // namespace WebCore
diff --git a/Source/WebCore/platform/graphics/chromium/DeferredImageDecoder.h b/Source/WebCore/platform/graphics/chromium/DeferredImageDecoder.h
index 60d8cc108..d82aec872 100644
--- a/Source/WebCore/platform/graphics/chromium/DeferredImageDecoder.h
+++ b/Source/WebCore/platform/graphics/chromium/DeferredImageDecoder.h
@@ -67,7 +67,6 @@ private:
 
     String m_filenameExtension;
     IntSize m_size;
-    ImageOrientation m_orientation;
 
     ImageFrame m_lazyDecodedFrame;
 };
diff --git a/Source/WebCore/platform/graphics/chromium/FontCacheAndroid.cpp b/Source/WebCore/platform/graphics/chromium/FontCacheAndroid.cpp
index aa54dc101..eba224a83 100644
--- a/Source/WebCore/platform/graphics/chromium/FontCacheAndroid.cpp
+++ b/Source/WebCore/platform/graphics/chromium/FontCacheAndroid.cpp
@@ -122,9 +122,9 @@ PassRefPtr<SimpleFontData> FontCache::getSimilarFontPlatformData(const Font& fon
 
 PassRefPtr<SimpleFontData> FontCache::getLastResortFallbackFont(const FontDescription& description, ShouldRetain shouldRetain)
 {
-    DEFINE_STATIC_LOCAL(const AtomicString, serif, ("Serif", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(const AtomicString, monospace, ("Monospace", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(const AtomicString, sans, ("Sans", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(const AtomicString, serif, ("Serif"));
+    DEFINE_STATIC_LOCAL(const AtomicString, monospace, ("Monospace"));
+    DEFINE_STATIC_LOCAL(const AtomicString, sans, ("Sans"));
 
     FontPlatformData* fontPlatformData = 0;
     switch (description.genericFamily()) {
diff --git a/Source/WebCore/platform/graphics/filters/SourceAlpha.cpp b/Source/WebCore/platform/graphics/filters/SourceAlpha.cpp
index 4cc5622f0..283501c53 100644
--- a/Source/WebCore/platform/graphics/filters/SourceAlpha.cpp
+++ b/Source/WebCore/platform/graphics/filters/SourceAlpha.cpp
@@ -39,7 +39,7 @@ PassRefPtr<SourceAlpha> SourceAlpha::create(Filter* filter)
 
 const AtomicString& SourceAlpha::effectName()
 {
-    DEFINE_STATIC_LOCAL(const AtomicString, s_effectName, ("SourceAlpha", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(const AtomicString, s_effectName, ("SourceAlpha"));
     return s_effectName;
 }
 
diff --git a/Source/WebCore/platform/graphics/filters/SourceGraphic.cpp b/Source/WebCore/platform/graphics/filters/SourceGraphic.cpp
index 197d802f5..75b11ddf7 100644
--- a/Source/WebCore/platform/graphics/filters/SourceGraphic.cpp
+++ b/Source/WebCore/platform/graphics/filters/SourceGraphic.cpp
@@ -38,7 +38,7 @@ PassRefPtr<SourceGraphic> SourceGraphic::create(Filter* filter)
 
 const AtomicString& SourceGraphic::effectName()
 {
-    DEFINE_STATIC_LOCAL(const AtomicString, s_effectName, ("SourceGraphic", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(const AtomicString, s_effectName, ("SourceGraphic"));
     return s_effectName;
 }
 
diff --git a/Source/WebCore/platform/graphics/harfbuzz/ng/HarfBuzzShaper.cpp b/Source/WebCore/platform/graphics/harfbuzz/ng/HarfBuzzShaper.cpp
index 91c239c0c..b7d444f08 100644
--- a/Source/WebCore/platform/graphics/harfbuzz/ng/HarfBuzzShaper.cpp
+++ b/Source/WebCore/platform/graphics/harfbuzz/ng/HarfBuzzShaper.cpp
@@ -72,12 +72,11 @@ static inline float harfbuzzPositionToFloat(hb_position_t value)
     return static_cast<float>(value) / (1 << 16);
 }
 
-HarfBuzzShaper::HarfBuzzRun::HarfBuzzRun(const SimpleFontData* fontData, unsigned startIndex, unsigned numCharacters, TextDirection direction, hb_script_t script)
+HarfBuzzShaper::HarfBuzzRun::HarfBuzzRun(const SimpleFontData* fontData, unsigned startIndex, unsigned numCharacters, TextDirection direction)
     : m_fontData(fontData)
     , m_startIndex(startIndex)
     , m_numCharacters(numCharacters)
     , m_direction(direction)
-    , m_script(script)
 {
 }
 
@@ -231,9 +230,7 @@ bool HarfBuzzShaper::shape(GlyphBuffer* glyphBuffer)
         return false;
 
     m_totalWidth = 0;
-    // WebKit doesn't set direction when calulating widths. Leave the direction setting to
-    // HarfBuzz when we are calculating widths (except when directionalOverride() is set).
-    if (!shapeHarfBuzzRuns(glyphBuffer || m_run.directionalOverride()))
+    if (!shapeHarfBuzzRuns())
         return false;
     m_totalWidth = roundf(m_totalWidth);
 
@@ -304,8 +301,7 @@ bool HarfBuzzShaper::collectHarfBuzzRuns()
             currentCharacterPosition = iterator.characters();
         }
         unsigned numCharactersOfCurrentRun = iterator.currentCharacter() - startIndexOfCurrentRun;
-        hb_script_t script = hb_icu_script_to_script(currentScript);
-        m_harfbuzzRuns.append(HarfBuzzRun::create(currentFontData, startIndexOfCurrentRun, numCharactersOfCurrentRun, m_run.direction(), script));
+        m_harfbuzzRuns.append(HarfBuzzRun::create(currentFontData, startIndexOfCurrentRun, numCharactersOfCurrentRun, m_run.direction()));
         currentFontData = nextFontData;
         startIndexOfCurrentRun = iterator.currentCharacter();
     } while (iterator.consume(character, clusterLength));
@@ -313,21 +309,19 @@ bool HarfBuzzShaper::collectHarfBuzzRuns()
     return !m_harfbuzzRuns.isEmpty();
 }
 
-bool HarfBuzzShaper::shapeHarfBuzzRuns(bool shouldSetDirection)
+bool HarfBuzzShaper::shapeHarfBuzzRuns()
 {
     HarfBuzzScopedPtr<hb_buffer_t> harfbuzzBuffer(hb_buffer_create(), hb_buffer_destroy);
 
     hb_buffer_set_unicode_funcs(harfbuzzBuffer.get(), hb_icu_get_unicode_funcs());
+    if (m_run.rtl() || m_run.directionalOverride())
+        hb_buffer_set_direction(harfbuzzBuffer.get(), m_run.rtl() ? HB_DIRECTION_RTL : HB_DIRECTION_LTR);
 
     for (unsigned i = 0; i < m_harfbuzzRuns.size(); ++i) {
         unsigned runIndex = m_run.rtl() ? m_harfbuzzRuns.size() - i - 1 : i;
         HarfBuzzRun* currentRun = m_harfbuzzRuns[runIndex].get();
         const SimpleFontData* currentFontData = currentRun->fontData();
 
-        hb_buffer_set_script(harfbuzzBuffer.get(), currentRun->script());
-        if (shouldSetDirection)
-            hb_buffer_set_direction(harfbuzzBuffer.get(), currentRun->rtl() ? HB_DIRECTION_RTL : HB_DIRECTION_LTR);
-
         // This #if should be removed after all ports update harfbuzz-ng.
 #if PLATFORM(CHROMIUM)
         // Add a space as pre-context to the buffer. This prevents showing dotted-circle
@@ -360,6 +354,8 @@ bool HarfBuzzShaper::shapeHarfBuzzRuns(bool shouldSetDirection)
         setGlyphPositionsForHarfBuzzRun(currentRun, harfbuzzBuffer.get());
 
         hb_buffer_reset(harfbuzzBuffer.get());
+        if (m_run.rtl() || m_run.directionalOverride())
+            hb_buffer_set_direction(harfbuzzBuffer.get(), m_run.rtl() ? HB_DIRECTION_RTL : HB_DIRECTION_LTR);
     }
 
     return true;
diff --git a/Source/WebCore/platform/graphics/harfbuzz/ng/HarfBuzzShaper.h b/Source/WebCore/platform/graphics/harfbuzz/ng/HarfBuzzShaper.h
index 92ed1911d..c3c402ba4 100644
--- a/Source/WebCore/platform/graphics/harfbuzz/ng/HarfBuzzShaper.h
+++ b/Source/WebCore/platform/graphics/harfbuzz/ng/HarfBuzzShaper.h
@@ -61,9 +61,9 @@ public:
 private:
     class HarfBuzzRun {
     public:
-        static PassOwnPtr<HarfBuzzRun> create(const SimpleFontData* fontData, unsigned startIndex, unsigned numCharacters, TextDirection direction, hb_script_t script)
+        static PassOwnPtr<HarfBuzzRun> create(const SimpleFontData* fontData, unsigned startIndex, unsigned numCharacters, TextDirection direction)
         {
-            return adoptPtr(new HarfBuzzRun(fontData, startIndex, numCharacters, direction, script));
+            return adoptPtr(new HarfBuzzRun(fontData, startIndex, numCharacters, direction));
         }
 
         void applyShapeResult(hb_buffer_t*);
@@ -82,18 +82,16 @@ private:
         FloatPoint* offsets() { return &m_offsets[0]; }
         uint16_t* glyphToCharacterIndexes() { return &m_glyphToCharacterIndexes[0]; }
         float width() { return m_width; }
-        bool rtl() { return m_direction == RTL; }
-        hb_script_t script() { return m_script; }
 
     private:
-        HarfBuzzRun(const SimpleFontData*, unsigned startIndex, unsigned numCharacters, TextDirection, hb_script_t);
+        HarfBuzzRun(const SimpleFontData*, unsigned startIndex, unsigned numCharacters, TextDirection);
+        bool rtl() { return m_direction == RTL; }
 
         const SimpleFontData* m_fontData;
         unsigned m_startIndex;
         size_t m_numCharacters;
         unsigned m_numGlyphs;
         TextDirection m_direction;
-        hb_script_t m_script;
         Vector<uint16_t, 256> m_glyphs;
         Vector<float, 256> m_advances;
         Vector<uint16_t, 256> m_glyphToCharacterIndexes;
@@ -104,7 +102,7 @@ private:
     void setFontFeatures();
 
     bool collectHarfBuzzRuns();
-    bool shapeHarfBuzzRuns(bool shouldSetDirection);
+    bool shapeHarfBuzzRuns();
     bool fillGlyphBuffer(GlyphBuffer*);
     void fillGlyphBufferFromHarfBuzzRun(GlyphBuffer*, HarfBuzzRun*, FloatPoint& firstOffsetOfNextRun);
     void setGlyphPositionsForHarfBuzzRun(HarfBuzzRun*, hb_buffer_t*);
diff --git a/Source/WebCore/platform/graphics/mac/FontCacheMac.mm b/Source/WebCore/platform/graphics/mac/FontCacheMac.mm
index 3fa433f3d..d1dc8162a 100644
--- a/Source/WebCore/platform/graphics/mac/FontCacheMac.mm
+++ b/Source/WebCore/platform/graphics/mac/FontCacheMac.mm
@@ -182,7 +182,7 @@ PassRefPtr<SimpleFontData> FontCache::getSimilarFontPlatformData(const Font& fon
     while (currFamily && !simpleFontData) {
         if (currFamily->family().length()) {
             static String* matchWords[3] = { new String("Arabic"), new String("Pashto"), new String("Urdu") };
-            DEFINE_STATIC_LOCAL(AtomicString, geezaStr, ("Geeza Pro", AtomicString::ConstructFromLiteral));
+            DEFINE_STATIC_LOCAL(AtomicString, geezaStr, ("Geeza Pro"));
             for (int j = 0; j < 3 && !simpleFontData; ++j)
                 if (currFamily->family().contains(*matchWords[j], false))
                     simpleFontData = getCachedFontData(font.fontDescription(), geezaStr);
@@ -195,7 +195,7 @@ PassRefPtr<SimpleFontData> FontCache::getSimilarFontPlatformData(const Font& fon
 
 PassRefPtr<SimpleFontData> FontCache::getLastResortFallbackFont(const FontDescription& fontDescription, ShouldRetain shouldRetain)
 {
-    DEFINE_STATIC_LOCAL(AtomicString, timesStr, ("Times", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, timesStr, ("Times"));
 
     // FIXME: Would be even better to somehow get the user's default font here.  For now we'll pick
     // the default that the user would get without changing any prefs.
@@ -207,7 +207,7 @@ PassRefPtr<SimpleFontData> FontCache::getLastResortFallbackFont(const FontDescri
     // the user doesn't have it, we fall back on Lucida Grande because that's
     // guaranteed to be there, according to Nathan Taylor. This is good enough
     // to avoid a crash at least.
-    DEFINE_STATIC_LOCAL(AtomicString, lucidaGrandeStr, ("Lucida Grande", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, lucidaGrandeStr, ("Lucida Grande"));
     return getCachedFontData(fontDescription, lucidaGrandeStr, false, shouldRetain);
 }
 
diff --git a/Source/WebCore/platform/graphics/skia/FontCacheSkia.cpp b/Source/WebCore/platform/graphics/skia/FontCacheSkia.cpp
index e59efa5d9..336abc430 100644
--- a/Source/WebCore/platform/graphics/skia/FontCacheSkia.cpp
+++ b/Source/WebCore/platform/graphics/skia/FontCacheSkia.cpp
@@ -95,9 +95,9 @@ PassRefPtr<SimpleFontData> FontCache::getSimilarFontPlatformData(const Font& fon
 
 PassRefPtr<SimpleFontData> FontCache::getLastResortFallbackFont(const FontDescription& description, ShouldRetain shouldRetain)
 {
-    DEFINE_STATIC_LOCAL(const AtomicString, sansStr, ("Sans", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(const AtomicString, serifStr, ("Serif", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(const AtomicString, monospaceStr, ("Monospace", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(const AtomicString, sansStr, ("Sans"));
+    DEFINE_STATIC_LOCAL(const AtomicString, serifStr, ("Serif"));
+    DEFINE_STATIC_LOCAL(const AtomicString, monospaceStr, ("Monospace"));
 
     FontPlatformData* fontPlatformData = 0;
     switch (description.genericFamily()) {
@@ -115,7 +115,7 @@ PassRefPtr<SimpleFontData> FontCache::getLastResortFallbackFont(const FontDescri
 
     if (!fontPlatformData) {
         // we should at least have Arial; this is the SkFontHost_fontconfig last resort fallback
-        DEFINE_STATIC_LOCAL(const AtomicString, arialStr, ("Arial", AtomicString::ConstructFromLiteral));
+        DEFINE_STATIC_LOCAL(const AtomicString, arialStr, ("Arial"));
         fontPlatformData = getCachedFontPlatformData(description, arialStr);
     }
 
diff --git a/Source/WebCore/platform/graphics/texmap/GraphicsLayerTextureMapper.h b/Source/WebCore/platform/graphics/texmap/GraphicsLayerTextureMapper.h
index 6ca6d286d..510b23f5c 100644
--- a/Source/WebCore/platform/graphics/texmap/GraphicsLayerTextureMapper.h
+++ b/Source/WebCore/platform/graphics/texmap/GraphicsLayerTextureMapper.h
@@ -72,7 +72,7 @@ public:
     virtual void flushCompositingState(const FloatRect&);
     virtual void flushCompositingStateForThisLayerOnly();
     virtual void setName(const String& name);
-    virtual PlatformLayer* platformLayer() const { return m_contentsLayer; }
+    virtual PlatformLayer* platformLayer() const { return 0; }
 
     void notifyChange(TextureMapperLayer::ChangeMask);
     inline int changeMask() const { return m_changeMask; }
@@ -84,6 +84,7 @@ public:
     void setAnimations(const GraphicsLayerAnimations&);
 
     TextureMapperLayer* layer() const { return m_layer.get(); }
+    TextureMapperPlatformLayer* contentsLayer() const { return m_contentsLayer; }
     bool needsDisplay() const { return m_needsDisplay; }
     IntRect needsDisplayRect() const { return enclosingIntRect(m_needsDisplayRect); }
 
diff --git a/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp b/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp
index fe6b6c0e1..401af8c3e 100644
--- a/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp
+++ b/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp
@@ -169,15 +169,11 @@ void TextureMapperLayer::paintSelf(const TextureMapperPaintOptions& options)
     float opacity = options.opacity;
     RefPtr<BitmapTexture> mask = options.mask;
 
-    if (m_backingStore) {
-        ASSERT(!layerRect().isEmpty());
+    if (m_backingStore)
         m_backingStore->paintToTextureMapper(options.textureMapper, layerRect(), transform, opacity, mask.get());
-    }
 
-    if (m_contentsLayer) {
-        ASSERT(!layerRect().isEmpty());
+    if (m_contentsLayer)
         m_contentsLayer->paintToTextureMapper(options.textureMapper, m_state.contentsRect, transform, opacity, mask.get());
-    }
 }
 
 int TextureMapperLayer::compareGraphicsLayersZValue(const void* a, const void* b)
@@ -492,7 +488,7 @@ void TextureMapperLayer::flushCompositingStateSelf(GraphicsLayerTextureMapper* g
     m_state.needsDisplay = m_state.needsDisplay || graphicsLayer->needsDisplay();
     if (!m_state.needsDisplay)
         m_state.needsDisplayRect.unite(graphicsLayer->needsDisplayRect());
-    m_contentsLayer = graphicsLayer->platformLayer();
+    m_contentsLayer = graphicsLayer->contentsLayer();
 
     m_transform.setPosition(adjustedPosition());
     m_transform.setAnchorPoint(m_state.anchorPoint);
diff --git a/Source/WebCore/platform/graphics/win/FontCacheWin.cpp b/Source/WebCore/platform/graphics/win/FontCacheWin.cpp
index 2bec62a4d..2540fae97 100644
--- a/Source/WebCore/platform/graphics/win/FontCacheWin.cpp
+++ b/Source/WebCore/platform/graphics/win/FontCacheWin.cpp
@@ -323,11 +323,11 @@ PassRefPtr<SimpleFontData> FontCache::getLastResortFallbackFont(const FontDescri
     // Sorted by most to least glyphs according to http://en.wikipedia.org/wiki/Unicode_typefaces
     // Start with Times New Roman also since it is the default if the user doesn't change prefs.
     static AtomicString fallbackFonts[] = {
-        AtomicString("Times New Roman", AtomicString::ConstructFromLiteral),
-        AtomicString("Microsoft Sans Serif", AtomicString::ConstructFromLiteral),
-        AtomicString("Tahoma", AtomicString::ConstructFromLiteral),
-        AtomicString("Lucida Sans Unicode", AtomicString::ConstructFromLiteral),
-        AtomicString("Arial", AtomicString::ConstructFromLiteral)
+        AtomicString("Times New Roman"),
+        AtomicString("Microsoft Sans Serif"),
+        AtomicString("Tahoma"),
+        AtomicString("Lucida Sans Unicode"),
+        AtomicString("Arial")
     };
     RefPtr<SimpleFontData> simpleFont;
     for (size_t i = 0; i < WTF_ARRAY_LENGTH(fallbackFonts); ++i) {
diff --git a/Source/WebCore/platform/graphics/wx/FontCacheWx.cpp b/Source/WebCore/platform/graphics/wx/FontCacheWx.cpp
index 5e90e059a..acd1dc3e1 100644
--- a/Source/WebCore/platform/graphics/wx/FontCacheWx.cpp
+++ b/Source/WebCore/platform/graphics/wx/FontCacheWx.cpp
@@ -67,7 +67,7 @@ PassRefPtr<SimpleFontData> FontCache::getSimilarFontPlatformData(const Font& fon
     while (currFamily && !simpleFontData) {
         if (currFamily->family().length()) {
             static String* matchWords[3] = { new String("Arabic"), new String("Pashto"), new String("Urdu") };
-            DEFINE_STATIC_LOCAL(AtomicString, geezaStr, ("Geeza Pro", AtomicString::ConstructFromLiteral));
+            DEFINE_STATIC_LOCAL(AtomicString, geezaStr, ("Geeza Pro"));
             for (int j = 0; j < 3 && !simpleFontData; ++j)
                 if (currFamily->family().contains(*matchWords[j], false))
                     simpleFontData = getCachedFontData(font.fontDescription(), geezaStr);
diff --git a/Source/WebCore/platform/leveldb/LevelDBDatabase.cpp b/Source/WebCore/platform/leveldb/LevelDBDatabase.cpp
index edf9db257..273afd4de 100644
--- a/Source/WebCore/platform/leveldb/LevelDBDatabase.cpp
+++ b/Source/WebCore/platform/leveldb/LevelDBDatabase.cpp
@@ -89,17 +89,6 @@ private:
     const LevelDBComparator* m_comparator;
 };
 
-LevelDBSnapshot::LevelDBSnapshot(LevelDBDatabase* db)
-    : m_db(db->m_db.get())
-    , m_snapshot(m_db->GetSnapshot())
-{
-}
-
-LevelDBSnapshot::~LevelDBSnapshot()
-{
-    m_db->ReleaseSnapshot(m_snapshot);
-}
-
 LevelDBDatabase::LevelDBDatabase()
 {
 }
@@ -198,12 +187,11 @@ bool LevelDBDatabase::remove(const LevelDBSlice& key)
     return false;
 }
 
-bool LevelDBDatabase::get(const LevelDBSlice& key, Vector<char>& value, const LevelDBSnapshot* snapshot)
+bool LevelDBDatabase::get(const LevelDBSlice& key, Vector<char>& value)
 {
     std::string result;
     leveldb::ReadOptions readOptions;
     readOptions.verify_checksums = true; // FIXME: Disable this if the performance impact is too great.
-    readOptions.snapshot = snapshot ? snapshot->m_snapshot : 0;
 
     const leveldb::Status s = m_db->Get(readOptions, makeSlice(key), &result);
     if (s.ok()) {
@@ -305,11 +293,10 @@ LevelDBSlice IteratorImpl::value() const
     return makeLevelDBSlice(m_iterator->value());
 }
 
-PassOwnPtr<LevelDBIterator> LevelDBDatabase::createIterator(const LevelDBSnapshot* snapshot)
+PassOwnPtr<LevelDBIterator> LevelDBDatabase::createIterator()
 {
     leveldb::ReadOptions readOptions;
     readOptions.verify_checksums = true; // FIXME: Disable this if the performance impact is too great.
-    readOptions.snapshot = snapshot ? snapshot->m_snapshot : 0;
     OwnPtr<leveldb::Iterator> i = adoptPtr(m_db->NewIterator(readOptions));
     if (!i) // FIXME: Double check if we actually need to check this.
         return nullptr;
diff --git a/Source/WebCore/platform/leveldb/LevelDBDatabase.h b/Source/WebCore/platform/leveldb/LevelDBDatabase.h
index 2d32cd736..e80b49a24 100644
--- a/Source/WebCore/platform/leveldb/LevelDBDatabase.h
+++ b/Source/WebCore/platform/leveldb/LevelDBDatabase.h
@@ -37,29 +37,15 @@ namespace leveldb {
 class Comparator;
 class DB;
 class Env;
-class Snapshot;
 }
 
 namespace WebCore {
 
 class LevelDBComparator;
-class LevelDBDatabase;
 class LevelDBIterator;
 class LevelDBSlice;
 class LevelDBWriteBatch;
 
-class LevelDBSnapshot {
-private:
-    friend class LevelDBDatabase;
-    friend class LevelDBTransaction;
-
-    explicit LevelDBSnapshot(LevelDBDatabase*);
-    ~LevelDBSnapshot();
-
-    leveldb::DB* m_db;
-    const leveldb::Snapshot* m_snapshot;
-};
-
 class LevelDBDatabase {
 public:
     static PassOwnPtr<LevelDBDatabase> open(const String& fileName, const LevelDBComparator*);
@@ -69,13 +55,12 @@ public:
 
     bool put(const LevelDBSlice& key, const Vector<char>& value);
     bool remove(const LevelDBSlice& key);
-    bool get(const LevelDBSlice& key, Vector<char>& value, const LevelDBSnapshot* = 0);
+    bool get(const LevelDBSlice& key, Vector<char>& value);
     bool write(LevelDBWriteBatch&);
-    PassOwnPtr<LevelDBIterator> createIterator(const LevelDBSnapshot* = 0);
+    PassOwnPtr<LevelDBIterator> createIterator();
     const LevelDBComparator* comparator() const;
 
 private:
-    friend class LevelDBSnapshot;
     LevelDBDatabase();
 
     OwnPtr<leveldb::Env> m_env;
diff --git a/Source/WebCore/platform/leveldb/LevelDBTransaction.cpp b/Source/WebCore/platform/leveldb/LevelDBTransaction.cpp
index fe8262a24..bf5ccbb7f 100644
--- a/Source/WebCore/platform/leveldb/LevelDBTransaction.cpp
+++ b/Source/WebCore/platform/leveldb/LevelDBTransaction.cpp
@@ -26,13 +26,12 @@
 #include "config.h"
 #include "LevelDBTransaction.h"
 
-#if ENABLE(INDEXED_DATABASE)
-#if USE(LEVELDB)
-
 #include "LevelDBDatabase.h"
 #include "LevelDBSlice.h"
 #include "LevelDBWriteBatch.h"
-#include <leveldb/db.h>
+
+#if ENABLE(INDEXED_DATABASE)
+#if USE(LEVELDB)
 
 namespace WebCore {
 
@@ -43,7 +42,6 @@ PassRefPtr<LevelDBTransaction> LevelDBTransaction::create(LevelDBDatabase* db)
 
 LevelDBTransaction::LevelDBTransaction(LevelDBDatabase* db)
     : m_db(db)
-    , m_snapshot(db)
     , m_comparator(db->comparator())
     , m_finished(false)
 {
@@ -120,7 +118,7 @@ bool LevelDBTransaction::get(const LevelDBSlice& key, Vector<char>& value)
         return true;
     }
 
-    return m_db->get(key, value, &m_snapshot);
+    return m_db->get(key, value);
 }
 
 bool LevelDBTransaction::commit()
@@ -259,7 +257,7 @@ LevelDBTransaction::TransactionIterator::TransactionIterator(PassRefPtr<LevelDBT
     : m_transaction(transaction)
     , m_comparator(m_transaction->m_comparator)
     , m_treeIterator(TreeIterator::create(m_transaction.get()))
-    , m_dbIterator(m_transaction->m_db->createIterator(&m_transaction->m_snapshot))
+    , m_dbIterator(m_transaction->m_db->createIterator())
     , m_current(0)
     , m_direction(kForward)
     , m_treeChanged(false)
diff --git a/Source/WebCore/platform/leveldb/LevelDBTransaction.h b/Source/WebCore/platform/leveldb/LevelDBTransaction.h
index 94236ff76..85b734ff0 100644
--- a/Source/WebCore/platform/leveldb/LevelDBTransaction.h
+++ b/Source/WebCore/platform/leveldb/LevelDBTransaction.h
@@ -30,7 +30,6 @@
 #if USE(LEVELDB)
 
 #include "LevelDBComparator.h"
-#include "LevelDBDatabase.h"
 #include "LevelDBIterator.h"
 #include "LevelDBSlice.h"
 #include <wtf/AVLTree.h>
@@ -43,6 +42,7 @@
 
 namespace WebCore {
 
+class LevelDBDatabase;
 class LevelDBWriteBatch;
 
 using WTF::AVLTree;
@@ -164,7 +164,6 @@ private:
     void notifyIteratorsOfTreeChange();
 
     LevelDBDatabase* m_db;
-    const LevelDBSnapshot m_snapshot;
     const LevelDBComparator* m_comparator;
     TreeType m_tree;
     bool m_finished;
diff --git a/Source/WebCore/platform/network/ResourceResponseBase.cpp b/Source/WebCore/platform/network/ResourceResponseBase.cpp
index 5902e7961..48568ef6f 100644
--- a/Source/WebCore/platform/network/ResourceResponseBase.cpp
+++ b/Source/WebCore/platform/network/ResourceResponseBase.cpp
@@ -280,12 +280,12 @@ void ResourceResponseBase::setHTTPHeaderField(const AtomicString& name, const St
 {
     lazyInit(CommonAndUncommonFields);
 
