Attachment 369931 Details for Bug 186422 – Patch

[patch] Patch

bug-186422-20190515000817.patch (text/plain), 246.40 KB, created by Yusuke Suzuki on 2019-05-15 00:08:18 PDT

(hide)

Description:

Filename:

MIME Type:

Creator: Yusuke Suzuki

Created: 2019-05-15 00:08:18 PDT

Size: 246.40 KB

patch

obsolete

>Subversion Revision: 245315
>diff --git a/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj b/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
>index 7e21e0b07c532cc7a81b7510041ab2224c9d2e71..bd0a0d68cdd5b643cfa00244da583513a6303eef 100644
>--- a/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
>+++ b/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
>@@ -496,6 +496,8 @@
> 		0FA2C17C17D7CF84009D015F /* TestRunnerUtils.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FA2C17A17D7CF84009D015F /* TestRunnerUtils.h */; settings = {ATTRIBUTES = (Private, ); }; };
> 		0FA581BB150E953000B9A2D9 /* DFGNodeFlags.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FA581B8150E952A00B9A2D9 /* DFGNodeFlags.h */; };
> 		0FA581BC150E953000B9A2D9 /* DFGNodeType.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FA581B9150E952A00B9A2D9 /* DFGNodeType.h */; };
>+		0FA6F38D20CC2C9600A03DCD /* GCSegmentedArray.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FA6F38C20CC2C9500A03DCD /* GCSegmentedArray.cpp */; };
>+		0FA6F39720CCB7A600A03DCD /* AssemblerBuffer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FA6F39620CCB7A600A03DCD /* AssemblerBuffer.cpp */; };
> 		0FA762051DB9242900B7A2FD /* CollectionScope.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FA762011DB9242300B7A2FD /* CollectionScope.h */; settings = {ATTRIBUTES = (Private, ); }; };
> 		0FA762071DB9243300B7A2FD /* MutatorState.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FA762031DB9242300B7A2FD /* MutatorState.h */; settings = {ATTRIBUTES = (Private, ); }; };
> 		0FA7620B1DB959F900B7A2FD /* AllocatingScope.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FA7620A1DB959F600B7A2FD /* AllocatingScope.h */; };
>@@ -2724,6 +2726,8 @@
> 		0FA581B7150E952A00B9A2D9 /* DFGNodeFlags.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGNodeFlags.cpp; path = dfg/DFGNodeFlags.cpp; sourceTree = "<group>"; };
> 		0FA581B8150E952A00B9A2D9 /* DFGNodeFlags.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGNodeFlags.h; path = dfg/DFGNodeFlags.h; sourceTree = "<group>"; };
> 		0FA581B9150E952A00B9A2D9 /* DFGNodeType.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGNodeType.h; path = dfg/DFGNodeType.h; sourceTree = "<group>"; };
>+		0FA6F38C20CC2C9500A03DCD /* GCSegmentedArray.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = GCSegmentedArray.cpp; sourceTree = "<group>"; };
>+		0FA6F39620CCB7A600A03DCD /* AssemblerBuffer.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = AssemblerBuffer.cpp; sourceTree = "<group>"; };
> 		0FA762001DB9242300B7A2FD /* CollectionScope.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CollectionScope.cpp; sourceTree = "<group>"; };
> 		0FA762011DB9242300B7A2FD /* CollectionScope.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CollectionScope.h; sourceTree = "<group>"; };
> 		0FA762021DB9242300B7A2FD /* MutatorState.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = MutatorState.cpp; sourceTree = "<group>"; };
>@@ -4725,6 +4729,7 @@
> 		E18E3A570DF9278C00D90B34 /* VM.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = VM.cpp; sourceTree = "<group>"; xcLanguageSpecificationIdentifier = xcode.lang.cpp; };
