https://bugs.webkit.org/show_bug.cgi?id=120781

Reviewed by Mark Hahnenberg.
        
- Use some method table hacks to detect if the CheckStructure optimization is
  valid for to_this.
        
- Introduce a FinalObjectUse and use it for ToThis->Identity conversion.
        
This looks like it might be perf-neutral on the major benchmarks, but it
introduces some horrible performance cliffs. For example if you add methods to
the Array prototype, you'll get horrible performance cliffs. As in virtual calls
to C++ every time you call a JS function even if it's inlined.
LongSpider/3d-cube appears to hit this.

* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::::executeEffects):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGSafeToExecute.h:
(JSC::DFG::SafeToExecuteEdge::operator()):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::speculateFinalObject):
(JSC::DFG::SpeculativeJIT::speculate):
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGUseKind.cpp:
(WTF::printInternal):
* dfg/DFGUseKind.h:
(JSC::DFG::typeFilterFor):
(JSC::DFG::isCell):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155149 268f45cc-cd09-0410-ab3c-d52691b4dbfc