-    DEFINE_STATIC_LOCAL(const AtomicString, ageHeader, ("age", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(const AtomicString, cacheControlHeader, ("cache-control", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(const AtomicString, dateHeader, ("date", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(const AtomicString, expiresHeader, ("expires", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(const AtomicString, lastModifiedHeader, ("last-modified", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(const AtomicString, pragmaHeader, ("pragma", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(const AtomicString, ageHeader, ("age"));
+    DEFINE_STATIC_LOCAL(const AtomicString, cacheControlHeader, ("cache-control"));
+    DEFINE_STATIC_LOCAL(const AtomicString, dateHeader, ("date"));
+    DEFINE_STATIC_LOCAL(const AtomicString, expiresHeader, ("expires"));
+    DEFINE_STATIC_LOCAL(const AtomicString, lastModifiedHeader, ("last-modified"));
+    DEFINE_STATIC_LOCAL(const AtomicString, pragmaHeader, ("pragma"));
     if (equalIgnoringCase(name, ageHeader))
         m_haveParsedAgeHeader = false;
     else if (equalIgnoringCase(name, cacheControlHeader) || equalIgnoringCase(name, pragmaHeader))
@@ -319,11 +319,11 @@ void ResourceResponseBase::parseCacheControlDirectives() const
     m_cacheControlContainsNoCache = false;
     m_cacheControlMaxAge = numeric_limits<double>::quiet_NaN();
 
-    DEFINE_STATIC_LOCAL(const AtomicString, cacheControlString, ("cache-control", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(const AtomicString, noCacheDirective, ("no-cache", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(const AtomicString, noStoreDirective, ("no-store", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(const AtomicString, mustRevalidateDirective, ("must-revalidate", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(const AtomicString, maxAgeDirective, ("max-age", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(const AtomicString, cacheControlString, ("cache-control"));
+    DEFINE_STATIC_LOCAL(const AtomicString, noCacheDirective, ("no-cache"));
+    DEFINE_STATIC_LOCAL(const AtomicString, noStoreDirective, ("no-store"));
+    DEFINE_STATIC_LOCAL(const AtomicString, mustRevalidateDirective, ("must-revalidate"));
+    DEFINE_STATIC_LOCAL(const AtomicString, maxAgeDirective, ("max-age"));
 
     String cacheControlValue = m_httpHeaderFields.get(cacheControlString);
     if (!cacheControlValue.isEmpty()) {
@@ -357,7 +357,7 @@ void ResourceResponseBase::parseCacheControlDirectives() const
         // Handle Pragma: no-cache
         // This is deprecated and equivalent to Cache-control: no-cache
         // Don't bother tokenizing the value, it is not important
-        DEFINE_STATIC_LOCAL(const AtomicString, pragmaHeader, ("pragma", AtomicString::ConstructFromLiteral));
+        DEFINE_STATIC_LOCAL(const AtomicString, pragmaHeader, ("pragma"));
         String pragmaValue = m_httpHeaderFields.get(pragmaHeader);
 
         m_cacheControlContainsNoCache = pragmaValue.lower().contains(noCacheDirective);
@@ -389,8 +389,8 @@ bool ResourceResponseBase::hasCacheValidatorFields() const
 {
     lazyInit(CommonFieldsOnly);
 
-    DEFINE_STATIC_LOCAL(const AtomicString, lastModifiedHeader, ("last-modified", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(const AtomicString, eTagHeader, ("etag", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(const AtomicString, lastModifiedHeader, ("last-modified"));
+    DEFINE_STATIC_LOCAL(const AtomicString, eTagHeader, ("etag"));
     return !m_httpHeaderFields.get(lastModifiedHeader).isEmpty() || !m_httpHeaderFields.get(eTagHeader).isEmpty();
 }
 
@@ -421,7 +421,7 @@ double ResourceResponseBase::date() const
     lazyInit(CommonFieldsOnly);
 
     if (!m_haveParsedDateHeader) {
-        DEFINE_STATIC_LOCAL(const AtomicString, headerName, ("date", AtomicString::ConstructFromLiteral));
+        DEFINE_STATIC_LOCAL(const AtomicString, headerName, ("date"));
         m_date = parseDateValueInHeader(m_httpHeaderFields, headerName);
         m_haveParsedDateHeader = true;
     }
@@ -433,7 +433,7 @@ double ResourceResponseBase::age() const
     lazyInit(CommonFieldsOnly);
 
     if (!m_haveParsedAgeHeader) {
-        DEFINE_STATIC_LOCAL(const AtomicString, headerName, ("age", AtomicString::ConstructFromLiteral));
+        DEFINE_STATIC_LOCAL(const AtomicString, headerName, ("age"));
         String headerValue = m_httpHeaderFields.get(headerName);
         bool ok;
         m_age = headerValue.toDouble(&ok);
@@ -449,7 +449,7 @@ double ResourceResponseBase::expires() const
     lazyInit(CommonFieldsOnly);
 
     if (!m_haveParsedExpiresHeader) {
-        DEFINE_STATIC_LOCAL(const AtomicString, headerName, ("expires", AtomicString::ConstructFromLiteral));
+        DEFINE_STATIC_LOCAL(const AtomicString, headerName, ("expires"));
         m_expires = parseDateValueInHeader(m_httpHeaderFields, headerName);
         m_haveParsedExpiresHeader = true;
     }
@@ -461,7 +461,7 @@ double ResourceResponseBase::lastModified() const
     lazyInit(CommonFieldsOnly);
 
     if (!m_haveParsedLastModifiedHeader) {
-        DEFINE_STATIC_LOCAL(const AtomicString, headerName, ("last-modified", AtomicString::ConstructFromLiteral));
+        DEFINE_STATIC_LOCAL(const AtomicString, headerName, ("last-modified"));
         m_lastModified = parseDateValueInHeader(m_httpHeaderFields, headerName);
         m_haveParsedLastModifiedHeader = true;
     }
@@ -472,13 +472,13 @@ bool ResourceResponseBase::isAttachment() const
 {
     lazyInit(CommonAndUncommonFields);
 
-    DEFINE_STATIC_LOCAL(const AtomicString, headerName, ("content-disposition", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(const AtomicString, headerName, ("content-disposition"));
     String value = m_httpHeaderFields.get(headerName);
     size_t loc = value.find(';');
     if (loc != notFound)
         value = value.left(loc);
     value = value.stripWhiteSpace();
-    DEFINE_STATIC_LOCAL(const AtomicString, attachmentString, ("attachment", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(const AtomicString, attachmentString, ("attachment"));
     return equalIgnoringCase(value, attachmentString);
 }
   
diff --git a/Source/WebCore/platform/text/enchant/TextCheckerEnchant.cpp b/Source/WebCore/platform/text/enchant/TextCheckerEnchant.cpp
index f9b30df6a..28633f15f 100644
--- a/Source/WebCore/platform/text/enchant/TextCheckerEnchant.cpp
+++ b/Source/WebCore/platform/text/enchant/TextCheckerEnchant.cpp
@@ -72,7 +72,7 @@ void TextCheckerEnchant::checkSpellingOfString(const String& string, int& misspe
     misspellingLocation = -1;
     misspellingLength = 0;
 
-    if (!hasDictionary())
+    if (m_enchantDictionaries.isEmpty())
         return;
 
     size_t numberOfCharacters = string.length();
@@ -121,7 +121,7 @@ void TextCheckerEnchant::checkSpellingOfString(const String& string, int& misspe
 Vector<String> TextCheckerEnchant::getGuessesForWord(const String& word)
 {
     Vector<String> guesses;
-    if (!hasDictionary())
+    if (m_enchantDictionaries.isEmpty())
         return guesses;
 
     for (Vector<EnchantDict*>::const_iterator iter = m_enchantDictionaries.begin(); iter != m_enchantDictionaries.end(); ++iter) {
@@ -180,7 +180,7 @@ void TextCheckerEnchant::updateSpellCheckingLanguages(const Vector<String>& lang
 Vector<String> TextCheckerEnchant::loadedSpellCheckingLanguages() const
 {
     Vector<String> languages;
-    if (!hasDictionary())
+    if (m_enchantDictionaries.isEmpty())
         return languages;
 
     // Get a Vector<CString> with the list of languages in use.
diff --git a/Source/WebCore/platform/text/enchant/TextCheckerEnchant.h b/Source/WebCore/platform/text/enchant/TextCheckerEnchant.h
index 0fe2caaa9..787f8bf5a 100644
--- a/Source/WebCore/platform/text/enchant/TextCheckerEnchant.h
+++ b/Source/WebCore/platform/text/enchant/TextCheckerEnchant.h
@@ -43,7 +43,6 @@ public:
     Vector<String> getGuessesForWord(const String&);
     void updateSpellCheckingLanguages(const Vector<String>& languages);
     Vector<String> loadedSpellCheckingLanguages() const;
-    bool hasDictionary() const { return !m_enchantDictionaries.isEmpty(); }
     Vector<String> availableSpellCheckingLanguages() const;
 
 private:
diff --git a/Source/WebCore/rendering/ExclusionPolygon.cpp b/Source/WebCore/rendering/ExclusionPolygon.cpp
index 21beac1ec..efb6acddb 100644
--- a/Source/WebCore/rendering/ExclusionPolygon.cpp
+++ b/Source/WebCore/rendering/ExclusionPolygon.cpp
@@ -190,13 +190,13 @@ static inline bool getVertexIntersectionVertices(const EdgeIntersection& interse
 
     if ((intersection.type == VertexMinY && (thisEdge.vertex1().y() < thisEdge.vertex2().y()))
         || (intersection.type == VertexMaxY && (thisEdge.vertex1().y() > thisEdge.vertex2().y()))) {
-        prevVertex = polygon.vertexAt(thisEdge.previousEdge().vertexIndex1);
+        prevVertex = polygon.vertexAt(thisEdge.previousEdge().vertexIndex2);
         thisVertex = polygon.vertexAt(thisEdge.vertexIndex1);
         nextVertex = polygon.vertexAt(thisEdge.vertexIndex2);
     } else {
         prevVertex = polygon.vertexAt(thisEdge.vertexIndex1);
         thisVertex = polygon.vertexAt(thisEdge.vertexIndex2);
-        nextVertex = polygon.vertexAt(thisEdge.nextEdge().vertexIndex2);
+        nextVertex = polygon.vertexAt(thisEdge.nextEdge().vertexIndex1);
     }
 
     return true;
@@ -219,7 +219,7 @@ static bool compareEdgeIntersectionX(const EdgeIntersection& intersection1, cons
     return (x1 == x2) ? intersection1.type < intersection2.type : x1 < x2;
 }
 
-void ExclusionPolygon::computeXIntersections(float y, bool isMinY, Vector<ExclusionInterval>& result) const
+void ExclusionPolygon::computeXIntersections(float y, Vector<ExclusionInterval>& result) const
 {
     Vector<ExclusionPolygon::EdgeInterval> overlappingEdges;
     m_edgeTree.allOverlaps(ExclusionPolygon::EdgeInterval(y, y, 0), overlappingEdges);
@@ -265,19 +265,19 @@ void ExclusionPolygon::computeXIntersections(float y, bool isMinY, Vector<Exclus
         }
 
         if (evenOddCrossing) {
-            bool edgeCrossing = thisIntersection.type == Normal;
-            if (!edgeCrossing) {
+            bool edgeCrossing = false;
+            if (thisIntersection.type == Normal || !inside || index == intersections.size() - 1)
+                edgeCrossing = true;
+            else {
                 FloatPoint prevVertex;
                 FloatPoint thisVertex;
                 FloatPoint nextVertex;
 
                 if (getVertexIntersectionVertices(thisIntersection, prevVertex, thisVertex, nextVertex)) {
-                    if (nextVertex.y() == y)
-                        edgeCrossing = (isMinY) ? prevVertex.y() > y : prevVertex.y() < y;
-                    else if (prevVertex.y() == y)
-                        edgeCrossing = (isMinY) ? nextVertex.y() > y : nextVertex.y() < y;
+                    if (prevVertex.y() == y)
+                        edgeCrossing =  (thisVertex.x() > prevVertex.x()) ? nextVertex.y() > y : nextVertex.y() < y;
                     else
-                        edgeCrossing = true;
+                        edgeCrossing = (nextVertex.y() != y);
                 }
             }
             if (edgeCrossing)
@@ -331,8 +331,8 @@ void ExclusionPolygon::getExcludedIntervals(float logicalTop, float logicalHeigh
     float y2 = maxYForLogicalLine(logicalTop, logicalHeight);
 
     Vector<ExclusionInterval> y1XIntervals, y2XIntervals;
-    computeXIntersections(y1, true, y1XIntervals);
-    computeXIntersections(y2, false, y2XIntervals);
+    computeXIntersections(y1, y1XIntervals);
+    computeXIntersections(y2, y2XIntervals);
 
     Vector<ExclusionInterval> mergedIntervals;
     mergeExclusionIntervals(y1XIntervals, y2XIntervals, mergedIntervals);
@@ -358,8 +358,8 @@ void ExclusionPolygon::getIncludedIntervals(float logicalTop, float logicalHeigh
     float y2 = maxYForLogicalLine(logicalTop, logicalHeight);
 
     Vector<ExclusionInterval> y1XIntervals, y2XIntervals;
-    computeXIntersections(y1, true, y1XIntervals);
-    computeXIntersections(y2, false, y2XIntervals);
+    computeXIntersections(y1, y1XIntervals);
+    computeXIntersections(y2, y2XIntervals);
 
     Vector<ExclusionInterval> commonIntervals;
     intersectExclusionIntervals(y1XIntervals, y2XIntervals, commonIntervals);
diff --git a/Source/WebCore/rendering/ExclusionPolygon.h b/Source/WebCore/rendering/ExclusionPolygon.h
index 647eb172e..ce7a23c0d 100644
--- a/Source/WebCore/rendering/ExclusionPolygon.h
+++ b/Source/WebCore/rendering/ExclusionPolygon.h
@@ -68,7 +68,7 @@ public:
     virtual void getIncludedIntervals(float logicalTop, float logicalHeight, SegmentList&) const OVERRIDE;
 
 private:
-    void computeXIntersections(float y, bool isMinY, Vector<ExclusionInterval>&) const;
+    void computeXIntersections(float y, Vector<ExclusionInterval>&) const;
     void computeEdgeIntersections(float minY, float maxY, Vector<ExclusionInterval>&) const;
     unsigned findNextEdgeVertexIndex(unsigned vertexIndex1, bool clockwise) const;
 
@@ -102,7 +102,7 @@ struct ExclusionPolygonEdge {
     const ExclusionPolygonEdge& previousEdge() const
     {
         ASSERT(polygon && polygon->numberOfEdges() > 1);
-        return polygon->edgeAt((edgeIndex + polygon->numberOfEdges() - 1) % polygon->numberOfEdges());
+        return polygon->edgeAt((edgeIndex + polygon->numberOfEdges() - 2) % polygon->numberOfEdges());
     }
 
     const ExclusionPolygonEdge& nextEdge() const
diff --git a/Source/WebCore/rendering/FixedTableLayout.cpp b/Source/WebCore/rendering/FixedTableLayout.cpp
index e75764ac7..2a08ad6b5 100644
--- a/Source/WebCore/rendering/FixedTableLayout.cpp
+++ b/Source/WebCore/rendering/FixedTableLayout.cpp
@@ -199,7 +199,7 @@ void FixedTableLayout::computePreferredLogicalWidths(LayoutUnit& minWidth, Layou
     // In this example, the two inner tables should be as large as the outer table. 
     // We can achieve this effect by making the maxwidth of fixed tables with percentage
     // widths be infinite.
-    if (m_table->style()->logicalWidth().isPercent() && maxWidth < tableMaxWidth)
+    if (m_table->document()->inQuirksMode() && m_table->style()->logicalWidth().isPercent() && maxWidth < tableMaxWidth)
         maxWidth = tableMaxWidth;
 }
 
diff --git a/Source/WebCore/rendering/RenderLayerCompositor.cpp b/Source/WebCore/rendering/RenderLayerCompositor.cpp
index b5b456b3a..f026d02d6 100644
--- a/Source/WebCore/rendering/RenderLayerCompositor.cpp
+++ b/Source/WebCore/rendering/RenderLayerCompositor.cpp
@@ -2590,9 +2590,7 @@ const FixedPositionViewportConstraints RenderLayerCompositor::computeFixedViewpo
     ASSERT(layer->isComposited());
 
     FrameView* frameView = m_renderView->frameView();
-
     LayoutRect viewportRect = frameView->visibleContentRect();
-    viewportRect.setLocation(toPoint(frameView->scrollOffsetForFixedPosition()));
 
     FixedPositionViewportConstraints constraints = FixedPositionViewportConstraints();
 
diff --git a/Source/WebCore/rendering/RenderTextControlMultiLine.cpp b/Source/WebCore/rendering/RenderTextControlMultiLine.cpp
index f40994326..92d002829 100644
--- a/Source/WebCore/rendering/RenderTextControlMultiLine.cpp
+++ b/Source/WebCore/rendering/RenderTextControlMultiLine.cpp
@@ -59,7 +59,7 @@ float RenderTextControlMultiLine::getAvgCharWidth(AtomicString family)
     // Since Lucida Grande is the default font, we want this to match the width
     // of Courier New, the default font for textareas in IE, Firefox and Safari Win.
     // 1229 is the avgCharWidth value in the OS/2 table for Courier New.
-    if (family == "Lucida Grande")
+    if (family == AtomicString("Lucida Grande"))
         return scaleEmToUnits(1229);
 
     return RenderTextControl::getAvgCharWidth(family);
diff --git a/Source/WebCore/rendering/RenderTextControlSingleLine.cpp b/Source/WebCore/rendering/RenderTextControlSingleLine.cpp
index c7f075a4b..967fb2acc 100644
--- a/Source/WebCore/rendering/RenderTextControlSingleLine.cpp
+++ b/Source/WebCore/rendering/RenderTextControlSingleLine.cpp
@@ -283,7 +283,7 @@ float RenderTextControlSingleLine::getAvgCharWidth(AtomicString family)
     // of MS Shell Dlg, the default font for textareas in Firefox, Safari Win and
     // IE for some encodings (in IE, the default font is encoding specific).
     // 901 is the avgCharWidth value in the OS/2 table for MS Shell Dlg.
-    if (family == "Lucida Grande")
+    if (family == AtomicString("Lucida Grande"))
         return scaleEmToUnits(901);
 
     return RenderTextControl::getAvgCharWidth(family);
@@ -304,7 +304,7 @@ LayoutUnit RenderTextControlSingleLine::preferredContentWidth(float charWidth) c
     // of MS Shell Dlg, the default font for textareas in Firefox, Safari Win and
     // IE for some encodings (in IE, the default font is encoding specific).
     // 4027 is the (xMax - xMin) value in the "head" font table for MS Shell Dlg.
-    if (family == "Lucida Grande")
+    if (family == AtomicString("Lucida Grande"))
         maxCharWidth = scaleEmToUnits(4027);
     else if (hasValidAvgCharWidth(family))
         maxCharWidth = roundf(style()->font().primaryFont()->maxCharWidth());
diff --git a/Source/WebCore/rendering/RenderThemeChromiumCommon.cpp b/Source/WebCore/rendering/RenderThemeChromiumCommon.cpp
index 7b420c835..6e9079535 100644
--- a/Source/WebCore/rendering/RenderThemeChromiumCommon.cpp
+++ b/Source/WebCore/rendering/RenderThemeChromiumCommon.cpp
@@ -49,10 +49,8 @@ bool RenderThemeChromiumCommon::supportsDataListUI(const AtomicString& type)
 #if ENABLE(INPUT_MULTIPLE_FIELDS_UI)
 bool RenderThemeChromiumCommon::supportsCalendarPicker(const AtomicString& type)
 {
-    // FIXME: We'd like to support datetime, and datetime-local too.
-    return type == InputTypeNames::date()
-        || type == InputTypeNames::month()
-        || type == InputTypeNames::week();
+    // FIXME: We'd like to support datetime, datetime-local, month, and week too.
+    return type == InputTypeNames::date();
 }
 #endif
 
diff --git a/Source/WebCore/svg/SVGAnimateColorElement.cpp b/Source/WebCore/svg/SVGAnimateColorElement.cpp
index a5995fb33..ddaa10e26 100644
--- a/Source/WebCore/svg/SVGAnimateColorElement.cpp
+++ b/Source/WebCore/svg/SVGAnimateColorElement.cpp
@@ -40,7 +40,7 @@ PassRefPtr<SVGAnimateColorElement> SVGAnimateColorElement::create(const Qualifie
 
 static bool attributeValueIsCurrentColor(const String& value)
 {
-    DEFINE_STATIC_LOCAL(const AtomicString, currentColor, ("currentColor", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(const AtomicString, currentColor, ("currentColor"));
     return value == currentColor;
 }
 
diff --git a/Source/WebCore/svg/SVGAnimateMotionElement.cpp b/Source/WebCore/svg/SVGAnimateMotionElement.cpp
index 32684ac01..f2e4a8a35 100644
--- a/Source/WebCore/svg/SVGAnimateMotionElement.cpp
+++ b/Source/WebCore/svg/SVGAnimateMotionElement.cpp
@@ -121,8 +121,8 @@ void SVGAnimateMotionElement::parseAttribute(const Attribute& attribute)
     
 SVGAnimateMotionElement::RotateMode SVGAnimateMotionElement::rotateMode() const
 {
-    DEFINE_STATIC_LOCAL(const AtomicString, autoVal, ("auto", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(const AtomicString, autoReverse, ("auto-reverse", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(const AtomicString, autoVal, ("auto"));
+    DEFINE_STATIC_LOCAL(const AtomicString, autoReverse, ("auto-reverse"));
     const AtomicString& rotate = getAttribute(SVGNames::rotateAttr);
     if (rotate == autoVal)
         return RotateAuto;
diff --git a/Source/WebCore/svg/SVGAnimationElement.cpp b/Source/WebCore/svg/SVGAnimationElement.cpp
index 53765c378..8edf81843 100644
--- a/Source/WebCore/svg/SVGAnimationElement.cpp
+++ b/Source/WebCore/svg/SVGAnimationElement.cpp
@@ -293,10 +293,10 @@ void SVGAnimationElement::updateAnimationMode()
 
 void SVGAnimationElement::setCalcMode(const AtomicString& calcMode)
 {
-    DEFINE_STATIC_LOCAL(const AtomicString, discrete, ("discrete", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(const AtomicString, linear, ("linear", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(const AtomicString, paced, ("paced", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(const AtomicString, spline, ("spline", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(const AtomicString, discrete, ("discrete"));
+    DEFINE_STATIC_LOCAL(const AtomicString, linear, ("linear"));
+    DEFINE_STATIC_LOCAL(const AtomicString, paced, ("paced"));
+    DEFINE_STATIC_LOCAL(const AtomicString, spline, ("spline"));
     if (calcMode == discrete)
         setCalcMode(CalcModeDiscrete);
     else if (calcMode == linear)
@@ -311,8 +311,8 @@ void SVGAnimationElement::setCalcMode(const AtomicString& calcMode)
 
 void SVGAnimationElement::setAttributeType(const AtomicString& attributeType)
 {
-    DEFINE_STATIC_LOCAL(const AtomicString, css, ("CSS", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(const AtomicString, xml, ("XML", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(const AtomicString, css, ("CSS"));
+    DEFINE_STATIC_LOCAL(const AtomicString, xml, ("XML"));
     if (attributeType == css)
         m_attributeType = AttributeTypeCSS;
     else if (attributeType == xml)
@@ -339,14 +339,14 @@ String SVGAnimationElement::fromValue() const
 
 bool SVGAnimationElement::isAdditive() const
 {
-    DEFINE_STATIC_LOCAL(const AtomicString, sum, ("sum", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(const AtomicString, sum, ("sum"));
     const AtomicString& value = fastGetAttribute(SVGNames::additiveAttr);
     return value == sum || animationMode() == ByAnimation;
 }
 
 bool SVGAnimationElement::isAccumulated() const
 {
-    DEFINE_STATIC_LOCAL(const AtomicString, sum, ("sum", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(const AtomicString, sum, ("sum"));
     const AtomicString& value = fastGetAttribute(SVGNames::accumulateAttr);
     return value == sum && animationMode() != ToAnimation;
 }
@@ -658,7 +658,7 @@ void SVGAnimationElement::adjustForInheritance(SVGElement* targetElement, const
 static bool inheritsFromProperty(SVGElement* targetElement, const QualifiedName& attributeName, const String& value)
 {
     ASSERT(targetElement);
-    DEFINE_STATIC_LOCAL(const AtomicString, inherit, ("inherit", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(const AtomicString, inherit, ("inherit"));
     
     if (value.isEmpty() || value != inherit || !targetElement->isStyled())
         return false;
diff --git a/Source/WebCore/svg/SVGFEConvolveMatrixElement.cpp b/Source/WebCore/svg/SVGFEConvolveMatrixElement.cpp
index 5c973d71e..9a44ef836 100644
--- a/Source/WebCore/svg/SVGFEConvolveMatrixElement.cpp
+++ b/Source/WebCore/svg/SVGFEConvolveMatrixElement.cpp
@@ -79,25 +79,25 @@ PassRefPtr<SVGFEConvolveMatrixElement> SVGFEConvolveMatrixElement::create(const
 
 const AtomicString& SVGFEConvolveMatrixElement::kernelUnitLengthXIdentifier()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, s_identifier, ("SVGKernelUnitLengthX", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, s_identifier, ("SVGKernelUnitLengthX"));
     return s_identifier;
 }
 
 const AtomicString& SVGFEConvolveMatrixElement::kernelUnitLengthYIdentifier()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, s_identifier, ("SVGKernelUnitLengthY", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, s_identifier, ("SVGKernelUnitLengthY"));
     return s_identifier;
 }
 
 const AtomicString& SVGFEConvolveMatrixElement::orderXIdentifier()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, s_identifier, ("SVGOrderX", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, s_identifier, ("SVGOrderX"));
     return s_identifier;
 }
 
 const AtomicString& SVGFEConvolveMatrixElement::orderYIdentifier()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, s_identifier, ("SVGOrderY", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, s_identifier, ("SVGOrderY"));
     return s_identifier;
 }
 
diff --git a/Source/WebCore/svg/SVGFEDiffuseLightingElement.cpp b/Source/WebCore/svg/SVGFEDiffuseLightingElement.cpp
index 451a203e1..694785518 100644
--- a/Source/WebCore/svg/SVGFEDiffuseLightingElement.cpp
+++ b/Source/WebCore/svg/SVGFEDiffuseLightingElement.cpp
@@ -67,13 +67,13 @@ PassRefPtr<SVGFEDiffuseLightingElement> SVGFEDiffuseLightingElement::create(cons
 
 const AtomicString& SVGFEDiffuseLightingElement::kernelUnitLengthXIdentifier()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, s_identifier, ("SVGKernelUnitLengthX", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, s_identifier, ("SVGKernelUnitLengthX"));
     return s_identifier;
 }
 
 const AtomicString& SVGFEDiffuseLightingElement::kernelUnitLengthYIdentifier()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, s_identifier, ("SVGKernelUnitLengthY", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, s_identifier, ("SVGKernelUnitLengthY"));
     return s_identifier;
 }
 
diff --git a/Source/WebCore/svg/SVGFEDropShadowElement.cpp b/Source/WebCore/svg/SVGFEDropShadowElement.cpp
index 65ee0761e..552351a63 100644
--- a/Source/WebCore/svg/SVGFEDropShadowElement.cpp
+++ b/Source/WebCore/svg/SVGFEDropShadowElement.cpp
@@ -66,13 +66,13 @@ PassRefPtr<SVGFEDropShadowElement> SVGFEDropShadowElement::create(const Qualifie
 
 const AtomicString& SVGFEDropShadowElement::stdDeviationXIdentifier()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, s_identifier, ("SVGStdDeviationX", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, s_identifier, ("SVGStdDeviationX"));
     return s_identifier;
 }
 
 const AtomicString& SVGFEDropShadowElement::stdDeviationYIdentifier()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, s_identifier, ("SVGStdDeviationY", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, s_identifier, ("SVGStdDeviationY"));
     return s_identifier;
 }
 