> 		E30677971B8BC6F5003F87F0 /* ModuleLoader.js */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.javascript; path = ModuleLoader.js; sourceTree = "<group>"; };
> 		E31179A92288385D00514B2C /* SymbolTableOrScopeDepth.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SymbolTableOrScopeDepth.h; sourceTree = "<group>"; };
>+		E3149A3C228BE14700BFA6C7 /* UnlinkedMetadataTable.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = UnlinkedMetadataTable.cpp; sourceTree = "<group>"; };
> 		E31618101EC5FE080006A218 /* DOMAnnotation.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DOMAnnotation.h; sourceTree = "<group>"; };
> 		E31618111EC5FE080006A218 /* DOMAttributeGetterSetter.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = DOMAttributeGetterSetter.cpp; sourceTree = "<group>"; };
> 		E31618121EC5FE080006A218 /* DOMAttributeGetterSetter.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DOMAttributeGetterSetter.h; sourceTree = "<group>"; };
>@@ -5955,6 +5960,7 @@
> 				2AABCDE618EF294200002096 /* GCLogging.h */,
> 				0F97152E1EB28BE900A1645D /* GCRequest.cpp */,
> 				0F97152F1EB28BE900A1645D /* GCRequest.h */,
>+				0FA6F38C20CC2C9500A03DCD /* GCSegmentedArray.cpp */,
> 				2A343F7418A1748B0039B085 /* GCSegmentedArray.h */,
> 				2A343F7718A1749D0039B085 /* GCSegmentedArrayInlines.h */,
> 				0F86A26E1D6F7B3100CB0C92 /* GCTypeMap.h */,
>@@ -7826,6 +7832,7 @@
> 				8640923B156EED3B00566CB2 /* ARM64Assembler.h */,
> 				FE1E2C3D2240D2F600F6B729 /* ARM64EAssembler.h */,
> 				86ADD1430FDDEA980006EEC2 /* ARMv7Assembler.h */,
>+				0FA6F39620CCB7A600A03DCD /* AssemblerBuffer.cpp */,
> 				9688CB130ED12B4E001D649F /* AssemblerBuffer.h */,
> 				86D3B2C110156BDE002865E7 /* AssemblerBufferWithConstantPool.h */,
> 				43C392AA1C3BEB0000241F53 /* AssemblerCommon.h */,
>@@ -8065,6 +8072,7 @@
> 				14142E541B7973C000F4BF4B /* UnlinkedFunctionExecutable.cpp */,
> 				14142E501B796ECE00F4BF4B /* UnlinkedFunctionExecutable.h */,
> 				14AD911C1DCA9FA40014F9FE /* UnlinkedGlobalCodeBlock.h */,
>+				E3149A3C228BE14700BFA6C7 /* UnlinkedMetadataTable.cpp */,
> 				142D52BE21762958002DB086 /* UnlinkedMetadataTable.h */,
> 				142D52BD21762957002DB086 /* UnlinkedMetadataTableInlines.h */,
> 				14AD912A1DCAAAB00014F9FE /* UnlinkedModuleProgramCodeBlock.cpp */,
>@@ -10735,11 +10743,13 @@
> 			isa = PBXSourcesBuildPhase;
> 			buildActionMask = 2147483647;
> 			files = (
>+				0FA6F39720CCB7A600A03DCD /* AssemblerBuffer.cpp in Sources */,
> 				FE05FAFD1FE4CEDA00093230 /* DeprecatedInspectorValues.cpp in Sources */,
> 				5333BBDC2110F7D9007618EC /* DFGSpeculativeJIT.cpp in Sources */,
> 				5333BBDB2110F7D2007618EC /* DFGSpeculativeJIT32_64.cpp in Sources */,
> 				5333BBDD2110F7E1007618EC /* DFGSpeculativeJIT64.cpp in Sources */,
> 				33B2A548226543BF005A0F79 /* FTLLowerDFGToB3.cpp in Sources */,
>+				0FA6F38D20CC2C9600A03DCD /* GCSegmentedArray.cpp in Sources */,
> 				5C4196622270E0000047B7CD /* InspectorBackendDispatcherCompatibility.cpp in Sources */,
> 				536B319E1F735F160037FC33 /* LowLevelInterpreter.cpp in Sources */,
> 				0FF4274A158EBE91004CB9FF /* udis86.c in Sources */,
>diff --git a/Source/JavaScriptCore/Sources.txt b/Source/JavaScriptCore/Sources.txt
>index 2196c97bbb129e2abdbc30c8f5ccb414d6528fb8..43d7ef475822a83afaf9a12e8cf9e11a9d7db87b 100644
>--- a/Source/JavaScriptCore/Sources.txt
>+++ b/Source/JavaScriptCore/Sources.txt
>@@ -273,6 +273,7 @@ bytecode/UnlinkedCodeBlock.cpp
> bytecode/UnlinkedEvalCodeBlock.cpp
> bytecode/UnlinkedFunctionCodeBlock.cpp
> bytecode/UnlinkedFunctionExecutable.cpp
>+bytecode/UnlinkedMetadataTable.cpp
