https://bugs.webkit.org/show_bug.cgi?id=86553

Reviewed by Gavin Barraclough.

Scratch buffers can contain the only reference to live objects.
Therefore visit scratch buffer contents as conservative roots.
Changed the scratch buffers to be a struct with an "active"
length and the actual buffer.  The users of the scratch
buffer emit code where needed to set and clear the active
length as appropriate.  During marking, the active count is
used for conservative marking.

* dfg/DFGAssemblyHelpers.h:
(JSC::DFG::AssemblyHelpers::debugCall):
* dfg/DFGOSRExitCompiler32_64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
* dfg/DFGOSRExitCompiler64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGThunks.cpp:
(JSC::DFG::osrExitGenerationThunkGenerator):
* heap/Heap.cpp:
(JSC::Heap::markRoots):
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::gatherConservativeRoots):
* runtime/JSGlobalData.h:
(JSC::ScratchBuffer::ScratchBuffer):
(ScratchBuffer):
(JSC::ScratchBuffer::allocationSize):
(JSC::ScratchBuffer::setActiveLength):
(JSC::ScratchBuffer::activeLength):
(JSC::ScratchBuffer::activeLengthPtr):
(JSC::ScratchBuffer::dataBuffer):
(JSGlobalData):
(JSC::JSGlobalData::scratchBufferForSize):


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@117729 268f45cc-cd09-0410-ab3c-d52691b4dbfc