diff --git a/Source/WebCore/svg/SVGFEGaussianBlurElement.cpp b/Source/WebCore/svg/SVGFEGaussianBlurElement.cpp
index 2e432c743..89fb3a5d8 100644
--- a/Source/WebCore/svg/SVGFEGaussianBlurElement.cpp
+++ b/Source/WebCore/svg/SVGFEGaussianBlurElement.cpp
@@ -58,13 +58,13 @@ PassRefPtr<SVGFEGaussianBlurElement> SVGFEGaussianBlurElement::create(const Qual
 
 const AtomicString& SVGFEGaussianBlurElement::stdDeviationXIdentifier()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, s_identifier, ("SVGStdDeviationX", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, s_identifier, ("SVGStdDeviationX"));
     return s_identifier;
 }
 
 const AtomicString& SVGFEGaussianBlurElement::stdDeviationYIdentifier()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, s_identifier, ("SVGStdDeviationY", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, s_identifier, ("SVGStdDeviationY"));
     return s_identifier;
 }
 
diff --git a/Source/WebCore/svg/SVGFEMorphologyElement.cpp b/Source/WebCore/svg/SVGFEMorphologyElement.cpp
index d1e434e9d..d688d851e 100644
--- a/Source/WebCore/svg/SVGFEMorphologyElement.cpp
+++ b/Source/WebCore/svg/SVGFEMorphologyElement.cpp
@@ -60,13 +60,13 @@ PassRefPtr<SVGFEMorphologyElement> SVGFEMorphologyElement::create(const Qualifie
 
 const AtomicString& SVGFEMorphologyElement::radiusXIdentifier()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, s_identifier, ("SVGRadiusX", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, s_identifier, ("SVGRadiusX"));
     return s_identifier;
 }
 
 const AtomicString& SVGFEMorphologyElement::radiusYIdentifier()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, s_identifier, ("SVGRadiusY", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, s_identifier, ("SVGRadiusY"));
     return s_identifier;
 }
 
diff --git a/Source/WebCore/svg/SVGFESpecularLightingElement.cpp b/Source/WebCore/svg/SVGFESpecularLightingElement.cpp
index e62822039..ceb2fbaa5 100644
--- a/Source/WebCore/svg/SVGFESpecularLightingElement.cpp
+++ b/Source/WebCore/svg/SVGFESpecularLightingElement.cpp
@@ -71,13 +71,13 @@ PassRefPtr<SVGFESpecularLightingElement> SVGFESpecularLightingElement::create(co
 
 const AtomicString& SVGFESpecularLightingElement::kernelUnitLengthXIdentifier()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, s_identifier, ("SVGKernelUnitLengthX", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, s_identifier, ("SVGKernelUnitLengthX"));
     return s_identifier;
 }
 
 const AtomicString& SVGFESpecularLightingElement::kernelUnitLengthYIdentifier()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, s_identifier, ("SVGKernelUnitLengthY", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, s_identifier, ("SVGKernelUnitLengthY"));
     return s_identifier;
 }
 
diff --git a/Source/WebCore/svg/SVGFETurbulenceElement.cpp b/Source/WebCore/svg/SVGFETurbulenceElement.cpp
index 4fe16f6b1..aa177994a 100644
--- a/Source/WebCore/svg/SVGFETurbulenceElement.cpp
+++ b/Source/WebCore/svg/SVGFETurbulenceElement.cpp
@@ -65,13 +65,13 @@ PassRefPtr<SVGFETurbulenceElement> SVGFETurbulenceElement::create(const Qualifie
 
 const AtomicString& SVGFETurbulenceElement::baseFrequencyXIdentifier()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, s_identifier, ("SVGBaseFrequencyX", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, s_identifier, ("SVGBaseFrequencyX"));
     return s_identifier;
 }
 
 const AtomicString& SVGFETurbulenceElement::baseFrequencyYIdentifier()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, s_identifier, ("SVGBaseFrequencyY", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, s_identifier, ("SVGBaseFrequencyY"));
     return s_identifier;
 }
 
diff --git a/Source/WebCore/svg/SVGFilterElement.cpp b/Source/WebCore/svg/SVGFilterElement.cpp
index 3e98d08bc..9b81667e0 100644
--- a/Source/WebCore/svg/SVGFilterElement.cpp
+++ b/Source/WebCore/svg/SVGFilterElement.cpp
@@ -84,13 +84,13 @@ PassRefPtr<SVGFilterElement> SVGFilterElement::create(const QualifiedName& tagNa
 
 const AtomicString& SVGFilterElement::filterResXIdentifier()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, s_identifier, ("SVGFilterResX", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, s_identifier, ("SVGFilterResX"));
     return s_identifier;
 }
 
 const AtomicString& SVGFilterElement::filterResYIdentifier()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, s_identifier, ("SVGFilterResY", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, s_identifier, ("SVGFilterResY"));
     return s_identifier;
 }
 
diff --git a/Source/WebCore/svg/SVGLangSpace.cpp b/Source/WebCore/svg/SVGLangSpace.cpp
index b8b1013d6..445084537 100644
--- a/Source/WebCore/svg/SVGLangSpace.cpp
+++ b/Source/WebCore/svg/SVGLangSpace.cpp
@@ -38,7 +38,7 @@ void SVGLangSpace::setXmllang(const AtomicString& xmlLang)
 const AtomicString& SVGLangSpace::xmlspace() const
 {
     if (!m_space) {
-        DEFINE_STATIC_LOCAL(const AtomicString, defaultString, ("default", AtomicString::ConstructFromLiteral));
+        DEFINE_STATIC_LOCAL(const AtomicString, defaultString, ("default"));
         return defaultString;
     }
 
@@ -71,7 +71,7 @@ bool SVGLangSpace::isKnownAttribute(const QualifiedName& attrName)
     
 void SVGLangSpace::addSupportedAttributes(HashSet<QualifiedName>& supportedAttributes)
 {
-    DEFINE_STATIC_LOCAL(AtomicString, xmlPrefix, ("xml", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, xmlPrefix, ("xml"));
 
     QualifiedName langWithPrefix = XMLNames::langAttr;
     langWithPrefix.setPrefix(xmlPrefix);
diff --git a/Source/WebCore/svg/SVGMarkerElement.cpp b/Source/WebCore/svg/SVGMarkerElement.cpp
index fde03a297..2a6ebb1ef 100644
--- a/Source/WebCore/svg/SVGMarkerElement.cpp
+++ b/Source/WebCore/svg/SVGMarkerElement.cpp
@@ -94,13 +94,13 @@ PassRefPtr<SVGMarkerElement> SVGMarkerElement::create(const QualifiedName& tagNa
 
 const AtomicString& SVGMarkerElement::orientTypeIdentifier()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, s_identifier, ("SVGOrientType", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, s_identifier, ("SVGOrientType"));
     return s_identifier;
 }
 
 const AtomicString& SVGMarkerElement::orientAngleIdentifier()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, s_identifier, ("SVGOrientAngle", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, s_identifier, ("SVGOrientAngle"));
     return s_identifier;
 }
 
@@ -239,7 +239,7 @@ void SVGMarkerElement::synchronizeOrientType(void* contextElement)
     if (ownerType->m_orientType.value != SVGMarkerOrientAuto)
         return;
 
-    DEFINE_STATIC_LOCAL(AtomicString, autoString, ("auto", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, autoString, ("auto"));
     ownerType->m_orientType.synchronize(ownerType, orientTypePropertyInfo()->attributeName, autoString);
 }
 
diff --git a/Source/WebCore/svg/SVGSVGElement.cpp b/Source/WebCore/svg/SVGSVGElement.cpp
index 9aca90610..871985f70 100644
--- a/Source/WebCore/svg/SVGSVGElement.cpp
+++ b/Source/WebCore/svg/SVGSVGElement.cpp
@@ -121,7 +121,7 @@ void SVGSVGElement::didMoveToNewDocument(Document* oldDocument)
 
 const AtomicString& SVGSVGElement::contentScriptType() const
 {
-    DEFINE_STATIC_LOCAL(const AtomicString, defaultValue, ("text/ecmascript", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(const AtomicString, defaultValue, ("text/ecmascript"));
     const AtomicString& n = fastGetAttribute(SVGNames::contentScriptTypeAttr);
     return n.isNull() ? defaultValue : n;
 }
@@ -133,7 +133,7 @@ void SVGSVGElement::setContentScriptType(const AtomicString& type)
 
 const AtomicString& SVGSVGElement::contentStyleType() const
 {
-    DEFINE_STATIC_LOCAL(const AtomicString, defaultValue, ("text/css", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(const AtomicString, defaultValue, ("text/css"));
     const AtomicString& n = fastGetAttribute(SVGNames::contentStyleTypeAttr);
     return n.isNull() ? defaultValue : n;
 }
diff --git a/Source/WebCore/svg/SVGStyleElement.cpp b/Source/WebCore/svg/SVGStyleElement.cpp
index 84881e3b2..e4d6f6bc0 100644
--- a/Source/WebCore/svg/SVGStyleElement.cpp
+++ b/Source/WebCore/svg/SVGStyleElement.cpp
@@ -68,7 +68,7 @@ void SVGStyleElement::setDisabled(bool setDisabled)
 
 const AtomicString& SVGStyleElement::type() const
 {
-    DEFINE_STATIC_LOCAL(const AtomicString, defaultValue, ("text/css", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(const AtomicString, defaultValue, ("text/css"));
     const AtomicString& n = getAttribute(SVGNames::typeAttr);
     return n.isNull() ? defaultValue : n;
 }
@@ -80,7 +80,7 @@ void SVGStyleElement::setType(const AtomicString& type, ExceptionCode&)
 
 const AtomicString& SVGStyleElement::media() const
 {
-    DEFINE_STATIC_LOCAL(const AtomicString, defaultValue, ("all", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(const AtomicString, defaultValue, ("all"));
     const AtomicString& n = fastGetAttribute(SVGNames::mediaAttr);
     return n.isNull() ? defaultValue : n;
 }
diff --git a/Source/WebCore/svg/SVGTextContentElement.cpp b/Source/WebCore/svg/SVGTextContentElement.cpp
index 587d3f7c6..8b7041f89 100644
--- a/Source/WebCore/svg/SVGTextContentElement.cpp
+++ b/Source/WebCore/svg/SVGTextContentElement.cpp
@@ -241,7 +241,7 @@ void SVGTextContentElement::collectStyleForAttribute(const Attribute& attribute,
     if (!isSupportedAttribute(attribute.name()))
         SVGStyledElement::collectStyleForAttribute(attribute, style);
     else if (attribute.name().matches(XMLNames::spaceAttr)) {
-        DEFINE_STATIC_LOCAL(const AtomicString, preserveString, ("preserve", AtomicString::ConstructFromLiteral));
+        DEFINE_STATIC_LOCAL(const AtomicString, preserveString, ("preserve"));
 
         if (attribute.value() == preserveString)
             addPropertyToAttributeStyle(style, CSSPropertyWhiteSpace, CSSValuePre);
diff --git a/Source/WebCore/svg/SVGViewSpec.cpp b/Source/WebCore/svg/SVGViewSpec.cpp
index 3c1e78034..08ab852f0 100644
--- a/Source/WebCore/svg/SVGViewSpec.cpp
+++ b/Source/WebCore/svg/SVGViewSpec.cpp
@@ -87,19 +87,19 @@ SVGViewSpec::SVGViewSpec(SVGElement* contextElement)
 
 const AtomicString& SVGViewSpec::viewBoxIdentifier()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, s_identifier, ("SVGViewSpecViewBoxAttribute", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, s_identifier, ("SVGViewSpecViewBoxAttribute"));
     return s_identifier;
 }
 
 const AtomicString& SVGViewSpec::preserveAspectRatioIdentifier()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, s_identifier, ("SVGViewSpecPreserveAspectRatioAttribute", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, s_identifier, ("SVGViewSpecPreserveAspectRatioAttribute"));
     return s_identifier;
 }
 
 const AtomicString& SVGViewSpec::transformIdentifier()
 {
-    DEFINE_STATIC_LOCAL(AtomicString, s_identifier, ("SVGViewSpecTransformAttribute", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, s_identifier, ("SVGViewSpecTransformAttribute"));
     return s_identifier;
 }
 
diff --git a/Source/WebCore/svg/animation/SVGSMILElement.cpp b/Source/WebCore/svg/animation/SVGSMILElement.cpp
index 2b4e0d55b..1e3b01641 100644
--- a/Source/WebCore/svg/animation/SVGSMILElement.cpp
+++ b/Source/WebCore/svg/animation/SVGSMILElement.cpp
@@ -280,7 +280,7 @@ SMILTime SVGSMILElement::parseClockValue(const String& data)
     
     String parse = data.stripWhiteSpace();
 
-    DEFINE_STATIC_LOCAL(const AtomicString, indefiniteValue, ("indefinite", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(const AtomicString, indefiniteValue, ("indefinite"));
     if (parse == indefiniteValue)
         return SMILTime::indefinite();
 
@@ -632,8 +632,8 @@ bool SVGSMILElement::isFrozen() const
     
 SVGSMILElement::Restart SVGSMILElement::restart() const
 {    
-    DEFINE_STATIC_LOCAL(const AtomicString, never, ("never", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(const AtomicString, whenNotActive, ("whenNotActive", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(const AtomicString, never, ("never"));
+    DEFINE_STATIC_LOCAL(const AtomicString, whenNotActive, ("whenNotActive"));
     const AtomicString& value = fastGetAttribute(SVGNames::restartAttr);
     if (value == never)
         return RestartNever;
@@ -644,7 +644,7 @@ SVGSMILElement::Restart SVGSMILElement::restart() const
     
 SVGSMILElement::FillMode SVGSMILElement::fill() const
 {   
-    DEFINE_STATIC_LOCAL(const AtomicString, freeze, ("freeze", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(const AtomicString, freeze, ("freeze"));
     const AtomicString& value = fastGetAttribute(SVGNames::fillAttr);
     return value == freeze ? FillFreeze : FillRemove;
 }
@@ -677,7 +677,7 @@ SMILTime SVGSMILElement::repeatCount() const
     if (value.isNull())
         return SMILTime::unresolved();
 
-    DEFINE_STATIC_LOCAL(const AtomicString, indefiniteValue, ("indefinite", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(const AtomicString, indefiniteValue, ("indefinite"));
     if (value == indefiniteValue)
         return SMILTime::indefinite();
     bool ok;
diff --git a/Source/WebCore/testing/InternalSettings.cpp b/Source/WebCore/testing/InternalSettings.cpp
index 186ee662b..aa7703bc6 100644
--- a/Source/WebCore/testing/InternalSettings.cpp
+++ b/Source/WebCore/testing/InternalSettings.cpp
@@ -159,7 +159,7 @@ void InternalSettings::Backup::restoreTo(Page* page, Settings* settings)
 
 InternalSettings* InternalSettings::from(Page* page)
 {
-    DEFINE_STATIC_LOCAL(AtomicString, name, ("InternalSettings", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, name, ("InternalSettings"));
     if (!SuperType::from(page, name))
         SuperType::provideTo(page, name, adoptRef(new InternalSettings(page)));
     return static_cast<InternalSettings*>(SuperType::from(page, name));
diff --git a/Source/WebCore/xml/parser/CharacterReferenceParserInlineMethods.h b/Source/WebCore/xml/parser/CharacterReferenceParserInlineMethods.h
new file mode 100644
index 000000000..92df6361c
--- /dev/null
+++ b/Source/WebCore/xml/parser/CharacterReferenceParserInlineMethods.h
@@ -0,0 +1,173 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All Rights Reserved.
+ * Copyright (C) 2010 Google, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef CharacterReferenceParserInlineMethods_h
+#define CharacterReferenceParserInlineMethods_h
+
+#include <wtf/text/StringBuilder.h>
+
+namespace WebCore {
+
+inline bool isHexDigit(UChar cc)
+{
+    return (cc >= '0' && cc <= '9') || (cc >= 'a' && cc <= 'f') || (cc >= 'A' && cc <= 'F');
+}
+
+inline void unconsumeCharacters(SegmentedString& source, const StringBuilder& consumedCharacters)
+{
+    if (consumedCharacters.length() == 1)
+        source.push(consumedCharacters[0]);
+    else if (consumedCharacters.length() == 2) {
+        source.push(consumedCharacters[0]);
+        source.push(consumedCharacters[1]);
+    } else
+        source.prepend(SegmentedString(String(consumedCharacters.characters(), consumedCharacters.length())));
+}
+
+template <typename ParserFunctions>
+bool consumeCharacterReference(SegmentedString& source, StringBuilder& decodedCharacter, bool& notEnoughCharacters, UChar additionalAllowedCharacter)
+{
+    ASSERT(!additionalAllowedCharacter || additionalAllowedCharacter == '"' || additionalAllowedCharacter == '\'' || additionalAllowedCharacter == '>');
+    ASSERT(!notEnoughCharacters);
+    ASSERT(decodedCharacter.isEmpty());
+    
+    enum EntityState {
+        Initial,
+        Number,
+        MaybeHexLowerCaseX,
+        MaybeHexUpperCaseX,
+        Hex,
+        Decimal,
+        Named
+    };
+    EntityState entityState = Initial;
+    UChar32 result = 0;
+    StringBuilder consumedCharacters;
+    
+    while (!source.isEmpty()) {
+        UChar cc = source.currentChar();
+        switch (entityState) {
+        case Initial: {
+            if (cc == '\x09' || cc == '\x0A' || cc == '\x0C' || cc == ' ' || cc == '<' || cc == '&')
+                return false;
+            if (additionalAllowedCharacter && cc == additionalAllowedCharacter)
+                return false;
+            if (cc == '#') {
+                entityState = Number;
+                break;
+            }
+            if ((cc >= 'a' && cc <= 'z') || (cc >= 'A' && cc <= 'Z')) {
+                entityState = Named;
+                continue;
+            }
+            return false;
+        }
+        case Number: {
+            if (cc == 'x') {
+                entityState = MaybeHexLowerCaseX;
+                break;
+            }
+            if (cc == 'X') {
+                entityState = MaybeHexUpperCaseX;
+                break;
+            }
+            if (cc >= '0' && cc <= '9') {
+                entityState = Decimal;
+                continue;
+            }
+            source.push('#');
+            return false;
+        }
+        case MaybeHexLowerCaseX: {
+            if (isHexDigit(cc)) {
+                entityState = Hex;
+                continue;
+            }
+            source.push('#');
+            source.push('x');
+            return false;
+        }
+        case MaybeHexUpperCaseX: {
+            if (isHexDigit(cc)) {
+                entityState = Hex;
+                continue;
+            }
+            source.push('#');
+            source.push('X');
+            return false;
+        }
+        case Hex: {
+            if (cc >= '0' && cc <= '9')
+                result = result * 16 + cc - '0';
+            else if (cc >= 'a' && cc <= 'f')
+                result = result * 16 + 10 + cc - 'a';
+            else if (cc >= 'A' && cc <= 'F')
+                result = result * 16 + 10 + cc - 'A';
+            else if (cc == ';') {
+                source.advanceAndASSERT(cc);
+                ParserFunctions::convertToUTF16(ParserFunctions::legalEntityFor(result), decodedCharacter);
+                return true;
+            } else if (ParserFunctions::acceptMalformed()) {
+                ParserFunctions::convertToUTF16(ParserFunctions::legalEntityFor(result), decodedCharacter);
+                return true;
+            } else {
+                unconsumeCharacters(source, consumedCharacters);
+                return false;
+            }
+            break;
+        }
+        case Decimal: {
+            if (cc >= '0' && cc <= '9')
+                result = result * 10 + cc - '0';
+            else if (cc == ';') {
+                source.advanceAndASSERT(cc);
+                ParserFunctions::convertToUTF16(ParserFunctions::legalEntityFor(result), decodedCharacter);
+                return true;
+            } else if (ParserFunctions::acceptMalformed()) {
+                ParserFunctions::convertToUTF16(ParserFunctions::legalEntityFor(result), decodedCharacter);
+                return true;
+            } else {
+                unconsumeCharacters(source, consumedCharacters);
+                return false;
+            }
+            break;
+        }
+        case Named: {
+            return ParserFunctions::consumeNamedEntity(source, decodedCharacter, notEnoughCharacters, additionalAllowedCharacter, cc);
+        }
+        }
+        consumedCharacters.append(cc);
+        source.advanceAndASSERT(cc);
+    }
+    ASSERT(source.isEmpty());
+    notEnoughCharacters = true;
+    unconsumeCharacters(source, consumedCharacters);
+    return false;
+}
+
+}
+
+#endif // CharacterReferenceParserInlineMethods_h
diff --git a/Source/WebCore/xml/parser/CharacterReferenceParserInlines.h b/Source/WebCore/xml/parser/CharacterReferenceParserInlines.h
deleted file mode 100644
index fe20e527a..000000000
--- a/Source/WebCore/xml/parser/CharacterReferenceParserInlines.h
+++ /dev/null
@@ -1,173 +0,0 @@
-/*
- * Copyright (C) 2008 Apple Inc. All Rights Reserved.
- * Copyright (C) 2010 Google, Inc. All Rights Reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
- */
-
-#ifndef CharacterReferenceParserInlines_h
-#define CharacterReferenceParserInlines_h
-
-#include <wtf/text/StringBuilder.h>
-
-namespace WebCore {
-
-inline bool isHexDigit(UChar cc)
-{
-    return (cc >= '0' && cc <= '9') || (cc >= 'a' && cc <= 'f') || (cc >= 'A' && cc <= 'F');
-}
-
-inline void unconsumeCharacters(SegmentedString& source, const StringBuilder& consumedCharacters)
-{
-    if (consumedCharacters.length() == 1)
-        source.push(consumedCharacters[0]);
-    else if (consumedCharacters.length() == 2) {
-        source.push(consumedCharacters[0]);
-        source.push(consumedCharacters[1]);
-    } else
-        source.prepend(SegmentedString(String(consumedCharacters.characters(), consumedCharacters.length())));
-}
-
-template <typename ParserFunctions>
-bool consumeCharacterReference(SegmentedString& source, StringBuilder& decodedCharacter, bool& notEnoughCharacters, UChar additionalAllowedCharacter)
-{
-    ASSERT(!additionalAllowedCharacter || additionalAllowedCharacter == '"' || additionalAllowedCharacter == '\'' || additionalAllowedCharacter == '>');
-    ASSERT(!notEnoughCharacters);
-    ASSERT(decodedCharacter.isEmpty());
-    
-    enum EntityState {
-        Initial,
-        Number,
-        MaybeHexLowerCaseX,
-        MaybeHexUpperCaseX,
-        Hex,
-        Decimal,
-        Named
-    };
-    EntityState entityState = Initial;
-    UChar32 result = 0;
-    StringBuilder consumedCharacters;
-    
-    while (!source.isEmpty()) {
-        UChar cc = source.currentChar();
-        switch (entityState) {
-        case Initial: {
-            if (cc == '\x09' || cc == '\x0A' || cc == '\x0C' || cc == ' ' || cc == '<' || cc == '&')
-                return false;
-            if (additionalAllowedCharacter && cc == additionalAllowedCharacter)
-                return false;
-            if (cc == '#') {
-                entityState = Number;
-                break;
-            }
-            if ((cc >= 'a' && cc <= 'z') || (cc >= 'A' && cc <= 'Z')) {
-                entityState = Named;
-                continue;
-            }
-            return false;
-        }
-        case Number: {
-            if (cc == 'x') {
-                entityState = MaybeHexLowerCaseX;
-                break;
-            }
-            if (cc == 'X') {
-                entityState = MaybeHexUpperCaseX;
-                break;
-            }
-            if (cc >= '0' && cc <= '9') {
-                entityState = Decimal;
-                continue;
-            }
-            source.push('#');
-            return false;
-        }
-        case MaybeHexLowerCaseX: {
-            if (isHexDigit(cc)) {
-                entityState = Hex;
-                continue;
-            }
-            source.push('#');
-            source.push('x');
-            return false;
-        }
-        case MaybeHexUpperCaseX: {
-            if (isHexDigit(cc)) {
-                entityState = Hex;
-                continue;
-            }
-            source.push('#');
-            source.push('X');
-            return false;
-        }
-        case Hex: {
-            if (cc >= '0' && cc <= '9')
-                result = result * 16 + cc - '0';
-            else if (cc >= 'a' && cc <= 'f')
-                result = result * 16 + 10 + cc - 'a';
-            else if (cc >= 'A' && cc <= 'F')
-                result = result * 16 + 10 + cc - 'A';
-            else if (cc == ';') {
-                source.advanceAndASSERT(cc);
-                ParserFunctions::convertToUTF16(ParserFunctions::legalEntityFor(result), decodedCharacter);
-                return true;
-            } else if (ParserFunctions::acceptMalformed()) {
-                ParserFunctions::convertToUTF16(ParserFunctions::legalEntityFor(result), decodedCharacter);
-                return true;
-            } else {
-                unconsumeCharacters(source, consumedCharacters);
-                return false;
-            }
-            break;
-        }
-        case Decimal: {
-            if (cc >= '0' && cc <= '9')
-                result = result * 10 + cc - '0';
-            else if (cc == ';') {
-                source.advanceAndASSERT(cc);
-                ParserFunctions::convertToUTF16(ParserFunctions::legalEntityFor(result), decodedCharacter);
-                return true;
-            } else if (ParserFunctions::acceptMalformed()) {
-                ParserFunctions::convertToUTF16(ParserFunctions::legalEntityFor(result), decodedCharacter);
-                return true;
-            } else {
-                unconsumeCharacters(source, consumedCharacters);
-                return false;
-            }
-            break;
-        }
-        case Named: {
-            return ParserFunctions::consumeNamedEntity(source, decodedCharacter, notEnoughCharacters, additionalAllowedCharacter, cc);
-        }
-        }
-        consumedCharacters.append(cc);
-        source.advanceAndASSERT(cc);
-    }
-    ASSERT(source.isEmpty());
-    notEnoughCharacters = true;
-    unconsumeCharacters(source, consumedCharacters);
-    return false;
-}
-
-}
-
-#endif // CharacterReferenceParserInlines_h
diff --git a/Source/WebCore/xml/parser/MarkupTokenizerInlineMethods.h b/Source/WebCore/xml/parser/MarkupTokenizerInlineMethods.h
new file mode 100644
index 000000000..814b8f216
--- /dev/null
+++ b/Source/WebCore/xml/parser/MarkupTokenizerInlineMethods.h
@@ -0,0 +1,95 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All Rights Reserved.
+ * Copyright (C) 2009 Torch Mobile, Inc. http://www.torchmobile.com/
+ * Copyright (C) 2010 Google, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef MarkupTokenizerInlineMethods_h
+#define MarkupTokenizerInlineMethods_h
+
+#include "SegmentedString.h"
+
+namespace WebCore {
+
+inline bool isTokenizerWhitespace(UChar cc)
+{
+    return cc == ' ' || cc == '\x0A' || cc == '\x09' || cc == '\x0C';
+}
+
+inline void advanceStringAndASSERTIgnoringCase(SegmentedString& source, const char* expectedCharacters)
+{
+    while (*expectedCharacters)
+        source.advanceAndASSERTIgnoringCase(*expectedCharacters++);
+}
+
+inline void advanceStringAndASSERT(SegmentedString& source, const char* expectedCharacters)
+{
+    while (*expectedCharacters)
+        source.advanceAndASSERT(*expectedCharacters++);
+}
+
+#if COMPILER(MSVC)
+// We need to disable the "unreachable code" warning because we want to assert
+// that some code points aren't reached in the state machine.
+#pragma warning(disable: 4702)
+#endif
+
+#define BEGIN_STATE(prefix, stateName) case prefix::stateName: stateName:
+#define END_STATE() ASSERT_NOT_REACHED(); break;
+
+// We use this macro when the HTML5 spec says "reconsume the current input
+// character in the <mumble> state."
+#define RECONSUME_IN(prefix, stateName)                                    \
+    do {                                                                   \
+        m_state = prefix::stateName;                                       \
+        goto stateName;                                                    \
+    } while (false)
+
+// We use this macro when the HTML5 spec says "consume the next input
+// character ... and switch to the <mumble> state."
+#define ADVANCE_TO(prefix, stateName)                                      \
+    do {                                                                   \
+        m_state = prefix::stateName;                                       \
+        if (!m_inputStreamPreprocessor.advance(source))                    \
+            return haveBufferedCharacterToken();                           \
+        cc = m_inputStreamPreprocessor.nextInputCharacter();               \
+        goto stateName;                                                    \
+    } while (false)
+
+// Sometimes there's more complicated logic in the spec that separates when
+// we consume the next input character and when we switch to a particular
+// state. We handle those cases by advancing the source directly and using
+// this macro to switch to the indicated state.
+#define SWITCH_TO(prefix, stateName)                                       \
+    do {                                                                   \
+        m_state = prefix::stateName;                                       \
+        if (source.isEmpty() || !m_inputStreamPreprocessor.peek(source))   \
+            return haveBufferedCharacterToken();                           \
+        cc = m_inputStreamPreprocessor.nextInputCharacter();               \
+        goto stateName;                                                    \
+    } while (false)
+
+}
+
+#endif // MarkupTokenizerInlineMethods_h
diff --git a/Source/WebCore/xml/parser/MarkupTokenizerInlines.h b/Source/WebCore/xml/parser/MarkupTokenizerInlines.h
deleted file mode 100644
index e0b3156bb..000000000
--- a/Source/WebCore/xml/parser/MarkupTokenizerInlines.h
+++ /dev/null
@@ -1,95 +0,0 @@
-/*
- * Copyright (C) 2008 Apple Inc. All Rights Reserved.
- * Copyright (C) 2009 Torch Mobile, Inc. http://www.torchmobile.com/
- * Copyright (C) 2010 Google, Inc. All Rights Reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifndef MarkupTokenizerInlines_h
-#define MarkupTokenizerInlines_h
-
-#include "SegmentedString.h"
-
-namespace WebCore {
-
-inline bool isTokenizerWhitespace(UChar cc)
-{
-    return cc == ' ' || cc == '\x0A' || cc == '\x09' || cc == '\x0C';
-}
-
-inline void advanceStringAndASSERTIgnoringCase(SegmentedString& source, const char* expectedCharacters)
-{
-    while (*expectedCharacters)
-        source.advanceAndASSERTIgnoringCase(*expectedCharacters++);
-}
-
-inline void advanceStringAndASSERT(SegmentedString& source, const char* expectedCharacters)
-{
-    while (*expectedCharacters)
-        source.advanceAndASSERT(*expectedCharacters++);
-}
-
-#if COMPILER(MSVC)
-// We need to disable the "unreachable code" warning because we want to assert
-// that some code points aren't reached in the state machine.
-#pragma warning(disable: 4702)
-#endif
-
-#define BEGIN_STATE(prefix, stateName) case prefix::stateName: stateName:
-#define END_STATE() ASSERT_NOT_REACHED(); break;
-
-// We use this macro when the HTML5 spec says "reconsume the current input
-// character in the <mumble> state."
-#define RECONSUME_IN(prefix, stateName)                                    \
-    do {                                                                   \
-        m_state = prefix::stateName;                                       \
-        goto stateName;                                                    \
-    } while (false)
-
-// We use this macro when the HTML5 spec says "consume the next input
-// character ... and switch to the <mumble> state."
-#define ADVANCE_TO(prefix, stateName)                                      \
-    do {                                                                   \
-        m_state = prefix::stateName;                                       \
-        if (!m_inputStreamPreprocessor.advance(source))                    \
-            return haveBufferedCharacterToken();                           \
-        cc = m_inputStreamPreprocessor.nextInputCharacter();               \
-        goto stateName;                                                    \
-    } while (false)
-
-// Sometimes there's more complicated logic in the spec that separates when
-// we consume the next input character and when we switch to a particular
-// state. We handle those cases by advancing the source directly and using
-// this macro to switch to the indicated state.
-#define SWITCH_TO(prefix, stateName)                                       \
-    do {                                                                   \
-        m_state = prefix::stateName;                                       \
-        if (source.isEmpty() || !m_inputStreamPreprocessor.peek(source))   \
-            return haveBufferedCharacterToken();                           \
-        cc = m_inputStreamPreprocessor.nextInputCharacter();               \
-        goto stateName;                                                    \
-    } while (false)
-
-}
-
-#endif // MarkupTokenizerInlines_h
diff --git a/Source/WebCore/xml/parser/XMLCharacterReferenceParser.cpp b/Source/WebCore/xml/parser/XMLCharacterReferenceParser.cpp
index 7bee228e6..962ca1d44 100644
--- a/Source/WebCore/xml/parser/XMLCharacterReferenceParser.cpp
+++ b/Source/WebCore/xml/parser/XMLCharacterReferenceParser.cpp
@@ -30,7 +30,7 @@
 
 using namespace WTF;
 
-#include "CharacterReferenceParserInlines.h"
+#include "CharacterReferenceParserInlineMethods.h"
 
 namespace WebCore {
 
diff --git a/Source/WebCore/xml/parser/XMLTokenizer.cpp b/Source/WebCore/xml/parser/XMLTokenizer.cpp
index 322301949..bb3e68cd8 100644
--- a/Source/WebCore/xml/parser/XMLTokenizer.cpp
+++ b/Source/WebCore/xml/parser/XMLTokenizer.cpp
@@ -28,7 +28,7 @@
 #include "config.h"
 #include "XMLTokenizer.h"
 
-#include "MarkupTokenizerInlines.h"
+#include "MarkupTokenizerInlineMethods.h"
 #include "NotImplemented.h"
 #include "XMLCharacterReferenceParser.h"
 #include "XMLToken.h"
diff --git a/Source/WebCore/xml/parser/XMLTreeBuilder.cpp b/Source/WebCore/xml/parser/XMLTreeBuilder.cpp
index 7faadf582..12defe586 100644
--- a/Source/WebCore/xml/parser/XMLTreeBuilder.cpp
+++ b/Source/WebCore/xml/parser/XMLTreeBuilder.cpp
@@ -198,14 +198,14 @@ void XMLTreeBuilder::processXMLDeclaration(const AtomicXMLToken& token)
 
 void XMLTreeBuilder::processDOCTYPE(const AtomicXMLToken& token)
 {
-    DEFINE_STATIC_LOCAL(AtomicString, xhtmlTransitional, ("-//W3C//DTD XHTML 1.0 Transitional//EN", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(AtomicString, xhtml11, ("-//W3C//DTD XHTML 1.1//EN", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(AtomicString, xhtmlStrict, ("-//W3C//DTD XHTML 1.0 Strict//EN", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(AtomicString, xhtmlFrameset, ("-//W3C//DTD XHTML 1.0 Frameset//EN", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(AtomicString, xhtmlBasic, ("-//W3C//DTD XHTML Basic 1.0//EN", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(AtomicString, xhtmlMathML, ("-//W3C//DTD XHTML 1.1 plus MathML 2.0//EN", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(AtomicString, xhtmlMathMLSVG, ("-//W3C//DTD XHTML 1.1 plus MathML 2.0 plus SVG 1.1//EN", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(AtomicString, xhtmlMobile, ("-//WAPFORUM//DTD XHTML Mobile 1.0//EN", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, xhtmlTransitional, ("-//W3C//DTD XHTML 1.0 Transitional//EN"));
+    DEFINE_STATIC_LOCAL(AtomicString, xhtml11, ("-//W3C//DTD XHTML 1.1//EN"));
+    DEFINE_STATIC_LOCAL(AtomicString, xhtmlStrict, ("-//W3C//DTD XHTML 1.0 Strict//EN"));
+    DEFINE_STATIC_LOCAL(AtomicString, xhtmlFrameset, ("-//W3C//DTD XHTML 1.0 Frameset//EN"));
+    DEFINE_STATIC_LOCAL(AtomicString, xhtmlBasic, ("-//W3C//DTD XHTML Basic 1.0//EN"));
+    DEFINE_STATIC_LOCAL(AtomicString, xhtmlMathML, ("-//W3C//DTD XHTML 1.1 plus MathML 2.0//EN"));
+    DEFINE_STATIC_LOCAL(AtomicString, xhtmlMathMLSVG, ("-//W3C//DTD XHTML 1.1 plus MathML 2.0 plus SVG 1.1//EN"));
+    DEFINE_STATIC_LOCAL(AtomicString, xhtmlMobile, ("-//WAPFORUM//DTD XHTML Mobile 1.0//EN"));
 
     if (!failOnText())
         return;
@@ -330,11 +330,11 @@ void XMLTreeBuilder::processAttributes(const AtomicXMLToken& token, NodeStackIte
 
 void XMLTreeBuilder::processXMLEntity(const AtomicXMLToken& token)
 {
-    DEFINE_STATIC_LOCAL(AtomicString, amp, ("amp", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(AtomicString, apos, ("apos", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(AtomicString, gt, ("gt", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(AtomicString, lt, ("lt", AtomicString::ConstructFromLiteral));
-    DEFINE_STATIC_LOCAL(AtomicString, quot, ("quot", AtomicString::ConstructFromLiteral));
+    DEFINE_STATIC_LOCAL(AtomicString, amp, ("amp"));
+    DEFINE_STATIC_LOCAL(AtomicString, apos, ("apos"));
+    DEFINE_STATIC_LOCAL(AtomicString, gt, ("gt"));
+    DEFINE_STATIC_LOCAL(AtomicString, lt, ("lt"));
+    DEFINE_STATIC_LOCAL(AtomicString, quot, ("quot"));
     DEFINE_STATIC_LOCAL(String, ampS, (ASCIILiteral("&")));
     DEFINE_STATIC_LOCAL(String, aposS, (ASCIILiteral("'")));
     DEFINE_STATIC_LOCAL(String, gtS, (ASCIILiteral(">")));
diff --git a/Source/WebKit/blackberry/Api/BackingStore.cpp b/Source/WebKit/blackberry/Api/BackingStore.cpp
index 0f078f5e3..61b90cc24 100644
--- a/Source/WebKit/blackberry/Api/BackingStore.cpp
+++ b/Source/WebKit/blackberry/Api/BackingStore.cpp
@@ -206,7 +206,6 @@ BackingStorePrivate::BackingStorePrivate()
     , m_renderQueue(adoptPtr(new RenderQueue(this)))
     , m_defersBlit(true)
     , m_hasBlitJobs(false)
-    , m_webPageBackgroundColor(WebCore::Color::white)
     , m_currentWindowBackBuffer(0)
     , m_preferredTileMatrixDimension(Vertical)
 #if USE(ACCELERATED_COMPOSITING)
@@ -2367,38 +2366,9 @@ void BackingStorePrivate::fillWindow(Platform::Graphics::FillPattern pattern,
             "Empty window buffer, couldn't fillWindow");
     }
 
-    if (pattern == BlackBerry::Platform::Graphics::CheckerboardPattern && BlackBerry::Platform::Settings::isPublicBuild()) {
-        // For public builds, convey the impression of less checkerboard.
-        // For developer builds, keep the checkerboard to get it fixed better.
-        BlackBerry::Platform::Graphics::clearBuffer(dstBuffer, dstRect,
-            m_webPageBackgroundColor.red(), m_webPageBackgroundColor.green(),
-            m_webPageBackgroundColor.blue(), m_webPageBackgroundColor.alpha());
-        return;
-    }
-
     BlackBerry::Platform::Graphics::fillBuffer(dstBuffer, pattern, dstRect, contentsOrigin, contentsScale);
 }
 
-WebCore::Color BackingStorePrivate::webPageBackgroundColorUserInterfaceThread() const
-{
-    ASSERT(BlackBerry::Platform::userInterfaceThreadMessageClient()->isCurrentThread());
-    return m_webPageBackgroundColor;
-}
-
-void BackingStorePrivate::setWebPageBackgroundColor(const WebCore::Color& color)
-{
-    if (!BlackBerry::Platform::userInterfaceThreadMessageClient()->isCurrentThread()) {
-        typedef void (BlackBerry::WebKit::BackingStorePrivate::*FunctionType)(const WebCore::Color&);
-
-        BlackBerry::Platform::userInterfaceThreadMessageClient()->dispatchMessage(
-            BlackBerry::Platform::createMethodCallMessage<FunctionType, BackingStorePrivate, WebCore::Color>(
-                &BackingStorePrivate::setWebPageBackgroundColor, this, color));
-        return;
-    }
-
-    m_webPageBackgroundColor = color;
-}
-
 void BackingStorePrivate::invalidateWindow()
 {
     // Grab a rect appropriate for the current thread.
diff --git a/Source/WebKit/blackberry/Api/BackingStore_p.h b/Source/WebKit/blackberry/Api/BackingStore_p.h
index d2fd95cc0..8e52a12ae 100644
--- a/Source/WebKit/blackberry/Api/BackingStore_p.h
+++ b/Source/WebKit/blackberry/Api/BackingStore_p.h
@@ -20,7 +20,6 @@
 #define BackingStore_p_h
 
 #include "BackingStore.h"
-#include "Color.h"
 #include "RenderQueue.h"
 #include "TileIndex.h"
 #include "TileIndexHash.h"
@@ -320,9 +319,6 @@ public:
     void blitToWindow(const Platform::IntRect& dstRect, const BlackBerry::Platform::Graphics::Buffer* srcBuffer, const Platform::IntRect& srcRect, bool blend, unsigned char globalAlpha);
     void fillWindow(Platform::Graphics::FillPattern, const Platform::IntRect& dstRect, const Platform::IntPoint& contentsOrigin, double contentsScale);
 
-    WebCore::Color webPageBackgroundColorUserInterfaceThread() const; // use WebSettings::backgroundColor() for the WebKit thread
-    void setWebPageBackgroundColor(const WebCore::Color&);
-
     void invalidateWindow();
     void invalidateWindow(const Platform::IntRect& dst);
     void clearWindow(const Platform::IntRect&, unsigned char red, unsigned char green, unsigned char blue, unsigned char alpha = 255);
@@ -367,8 +363,6 @@ public:
     bool m_defersBlit;
     bool m_hasBlitJobs;
 
-    WebCore::Color m_webPageBackgroundColor; // for user interface thread operations such as blitting
-
     mutable unsigned m_frontState;
     mutable unsigned m_backState;
 
diff --git a/Source/WebKit/blackberry/Api/WebPage.cpp b/Source/WebKit/blackberry/Api/WebPage.cpp
index aaf573db5..a2b354a5c 100644
--- a/Source/WebKit/blackberry/Api/WebPage.cpp
+++ b/Source/WebKit/blackberry/Api/WebPage.cpp
@@ -1033,11 +1033,6 @@ void WebPagePrivate::setLoadState(LoadState state)
     if (state == Finished && m_mainFrame && m_mainFrame->document())
         m_mainFrame->document()->updateStyleIfNeeded();
 
-    // Dispatch the backingstore background color at important state changes.
-    m_backingStore->d->setWebPageBackgroundColor(m_mainFrame && m_mainFrame->view()
-        ? m_mainFrame->view()->documentBackgroundColor()
-        : m_webSettings->backgroundColor());
-
     m_loadState = state;
 
 #if DEBUG_WEBPAGE_LOAD
@@ -5854,11 +5849,6 @@ void WebPagePrivate::didChangeSettings(WebSettings* webSettings)
         Platform::userInterfaceThreadMessageClient()->dispatchMessage(
             createMethodCallMessage(&WebPagePrivate::setCompositorBackgroundColor, this, backgroundColor));
     }
-    if (m_backingStore) {
-        m_backingStore->d->setWebPageBackgroundColor(m_mainFrame && m_mainFrame->view()
-            ? m_mainFrame->view()->documentBackgroundColor()
-            : webSettings->backgroundColor());
-    }
 
     m_page->setDeviceScaleFactor(webSettings->devicePixelRatio());
 }
diff --git a/Source/WebKit/blackberry/ChangeLog b/Source/WebKit/blackberry/ChangeLog
index b1abefb13..2ab4cf3b0 100644
--- a/Source/WebKit/blackberry/ChangeLog
+++ b/Source/WebKit/blackberry/ChangeLog
@@ -1,50 +1,3 @@
-2012-11-08  Chris Guan  <chris.guan@torchmobile.com.cn>
-
-        [BlackBerry] need to call closePopup at setValueAndClosePopup
-        https://bugs.webkit.org/show_bug.cgi?id=101568
-
-        Reviewed by George Staikos.
-
-        When early return occurs, we need to call closePopup
-        at setValueAndClosePopup function. See the comments
-        in WebCore/page/PagePopupClient.h. If we have not it,
-        Webkit thread is held and browser will be unresponsive 
-        in BlackBerry port.
-        
-        RIM PR 232962
-        Internally reviewed by Charles Wei.
-
-        * WebCoreSupport/SelectPopupClient.cpp:
-        (WebCore::SelectPopupClient::setValueAndClosePopup):
-
-2012-11-08  Jakob Petsovits  <jpetsovits@rim.com>
-
-        [BlackBerry] Replace checkerboard with page background color.
-        https://bugs.webkit.org/show_bug.cgi?id=101652
-        RIM PR 188235
-
-        Reviewed by George Staikos.
-
-        In order to do this, we introduce a new member variable for
-        BackingStore because when blitting, we can't access the
-        page background color in a threadsafe way.
-
-        Solid background color fill is still only used for public builds.
-        Developers and beta testers should still see checkerboard and
-        do something about it.
-
-        * Api/BackingStore.cpp:
-        (BlackBerry::WebKit::BackingStorePrivate::BackingStorePrivate):
-        (BlackBerry::WebKit::BackingStorePrivate::fillWindow):
-        (BlackBerry::WebKit::BackingStorePrivate::webPageBackgroundColorUserInterfaceThread):
-        (WebKit):
-        (BlackBerry::WebKit::BackingStorePrivate::setWebPageBackgroundColor):
-        * Api/BackingStore_p.h:
-        (BackingStorePrivate):
-        * Api/WebPage.cpp:
-        (BlackBerry::WebKit::WebPagePrivate::setLoadState):
-        (BlackBerry::WebKit::WebPagePrivate::didChangeSettings):
-
 2012-11-08  Tiancheng Jiang  <tijiang@rim.com>
 
         [BlackBerry] Update BB10 date input form.
diff --git a/Source/WebKit/blackberry/WebCoreSupport/SelectPopupClient.cpp b/Source/WebKit/blackberry/WebCoreSupport/SelectPopupClient.cpp
index b1af6fa63..b37b5e668 100644
--- a/Source/WebKit/blackberry/WebCoreSupport/SelectPopupClient.cpp
+++ b/Source/WebKit/blackberry/WebCoreSupport/SelectPopupClient.cpp
@@ -173,11 +173,8 @@ void SelectPopupClient::setValueAndClosePopup(int, const String& stringValue)
 
         const Vector<HTMLElement*>& items = m_element->listItems();
 
-        // If element changed after select UI showed, do nothing but closePopup().
-        if (items.size() != static_cast<unsigned>(m_size)) {
-            closePopup();
+        if (items.size() != static_cast<unsigned int>(m_size))
             return;
-        }
 
         HTMLOptionElement* option;
         for (unsigned i = 0; i < m_size; i++) {
diff --git a/Source/WebKit/chromium/ChangeLog b/Source/WebKit/chromium/ChangeLog
index d586fba43..b6dc5c975 100644
--- a/Source/WebKit/chromium/ChangeLog
+++ b/Source/WebKit/chromium/ChangeLog
@@ -1,168 +1,3 @@
-2012-11-08  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r134010.
-        http://trac.webkit.org/changeset/134010
-        https://bugs.webkit.org/show_bug.cgi?id=101716
-
-        Broke the chromium windows build. (Requested by noel_ on
-        #webkit).
-
-        * src/IDBCallbacksProxy.cpp:
-        * src/IDBDatabaseBackendProxy.cpp:
-        (WebKit::IDBDatabaseBackendProxy::transaction):
-        (WebKit):
-        * src/IDBDatabaseBackendProxy.h:
-        (IDBDatabaseBackendProxy):
-        * src/IDBObjectStoreBackendProxy.cpp:
-        (WebKit::IDBObjectStoreBackendProxy::putWithIndexKeys):
-        (WebKit):
-        (WebKit::IDBObjectStoreBackendProxy::setIndexKeys):
-        (WebKit::IDBObjectStoreBackendProxy::createIndex):
-        (WebKit::IDBObjectStoreBackendProxy::setIndexesReady):
-        (WebKit::IDBObjectStoreBackendProxy::index):
-        (WebKit::IDBObjectStoreBackendProxy::deleteIndex):
-        * src/IDBObjectStoreBackendProxy.h:
-        (IDBObjectStoreBackendProxy):
-        * src/WebIDBDatabaseImpl.cpp:
-        (WebKit::WebIDBDatabaseImpl::deleteObjectStore):
-        (WebKit):
-        (WebKit::WebIDBDatabaseImpl::transaction):
-        * src/WebIDBDatabaseImpl.h:
-        (WebIDBDatabaseImpl):
-        * src/WebIDBObjectStoreImpl.cpp:
-        (WebKit::WebIDBObjectStoreImpl::putWithIndexKeys):
-        (WebKit):
-        (WebKit::WebIDBObjectStoreImpl::setIndexKeys):
-        (WebKit::WebIDBObjectStoreImpl::setIndexesReady):
-        (WebKit::WebIDBObjectStoreImpl::index):
-        (WebKit::WebIDBObjectStoreImpl::deleteIndex):
-        * src/WebIDBObjectStoreImpl.h:
-        (WebIDBObjectStoreImpl):
-        * src/WebIDBTransactionImpl.cpp:
-        (WebKit::WebIDBTransactionImpl::objectStore):
-        (WebKit):
-        * src/WebIDBTransactionImpl.h:
-        * tests/IDBRequestTest.cpp:
-
-2012-11-08  Alec Flett  <alecflett@chromium.org>
-
-        IndexedDB: switch frontend to use int64_t-based references
-        https://bugs.webkit.org/show_bug.cgi?id=100426
-
-        Reviewed by Tony Chang.
-
-        Remove implementation stubs from chromium API for
-        methods obsoleted by https://bugs.webkit.org/show_bug.cgi?id=100425
-
-        * src/IDBObjectStoreBackendProxy.cpp:
-        * src/IDBObjectStoreBackendProxy.h:
-        (IDBObjectStoreBackendProxy):
-        * src/WebIDBDatabaseImpl.cpp:
-        * src/WebIDBDatabaseImpl.h:
-        (WebIDBDatabaseImpl):
-        * src/WebIDBObjectStoreImpl.cpp:
-        * src/WebIDBObjectStoreImpl.h:
-        (WebIDBObjectStoreImpl):
-
-2012-11-08  Keishi Hattori  <keishi@webkit.org>
-
-        WebPagePopupImpl::handleKeyEvent is called after WebPagePopupImpl::close
-        https://bugs.webkit.org/show_bug.cgi?id=93800
-
-        Reviewed by Kent Tamura.
-
-        We need to set m_closing to true in WebPagePopupImpl::close so we won't access m_page in WebPagePopupImpl::handleKeyEvent.
-
-        * src/WebPagePopupImpl.cpp:
-        (WebKit::WebPagePopupImpl::close): Set m_closing to true.
-
-2012-11-08  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r133984.
-        http://trac.webkit.org/changeset/133984
-        https://bugs.webkit.org/show_bug.cgi?id=101684
-
-        windows build error. (Requested by hayato on #webkit).
-
-        * src/IDBObjectStoreBackendProxy.cpp:
-        (WebKit::IDBObjectStoreBackendProxy::putWithIndexKeys):
-        (WebKit):
-        (WebKit::IDBObjectStoreBackendProxy::setIndexKeys):
-        (WebKit::IDBObjectStoreBackendProxy::createIndex):
-        (WebKit::IDBObjectStoreBackendProxy::setIndexesReady):
-        (WebKit::IDBObjectStoreBackendProxy::index):
-        (WebKit::IDBObjectStoreBackendProxy::deleteIndex):
-        * src/IDBObjectStoreBackendProxy.h:
-        (IDBObjectStoreBackendProxy):
-        * src/WebIDBDatabaseImpl.cpp:
-        (WebKit::WebIDBDatabaseImpl::deleteObjectStore):
-        (WebKit):
-        (WebKit::WebIDBDatabaseImpl::transaction):
-        * src/WebIDBDatabaseImpl.h:
-        (WebIDBDatabaseImpl):
-        * src/WebIDBObjectStoreImpl.cpp:
-        (WebKit::WebIDBObjectStoreImpl::putWithIndexKeys):
-        (WebKit):
-        (WebKit::WebIDBObjectStoreImpl::setIndexKeys):
-        (WebKit::WebIDBObjectStoreImpl::setIndexesReady):
-        (WebKit::WebIDBObjectStoreImpl::index):
-        (WebKit::WebIDBObjectStoreImpl::deleteIndex):
-        * src/WebIDBObjectStoreImpl.h:
-        (WebIDBObjectStoreImpl):
-        * src/WebIDBTransactionImpl.cpp:
-        (WebKit::WebIDBTransactionImpl::objectStore):
-        (WebKit):
-        * src/WebIDBTransactionImpl.h:
-
-2012-11-08  Alec Flett  <alecflett@chromium.org>
-
-        IndexedDB: switch frontend to use int64_t-based references
-        https://bugs.webkit.org/show_bug.cgi?id=100426
-
-        Reviewed by Tony Chang.
-
-        Remove implementation stubs from chromium API for
-        methods obsoleted by https://bugs.webkit.org/show_bug.cgi?id=100425
-
-        * src/IDBObjectStoreBackendProxy.cpp:
-        * src/IDBObjectStoreBackendProxy.h:
-        (IDBObjectStoreBackendProxy):
-        * src/WebIDBDatabaseImpl.cpp:
-        * src/WebIDBDatabaseImpl.h:
-        (WebIDBDatabaseImpl):
-        * src/WebIDBObjectStoreImpl.cpp:
-        * src/WebIDBObjectStoreImpl.h:
-        (WebIDBObjectStoreImpl):
-
-2012-11-07  Kent Tamura  <tkent@chromium.org>
-
-        [Chromium] WebElement::hasHTMLTagName returns true for non-HTML elements
-        https://bugs.webkit.org/show_bug.cgi?id=101537
-
-        Reviewed by Abhishek Arya.
-
-        We should not do ignore-case comparison for tagName, which is always
-        upper-case and createElementNS(xhtmlNS, "INPUT") doesn't create an
-        HTMLInputElement object. We need to check if localName is equal to
-        "input" in this case.
-
-        * src/WebElement.cpp:
-        (WebKit::WebElement::hasHTMLTagName):
-
-2012-11-08  Joshua Bell  <jsbell@chromium.org>
-
-        Expose snapshots in platform/leveldb wrapper API
-        https://bugs.webkit.org/show_bug.cgi?id=100786
-
-        Reviewed by Tony Chang.
-
-        Add unit tests for transactions/snapshots.
-
-        * tests/LevelDBTest.cpp:
-        (WebCore::encodeString): Don't append to pre-sized vector.
-        (WebCore::TEST):
-        (WebCore):
-
 2012-11-08  Adam Barth  <abarth@webkit.org>
 
         Unreviewed.
diff --git a/Source/WebKit/chromium/DEPS b/Source/WebKit/chromium/DEPS
index a4968c57d..ba3dd966e 100644
--- a/Source/WebKit/chromium/DEPS
+++ b/Source/WebKit/chromium/DEPS
@@ -32,7 +32,7 @@
 
 vars = {
   'chromium_svn': 'http://src.chromium.org/svn/trunk/src',
-  'chromium_rev': 'HEAD'
+  'chromium_rev': '166755'
 }
 
 deps = {
diff --git a/Source/WebKit/chromium/src/WebElement.cpp b/Source/WebKit/chromium/src/WebElement.cpp
index 96cf9791d..49fff0a07 100644
--- a/Source/WebKit/chromium/src/WebElement.cpp
+++ b/Source/WebKit/chromium/src/WebElement.cpp
@@ -66,13 +66,8 @@ bool WebElement::hasTagName(const WebString& tagName) const
 
 bool WebElement::hasHTMLTagName(const WebString& tagName) const
 {
-    // How to create                     class              nodeName localName
-    // createElement('input')            HTMLInputElement   INPUT    input
-    // createElement('INPUT')            HTMLInputElement   INPUT    input
-    // createElementNS(xhtmlNS, 'input') HTMLInputElement   INPUT    input
-    // createElementNS(xhtmlNS, 'INPUT') HTMLUnknownElement INPUT    INPUT
     const Element* element = constUnwrap<Element>();
-    return HTMLNames::xhtmlNamespaceURI == element->namespaceURI() && element->localName() == String(tagName).lower();
+    return HTMLNames::xhtmlNamespaceURI == element->namespaceURI() && equalIgnoringCase(element->tagName(), String(tagName));
 }
 
 bool WebElement::hasAttribute(const WebString& attrName) const
diff --git a/Source/WebKit/chromium/src/WebPagePopupImpl.cpp b/Source/WebKit/chromium/src/WebPagePopupImpl.cpp
index d10022a51..01cacda2a 100644
--- a/Source/WebKit/chromium/src/WebPagePopupImpl.cpp
+++ b/Source/WebKit/chromium/src/WebPagePopupImpl.cpp
@@ -304,7 +304,6 @@ void WebPagePopupImpl::setFocus(bool enable)
 
 void WebPagePopupImpl::close()
 {
-    m_closing = true;
     if (m_page && m_page->mainFrame())
         m_page->mainFrame()->loader()->frameDetached();
     m_page.clear();
diff --git a/Source/WebKit/chromium/tests/LevelDBTest.cpp b/Source/WebKit/chromium/tests/LevelDBTest.cpp
index 7dc0355df..2a00ae686 100644
--- a/Source/WebKit/chromium/tests/LevelDBTest.cpp
+++ b/Source/WebKit/chromium/tests/LevelDBTest.cpp
@@ -30,9 +30,7 @@
 #include "FileSystem.h"
 #include "LevelDBComparator.h"
 #include "LevelDBDatabase.h"
-#include "LevelDBIterator.h"
 #include "LevelDBSlice.h"
-#include "LevelDBTransaction.h"
 #include <gtest/gtest.h>
 #include <webkit/support/webkit_support.h>
 #include <wtf/Vector.h>
@@ -55,7 +53,7 @@ Vector<char> encodeString(const std::string& s)
 {
     Vector<char> ret(s.size());
     for (size_t i = 0; i < s.size(); ++i)
-        ret[i] = s[i];
+        ret.append(s[i]);
     return ret;
 }
 
@@ -102,97 +100,6 @@ TEST(LevelDBDatabaseTest, CorruptionTest)
     EXPECT_FALSE(success);
 }
 
-TEST(LevelDBDatabaseTest, Transaction)
-{
-    OwnPtr<webkit_support::ScopedTempDirectory> tempDirectory = adoptPtr(webkit_support::CreateScopedTempDirectory());
-    tempDirectory->CreateUniqueTempDir();
-    const String path = String::fromUTF8(tempDirectory->path().c_str());
-
-    const Vector<char> key = encodeString("key");
-    Vector<char> gotValue;
-    SimpleComparator comparator;
-
-    OwnPtr<LevelDBDatabase> leveldb = LevelDBDatabase::open(path, &comparator);
-    EXPECT_TRUE(leveldb);
-
-    const Vector<char> oldValue = encodeString("value");
-    bool success = leveldb->put(key, oldValue);
-    EXPECT_TRUE(success);
-
-    RefPtr<LevelDBTransaction> transaction = LevelDBTransaction::create(leveldb.get());
-
-    const Vector<char> newValue = encodeString("new value");
-    success = leveldb->put(key, newValue);
-    EXPECT_TRUE(success);
-
-    success = transaction->get(key, gotValue);
-    EXPECT_TRUE(success);
-    EXPECT_EQ(comparator.compare(gotValue, oldValue), 0);
-
-    success = leveldb->get(key, gotValue);
-    EXPECT_TRUE(success);
-    EXPECT_EQ(comparator.compare(gotValue, newValue), 0);
-
-    const Vector<char> addedKey = encodeString("added key");
-    const Vector<char> addedValue = encodeString("added value");
-    success = leveldb->put(addedKey, addedValue);
-    EXPECT_TRUE(success);
-
-    success = leveldb->get(addedKey, gotValue);
-    EXPECT_TRUE(success);
-    EXPECT_EQ(comparator.compare(gotValue, addedValue), 0);
-
-    success = transaction->get(addedKey, gotValue);
-    EXPECT_FALSE(success);
-}
-
-TEST(LevelDBDatabaseTest, TransactionIterator)
-{
-    OwnPtr<webkit_support::ScopedTempDirectory> tempDirectory = adoptPtr(webkit_support::CreateScopedTempDirectory());
-    tempDirectory->CreateUniqueTempDir();
-    const String path = String::fromUTF8(tempDirectory->path().c_str());
-
-    const Vector<char> start = encodeString("");
-    const Vector<char> key1 = encodeString("key1");
-    const Vector<char> value1 = encodeString("value1");
-    const Vector<char> key2 = encodeString("key2");
-    const Vector<char> value2 = encodeString("value2");
-
-    SimpleComparator comparator;
-    bool success;
-
-    OwnPtr<LevelDBDatabase> leveldb = LevelDBDatabase::open(path, &comparator);
-    EXPECT_TRUE(leveldb);
-
-    success = leveldb->put(key1, value1);
-    EXPECT_TRUE(success);
-    success = leveldb->put(key2, value2);
-    EXPECT_TRUE(success);
-
-    RefPtr<LevelDBTransaction> transaction = LevelDBTransaction::create(leveldb.get());
-
-    success = leveldb->remove(key2);
-    EXPECT_TRUE(success);
-
-    OwnPtr<LevelDBIterator> it = transaction->createIterator();
-
-    it->seek(start);
-
-    EXPECT_TRUE(it->isValid());
-    EXPECT_EQ(comparator.compare(it->key(), key1), 0);
-    EXPECT_EQ(comparator.compare(it->value(), value1), 0);
-
-    it->next();
-
-    EXPECT_TRUE(it->isValid());
-    EXPECT_EQ(comparator.compare(it->key(), key2), 0);
-    EXPECT_EQ(comparator.compare(it->value(), value2), 0);
-
-    it->next();
-
-    EXPECT_FALSE(it->isValid());
-}
-
 } // namespace
 
 #endif // USE(LEVELDB)
diff --git a/Source/WebKit/mac/ChangeLog b/Source/WebKit/mac/ChangeLog
index 639d1029f..f005f8586 100644
--- a/Source/WebKit/mac/ChangeLog
+++ b/Source/WebKit/mac/ChangeLog
@@ -1,30 +1,3 @@
-2012-11-08  Timothy Hatcher  <timothy@apple.com>
-
-        Always use a textured window for the Web Inspector.
-
-        https://bugs.webkit.org/show_bug.cgi?id=101693
-
-        Reviewed by Joseph Pecoraro.
-
-        * WebCoreSupport/WebInspectorClient.mm:
-        (-[WebInspectorWindowController window]): Removed the conditional for a textured window.
-
-2012-11-08  Roger Fong  <roger_fong@apple.com>
-
-        Null check URL key entries into WebHistory hash table. 
-        https://bugs.webkit.org/show_bug.cgi?id=101664
-        <rdar://problem/12440852>
-
-        Reviewed by Brady Eidson.
-        
-        Sometimes the _entriesByURL hash table used to keep track of web history is erroneously passed in null key entries, which causes an exception to fire.
-        This prevents the desired page navigation from taking effect. This is a workaround for the problem.
-        Ideally we would figure out where the null values for the key are coming from but for now we'll just set it to "" to prevent the exception from being thrown
-        so that navigation can continue as expected.
-
-        * History/WebHistory.mm:
-        (-[WebHistoryPrivate visitedURL:withTitle:increaseVisitCount:]):
-
 2012-11-07  Andreas Kling  <akling@apple.com>
 
         Remove build-webkit dependency on Java SDK for Apple Mac WebKit.
diff --git a/Source/WebKit/mac/History/WebHistory.mm b/Source/WebKit/mac/History/WebHistory.mm
index 591cc04b0..e781d32fd 100644
--- a/Source/WebKit/mac/History/WebHistory.mm
+++ b/Source/WebKit/mac/History/WebHistory.mm
@@ -296,8 +296,6 @@ static inline WebHistoryDateKey dateKey(NSTimeInterval date)
     ASSERT(title);
     
     NSString *URLString = [url _web_originalDataAsString];
-    if (!URLString)
-        URLString = @"";
     WebHistoryItem *entry = [_entriesByURL objectForKey:URLString];
 
     if (entry) {
diff --git a/Source/WebKit/mac/WebCoreSupport/WebInspectorClient.mm b/Source/WebKit/mac/WebCoreSupport/WebInspectorClient.mm
index 0b9041d73..f432cd51f 100644
--- a/Source/WebKit/mac/WebCoreSupport/WebInspectorClient.mm
+++ b/Source/WebKit/mac/WebCoreSupport/WebInspectorClient.mm
@@ -336,13 +336,22 @@ void WebInspectorFrontendClient::updateWindowTitle() const
     if (window)
         return window;
 
-    NSUInteger styleMask = (NSTitledWindowMask | NSClosableWindowMask | NSMiniaturizableWindowMask | NSResizableWindowMask | NSTexturedBackgroundWindowMask);
+    bool useTexturedWindow = useWebKitWebInspector();
+
+    NSUInteger styleMask = (NSTitledWindowMask | NSClosableWindowMask | NSMiniaturizableWindowMask | NSResizableWindowMask);
+
+    if (useTexturedWindow)
+        styleMask |= NSTexturedBackgroundWindowMask;
+
     window = [[NSWindow alloc] initWithContentRect:NSMakeRect(60.0, 200.0, 750.0, 650.0) styleMask:styleMask backing:NSBackingStoreBuffered defer:NO];
     [window setDelegate:self];
     [window setMinSize:NSMakeSize(400.0, 400.0)];
-    [window setAutorecalculatesContentBorderThickness:NO forEdge:NSMaxYEdge];
-    [window setContentBorderThickness:55. forEdge:NSMaxYEdge];
-    WKNSWindowMakeBottomCornersSquare(window);
+
+    if (useTexturedWindow) {
+        [window setAutorecalculatesContentBorderThickness:NO forEdge:NSMaxYEdge];
+        [window setContentBorderThickness:55. forEdge:NSMaxYEdge];
+        WKNSWindowMakeBottomCornersSquare(window);
+    }
 
     [self setWindow:window];
     [window release];
diff --git a/Source/WebKit2/ChangeLog b/Source/WebKit2/ChangeLog
index 7ce6fcb22..5eb549001 100644
--- a/Source/WebKit2/ChangeLog
+++ b/Source/WebKit2/ChangeLog
@@ -1,226 +1,3 @@
-2012-11-08  Grzegorz Czajkowski  <g.czajkowski@samsung.com>
-
-        [EFL] Add a method to the TextCheckerEnchant class to check whether any dictionary is loaded
-        https://bugs.webkit.org/show_bug.cgi?id=101570
-
-        Reviewed by Gustavo Noronha Silva.
-
-        To do not get the vector of loaded languages, WebKit2-EFL calls
-        TextCheckerEnchant::hasDictionary() method to check whether the
-        dictionaries vector is empty.
-
-        * UIProcess/API/efl/ewk_settings.cpp:
-        (ewk_settings_continuous_spell_checking_enabled_set):
-        * UIProcess/API/efl/ewk_text_checker.cpp:
-        (Ewk_Text_Checker::hasDictionary):
-        (Ewk_Text_Checker):
-        * UIProcess/API/efl/ewk_text_checker_private.h:
-        (Ewk_Text_Checker):
-
-2012-11-08  Timothy Hatcher  <timothy@apple.com>
-
-        Always use a textured window for the Web Inspector.
-
-        https://bugs.webkit.org/show_bug.cgi?id=101693
-
-        Reviewed by Joseph Pecoraro.
-
-        * UIProcess/mac/WebInspectorProxyMac.mm:
-        (WebKit::WebInspectorProxy::createInspectorWindow): Removed the conditional for a textured window.
-
-2012-11-08  Huang Dongsung  <luxtella@company100.net>
-
-        Coordinated Graphics: Don't send the messages for releasing resources during purging.
-        https://bugs.webkit.org/show_bug.cgi?id=101685
-
-        Reviewed by Noam Rosenthal.
-
-        We don't need to send the messages related to releasing resources to UI Process
-        during purging, because UI Process already had removed all resources.
-        This patch gives us reducing slight messaging overhead and increasing readability.
-
-        * UIProcess/CoordinatedGraphics/LayerTreeCoordinatorProxy.cpp:
-        (WebKit::LayerTreeCoordinatorProxy::purgeBackingStores):
-        * WebProcess/WebPage/CoordinatedGraphics/LayerTreeCoordinator.cpp:
-        (WebKit::LayerTreeCoordinator::LayerTreeCoordinator):
-        (WebKit::LayerTreeCoordinator::purgeReleasedImages):
-        (WebKit::LayerTreeCoordinator::removeTile):
-        (WebKit::LayerTreeCoordinator::removeUpdateAtlas):
-        (WebKit::LayerTreeCoordinator::purgeBackingStores):
-        * WebProcess/WebPage/CoordinatedGraphics/LayerTreeCoordinator.h:
-        (LayerTreeCoordinator):
-
-2012-11-08  KyungTae Kim  <ktf.kim@samsung.com>
-
-        [WK2] Unused parameters on LayerTreeRenderer.cpp
-        https://bugs.webkit.org/show_bug.cgi?id=101653
-
-        Reviewed by Noam Rosenthal.
-
-        Because the 'tileID' parameter is not used now,
-        comment out it to fix build warning -Wunused-parameter
-
-        * UIProcess/CoordinatedGraphics/LayerTreeRenderer.cpp:
-        (WebKit::LayerTreeRenderer::removeBackingStoreIfNeeded):
-
-2012-11-08  Christophe Dumez  <christophe.dumez@intel.com>
-
-        [EFL][WK2] Add proper support for fullscreen API to MiniBrowser
-        https://bugs.webkit.org/show_bug.cgi?id=101615
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        * UIProcess/API/efl/EwkViewImpl.cpp:
-        (EwkViewImpl::enterFullScreen):
-        * UIProcess/API/efl/ewk_security_origin.cpp:
-        (EwkSecurityOrigin::EwkSecurityOrigin):
-        * UIProcess/API/efl/ewk_security_origin_private.h:
-        (EwkSecurityOrigin::create): Add factory method to construct a
-        EwkSecurityOrigin from a KURL.
-        (EwkSecurityOrigin):
-        * UIProcess/API/efl/ewk_view.cpp:
-        (ewk_view_fullscreen_exit): Add public API function to exit
-        fullscreen mode.
-        * UIProcess/API/efl/ewk_view.h: Add security origin parameter
-        to fullscreen_enter smart function since this information is
-        useful to the user agent.
-        * UIProcess/API/efl/tests/test_ewk2_view.cpp:
-        (fullScreenCallback):
-        (fullScreenExitCallback):
-        (TEST_F):
-
-2012-11-08  Brady Eidson  <beidson@apple.com>
-
-        Have NetworkProcess do the actual loading of subresources.
-        https://bugs.webkit.org/show_bug.cgi?id=101640
-
-        Reviewed by Alexey Proskuryakov.
-
-        This adds actual loading of subresources in the NetworkProcess.
-
-        Currently a resource just gets its entire buffer of data built up and then delivered to the WebProcess in one chunk.
-
-        Many FIXMEs point the path towards much better behavior.
-
-        Project file stuff:
-        * WebKit2.xcodeproj/project.pbxproj:
-
-        Add a new Logging channel for scheduling so the one for loading can be separate:
-        * Platform/Logging.cpp:
-        * Platform/Logging.h:
-
-        Add an enhancement FIXME:
-        * NetworkProcess/HostRecord.cpp:
-        (WebKit::HostRecord::remove):
-
-        NetworkRequest now derives from ResourceHandleClient and does actual loading, messaging WebProcess as it does:
-        * NetworkProcess/NetworkRequest.cpp:
-        (WebKit::NetworkRequest::NetworkRequest):
-        (WebKit::NetworkRequest::~NetworkRequest):
-        (WebKit::NetworkRequest::start):
-        (WebKit::requestsToStopMutex):
-        (WebKit::requestsToStop):
-        (WebKit::NetworkRequest::scheduleStopOnMainThread): Stop
-        (WebKit::NetworkRequest::performStops):
-        (WebKit::NetworkRequest::stop): Does NetworkRequest cleanup that happens no matter the state of the network load.
-        (WebKit::NetworkRequest::didReceiveResponse):
-        (WebKit::NetworkRequest::didReceiveData):
-        (WebKit::NetworkRequest::didFinishLoading):
-        (WebKit::NetworkRequest::didFail):
-        * NetworkProcess/NetworkRequest.h:
-
-        Change some logging and now invalid asserts, as well as starting requests in-process instead of relying on WebProcess:
-        * NetworkProcess/NetworkResourceLoadScheduler.cpp:
-        (WebKit::NetworkResourceLoadScheduler::scheduleNetworkRequest):
-        (WebKit::NetworkResourceLoadScheduler::addLoadInProgress):
-        (WebKit::NetworkResourceLoadScheduler::removeLoadIdentifier):
-        (WebKit::NetworkResourceLoadScheduler::crossOriginRedirectReceived):
-        (WebKit::NetworkResourceLoadScheduler::servePendingRequests):
-        (WebKit::NetworkResourceLoadScheduler::servePendingRequestsForHost):
-        (WebKit::NetworkResourceLoadScheduler::removeScheduledLoadIdentifiers):
-        (WebKit::NetworkResourceLoadScheduler::scheduleRemoveLoadIdentifier):
-        * NetworkProcess/NetworkResourceLoadScheduler.h:
-        (NetworkResourceLoadScheduler):
-
-        Add a "ShareableResource" which includes a SharedMemory block, an offset into that block, and a size:
-        * Shared/ShareableResource.cpp: Added.
-        (WebKit::ShareableResource::Handle::Handle):
-        (WebKit::ShareableResource::Handle::encode):
-        (WebKit::ShareableResource::Handle::decode):
-        (WebKit::ShareableResource::create):
-        (WebKit::ShareableResource::ShareableResource):
-        (WebKit::ShareableResource::~ShareableResource):
-        (WebKit::ShareableResource::createHandle):
-        (WebKit::ShareableResource::data):
-        (WebKit::ShareableResource::size):
-        * Shared/ShareableResource.h: 
-        (WebKit::ShareableResource::Handle::isNull):
-        (WebKit::ShareableResource::Handle::size):
-
-        Add an implementation of WebCore::ResourceBuffer that wraps a ShareableResource instead of a SharedBuffer:
-        * Shared/WebResourceBuffer.cpp:
-        (WebKit::WebResourceBuffer::WebResourceBuffer):
-        (WebKit::WebResourceBuffer::~WebResourceBuffer):
-        (WebKit::WebResourceBuffer::data):
-        (WebKit::WebResourceBuffer::size):
-        * Shared/WebResourceBuffer.h:
-        (WebResourceBuffer):
-        (WebKit::WebResourceBuffer::create):
-
-        Add messaging that responds to resource load events from the NetworkProcess and passes them to the scheduler:
-        * WebProcess/Network/NetworkProcessConnection.cpp:
-        (WebKit::NetworkProcessConnection::didReceiveResponse):
-        (WebKit::NetworkProcessConnection::didReceiveResource):
-        (WebKit::NetworkProcessConnection::didFailResourceLoad):
-        * WebProcess/Network/NetworkProcessConnection.h:
-        * WebProcess/Network/NetworkProcessConnection.messages.in:
-
-        Takes resource load events passed from the NetworkProcess and hands them off directly to WebCore ResourceLoaders:
-        * WebProcess/Network/WebResourceLoadScheduler.cpp:
-        (WebKit::WebResourceLoadScheduler::scheduleLoad): Update some logging.
-        (WebKit::WebResourceLoadScheduler::addMainResourceLoad): Ditto.
-        (WebKit::WebResourceLoadScheduler::remove): Ditto.
-        (WebKit::WebResourceLoadScheduler::crossOriginRedirectReceived): Ditto.
-        (WebKit::WebResourceLoadScheduler::servePendingRequests): Ditto.
-        (WebKit::WebResourceLoadScheduler::didReceiveResponse): Call through to ResourceLoader.
-        (WebKit::WebResourceLoadScheduler::didReceiveResource): Ditto.
-        (WebKit::WebResourceLoadScheduler::didFailResourceLoad): Ditto.
-        * WebProcess/Network/WebResourceLoadScheduler.h:
-
-2012-11-08  Huang Dongsung  <luxtella@company100.net>
-
-        Coordinated Graphics: Remove an invisible TiledBackingStore of CoordinatedGraphicsLayer.
-        https://bugs.webkit.org/show_bug.cgi?id=101424
-
-        Reviewed by Noam Rosenthal.
-
-        We must remove an invisible TiledBackingStore of CoordinatedGraphicsLayer.
-        Currently, CoordinatedGraphicsLayer only removes a TiledBackingStore if
-        !drawsContent() while TextureMapperLayer::updateBackingStore() removes a backing
-        store if (!m_state.drawsContent || !m_state.contentsVisible || m_size.isEmpty()).
-        CoordinatedGraphicsLayer must have the same behavior.
-
-        In addition, this patch makes LayerTreeRenderer remove a backing store from
-        GraphicsLayerTextureMapper when CoordinatedBackingStore does not have any tiles.
-
-        Test: compositing/nested-direct-image-compositing.html
-
-        * UIProcess/CoordinatedGraphics/CoordinatedBackingStore.cpp:
-        (WebKit::CoordinatedBackingStore::removeTile):
-        (WebKit::CoordinatedBackingStore::isEmpty):
-        (WebKit):
-        (WebKit::CoordinatedBackingStore::commitTileOperations):
-        * UIProcess/CoordinatedGraphics/CoordinatedBackingStore.h:
-        (CoordinatedBackingStore):
-        * UIProcess/CoordinatedGraphics/LayerTreeRenderer.cpp:
-        (WebKit::LayerTreeRenderer::removeBackingStoreIfNeeded):
-        (WebKit):
-        (WebKit::LayerTreeRenderer::removeTile):
-        * UIProcess/CoordinatedGraphics/LayerTreeRenderer.h:
-        (LayerTreeRenderer):
-        * WebProcess/WebPage/CoordinatedGraphics/CoordinatedGraphicsLayer.cpp:
-        (WebCore::CoordinatedGraphicsLayer::adjustContentsScale):
-
 2012-11-08  Tim Horton  <timothy_horton@apple.com>
 
         [WK2] Print preview should vend images to the UIProcess instead of PDFs
diff --git a/Source/WebKit2/NetworkProcess/HostRecord.cpp b/Source/WebKit2/NetworkProcess/HostRecord.cpp
index 9d78d43f6..32ba59638 100644
--- a/Source/WebKit2/NetworkProcess/HostRecord.cpp
+++ b/Source/WebKit2/NetworkProcess/HostRecord.cpp
@@ -65,9 +65,6 @@ void HostRecord::addLoadInProgress(ResourceLoadIdentifier identifier)
 
 void HostRecord::remove(ResourceLoadIdentifier identifier)
 {
-    // FIXME (NetworkProcess): Due to IPC race conditions, it's possible this HostRecord will be asked to remove the same identifer twice.
-    // It would be nice to know the identifier has already been removed and treat it as a no-op.
-
     if (m_requestsLoading.contains(identifier)) {
         m_requestsLoading.remove(identifier);
         return;
diff --git a/Source/WebKit2/NetworkProcess/NetworkRequest.cpp b/Source/WebKit2/NetworkProcess/NetworkRequest.cpp
index db82d9382..79e74cf19 100644
--- a/Source/WebKit2/NetworkProcess/NetworkRequest.cpp
+++ b/Source/WebKit2/NetworkProcess/NetworkRequest.cpp
@@ -28,18 +28,7 @@
 
 #if ENABLE(NETWORK_PROCESS)
 
-#include "Logging.h"
 #include "NetworkConnectionToWebProcess.h"
-#include "NetworkProcess.h"
-#include "NetworkProcessConnectionMessages.h"
-#include "RemoteNetworkingContext.h"
-#include "SharedMemory.h"
-#include "WebCoreArgumentCoders.h"
-#include <WebCore/ResourceBuffer.h>
-#include <WebCore/ResourceHandle.h>
-#include <wtf/MainThread.h>
-
-using namespace WebCore;
 
 namespace WebKit {
 
@@ -48,85 +37,15 @@ NetworkRequest::NetworkRequest(const WebCore::ResourceRequest& request, Resource
     , m_identifier(identifier)
     , m_connection(connection)
 {
-    ASSERT(isMainThread());
     connection->registerObserver(this);
 }
 
 NetworkRequest::~NetworkRequest()
 {
-    ASSERT(isMainThread());
-
     if (m_connection)
         m_connection->unregisterObserver(this);
 }
 
-void NetworkRequest::start()
-{
-    ASSERT(isMainThread());
-
-    // Explicit ref() balanced by a deref() in NetworkRequest::stop()
-    ref();
-    
-    // FIXME (NetworkProcess): Create RemoteNetworkingContext with actual settings.
-    m_networkingContext = RemoteNetworkingContext::create(false, false);
-
-    // FIXME (NetworkProcess): Pass an actual value for shouldContentSniff (XMLHttpRequest needs that).
-    m_handle = ResourceHandle::create(m_networkingContext.get(), m_request, this, false, false);
-}
-
-static bool stopRequestsCalled = false;
-
-static Mutex& requestsToStopMutex()
-{
-    DEFINE_STATIC_LOCAL(Mutex, mutex, ());
-    return mutex;
-}
-
-static HashSet<NetworkRequest*>& requestsToStop()
-{
-    DEFINE_STATIC_LOCAL(HashSet<NetworkRequest*>, requests, ());
-    return requests;
-}
-
-void NetworkRequest::scheduleStopOnMainThread()
-{
-    MutexLocker locker(requestsToStopMutex());
-
-    requestsToStop().add(this);
-    if (!stopRequestsCalled) {
-        stopRequestsCalled = true;
-        callOnMainThread(NetworkRequest::performStops, 0);
-    }
-}
-
-void NetworkRequest::performStops(void*)
-{
-    ASSERT(stopRequestsCalled);
-
-    Vector<NetworkRequest*> requests;
-    {
-        MutexLocker locker(requestsToStopMutex());
-        copyToVector(requestsToStop(), requests);
-        requestsToStop().clear();
-        stopRequestsCalled = false;
-    }
-    
-    for (size_t i = 0; i < requests.size(); ++i)
-        requests[i]->stop();
-}
-
-void NetworkRequest::stop()
-{
-    ASSERT(isMainThread());
-
-    // Remove this load identifier soon so we can start more network requests.
-    NetworkProcess::shared().networkResourceLoadScheduler().scheduleRemoveLoadIdentifier(m_identifier);
-    
-    // Explicit deref() balanced by a ref() in NetworkRequest::stop()
-    // This might cause the NetworkRequest to be destroyed and therefore we do it last.
-    deref();
-}
-
 void NetworkRequest::connectionToWebProcessDidClose(NetworkConnectionToWebProcess* connection)
 {
     ASSERT_ARG(connection, connection == m_connection.get());
@@ -134,52 +53,6 @@ void NetworkRequest::connectionToWebProcessDidClose(NetworkConnectionToWebProces
     m_connection = 0;
 }
 
-void NetworkRequest::didReceiveResponse(ResourceHandle*, const ResourceResponse& response)
-{
-    // FIXME (NetworkProcess): Cache the response.
-    connectionToWebProcess()->connection()->send(Messages::NetworkProcessConnection::DidReceiveResponse(m_identifier, response), 0);
-}
-
-void NetworkRequest::didReceiveData(ResourceHandle*, const char* data, int length, int /*encodedDataLength*/)
-{
-    // FIXME (NetworkProcess): We have to progressively notify the WebProcess as data is received.
-    if (!m_buffer)
-        m_buffer = ResourceBuffer::create();
-    m_buffer->append(data, length);
-}
-
-void NetworkRequest::didFinishLoading(ResourceHandle*, double finishTime)
-{
-    // FIXME (NetworkProcess): Currently this callback can come in on a non-main thread.
-    // This is okay for now since resource buffers are per-NetworkRequest.
-    // Once we manage memory in an actual memory cache that also includes SharedMemory blocks this will get complicated.
-    // Maybe we should marshall it to the main thread?
-
-    ShareableResource::Handle handle;
-
-    if (m_buffer && m_buffer->size()) {
-        // FIXME (NetworkProcess): We shouldn't be creating this SharedMemory on demand here.
-        // SharedMemory blocks need to be managed as part of the cache backing store.
-        RefPtr<SharedMemory> sharedBuffer = SharedMemory::create(m_buffer->size());
-        memcpy(sharedBuffer->data(), m_buffer->data(), m_buffer->size());
-
-        RefPtr<ShareableResource> shareableResource = ShareableResource::create(sharedBuffer.release(), 0, m_buffer->size());
-
-        // FIXME (NetworkProcess): Handle errors from createHandle();
-        if (!shareableResource->createHandle(handle))
-            LOG_ERROR("Failed to create handle to shareable resource memory\n");
-    }
-
-    connectionToWebProcess()->connection()->send(Messages::NetworkProcessConnection::DidReceiveResource(m_identifier, handle, finishTime), 0);
-    scheduleStopOnMainThread();
-}
-
-void NetworkRequest::didFail(WebCore::ResourceHandle*, const WebCore::ResourceError& error)
-{
-    connectionToWebProcess()->connection()->send(Messages::NetworkProcessConnection::DidFailResourceLoad(m_identifier, error), 0);
-    scheduleStopOnMainThread();
-}
-
 } // namespace WebKit
 
 #endif // ENABLE(NETWORK_PROCESS)
diff --git a/Source/WebKit2/NetworkProcess/NetworkRequest.h b/Source/WebKit2/NetworkProcess/NetworkRequest.h
index c8c3e2e92..683e832c2 100644
--- a/Source/WebKit2/NetworkProcess/NetworkRequest.h
+++ b/Source/WebKit2/NetworkProcess/NetworkRequest.h
@@ -29,20 +29,13 @@
 #if ENABLE(NETWORK_PROCESS)
 
 #include "NetworkConnectionToWebProcess.h"
-#include <WebCore/ResourceHandleClient.h>
 #include <WebCore/ResourceRequest.h>
 
-namespace WebCore {
-class ResourceBuffer;
-class ResourceHandle;
-}
-
 namespace WebKit {
 
-class RemoteNetworkingContext;
 typedef uint64_t ResourceLoadIdentifier;
 
-class NetworkRequest : public RefCounted<NetworkRequest>, public NetworkConnectionToWebProcessObserver, public WebCore::ResourceHandleClient {
+class NetworkRequest : public RefCounted<NetworkRequest>, public NetworkConnectionToWebProcessObserver {
 public:
     static RefPtr<NetworkRequest> create(const WebCore::ResourceRequest& request, ResourceLoadIdentifier identifier, NetworkConnectionToWebProcess* connection)
     {
@@ -51,71 +44,19 @@ public:
     
     ~NetworkRequest();
 
-    void start();
-
-    virtual void connectionToWebProcessDidClose(NetworkConnectionToWebProcess*) OVERRIDE;
+    void connectionToWebProcessDidClose(NetworkConnectionToWebProcess*);
     
     ResourceLoadIdentifier identifier() { return m_identifier; }
     
     NetworkConnectionToWebProcess* connectionToWebProcess() { return m_connection.get(); }
 
-    // ResourceHandleClient methods
-    virtual void willSendRequest(WebCore::ResourceHandle*, WebCore::ResourceRequest&, const WebCore::ResourceResponse& /*redirectResponse*/) OVERRIDE { }
-    virtual void didSendData(WebCore::ResourceHandle*, unsigned long long /*bytesSent*/, unsigned long long /*totalBytesToBeSent*/) OVERRIDE { }
-    virtual void didReceiveResponse(WebCore::ResourceHandle*, const WebCore::ResourceResponse&) OVERRIDE;
-    virtual void didReceiveData(WebCore::ResourceHandle*, const char*, int, int /*encodedDataLength*/) OVERRIDE;
-    virtual void didReceiveCachedMetadata(WebCore::ResourceHandle*, const char*, int) OVERRIDE { }
-    virtual void didFinishLoading(WebCore::ResourceHandle*, double /*finishTime*/) OVERRIDE;
-    virtual void didFail(WebCore::ResourceHandle*, const WebCore::ResourceError&) OVERRIDE;
-    virtual void wasBlocked(WebCore::ResourceHandle*) OVERRIDE { }
-    virtual void cannotShowURL(WebCore::ResourceHandle*) OVERRIDE { }
-#if HAVE(NETWORK_CFDATA_ARRAY_CALLBACK)
-    virtual bool supportsDataArray() OVERRIDE { return false; }
-    virtual void didReceiveDataArray(WebCore::ResourceHandle*, CFArrayRef) OVERRIDE { }
-#endif
-    virtual void willCacheResponse(WebCore::ResourceHandle*, WebCore::CacheStoragePolicy&) OVERRIDE { }
-    virtual bool shouldUseCredentialStorage(WebCore::ResourceHandle*) OVERRIDE { return false; }
-    virtual void didReceiveAuthenticationChallenge(WebCore::ResourceHandle*, const WebCore::AuthenticationChallenge&) OVERRIDE { }
-    virtual void didCancelAuthenticationChallenge(WebCore::ResourceHandle*, const WebCore::AuthenticationChallenge&) OVERRIDE { }
-#if USE(PROTECTION_SPACE_AUTH_CALLBACK)
-    virtual bool canAuthenticateAgainstProtectionSpace(WebCore::ResourceHandle*, const WebCore::ProtectionSpace&) OVERRIDE { return false; }
-#endif
-    virtual void receivedCancellation(WebCore::ResourceHandle*, const WebCore::AuthenticationChallenge&) OVERRIDE { }
-#if PLATFORM(MAC)
-#if USE(CFNETWORK)
-    virtual CFCachedURLResponseRef willCacheResponse(WebCore::ResourceHandle*, CFCachedURLResponseRef response) OVERRIDE { return response; }
-#else
-    virtual NSCachedURLResponse* willCacheResponse(WebCore::ResourceHandle*, NSCachedURLResponse* response) OVERRIDE { return response; }
-#endif
-    virtual void willStopBufferingData(WebCore::ResourceHandle*, const char*, int) OVERRIDE { }
-#endif // PLATFORM(MAC)
-
-#if PLATFORM(WIN) && USE(CFNETWORK)
-    virtual bool shouldCacheResponse(WebCore::ResourceHandle*, CFCachedURLResponseRef) OVERRIDE { return true; }
-#endif
-
-#if ENABLE(BLOB)
-    virtual WebCore::AsyncFileStream* createAsyncFileStream(WebCore::FileStreamClient*) OVERRIDE { return 0; }
-#endif
-
 private:
     NetworkRequest(const WebCore::ResourceRequest&, ResourceLoadIdentifier, NetworkConnectionToWebProcess*);
 
-    void scheduleStopOnMainThread();
-    static void performStops(void*);
-
-    void stop();
-
     WebCore::ResourceRequest m_request;
     ResourceLoadIdentifier m_identifier;
 
-    RefPtr<RemoteNetworkingContext> m_networkingContext;
-    RefPtr<WebCore::ResourceHandle> m_handle;
-
     RefPtr<NetworkConnectionToWebProcess> m_connection;
-
-    // FIXME (NetworkProcess): Response data lifetime should be managed outside NetworkRequest.
-    RefPtr<WebCore::ResourceBuffer> m_buffer;
 };
 
 } // namespace WebKit
diff --git a/Source/WebKit2/NetworkProcess/NetworkResourceLoadScheduler.cpp b/Source/WebKit2/NetworkProcess/NetworkResourceLoadScheduler.cpp
index bcc5e4435..ccc3d76b9 100644
--- a/Source/WebKit2/NetworkProcess/NetworkResourceLoadScheduler.cpp
+++ b/Source/WebKit2/NetworkProcess/NetworkResourceLoadScheduler.cpp
@@ -6,7 +6,6 @@
 #include "NetworkConnectionToWebProcess.h"
 #include "NetworkProcessconnectionMessages.h"
 #include "NetworkRequest.h"
-#include <wtf/MainThread.h>
 #include <wtf/text/CString.h>
 
 #if ENABLE(NETWORK_PROCESS)
@@ -42,7 +41,7 @@ ResourceLoadIdentifier NetworkResourceLoadScheduler::scheduleNetworkRequest(cons
 {    
     ResourceLoadIdentifier identifier = ++s_currentResourceLoadIdentifier;
 
-    LOG(NetworkScheduling, "(NetworkProcess) NetworkResourceLoadScheduler::scheduleNetworkRequest resource %llu '%s'", identifier, request.url().string().utf8().data());
+    LOG(Network, "(NetworkProcess) NetworkResourceLoadScheduler::scheduleNetworkRequest resource %llu '%s'", identifier, request.url().string().utf8().data());
 
     HostRecord* host = hostForURL(request.url(), CreateIfNotFound);
     bool hadRequests = host->hasRequests();
@@ -64,7 +63,7 @@ ResourceLoadIdentifier NetworkResourceLoadScheduler::addLoadInProgress(const Web
 {
     ResourceLoadIdentifier identifier = ++s_currentResourceLoadIdentifier;
 
-    LOG(NetworkScheduling, "(NetworkProcess) NetworkResourceLoadScheduler::addLoadInProgress resource %llu with url '%s'", identifier, url.string().utf8().data());
+    LOG(Network, "(NetworkProcess) NetworkResourceLoadScheduler::addLoadInProgress resource %llu with url '%s'", identifier, url.string().utf8().data());
 
     HostRecord* host = hostForURL(url, CreateIfNotFound);
     host->addLoadInProgress(identifier);
@@ -91,16 +90,12 @@ HostRecord* NetworkResourceLoadScheduler::hostForURL(const WebCore::KURL& url, C
 
 void NetworkResourceLoadScheduler::removeLoadIdentifier(ResourceLoadIdentifier identifier)
 {
-    ASSERT(isMainThread());
     ASSERT(identifier);
 
-    LOG(NetworkScheduling, "(NetworkProcess) NetworkResourceLoadScheduler::removeLoadIdentifier removing load identifier %llu", identifier);
+    LOG(Network, "(NetworkProcess) NetworkResourceLoadScheduler::removeLoadIdentifier removing load identifier %llu", identifier);
 
     HostRecord* host = m_identifiers.take(identifier);
-    
-    // Due to a race condition the WebProcess might have messaged the NetworkProcess to remove this identifier
-    // after the NetworkProcess has already removed it internally.
-    // In this situation we might not have a HostRecord to clean up.
+    ASSERT(host);
     if (host)
         host->remove(identifier);
 
@@ -109,8 +104,7 @@ void NetworkResourceLoadScheduler::removeLoadIdentifier(ResourceLoadIdentifier i
 
 void NetworkResourceLoadScheduler::crossOriginRedirectReceived(ResourceLoadIdentifier identifier, const WebCore::KURL& redirectURL)
 {
-    ASSERT(isMainThread());
-    LOG(NetworkScheduling, "(NetworkProcess) NetworkResourceLoadScheduler::crossOriginRedirectReceived resource %llu redirected to '%s'", identifier, redirectURL.string().utf8().data());
+    LOG(Network, "(NetworkProcess) NetworkResourceLoadScheduler::crossOriginRedirectReceived resource %llu redirected to '%s'", identifier, redirectURL.string().utf8().data());
 
     HostRecord* oldHost = m_identifiers.get(identifier);
     HostRecord* newHost = hostForURL(redirectURL, CreateIfNotFound);
@@ -130,7 +124,7 @@ void NetworkResourceLoadScheduler::servePendingRequests(ResourceLoadPriority min
     if (m_suspendPendingRequestsCount)
         return;
 
-    LOG(NetworkScheduling, "(NetworkProcess) NetworkResourceLoadScheduler::servePendingRequests Serving requests for up to %i hosts", m_hosts.size());
+    LOG(Network, "(NetworkProcess) NetworkResourceLoadScheduler::servePendingRequests Serving requests for up to %i hosts", m_hosts.size());
 
     m_requestTimer.stop();
     
@@ -152,7 +146,7 @@ void NetworkResourceLoadScheduler::servePendingRequests(ResourceLoadPriority min
 
 void NetworkResourceLoadScheduler::servePendingRequestsForHost(HostRecord* host, ResourceLoadPriority minimumPriority)
 {
-    LOG(NetworkScheduling, "NetworkResourceLoadScheduler::servePendingRequests Host name='%s'", host->name().utf8().data());
+    LOG(Network, "NetworkResourceLoadScheduler::servePendingRequests Host name='%s'", host->name().utf8().data());
 
     for (int priority = ResourceLoadPriorityHighest; priority >= minimumPriority; --priority) {
         HostRecord::RequestQueue& requestsPending = host->requestsPending(ResourceLoadPriority(priority));
@@ -184,8 +178,8 @@ void NetworkResourceLoadScheduler::servePendingRequestsForHost(HostRecord* host,
 
             requestsPending.removeFirst();
             host->addLoadInProgress(request->identifier());
-
-            request->start();
+            
+            request->connectionToWebProcess()->connection()->send(Messages::NetworkProcessConnection::StartResourceLoad(request->identifier()), 0);
         }
     }
 }
@@ -206,43 +200,6 @@ void NetworkResourceLoadScheduler::resumePendingRequests()
         scheduleServePendingRequests();
 }
 
-static bool removeScheduledLoadIdentifiersCalled = false;
-
-void NetworkResourceLoadScheduler::removeScheduledLoadIdentifiers(void* context)
-{
-    ASSERT(isMainThread());
-    ASSERT(removeScheduledLoadIdentifiersCalled);
-
-    NetworkResourceLoadScheduler* scheduler = static_cast<NetworkResourceLoadScheduler*>(context);
-    scheduler->removeScheduledLoadIdentifiers();
-}
-
-void NetworkResourceLoadScheduler::removeScheduledLoadIdentifiers()
-{
-    Vector<ResourceLoadIdentifier> identifiers;
-    {
-        MutexLocker locker(m_identifiersToRemoveMutex);
-        copyToVector(m_identifiersToRemove, identifiers);
-        m_identifiersToRemove.clear();
-        removeScheduledLoadIdentifiersCalled = false;
-    }
-    
-    for (size_t i = 0; i < identifiers.size(); ++i)
-        removeLoadIdentifier(identifiers[i]);
-}
-
-void NetworkResourceLoadScheduler::scheduleRemoveLoadIdentifier(ResourceLoadIdentifier identifier)
-{
-    MutexLocker locker(m_identifiersToRemoveMutex);
-    
-    m_identifiersToRemove.add(identifier);
-    
-    if (!removeScheduledLoadIdentifiersCalled) {
-        removeScheduledLoadIdentifiersCalled = true;
-        callOnMainThread(NetworkResourceLoadScheduler::removeScheduledLoadIdentifiers, this);
-    }
-}
-
 } // namespace WebKit
 
 #endif // ENABLE(NETWORK_PROCESS)
diff --git a/Source/WebKit2/NetworkProcess/NetworkResourceLoadScheduler.h b/Source/WebKit2/NetworkProcess/NetworkResourceLoadScheduler.h
index 0f98ffd31..a16a38847 100644
--- a/Source/WebKit2/NetworkProcess/NetworkResourceLoadScheduler.h
+++ b/Source/WebKit2/NetworkProcess/NetworkResourceLoadScheduler.h
@@ -28,7 +28,6 @@
 
 #include <WebCore/ResourceRequest.h>
 #include <WebCore/Timer.h>
-#include <wtf/HashSet.h>
 
 #if ENABLE(NETWORK_PROCESS)
 
@@ -53,9 +52,6 @@ public:
     // Called by the WebProcess when a ResourceLoader is being cleaned up.
     void removeLoadIdentifier(ResourceLoadIdentifier);
 
-    // Called within the NetworkProcess on a background thread when a resource load has finished.
-    void scheduleRemoveLoadIdentifier(ResourceLoadIdentifier);
-
     void crossOriginRedirectReceived(ResourceLoadIdentifier, const WebCore::KURL& redirectURL);
     void servePendingRequests(WebCore::ResourceLoadPriority = WebCore::ResourceLoadPriorityVeryLow);
     void suspendPendingRequests();
@@ -76,9 +72,6 @@ private:
 
     unsigned platformInitializeMaximumHTTPConnectionCountPerHost();
 
-    static void removeScheduledLoadIdentifiers(void* context);
-    void removeScheduledLoadIdentifiers();
-
     typedef HashMap<String, HostRecord*, StringHash> HostMap;
     HostMap m_hosts;
 
@@ -91,9 +84,6 @@ private:
     bool m_isSerialLoadingEnabled;
 
     WebCore::Timer<NetworkResourceLoadScheduler> m_requestTimer;
-    
-    Mutex m_identifiersToRemoveMutex;
-    HashSet<ResourceLoadIdentifier> m_identifiersToRemove;
 };
 
 } // namespace WebKit
diff --git a/Source/WebKit2/Platform/Logging.cpp b/Source/WebKit2/Platform/Logging.cpp
index ae9d0d2b0..6cd04b99a 100644
--- a/Source/WebKit2/Platform/Logging.cpp
+++ b/Source/WebKit2/Platform/Logging.cpp
@@ -31,15 +31,14 @@
 
 namespace WebKit {
 
-WTFLogChannel LogSessionState      = { 0x00000001, "WebKit2LogLevel", WTFLogChannelOff };
-WTFLogChannel LogContextMenu       = { 0x00000002, "WebKit2LogLevel", WTFLogChannelOff };
-WTFLogChannel LogTextInput         = { 0x00000004, "WebKit2LogLevel", WTFLogChannelOff };
-WTFLogChannel LogView              = { 0x00000008, "WebKit2LogLevel", WTFLogChannelOff };
-WTFLogChannel LogIconDatabase      = { 0x00000010, "WebKit2LogLevel", WTFLogChannelOff };
-WTFLogChannel LogKeyHandling       = { 0x00000020, "WebKit2LogLevel", WTFLogChannelOff };
-WTFLogChannel LogPlugins           = { 0x00000040, "WebKit2LogLevel", WTFLogChannelOff };
-WTFLogChannel LogNetwork           = { 0x00000080, "WebKit2LogLevel", WTFLogChannelOff };
-WTFLogChannel LogNetworkScheduling = { 0x00000100, "WebKit2LogLevel", WTFLogChannelOff };
+WTFLogChannel LogSessionState = { 0x00000001, "WebKit2LogLevel", WTFLogChannelOff };
+WTFLogChannel LogContextMenu  = { 0x00000002, "WebKit2LogLevel", WTFLogChannelOff };
+WTFLogChannel LogTextInput    = { 0x00000004, "WebKit2LogLevel", WTFLogChannelOff };
+WTFLogChannel LogView         = { 0x00000008, "WebKit2LogLevel", WTFLogChannelOff };
+WTFLogChannel LogIconDatabase = { 0x00000010, "WebKit2LogLevel", WTFLogChannelOff };
+WTFLogChannel LogKeyHandling  = { 0x00000020, "WebKit2LogLevel", WTFLogChannelOff };
+WTFLogChannel LogPlugins      = { 0x00000040, "WebKit2LogLevel", WTFLogChannelOff };
+WTFLogChannel LogNetwork      = { 0x00000080, "WebKit2LogLevel", WTFLogChannelOff };
 
 #if !PLATFORM(MAC) && !PLATFORM(GTK) && !PLATFORM(QT) && !PLATFORM(EFL)
 void initializeLogChannel(WTFLogChannel* channel)
diff --git a/Source/WebKit2/Platform/Logging.h b/Source/WebKit2/Platform/Logging.h
index 8a18ec01e..ca998c2b8 100644
--- a/Source/WebKit2/Platform/Logging.h
+++ b/Source/WebKit2/Platform/Logging.h
@@ -45,7 +45,6 @@ extern WTFLogChannel LogSessionState;
 extern WTFLogChannel LogTextInput;
 extern WTFLogChannel LogView;
 extern WTFLogChannel LogNetwork;
-extern WTFLogChannel LogNetworkScheduling;
 
 void initializeLogChannel(WTFLogChannel*);
 void initializeLogChannelsIfNecessary(void);
diff --git a/Source/WebKit2/Shared/ShareableResource.cpp b/Source/WebKit2/Shared/ShareableResource.cpp
deleted file mode 100644
index bd98629a2..000000000
--- a/Source/WebKit2/Shared/ShareableResource.cpp
+++ /dev/null
@@ -1,105 +0,0 @@
-/*
- * Copyright (C) 2012 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "config.h"
-#include "ShareableResource.h"
-
-#include "ArgumentCoders.h"
-
-namespace WebKit {
-
-ShareableResource::Handle::Handle()
-{
-}
-
-void ShareableResource::Handle::encode(CoreIPC::ArgumentEncoder& encoder) const
-{
-    encoder << m_handle;
-    encoder << m_offset;
-    encoder << m_size;
-}
-
-bool ShareableResource::Handle::decode(CoreIPC::ArgumentDecoder* decoder, Handle& handle)
-{
-    if (!decoder->decode(handle.m_handle))
-        return false;
-    if (!decoder->decode(handle.m_offset))
-        return false;
-    if (!decoder->decode(handle.m_size))
-        return false;
-    return true;
-}
-    
-PassRefPtr<ShareableResource> ShareableResource::create(PassRefPtr<SharedMemory> sharedMemory, unsigned offset, unsigned size)
-{
-    return adoptRef(new ShareableResource(sharedMemory, offset, size));
-}
-
-PassRefPtr<ShareableResource> ShareableResource::create(const Handle& handle)
-{
-    RefPtr<SharedMemory> sharedMemory = SharedMemory::create(handle.m_handle, SharedMemory::ReadOnly);
-    if (!sharedMemory)
-        return 0;
-
-    return create(sharedMemory.release(), handle.m_offset, handle.m_size);
-}
-
-ShareableResource::ShareableResource(PassRefPtr<SharedMemory> sharedMemory, unsigned offset, unsigned size)
-    : m_sharedMemory(sharedMemory)
-    , m_offset(offset)
-    , m_size(size)
-{
-    ASSERT(m_sharedMemory);
-    ASSERT(m_offset + m_size <= m_sharedMemory->size());
-    
-    // FIXME (NetworkProcess): This data was received from another process.  If it is bogus, should we assume that process is compromised and we should kill it?
-}
-
-ShareableResource::~ShareableResource()
-{
-}
-
-bool ShareableResource::createHandle(Handle& handle)
-{
-    if (!m_sharedMemory->createHandle(handle.m_handle, SharedMemory::ReadOnly))
-        return false;
-
-    handle.m_offset = m_offset;
-    handle.m_size = m_size;
-
-    return true;
-}
-
-const char* ShareableResource::data() const
-{
-    return static_cast<const char*>(m_sharedMemory->data()) + m_offset;
-}
-
-unsigned ShareableResource::size() const
-{
-    return m_size;
-}
-    
-} // namespace WebKit
diff --git a/Source/WebKit2/Shared/ShareableResource.h b/Source/WebKit2/Shared/ShareableResource.h
deleted file mode 100644
index 76f0e4c7d..000000000
--- a/Source/WebKit2/Shared/ShareableResource.h
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
- * Copyright (C) 2012 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifndef ShareableResource_h
-#define ShareableResource_h
-
-#include "SharedMemory.h"
-
-#include <wtf/PassRefPtr.h>
-#include <wtf/RefCounted.h>
-#include <wtf/RefPtr.h>
-
-namespace WebKit {
-    
-class ShareableResource : public RefCounted<ShareableResource> {
-public:
-
-    class Handle {
-        WTF_MAKE_NONCOPYABLE(Handle);
-    public:
-        Handle();
-
-        bool isNull() const { return m_handle.isNull(); }
-        unsigned size() const { return m_size; }
-
-        void encode(CoreIPC::ArgumentEncoder&) const;
-        static bool decode(CoreIPC::ArgumentDecoder*, Handle&);
-
-    private:
-        friend class ShareableResource;
-
-        mutable SharedMemory::Handle m_handle;
-        unsigned m_offset;
-        unsigned m_size;
-    };
-
-    // Create a shareable bitmap that uses malloced memory.
-    static PassRefPtr<ShareableResource> create(PassRefPtr<SharedMemory>, unsigned offset, unsigned size);
-
-    // Create a shareable bitmap from a handle.
-    static PassRefPtr<ShareableResource> create(const Handle&);
-
-    // Create a handle.
-    bool createHandle(Handle&);
-
-    ~ShareableResource();
-
-    const char* data() const;
-    unsigned size() const;
-    
-private:
-    ShareableResource(PassRefPtr<SharedMemory>, unsigned offset, unsigned size);
-
-    RefPtr<SharedMemory> m_sharedMemory;
-
-    unsigned m_offset;
-    unsigned m_size;    
-};
-
-} // namespace WebKit
-
-#endif // ShareableResource_h
diff --git a/Source/WebKit2/Shared/WebResourceBuffer.cpp b/Source/WebKit2/Shared/WebResourceBuffer.cpp
deleted file mode 100644
index 4df1121d1..000000000
--- a/Source/WebKit2/Shared/WebResourceBuffer.cpp
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Copyright (C) 2012 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "config.h"
-#include "WebResourceBuffer.h"
-
-#include "Logging.h"
-#include "ShareableResource.h"
-
-namespace WebKit {
-
-WebResourceBuffer::WebResourceBuffer(PassRefPtr<ShareableResource> resource)
-    : m_resource(resource)
-{
-    ASSERT(m_resource);
-}
-
-WebResourceBuffer::~WebResourceBuffer()
-{
-}
-
-const char* WebResourceBuffer::data() const
-{
-    return reinterpret_cast<const char*>(m_resource->data());
-}
-
-unsigned WebResourceBuffer::size() const
-{
-    return m_resource->size();
-}
-
-} // namespace WebKit
diff --git a/Source/WebKit2/Shared/WebResourceBuffer.h b/Source/WebKit2/Shared/WebResourceBuffer.h
deleted file mode 100644
index 0c77e9841..000000000
--- a/Source/WebKit2/Shared/WebResourceBuffer.h
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright (C) 2012 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifndef WebResourceBuffer_h
-#define WebResourceBuffer_h
-
-#include <WebCore/ResourceBuffer.h>
-
-namespace WebKit {
-
-class ShareableResource;
-
-class WebResourceBuffer : public WebCore::ResourceBuffer {
-public:
-    static PassRefPtr<WebResourceBuffer> create(PassRefPtr<ShareableResource> resource) { return adoptRef(new WebResourceBuffer(resource)); }
-
-    virtual ~WebResourceBuffer() OVERRIDE;
-
-    virtual const char* data() const OVERRIDE;
-    virtual unsigned size() const OVERRIDE;
-
-private:
-    WebResourceBuffer(PassRefPtr<ShareableResource>);
-
-    RefPtr<ShareableResource> m_resource;
-};
-
-} // namespace WebKit
-
-#endif // WebResourceBuffer_h
diff --git a/Source/WebKit2/UIProcess/API/efl/EwkViewImpl.cpp b/Source/WebKit2/UIProcess/API/efl/EwkViewImpl.cpp
index 9d8732ec8..13812a649 100644
--- a/Source/WebKit2/UIProcess/API/efl/EwkViewImpl.cpp
+++ b/Source/WebKit2/UIProcess/API/efl/EwkViewImpl.cpp
@@ -47,7 +47,6 @@
 #include "ewk_popup_menu_item_private.h"
 #include "ewk_popup_menu_private.h"
 #include "ewk_private.h"
-#include "ewk_security_origin_private.h"
 #include "ewk_settings_private.h"
 #include "ewk_view.h"
 #include "ewk_view_private.h"
@@ -338,9 +337,7 @@ void EwkViewImpl::enterFullScreen()
 {
     Ewk_View_Smart_Data* sd = smartData();
 
-    RefPtr<EwkSecurityOrigin> origin = EwkSecurityOrigin::create(KURL(ParsedURLString, String::fromUTF8(m_url)));
-
-    if (!sd->api->fullscreen_enter || !sd->api->fullscreen_enter(sd, origin.get())) {
+    if (!sd->api->fullscreen_enter || !sd->api->fullscreen_enter(sd)) {
         Ecore_Evas* ecoreEvas = ecore_evas_ecore_evas_get(sd->base.evas);
         ecore_evas_fullscreen_set(ecoreEvas, true);
     }
diff --git a/Source/WebKit2/UIProcess/API/efl/ewk_security_origin.cpp b/Source/WebKit2/UIProcess/API/efl/ewk_security_origin.cpp
index 60d8e39f8..35061260c 100644
--- a/Source/WebKit2/UIProcess/API/efl/ewk_security_origin.cpp
+++ b/Source/WebKit2/UIProcess/API/efl/ewk_security_origin.cpp
@@ -28,11 +28,8 @@
 
 #include "WKAPICast.h"
 #include "WKSecurityOrigin.h"
-#include "WebSecurityOrigin.h"
 #include "ewk_security_origin_private.h"
-#include <WebCore/SecurityOrigin.h>
 
-using namespace WebCore;
 using namespace WebKit;
 
 EwkSecurityOrigin::EwkSecurityOrigin(WKSecurityOriginRef originRef)
@@ -41,12 +38,6 @@ EwkSecurityOrigin::EwkSecurityOrigin(WKSecurityOriginRef originRef)
     , m_protocol(AdoptWK, WKSecurityOriginCopyProtocol(originRef))
 { }
 
-EwkSecurityOrigin::EwkSecurityOrigin(const KURL& url)
-    : m_wkOrigin(AdoptWK, toAPI(WebSecurityOrigin::create(SecurityOrigin::create(url)).leakRef()))
-    , m_host(AdoptWK, WKSecurityOriginCopyHost(m_wkOrigin.get()))
-    , m_protocol(AdoptWK, WKSecurityOriginCopyProtocol(m_wkOrigin.get()))
-{ }
-
 const char* EwkSecurityOrigin::host() const
 {
     return m_host;
diff --git a/Source/WebKit2/UIProcess/API/efl/ewk_security_origin_private.h b/Source/WebKit2/UIProcess/API/efl/ewk_security_origin_private.h
index 6009c6e55..a8a39a499 100644
--- a/Source/WebKit2/UIProcess/API/efl/ewk_security_origin_private.h
+++ b/Source/WebKit2/UIProcess/API/efl/ewk_security_origin_private.h
@@ -29,7 +29,6 @@
 #include "WKEinaSharedString.h"
 #include "WKSecurityOrigin.h"
 #include "ewk_object_private.h"
-#include <WebCore/KURL.h>
 #include <WebKit2/WKBase.h>
 #include <wtf/PassRefPtr.h>
 
@@ -42,18 +41,12 @@ public:
         return adoptRef(new EwkSecurityOrigin(originRef));
     }
 
-    static PassRefPtr<EwkSecurityOrigin> create(const WebCore::KURL& url)
-    {
-        return adoptRef(new EwkSecurityOrigin(url));
-    }
-
     const char* host() const;
     const char* protocol() const;
     uint32_t port() const;
 
 private:
     explicit EwkSecurityOrigin(WKSecurityOriginRef originRef);
-    explicit EwkSecurityOrigin(const WebCore::KURL& url);
 
     WKRetainPtr<WKSecurityOriginRef> m_wkOrigin;
     WKEinaSharedString m_host;
diff --git a/Source/WebKit2/UIProcess/API/efl/ewk_settings.cpp b/Source/WebKit2/UIProcess/API/efl/ewk_settings.cpp
index f704ea378..96a321038 100644
--- a/Source/WebKit2/UIProcess/API/efl/ewk_settings.cpp
+++ b/Source/WebKit2/UIProcess/API/efl/ewk_settings.cpp
@@ -225,7 +225,7 @@ void ewk_settings_continuous_spell_checking_enabled_set(Eina_Bool enable)
         WKTextCheckerContinuousSpellCheckingEnabledStateChanged(enable);
 
         // Sets the default language if user didn't specify any.
-        if (enable && !Ewk_Text_Checker::hasDictionary())
+        if (enable && Ewk_Text_Checker::loadedSpellCheckingLanguages().isEmpty())
             spellCheckingLanguagesSet(Vector<String>());
 
         if (ewkTextCheckerSettings.onContinuousSpellChecking)
diff --git a/Source/WebKit2/UIProcess/API/efl/ewk_text_checker.cpp b/Source/WebKit2/UIProcess/API/efl/ewk_text_checker.cpp
index ce546d56b..e15b8fc1a 100644
--- a/Source/WebKit2/UIProcess/API/efl/ewk_text_checker.cpp
+++ b/Source/WebKit2/UIProcess/API/efl/ewk_text_checker.cpp
@@ -162,11 +162,6 @@ Vector<String> loadedSpellCheckingLanguages()
     return textCheckerEnchant()->loadedSpellCheckingLanguages();
 }
 
-bool hasDictionary()
-{
-    return textCheckerEnchant()->hasDictionary();
-}
-
 /**
  * Initializes spellcheck feature.
  *
diff --git a/Source/WebKit2/UIProcess/API/efl/ewk_text_checker_private.h b/Source/WebKit2/UIProcess/API/efl/ewk_text_checker_private.h
index 6c4730e2e..462d314f4 100644
--- a/Source/WebKit2/UIProcess/API/efl/ewk_text_checker_private.h
+++ b/Source/WebKit2/UIProcess/API/efl/ewk_text_checker_private.h
@@ -39,7 +39,6 @@ void initialize();
 Vector<String> availableSpellCheckingLanguages();
 void updateSpellCheckingLanguages(const Vector<String>& languages);
 Vector<String> loadedSpellCheckingLanguages();
-bool hasDictionary();
 
 }
 
diff --git a/Source/WebKit2/UIProcess/API/efl/ewk_view.cpp b/Source/WebKit2/UIProcess/API/efl/ewk_view.cpp
index 9056e1cba..d214ed692 100644
--- a/Source/WebKit2/UIProcess/API/efl/ewk_view.cpp
+++ b/Source/WebKit2/UIProcess/API/efl/ewk_view.cpp
@@ -39,7 +39,6 @@
 #include "WKRetainPtr.h"
 #include "WKString.h"
 #include "WebContext.h"
-#include "WebFullScreenManagerProxy.h"
 #include "WebPageGroup.h"
 #include "WebPreferences.h"
 #include "ewk_back_forward_list_private.h"
@@ -908,16 +907,3 @@ Ewk_Pagination_Mode ewk_view_pagination_mode_get(const Evas_Object* ewkView)
 
     return static_cast<Ewk_Pagination_Mode>(impl->page()->paginationMode());
 }
-
-Eina_Bool ewk_view_fullscreen_exit(Evas_Object* ewkView)
-{
-#if ENABLE(FULLSCREEN_API)
-    EWK_VIEW_IMPL_GET_OR_RETURN(ewkView, impl, false);
-
-    impl->page()->fullScreenManager()->requestExitFullScreen();
-
-    return true;
-#else
-    return false;
-#endif
-}
diff --git a/Source/WebKit2/UIProcess/API/efl/ewk_view.h b/Source/WebKit2/UIProcess/API/efl/ewk_view.h
index 85b976291..87f36c14e 100644
--- a/Source/WebKit2/UIProcess/API/efl/ewk_view.h
+++ b/Source/WebKit2/UIProcess/API/efl/ewk_view.h
@@ -89,7 +89,6 @@
 #include "ewk_intent.h"
 #include "ewk_popup_menu.h"
 #include "ewk_resource.h"
-#include "ewk_security_origin.h"
 #include "ewk_settings.h"
 #include "ewk_touch.h"
 #include "ewk_url_request.h"
@@ -122,7 +121,7 @@ struct Ewk_View_Smart_Class {
     //  - if overridden, have to call parent method if desired
     Eina_Bool (*focus_in)(Ewk_View_Smart_Data *sd);
     Eina_Bool (*focus_out)(Ewk_View_Smart_Data *sd);
-    Eina_Bool (*fullscreen_enter)(Ewk_View_Smart_Data *sd, Ewk_Security_Origin *origin);
+    Eina_Bool (*fullscreen_enter)(Ewk_View_Smart_Data *sd);
     Eina_Bool (*fullscreen_exit)(Ewk_View_Smart_Data *sd);
     Eina_Bool (*mouse_wheel)(Ewk_View_Smart_Data *sd, const Evas_Event_Mouse_Wheel *ev);
     Eina_Bool (*mouse_down)(Ewk_View_Smart_Data *sd, const Evas_Event_Mouse_Down *ev);
@@ -801,15 +800,6 @@ EAPI Eina_Bool ewk_view_pagination_mode_set(Evas_Object *o, Ewk_Pagination_Mode
  */
 EAPI Ewk_Pagination_Mode ewk_view_pagination_mode_get(const Evas_Object *o);
 
-/**
- * Exit fullscreen mode.
- *
- * @param o view object where to exit fullscreen
- *
- * @return @c EINA_TRUE if successful, @c EINA_FALSE otherwise
- */
-EAPI Eina_Bool ewk_view_fullscreen_exit(Evas_Object *o);
-
 #ifdef __cplusplus
 }
 #endif
diff --git a/Source/WebKit2/UIProcess/API/efl/tests/test_ewk2_view.cpp b/Source/WebKit2/UIProcess/API/efl/tests/test_ewk2_view.cpp
index ed5bbb1bb..199970d29 100644
--- a/Source/WebKit2/UIProcess/API/efl/tests/test_ewk2_view.cpp
+++ b/Source/WebKit2/UIProcess/API/efl/tests/test_ewk2_view.cpp
@@ -242,13 +242,7 @@ TEST_F(EWK2UnitTestBase, ewk_view_mouse_events_enabled)
     ASSERT_FALSE(ewk_view_mouse_events_enabled_get(webView()));
 }
 
-static Eina_Bool fullScreenCallback(Ewk_View_Smart_Data* smartData, Ewk_Security_Origin*)
-{
-    fullScreenCallbackCalled = true;
-    return false;
-}
-
-static Eina_Bool fullScreenExitCallback(Ewk_View_Smart_Data* smartData)
+static Eina_Bool fullScreenCallback(Ewk_View_Smart_Data* smartData)
 {
     fullScreenCallbackCalled = true;
     return false;
@@ -284,7 +278,7 @@ TEST_F(EWK2UnitTestBase, ewk_view_full_screen_exit)
         "}</script></head>"
         "<body><div id=\"fullscreen\" style=\"width:100px; height:100px\" onclick=\"makeFullScreenAndExit()\"></div></body>";
 
-    ewkViewClass()->fullscreen_exit = fullScreenExitCallback;
+    ewkViewClass()->fullscreen_exit = fullScreenCallback;
 
     ewk_view_html_string_load(webView(), fullscreenHTML, "file:///", 0);
     ASSERT_TRUE(waitUntilLoadFinished());
diff --git a/Source/WebKit2/UIProcess/CoordinatedGraphics/CoordinatedBackingStore.cpp b/Source/WebKit2/UIProcess/CoordinatedGraphics/CoordinatedBackingStore.cpp
index 7cb9842cf..a569b9e78 100644
--- a/Source/WebKit2/UIProcess/CoordinatedGraphics/CoordinatedBackingStore.cpp
+++ b/Source/WebKit2/UIProcess/CoordinatedGraphics/CoordinatedBackingStore.cpp
@@ -72,10 +72,10 @@ void CoordinatedBackingStore::createTile(int id, float scale)
 
 void CoordinatedBackingStore::removeTile(int id)
 {
-    ASSERT(m_tiles.contains(id));
-    m_tilesToRemove.add(id);
+    m_tilesToRemove.append(id);
 }
 
+
 void CoordinatedBackingStore::updateTile(int id, const IntRect& sourceRect, const IntRect& targetRect, PassRefPtr<ShareableSurface> backBuffer, const IntPoint& offset)
 {
     HashMap<int, CoordinatedBackingStoreTile>::iterator it = m_tiles.find(id);
@@ -84,11 +84,6 @@ void CoordinatedBackingStore::updateTile(int id, const IntRect& sourceRect, cons
     it->value.setBackBuffer(targetRect, sourceRect, backBuffer, offset);
 }
 
-bool CoordinatedBackingStore::isEmpty() const
-{
-    return m_tiles.size() == m_tilesToRemove.size();
-}
-
 PassRefPtr<BitmapTexture> CoordinatedBackingStore::texture() const
 {
     HashMap<int, CoordinatedBackingStoreTile>::const_iterator end = m_tiles.end();
@@ -154,8 +149,8 @@ void CoordinatedBackingStore::paintToTextureMapper(TextureMapper* textureMapper,
 
 void CoordinatedBackingStore::commitTileOperations(TextureMapper* textureMapper)
 {
-    HashSet<int>::iterator tilesToRemoveEnd = m_tilesToRemove.end();
-    for (HashSet<int>::iterator it = m_tilesToRemove.begin(); it != tilesToRemoveEnd; ++it)
+    Vector<int>::iterator tilesToRemoveEnd = m_tilesToRemove.end();
+    for (Vector<int>::iterator it = m_tilesToRemove.begin(); it != tilesToRemoveEnd; ++it)
         m_tiles.remove(*it);
     m_tilesToRemove.clear();
 
diff --git a/Source/WebKit2/UIProcess/CoordinatedGraphics/CoordinatedBackingStore.h b/Source/WebKit2/UIProcess/CoordinatedGraphics/CoordinatedBackingStore.h
index fe6e4aa15..637feba70 100644
--- a/Source/WebKit2/UIProcess/CoordinatedGraphics/CoordinatedBackingStore.h
+++ b/Source/WebKit2/UIProcess/CoordinatedGraphics/CoordinatedBackingStore.h
@@ -25,7 +25,6 @@
 #include "TextureMapper.h"
 #include "TextureMapperBackingStore.h"
 #include <wtf/HashMap.h>
-#include <wtf/HashSet.h>
 
 namespace WebKit {
 
@@ -60,7 +59,6 @@ public:
     void createTile(int, float);
     void removeTile(int);
     void updateTile(int, const WebCore::IntRect&, const WebCore::IntRect&, PassRefPtr<ShareableSurface>, const WebCore::IntPoint&);
-    bool isEmpty() const;
     static PassRefPtr<CoordinatedBackingStore> create() { return adoptRef(new CoordinatedBackingStore); }
     void commitTileOperations(WebCore::TextureMapper*);
     PassRefPtr<WebCore::BitmapTexture> texture() const;
@@ -71,7 +69,7 @@ private:
         : m_scale(1.)
     { }
     HashMap<int, CoordinatedBackingStoreTile> m_tiles;
-    HashSet<int> m_tilesToRemove;
+    Vector<int> m_tilesToRemove;
     float m_scale;
 };
 
diff --git a/Source/WebKit2/UIProcess/CoordinatedGraphics/LayerTreeCoordinatorProxy.cpp b/Source/WebKit2/UIProcess/CoordinatedGraphics/LayerTreeCoordinatorProxy.cpp
index 1d6e5aefe..4d43feb81 100644
--- a/Source/WebKit2/UIProcess/CoordinatedGraphics/LayerTreeCoordinatorProxy.cpp
+++ b/Source/WebKit2/UIProcess/CoordinatedGraphics/LayerTreeCoordinatorProxy.cpp
@@ -201,7 +201,6 @@ void LayerTreeCoordinatorProxy::syncCanvas(uint32_t id, const IntSize& canvasSiz
 
 void LayerTreeCoordinatorProxy::purgeBackingStores()
 {
-    m_surfaces.clear();
     m_drawingAreaProxy->page()->process()->send(Messages::LayerTreeCoordinator::PurgeBackingStores(), m_drawingAreaProxy->page()->pageID());
 }
 
diff --git a/Source/WebKit2/UIProcess/CoordinatedGraphics/LayerTreeRenderer.cpp b/Source/WebKit2/UIProcess/CoordinatedGraphics/LayerTreeRenderer.cpp
index 6436d55ee..bd92f7249 100644
--- a/Source/WebKit2/UIProcess/CoordinatedGraphics/LayerTreeRenderer.cpp
+++ b/Source/WebKit2/UIProcess/CoordinatedGraphics/LayerTreeRenderer.cpp
@@ -367,16 +367,6 @@ PassRefPtr<CoordinatedBackingStore> LayerTreeRenderer::getBackingStore(WebLayerI
     return backingStore;
 }
 
-void LayerTreeRenderer::removeBackingStoreIfNeeded(WebLayerID layerID, int /*tileID*/)
-{
-    TextureMapperLayer* layer = toTextureMapperLayer(layerByID(layerID));
-    ASSERT(layer);
-    RefPtr<CoordinatedBackingStore> backingStore = static_cast<CoordinatedBackingStore*>(layer->backingStore().get());
-    ASSERT(backingStore);
-    if (backingStore->isEmpty())
-        layer->setBackingStore(0);
-}
-
 void LayerTreeRenderer::createTile(WebLayerID layerID, int tileID, float scale)
 {
     getBackingStore(layerID)->createTile(tileID, scale);
@@ -385,7 +375,6 @@ void LayerTreeRenderer::createTile(WebLayerID layerID, int tileID, float scale)
 void LayerTreeRenderer::removeTile(WebLayerID layerID, int tileID)
 {
     getBackingStore(layerID)->removeTile(tileID);
-    removeBackingStoreIfNeeded(layerID, tileID);
 }
 
 void LayerTreeRenderer::updateTile(WebLayerID layerID, int tileID, const TileUpdate& update)
diff --git a/Source/WebKit2/UIProcess/CoordinatedGraphics/LayerTreeRenderer.h b/Source/WebKit2/UIProcess/CoordinatedGraphics/LayerTreeRenderer.h
index 1dccbbcf9..ebe4ca391 100644
--- a/Source/WebKit2/UIProcess/CoordinatedGraphics/LayerTreeRenderer.h
+++ b/Source/WebKit2/UIProcess/CoordinatedGraphics/LayerTreeRenderer.h
@@ -120,9 +120,6 @@ private:
     void renderNextFrame();
     void purgeBackingStores();
 
-    PassRefPtr<CoordinatedBackingStore> getBackingStore(WebLayerID);
-    void removeBackingStoreIfNeeded(WebLayerID, int tileID);
-
     typedef HashMap<WebLayerID, WebCore::GraphicsLayer*> LayerMap;
     WebCore::FloatSize m_contentsSize;
     WebCore::FloatRect m_visibleContentsRect;
@@ -131,10 +128,12 @@ private:
     Vector<Function<void()> > m_renderQueue;
     Mutex m_renderQueueMutex;
 
+#if USE(TEXTURE_MAPPER)
     OwnPtr<WebCore::TextureMapper> m_textureMapper;
+    PassRefPtr<CoordinatedBackingStore> getBackingStore(WebLayerID);
     HashMap<int64_t, RefPtr<WebCore::TextureMapperBackingStore> > m_directlyCompositedImages;
     HashSet<RefPtr<CoordinatedBackingStore> > m_backingStoresWithPendingBuffers;
-
+#endif
 #if USE(GRAPHICS_SURFACE)
     typedef HashMap<WebLayerID, RefPtr<WebCore::TextureMapperSurfaceBackingStore> > SurfaceBackingStoreMap;
     SurfaceBackingStoreMap m_surfaceBackingStores;
diff --git a/Source/WebKit2/UIProcess/mac/WebInspectorProxyMac.mm b/Source/WebKit2/UIProcess/mac/WebInspectorProxyMac.mm
index 39cc7bed0..0a2b9b0c3 100644
--- a/Source/WebKit2/UIProcess/mac/WebInspectorProxyMac.mm
+++ b/Source/WebKit2/UIProcess/mac/WebInspectorProxyMac.mm
@@ -139,14 +139,22 @@ void WebInspectorProxy::createInspectorWindow()
 {
     ASSERT(!m_inspectorWindow);
 
-    NSUInteger styleMask = (NSTitledWindowMask | NSClosableWindowMask | NSMiniaturizableWindowMask | NSResizableWindowMask | NSTexturedBackgroundWindowMask);
+    bool useTexturedWindow = inspectorReallyUsesWebKitUserInterface(page()->pageGroup()->preferences());
+
+    NSUInteger styleMask = (NSTitledWindowMask | NSClosableWindowMask | NSMiniaturizableWindowMask | NSResizableWindowMask);
+    if (useTexturedWindow)
+        styleMask |= NSTexturedBackgroundWindowMask;
+
     NSWindow *window = [[NSWindow alloc] initWithContentRect:NSMakeRect(0, 0, initialWindowWidth, initialWindowHeight) styleMask:styleMask backing:NSBackingStoreBuffered defer:NO];
     [window setDelegate:m_inspectorProxyObjCAdapter.get()];
     [window setMinSize:NSMakeSize(minimumWindowWidth, minimumWindowHeight)];
     [window setReleasedWhenClosed:NO];
-    [window setAutorecalculatesContentBorderThickness:NO forEdge:NSMaxYEdge];
-    [window setContentBorderThickness:windowContentBorderThickness forEdge:NSMaxYEdge];
-    WKNSWindowMakeBottomCornersSquare(window);
+
+    if (useTexturedWindow) {
+        [window setAutorecalculatesContentBorderThickness:NO forEdge:NSMaxYEdge];
+        [window setContentBorderThickness:windowContentBorderThickness forEdge:NSMaxYEdge];
+        WKNSWindowMakeBottomCornersSquare(window);
+    }
 
     NSView *contentView = [window contentView];
     [m_inspectorView.get() setFrame:[contentView bounds]];
diff --git a/Source/WebKit2/WebKit2.xcodeproj/project.pbxproj b/Source/WebKit2/WebKit2.xcodeproj/project.pbxproj
index ddb93d2ce..7216c4b87 100644
--- a/Source/WebKit2/WebKit2.xcodeproj/project.pbxproj
+++ b/Source/WebKit2/WebKit2.xcodeproj/project.pbxproj
@@ -377,10 +377,6 @@
 		511F8A7F138B46FE00A95F44 /* SecItemShimMethods.h in Headers */ = {isa = PBXBuildFile; fileRef = 511F8A7D138B46FE00A95F44 /* SecItemShimMethods.h */; };
 		511F8A80138B46FE00A95F44 /* SecItemShimMethods.mm in Sources */ = {isa = PBXBuildFile; fileRef = 511F8A7E138B46FE00A95F44 /* SecItemShimMethods.mm */; };
 		511F8A81138B485D00A95F44 /* WebProcessShim.mm in Sources */ = {isa = PBXBuildFile; fileRef = 511F8A78138B460900A95F44 /* WebProcessShim.mm */; };
-		51217460164C20E30037A5C1 /* ShareableResource.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5121745E164C20E30037A5C1 /* ShareableResource.cpp */; };
-		51217461164C20E30037A5C1 /* ShareableResource.h in Headers */ = {isa = PBXBuildFile; fileRef = 5121745F164C20E30037A5C1 /* ShareableResource.h */; };
-		51217464164C21370037A5C1 /* WebResourceBuffer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 51217462164C21370037A5C1 /* WebResourceBuffer.cpp */; };
-		51217465164C21370037A5C1 /* WebResourceBuffer.h in Headers */ = {isa = PBXBuildFile; fileRef = 51217463164C21370037A5C1 /* WebResourceBuffer.h */; };
 		5123CF1B133D260A0056F800 /* WKIconDatabaseCG.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5123CF19133D260A0056F800 /* WKIconDatabaseCG.cpp */; };
 		5123CF1C133D260A0056F800 /* WKIconDatabaseCG.h in Headers */ = {isa = PBXBuildFile; fileRef = 5123CF1A133D260A0056F800 /* WKIconDatabaseCG.h */; settings = {ATTRIBUTES = (Private, ); }; };
 		512935D71288D19400A4B695 /* WebContextMenuItem.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 512935D51288D19400A4B695 /* WebContextMenuItem.cpp */; };
@@ -1597,10 +1593,6 @@
 		511F8A78138B460900A95F44 /* WebProcessShim.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = WebProcessShim.mm; sourceTree = "<group>"; };
 		511F8A7D138B46FE00A95F44 /* SecItemShimMethods.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecItemShimMethods.h; sourceTree = "<group>"; };
 		511F8A7E138B46FE00A95F44 /* SecItemShimMethods.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = SecItemShimMethods.mm; sourceTree = "<group>"; };
-		5121745E164C20E30037A5C1 /* ShareableResource.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ShareableResource.cpp; sourceTree = "<group>"; };
-		5121745F164C20E30037A5C1 /* ShareableResource.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ShareableResource.h; sourceTree = "<group>"; };
-		51217462164C21370037A5C1 /* WebResourceBuffer.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = WebResourceBuffer.cpp; sourceTree = "<group>"; };
-		51217463164C21370037A5C1 /* WebResourceBuffer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WebResourceBuffer.h; sourceTree = "<group>"; };
 		5123CF19133D260A0056F800 /* WKIconDatabaseCG.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = WKIconDatabaseCG.cpp; path = cg/WKIconDatabaseCG.cpp; sourceTree = "<group>"; };
 		5123CF1A133D260A0056F800 /* WKIconDatabaseCG.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = WKIconDatabaseCG.h; path = cg/WKIconDatabaseCG.h; sourceTree = "<group>"; };
 		512935D51288D19400A4B695 /* WebContextMenuItem.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = WebContextMenuItem.cpp; sourceTree = "<group>"; };
@@ -2748,8 +2740,6 @@
 				518D2CC912D51DFB003BB93B /* SessionState.h */,
 				1A6420E212DCE2FF00CAAE2C /* ShareableBitmap.cpp */,
 				1A6420E312DCE2FF00CAAE2C /* ShareableBitmap.h */,
-				5121745E164C20E30037A5C1 /* ShareableResource.cpp */,
-				5121745F164C20E30037A5C1 /* ShareableResource.h */,
 				5272B2881406985D0096A5D0 /* StatisticsData.cpp */,
 				5272B2891406985D0096A5D0 /* StatisticsData.h */,
 				BCBD3C3A125BFA7A00D2C29F /* StringPairVector.h */,
@@ -2814,8 +2804,6 @@
 				37948402150C350600E52CE9 /* WebRenderLayer.h */,
 				3760881C150413E900FC82C7 /* WebRenderObject.cpp */,
 				3760881D150413E900FC82C7 /* WebRenderObject.h */,
-				51217462164C21370037A5C1 /* WebResourceBuffer.cpp */,
-				51217463164C21370037A5C1 /* WebResourceBuffer.h */,
 				F634445512A885C8000612D8 /* WebSecurityOrigin.h */,
 				A72D5D7F1236CBA800A88B15 /* WebSerializedScriptValue.h */,
 				BCF04C8E11FF9F6E00F86A58 /* WebString.h */,
@@ -4873,8 +4861,6 @@
 				1AB16AE21648656D00290D62 /* RemoteLayerTreeDrawingAreaProxy.h in Headers */,
 				1AB16AEA164B3A8800290D62 /* RemoteLayerTreeController.h in Headers */,
 				1AB16AEE164B41E400290D62 /* RemoteGraphicsLayer.h in Headers */,
-				51217461164C20E30037A5C1 /* ShareableResource.h in Headers */,
-				51217465164C21370037A5C1 /* WebResourceBuffer.h in Headers */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};
@@ -5814,8 +5800,6 @@
 				9F4F59461648BA8E00493B7E /* NetworkProcessManagerMac.mm in Sources */,
 				1AB16AE9164B3A8800290D62 /* RemoteLayerTreeController.mm in Sources */,
 				1AB16AED164B41E400290D62 /* RemoteGraphicsLayer.mm in Sources */,
-				51217460164C20E30037A5C1 /* ShareableResource.cpp in Sources */,
-				51217464164C21370037A5C1 /* WebResourceBuffer.cpp in Sources */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};
diff --git a/Source/WebKit2/WebProcess/Network/NetworkProcessConnection.cpp b/Source/WebKit2/WebProcess/Network/NetworkProcessConnection.cpp
index 69e30419d..10d672208 100644
--- a/Source/WebKit2/WebProcess/Network/NetworkProcessConnection.cpp
+++ b/Source/WebKit2/WebProcess/Network/NetworkProcessConnection.cpp
@@ -27,13 +27,9 @@
 #include "NetworkProcessConnection.h"
 
 #include "WebProcess.h"
-#include "WebResourceBuffer.h"
-#include <WebCore/ResourceBuffer.h>
 
 #if ENABLE(NETWORK_PROCESS)
 
-using namespace WebCore;
-
 namespace WebKit {
 
 NetworkProcessConnection::NetworkProcessConnection(CoreIPC::Connection::Identifier connectionIdentifier)
@@ -70,29 +66,11 @@ void NetworkProcessConnection::didReceiveInvalidMessage(CoreIPC::Connection*, Co
 {
 }
 
-void NetworkProcessConnection::didReceiveResponse(ResourceLoadIdentifier resourceLoadIdentifier, const ResourceResponse& response)
+void NetworkProcessConnection::startResourceLoad(ResourceLoadIdentifier resourceLoadIdentifier)
 {
-    WebProcess::shared().webResourceLoadScheduler().didReceiveResponse(resourceLoadIdentifier, response);
+    WebProcess::shared().webResourceLoadScheduler().startResourceLoad(resourceLoadIdentifier);
 }
-
-void NetworkProcessConnection::didReceiveResource(ResourceLoadIdentifier resourceLoadIdentifier, const ShareableResource::Handle& handle, double finishTime)
-{
-    RefPtr<ResourceBuffer> resourceBuffer;
-
-    RefPtr<ShareableResource> resource = ShareableResource::create(handle);
-    if (resource)
-        resourceBuffer = WebResourceBuffer::create(resource.release());
-    else
-        resourceBuffer = ResourceBuffer::create();
     
-    WebProcess::shared().webResourceLoadScheduler().didReceiveResource(resourceLoadIdentifier, *resourceBuffer, finishTime);
-}
-
-void NetworkProcessConnection::didFailResourceLoad(ResourceLoadIdentifier resourceLoadIdentifier, const ResourceError& error)
-{
-    WebProcess::shared().webResourceLoadScheduler().didFailResourceLoad(resourceLoadIdentifier, error);
-}
-
 } // namespace WebKit
 
 #endif // ENABLE(NETWORK_PROCESS)
diff --git a/Source/WebKit2/WebProcess/Network/NetworkProcessConnection.h b/Source/WebKit2/WebProcess/Network/NetworkProcessConnection.h
index afa40d338..6d6a98fdd 100644
--- a/Source/WebKit2/WebProcess/Network/NetworkProcessConnection.h
+++ b/Source/WebKit2/WebProcess/Network/NetworkProcessConnection.h
@@ -27,17 +27,11 @@
 #define NetworkProcessConnection_h
 
 #include "Connection.h"
-#include "ShareableResource.h"
 #include <wtf/RefCounted.h>
 #include <wtf/text/WTFString.h>
 
 #if ENABLE(NETWORK_PROCESS)
 
-namespace WebCore {
-class ResourceError;
-class ResourceResponse;
-}
-
 namespace WebKit {
 
 typedef uint64_t ResourceLoadIdentifier;
@@ -63,9 +57,7 @@ private:
 
     void didReceiveNetworkProcessConnectionMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::MessageDecoder&);
 
-    void didReceiveResponse(ResourceLoadIdentifier, const WebCore::ResourceResponse&);
-    void didReceiveResource(ResourceLoadIdentifier, const ShareableResource::Handle&, double finishTime);
-    void didFailResourceLoad(ResourceLoadIdentifier, const WebCore::ResourceError&);
+    void startResourceLoad(ResourceLoadIdentifier);
 
     // The connection from the web process to the network process.
     RefPtr<CoreIPC::Connection> m_connection;
diff --git a/Source/WebKit2/WebProcess/Network/NetworkProcessConnection.messages.in b/Source/WebKit2/WebProcess/Network/NetworkProcessConnection.messages.in
index 0c168f6da..69aeabb24 100644
--- a/Source/WebKit2/WebProcess/Network/NetworkProcessConnection.messages.in
+++ b/Source/WebKit2/WebProcess/Network/NetworkProcessConnection.messages.in
@@ -24,10 +24,9 @@
 
 messages -> NetworkProcessConnection {
 
-    // FIXME (NetworkProcess): We'll need much more granularity for response messages.
-    DidReceiveResponse(uint64_t resourceLoadIdentifier, WebCore::ResourceResponse response)
-    DidReceiveResource(uint64_t resourceLoadIdentifier, WebKit::ShareableResource::Handle resource, double finishTime)
-    DidFailResourceLoad(uint64_t resourceLoadIdentifier, WebCore::ResourceError error)
+    // FIXME (NetworkProcess): This message is for the NetworkProcess to tell the WebProcess to start a load.
+    // Once the NetworkProcess is doing the loading itself then we should remove it.
+    StartResourceLoad(uint64_t resourceLoadIdentifier)
 }
 
 #endif // ENABLE(NETWORK_PROCESS)
diff --git a/Source/WebKit2/WebProcess/Network/WebResourceLoadScheduler.cpp b/Source/WebKit2/WebProcess/Network/WebResourceLoadScheduler.cpp
index bf14f2ea1..def60e45a 100644
--- a/Source/WebKit2/WebProcess/Network/WebResourceLoadScheduler.cpp
+++ b/Source/WebKit2/WebProcess/Network/WebResourceLoadScheduler.cpp
@@ -35,7 +35,6 @@
 #include <WebCore/Frame.h>
 #include <WebCore/FrameLoader.h>
 #include <WebCore/NetscapePlugInStreamLoader.h>
-#include <WebCore/ResourceBuffer.h>
 #include <WebCore/ResourceLoader.h>
 #include <WebCore/SubresourceLoader.h>
 #include <wtf/text/CString.h>
@@ -73,7 +72,7 @@ PassRefPtr<NetscapePlugInStreamLoader> WebResourceLoadScheduler::schedulePluginS
 
 void WebResourceLoadScheduler::scheduleLoad(ResourceLoader* resourceLoader, ResourceLoadPriority priority)
 {
-    LOG(NetworkScheduling, "(WebProcess) WebResourceLoadScheduler::scheduleLoad, url '%s' priority %i", resourceLoader->url().string().utf8().data(), priority);
+    LOG(Network, "(WebProcess) WebResourceLoadScheduler::scheduleLoad, url '%s' priority %i", resourceLoader->url().string().utf8().data(), priority);
 
     ASSERT(resourceLoader);
     ASSERT(priority != ResourceLoadPriorityUnresolved);
@@ -108,7 +107,7 @@ void WebResourceLoadScheduler::scheduleLoad(ResourceLoader* resourceLoader, Reso
 
 void WebResourceLoadScheduler::addMainResourceLoad(ResourceLoader* resourceLoader)
 {
-    LOG(NetworkScheduling, "(WebProcess) WebResourceLoadScheduler::addMainResourceLoad, url '%s'", resourceLoader->url().string().utf8().data());
+    LOG(Network, "(WebProcess) WebResourceLoadScheduler::addMainResourceLoad, url '%s'", resourceLoader->url().string().utf8().data());
 
     ResourceLoadIdentifier identifier;
 
@@ -125,7 +124,7 @@ void WebResourceLoadScheduler::addMainResourceLoad(ResourceLoader* resourceLoade
 void WebResourceLoadScheduler::remove(ResourceLoader* resourceLoader)
 {
     ASSERT(resourceLoader);
-    LOG(NetworkScheduling, "(WebProcess) WebResourceLoadScheduler::remove, url '%s'", resourceLoader->url().string().utf8().data());
+    LOG(Network, "(WebProcess) WebResourceLoadScheduler::remove, url '%s'", resourceLoader->url().string().utf8().data());
 
     // FIXME (NetworkProcess): It's possible for a resourceLoader to be removed before it ever started,
     // meaning before it even has an identifier.
@@ -138,8 +137,6 @@ void WebResourceLoadScheduler::remove(ResourceLoader* resourceLoader)
         return;
     }
     
-    // FIXME (NetworkProcess): We should only tell the NetworkProcess to remove load identifiers for ResourceLoaders that were never started.
-    // If a resource load was actually started within the NetworkProcess then the NetworkProcess handles clearing out the identifier.
     WebProcess::shared().networkConnection()->connection()->send(Messages::NetworkConnectionToWebProcess::RemoveLoadIdentifier(identifier), 0);
     
     ASSERT(m_pendingResourceLoaders.contains(identifier) || m_activeResourceLoaders.contains(identifier));
@@ -149,7 +146,7 @@ void WebResourceLoadScheduler::remove(ResourceLoader* resourceLoader)
 
 void WebResourceLoadScheduler::crossOriginRedirectReceived(ResourceLoader* resourceLoader, const KURL& redirectURL)
 {
-    LOG(NetworkScheduling, "(WebProcess) WebResourceLoadScheduler::crossOriginRedirectReceived. From '%s' to '%s'", resourceLoader->url().string().utf8().data(), redirectURL.string().utf8().data());
+    LOG(Network, "(WebProcess) WebResourceLoadScheduler::crossOriginRedirectReceived. From '%s' to '%s'", resourceLoader->url().string().utf8().data(), redirectURL.string().utf8().data());
 
     ASSERT(resourceLoader);
     ASSERT(resourceLoader->identifier());
@@ -162,7 +159,7 @@ void WebResourceLoadScheduler::crossOriginRedirectReceived(ResourceLoader* resou
 
 void WebResourceLoadScheduler::servePendingRequests(ResourceLoadPriority minimumPriority)
 {
-    LOG(NetworkScheduling, "(WebProcess) WebResourceLoadScheduler::servePendingRequests");
+    LOG(Network, "(WebProcess) WebResourceLoadScheduler::servePendingRequests");
     
     // If this WebProcess has its own request suspension count then we don't even
     // have to bother messaging the NetworkProcess.
@@ -192,40 +189,23 @@ void WebResourceLoadScheduler::setSerialLoadingEnabled(bool enabled)
     WebProcess::shared().networkConnection()->connection()->sendSync(Messages::NetworkConnectionToWebProcess::SetSerialLoadingEnabled(enabled), Messages::NetworkConnectionToWebProcess::SetSerialLoadingEnabled::Reply(), 0);
 }
 
-void WebResourceLoadScheduler::didReceiveResponse(ResourceLoadIdentifier identifier, const WebCore::ResourceResponse& response)
+void WebResourceLoadScheduler::startResourceLoad(ResourceLoadIdentifier identifier)
 {
-    RefPtr<ResourceLoader> loader = m_pendingResourceLoaders.get(identifier);
-    ASSERT(loader);
-
-    LOG(Network, "(WebProcess) WebResourceLoadScheduler::didReceiveResponse for '%s'", loader->url().string().utf8().data());
-    loader->didReceiveResponse(response);
-}
-
-void WebResourceLoadScheduler::didReceiveResource(ResourceLoadIdentifier identifier, const ResourceBuffer& buffer, double finishTime)
-{    
-    RefPtr<ResourceLoader> loader = m_pendingResourceLoaders.get(identifier);
+    RefPtr<ResourceLoader> loader = m_pendingResourceLoaders.take(identifier);
+    
+    // <rdar://problem/12596761> and http://webkit.org/b/100792
+    // There is a race condition where the WebProcess might tell the NetworkProcess to remove a resource load identifier
+    // at the very time the NetworkProcess is telling the WebProcess to start that particular load.
+    // We'd like to remove that race condition but it makes sense for release builds to do an early return.
     ASSERT(loader);
-
-    LOG(Network, "(WebProcess) WebResourceLoadScheduler::didReceiveResource for '%s'", loader->url().string().utf8().data());
+    if (!loader)
+        return;
     
-    // Only send data to the didReceiveData callback if it exists.
-    if (!buffer.isEmpty()) {
-        // FIXME (NetworkProcess): Give ResourceLoader the ability to take ResourceBuffer arguments.
-        // That will allow us to pass it along to CachedResources and allow them to hang on to the shared memory behind the scenes.
-        loader->didReceiveData(reinterpret_cast<const char*>(buffer.data()), buffer.size(), -1 /* encodedDataLength */, true);
-    }
-
-    loader->didFinishLoading(finishTime);
-}
+    LOG(Network, "(WebProcess) WebResourceLoadScheduler::startResourceLoad starting load for '%s'", loader->url().string().utf8().data());
 
-void WebResourceLoadScheduler::didFailResourceLoad(ResourceLoadIdentifier identifier, const WebCore::ResourceError& error)
-{
-    RefPtr<ResourceLoader> loader = m_pendingResourceLoaders.get(identifier);
-    ASSERT(loader);
+    m_activeResourceLoaders.set(identifier, loader);
 
-    LOG(Network, "(WebProcess) WebResourceLoadScheduler::didFailResourceLoad for '%s'", loader->url().string().utf8().data());
-    
-    loader->didFail(error);
+    startResourceLoader(loader.get());
 }
 
 } // namespace WebKit
diff --git a/Source/WebKit2/WebProcess/Network/WebResourceLoadScheduler.h b/Source/WebKit2/WebProcess/Network/WebResourceLoadScheduler.h
index faa2a45d6..422427bc6 100644
--- a/Source/WebKit2/WebProcess/Network/WebResourceLoadScheduler.h
+++ b/Source/WebKit2/WebProcess/Network/WebResourceLoadScheduler.h
@@ -57,12 +57,13 @@ public:
 
     virtual void setSerialLoadingEnabled(bool) OVERRIDE;
 
-    void didReceiveResponse(ResourceLoadIdentifier, const WebCore::ResourceResponse&);
-    void didReceiveResource(ResourceLoadIdentifier, const WebCore::ResourceBuffer&, double finishTime);
-    void didFailResourceLoad(ResourceLoadIdentifier, const WebCore::ResourceError&);
-
 private:
     void scheduleLoad(WebCore::ResourceLoader*, WebCore::ResourceLoadPriority);
+
+    // NetworkProcessConnection gets to tell loads to actually start.
+    // FIXME (NetworkProcess): Once actual loading takes place in the NetworkProcess we won't need this.
+    friend class NetworkProcessConnection;
+    void startResourceLoad(ResourceLoadIdentifier);
     
     typedef HashMap<unsigned long, RefPtr<WebCore::ResourceLoader> > ResourceLoaderMap;
     ResourceLoaderMap m_pendingResourceLoaders;
diff --git a/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/CoordinatedGraphicsLayer.cpp b/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/CoordinatedGraphicsLayer.cpp
index c56c28586..26e48d61c 100644
--- a/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/CoordinatedGraphicsLayer.cpp
+++ b/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/CoordinatedGraphicsLayer.cpp
@@ -563,7 +563,7 @@ float CoordinatedGraphicsLayer::effectiveContentsScale()
 
 void CoordinatedGraphicsLayer::adjustContentsScale()
 {
-    if (!drawsContent() || !contentsAreVisible() || m_size.isEmpty())
+    if (!drawsContent())
         return;
 
     if (!m_mainBackingStore || m_mainBackingStore->contentsScale() == effectiveContentsScale())
diff --git a/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/LayerTreeCoordinator.cpp b/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/LayerTreeCoordinator.cpp
index 4f8c3a99e..5d9b3ef38 100644
--- a/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/LayerTreeCoordinator.cpp
+++ b/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/LayerTreeCoordinator.cpp
@@ -47,7 +47,6 @@
 #include <WebCore/RenderLayerCompositor.h>
 #include <WebCore/RenderView.h>
 #include <WebCore/Settings.h>
-#include <wtf/TemporaryChange.h>
 
 using namespace WebCore;
 
@@ -73,7 +72,6 @@ LayerTreeCoordinator::LayerTreeCoordinator(WebPage* webPage)
     : LayerTreeHost(webPage)
     , m_notifyAfterScheduledLayerFlush(false)
     , m_isValid(true)
-    , m_isPurging(false)
     , m_waitingForUIProcess(true)
     , m_isSuspended(false)
     , m_contentsScale(1)
@@ -451,10 +449,8 @@ void LayerTreeCoordinator::didPerformScheduledLayerFlush()
 
 void LayerTreeCoordinator::purgeReleasedImages()
 {
-    if (!m_isPurging) {
-        for (size_t i = 0; i < m_releasedDirectlyCompositedImages.size(); ++i)
-            m_webPage->send(Messages::LayerTreeCoordinatorProxy::DestroyDirectlyCompositedImage(m_releasedDirectlyCompositedImages[i]));
-    }
+    for (size_t i = 0; i < m_releasedDirectlyCompositedImages.size(); ++i)
+        m_webPage->send(Messages::LayerTreeCoordinatorProxy::DestroyDirectlyCompositedImage(m_releasedDirectlyCompositedImages[i]));
     m_releasedDirectlyCompositedImages.clear();
 }
 
@@ -608,8 +604,6 @@ void LayerTreeCoordinator::updateTile(WebLayerID layerID, int tileID, const Surf
 
 void LayerTreeCoordinator::removeTile(WebLayerID layerID, int tileID)
 {
-    if (m_isPurging)
-        return;
     m_shouldSyncFrame = true;
     m_webPage->send(Messages::LayerTreeCoordinatorProxy::RemoveTileForLayer(layerID, tileID));
 }
@@ -621,8 +615,6 @@ void LayerTreeCoordinator::createUpdateAtlas(int atlasID, const ShareableSurface
 
 void LayerTreeCoordinator::removeUpdateAtlas(int atlasID)
 {
-    if (m_isPurging)
-        return;
     m_webPage->send(Messages::LayerTreeCoordinatorProxy::RemoveUpdateAtlas(atlasID));
 }
 
@@ -698,8 +690,6 @@ bool LayerTreeCoordinator::layerTreeTileUpdatesAllowed() const
 
 void LayerTreeCoordinator::purgeBackingStores()
 {
-    TemporaryChange<bool> purgingToggle(m_isPurging, true);
-
     HashSet<WebCore::CoordinatedGraphicsLayer*>::iterator end = m_registeredLayers.end();
     for (HashSet<WebCore::CoordinatedGraphicsLayer*>::iterator it = m_registeredLayers.begin(); it != end; ++it)
         (*it)->purgeBackingStores();
diff --git a/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/LayerTreeCoordinator.h b/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/LayerTreeCoordinator.h
index 4017e1fc4..cacb68eaa 100644
--- a/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/LayerTreeCoordinator.h
+++ b/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/LayerTreeCoordinator.h
@@ -153,8 +153,6 @@ private:
 
     bool m_notifyAfterScheduledLayerFlush;
     bool m_isValid;
-    // We don't send the messages related to releasing resources to UI Process during purging, because UI Process already had removed all resources.
-    bool m_isPurging;
 
     bool m_waitingForUIProcess;
     bool m_isSuspended;
diff --git a/Tools/ChangeLog b/Tools/ChangeLog
index bc0a1ccd7..693ae644b 100644
--- a/Tools/ChangeLog
+++ b/Tools/ChangeLog
@@ -1,50 +1,3 @@
-2012-11-09  Simon Hausmann  <simon.hausmann@digia.com>
-
-        [Qt] Build with MSVC fails to use nmake instead of make
-        https://bugs.webkit.org/show_bug.cgi?id=98645
-
-        Reviewed by Tor Arne Vestbø.
-
-        Don't rely on the "default" mkspec but instead query the target
-        mkspec variable from qmake to find the right qmake.conf.
-
-        * Scripts/webkitdirs.pm:
-        (qtMakeCommand):
-
-2012-11-08  Sudarsana Nagineni  <sudarsana.nagineni@intel.com>
-
-        [EFL] about:blank should display the blank page
-        https://bugs.webkit.org/show_bug.cgi?id=101566
-
-        Reviewed by Laszlo Gombos.
-
-        Add a check to return early without prepending http:// scheme, if the
-        URL is 'about:blank'.
-
-        * EWebLauncher/url_utils.c:
-        (url_from_user_input):
-
-2012-11-08  Christophe Dumez  <christophe.dumez@intel.com>
-
-        [EFL][WK2] Add proper support for fullscreen API to MiniBrowser
-        https://bugs.webkit.org/show_bug.cgi?id=101615
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        Implement fullscreen API support in MiniBrowser. When entering
-        fullscreen a popup is shown to notify the user that something
-        is displayed in fullscreen and to advertise that the Escape
-        key can be used to exit fullscreen. This behavior is according
-        to specification.
-
-        * MiniBrowser/efl/main.c:
-        (on_key_down):
-        (on_fullscreen_accept):
-        (on_fullscreen_deny):
-        (on_fullscreen_enter):
-        (on_fullscreen_exit):
-        (window_create):
-
 2012-11-08  Slavomir Kaslev  <skaslev@google.com>
 
         [Chromium] DumpRenderTree fix for canvas in software compositing
diff --git a/Tools/EWebLauncher/url_utils.c b/Tools/EWebLauncher/url_utils.c
index d8cf7cb49..fd92f145d 100644
--- a/Tools/EWebLauncher/url_utils.c
+++ b/Tools/EWebLauncher/url_utils.c
@@ -39,7 +39,7 @@ char *
 url_from_user_input(const char *arg)
 {
     /* If it is already a URL, return the argument as is. */
-    if (has_scheme(arg) || !strcasecmp(arg, "about:blank"))
+    if (has_scheme(arg))
         return strdup(arg);
 
     Eina_Strbuf *buf = eina_strbuf_manage_new(eina_file_path_sanitize(arg));
diff --git a/Tools/MiniBrowser/efl/main.c b/Tools/MiniBrowser/efl/main.c
index e982a7117..e029936a5 100644
--- a/Tools/MiniBrowser/efl/main.c
+++ b/Tools/MiniBrowser/efl/main.c
@@ -139,11 +139,9 @@ static void window_close(Browser_Window *window)
 }
 
 static void
-on_key_down(void *user_data, Evas *e, Evas_Object *webview, void *event_info)
+on_key_down(void *data, Evas *e, Evas_Object *obj, void *event_info)
 {
-    Browser_Window *window = (Browser_Window *)user_data;
     Evas_Event_Key_Down *ev = (Evas_Event_Key_Down*) event_info;
-
     static const char *encodings[] = {
         "ISO-8859-1",
         "UTF-8",
@@ -154,26 +152,26 @@ on_key_down(void *user_data, Evas *e, Evas_Object *webview, void *event_info)
 
     if (!strcmp(ev->key, "F1")) {
         info("Back (F1) was pressed\n");
-        if (!ewk_view_back(webview))
+        if (!ewk_view_back(obj))
             info("Back ignored: No back history\n");
     } else if (!strcmp(ev->key, "F2")) {
         info("Forward (F2) was pressed\n");
-        if (!ewk_view_forward(webview))
+        if (!ewk_view_forward(obj))
             info("Forward ignored: No forward history\n");
     } else if (!strcmp(ev->key, "F3")) {
         currentEncoding = (currentEncoding + 1) % (sizeof(encodings) / sizeof(encodings[0]));
         info("Set encoding (F3) pressed. New encoding to %s", encodings[currentEncoding]);
-        ewk_view_setting_encoding_custom_set(webview, encodings[currentEncoding]);
+        ewk_view_setting_encoding_custom_set(obj, encodings[currentEncoding]);
     } else if (!strcmp(ev->key, "F5")) {
         info("Reload (F5) was pressed, reloading.\n");
-        ewk_view_reload(webview);
+        ewk_view_reload(obj);
     } else if (!strcmp(ev->key, "F6")) {
         info("Stop (F6) was pressed, stop loading.\n");
-        ewk_view_stop(webview);
+        ewk_view_stop(obj);
     } else if  (!strcmp(ev->key, "F7")) {
-        Ewk_Pagination_Mode mode =  ewk_view_pagination_mode_get(webview);
+        Ewk_Pagination_Mode mode =  ewk_view_pagination_mode_get(obj);
         mode = (++mode) % (EWK_PAGINATION_MODE_BOTTOM_TO_TOP + 1);
-        if (ewk_view_pagination_mode_set(webview, mode))
+        if (ewk_view_pagination_mode_set(obj, mode))
             info("Change Pagination Mode (F7) was pressed, changed to: %d\n", mode);
         else
             info("Change Pagination Mode (F7) was pressed, but NOT changed!");
@@ -183,10 +181,7 @@ on_key_down(void *user_data, Evas *e, Evas_Object *webview, void *event_info)
         windows = eina_list_append(windows, window);
     } else if (!strcmp(ev->key, "i") && ctrlPressed) {
         info("Show Inspector (Ctrl+i) was pressed.\n");
-        ewk_view_inspector_show(webview);
-    } else if (!strcmp(ev->key, "Escape")) {
-        if (elm_win_fullscreen_get(window->window))
-            ewk_view_fullscreen_exit(webview);
+        ewk_view_inspector_show(obj);
     }
 }
 
@@ -682,75 +677,6 @@ static Eina_Bool on_window_geometry_set(Ewk_View_Smart_Data *sd, Evas_Coord x, E
     return EINA_TRUE;
 }
 
-typedef struct {
-    Evas_Object *webview;
-    Evas_Object *permission_popup;
-} PermissionData;
-
-static void
-on_fullscreen_accept(void *user_data, Evas_Object *obj, void *event_info)
-{
-    PermissionData *permission_data = (PermissionData *)user_data;
-
-    evas_object_del(permission_data->permission_popup);
-    free(permission_data);
-}
-
-static void
-on_fullscreen_deny(void *user_data, Evas_Object *obj, void *event_info)
-{
-    PermissionData *permission_data = (PermissionData *)user_data;
-
-    ewk_view_fullscreen_exit(permission_data->webview);
-    evas_object_del(permission_data->permission_popup);
-    free(permission_data);
-}
-
-static Eina_Bool on_fullscreen_enter(Ewk_View_Smart_Data *sd, Ewk_Security_Origin *origin)
-{
-    Browser_Window *window = browser_view_find(sd->self);
-
-    /* Go fullscreen */
-    elm_win_fullscreen_set(window->window, EINA_TRUE);
-
-    /* Show user popup */
-    Evas_Object *permission_popup = elm_popup_add(window->window);
-    evas_object_size_hint_weight_set(permission_popup, EVAS_HINT_EXPAND, EVAS_HINT_EXPAND);
-
-    Eina_Strbuf *message = eina_strbuf_new();
-    eina_strbuf_append_printf(message, "%s is now fullscreen.<br>Press ESC at any time to exit fullscreen.<br>Allow fullscreen?", ewk_security_origin_host_get(origin));
-    elm_object_text_set(permission_popup, eina_strbuf_string_get(message));
-    eina_strbuf_free(message);
-    elm_object_part_text_set(permission_popup, "title,text", "Fullscreen Permission");
-
-    /* Popup buttons */
-    PermissionData *permission_data = (PermissionData *)malloc(sizeof(PermissionData));
-    permission_data->webview = window->webview;
-    permission_data->permission_popup = permission_popup;
-    Evas_Object *accept_button = elm_button_add(permission_popup);
-    elm_object_text_set(accept_button, "Accept");
-    elm_object_part_content_set(permission_popup, "button1", accept_button);
-    evas_object_smart_callback_add(accept_button, "clicked", on_fullscreen_accept, permission_data);
-
-    Evas_Object *deny_button = elm_button_add(permission_popup);
-    elm_object_text_set(deny_button, "Deny");
-    elm_object_part_content_set(permission_popup, "button2", deny_button);
-    evas_object_smart_callback_add(deny_button, "clicked", on_fullscreen_deny, permission_data);
-
-    evas_object_show(permission_popup);
-
-    return EINA_TRUE;
-}
-
-static Eina_Bool on_fullscreen_exit(Ewk_View_Smart_Data *sd)
-{
-    Browser_Window *window = browser_view_find(sd->self);
-
-    elm_win_fullscreen_set(window->window, EINA_FALSE);
-
-    return EINA_TRUE;
-}
-
 typedef struct {
     Evas_Object *popup;
     Ewk_Auth_Request *request;
@@ -1023,8 +949,6 @@ static Browser_Window *window_create(const char *url)
     ewkViewClass->run_javascript_prompt = on_javascript_prompt;
     ewkViewClass->window_geometry_get = on_window_geometry_get;
     ewkViewClass->window_geometry_set = on_window_geometry_set;
-    ewkViewClass->fullscreen_enter = on_fullscreen_enter;
-    ewkViewClass->fullscreen_exit = on_fullscreen_exit;
 
     Evas *evas = evas_object_evas_get(app_data->window);
     Evas_Smart *smart = evas_smart_class_new(&ewkViewClass->sc);
diff --git a/Tools/Scripts/webkitdirs.pm b/Tools/Scripts/webkitdirs.pm
index ea26be405..76770b706 100755
--- a/Tools/Scripts/webkitdirs.pm
+++ b/Tools/Scripts/webkitdirs.pm
@@ -1873,11 +1873,9 @@ sub retrieveQMakespecVar
 sub qtMakeCommand($)
 {
     my ($qmakebin) = @_;
-    chomp(my $mkspec= `$qmakebin -query QMAKE_XSPEC`);
-    chomp(my $mkspecPath = `$qmakebin -query QT_HOST_DATA`);
-    $mkspecPath .= "/mkspecs/";
-    $mkspecPath .= $mkspec;
-    my $compiler = retrieveQMakespecVar("$mkspecPath/qmake.conf", "QMAKE_CC");
+    chomp(my $mkspec = `$qmakebin -query QT_HOST_DATA`);
+    $mkspec .= "/mkspecs/default";
+    my $compiler = retrieveQMakespecVar("$mkspec/qmake.conf", "QMAKE_CC");
 
     #print "default spec: " . $mkspec . "\n";
     #print "compiler found: " . $compiler . "\n";
diff --git a/VERSION b/VERSION
index a6b141cbf..e6a4312bd 100644
--- a/VERSION
+++ b/VERSION
@@ -1,9 +1,9 @@
 This is a snapshot of WebKit. It is based on the upstream trunk subversion
-revision 134025
+revision 133952
 
 You can browse the base of this snapshot at
 
-    http://trac.webkit.org/browser/trunk?rev=134025
+    http://trac.webkit.org/browser/trunk?rev=133952
 
 Additional patches may have been applied on top and files not required by the
 Qt port may have been removed.
-- 
cgit v1.2.1