> bytecode/UnlinkedModuleProgramCodeBlock.cpp
> bytecode/UnlinkedProgramCodeBlock.cpp
> bytecode/ValueRecovery.cpp
>diff --git a/Source/JavaScriptCore/assembler/AssemblerBuffer.cpp b/Source/JavaScriptCore/assembler/AssemblerBuffer.cpp
>new file mode 100644
>index 0000000000000000000000000000000000000000..556e621a184c19915b952158a70ad50fa8e69d65
>--- /dev/null
>+++ b/Source/JavaScriptCore/assembler/AssemblerBuffer.cpp
>@@ -0,0 +1,43 @@
>+/*
>+ * Copyright (C) 2018 Apple Inc. All rights reserved.
>+ *
>+ * Redistribution and use in source and binary forms, with or without
>+ * modification, are permitted provided that the following conditions
>+ * are met:
>+ * 1. Redistributions of source code must retain the above copyright
>+ *    notice, this list of conditions and the following disclaimer.
>+ * 2. Redistributions in binary form must reproduce the above copyright
>+ *    notice, this list of conditions and the following disclaimer in the
>+ *    documentation and/or other materials provided with the distribution.
>+ *
>+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
>+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
>+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
>+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
>+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
>+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
>+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
>+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
>+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
>+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
>+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
>+ */
>+
>+#include "config.h"
>+#include "AssemblerBuffer.h"
>+
>+#include <wtf/NeverDestroyed.h>
>+
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+
>+namespace JSC {
>+
>+WTF::DebugHeap& assemblerDataHeap()
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap("WebKit AssemblerData");
>+    return heap;
>+}
>+
>+} // namespace JSC
>+
>+#endif
>diff --git a/Source/JavaScriptCore/assembler/AssemblerBuffer.h b/Source/JavaScriptCore/assembler/AssemblerBuffer.h
>index 59131326ac9f10944ae488fd96d971c04b121277..cda187e840c8a88e80c1d32cc3b1aa70e16e26f9 100644
>--- a/Source/JavaScriptCore/assembler/AssemblerBuffer.h
>+++ b/Source/JavaScriptCore/assembler/AssemblerBuffer.h
>@@ -43,6 +43,10 @@ namespace JSC {
> 
>     class LinkBuffer;
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF_EXPORT_PRIVATE WTF::DebugHeap& assemblerDataHeap();
>+#endif
>+
>     struct AssemblerLabel {
>         AssemblerLabel()
>             : m_offset(std::numeric_limits<uint32_t>::max())
>@@ -83,7 +87,12 @@ namespace JSC {
>                 m_buffer = m_inlineBuffer;
>             } else {
>                 m_capacity = initialCapacity;
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+                m_buffer = static_cast<char*>(assemblerDataHeap().malloc(m_capacity));
>+#else
>                 m_buffer = static_cast<char*>(fastMalloc(m_capacity));
>+#endif
>+
>             }
>         }
> 
>@@ -103,8 +112,13 @@ namespace JSC {
> 
>         AssemblerData& operator=(AssemblerData&& other)
>         {
>-            if (m_buffer && !isInlineBuffer())
>+            if (m_buffer && !isInlineBuffer()) {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+                assemblerDataHeap().free(m_buffer);
>+#else
>                 fastFree(m_buffer);
>+#endif
>+            }
> 
>             if (other.isInlineBuffer()) {
>                 ASSERT(other.m_capacity == InlineCapacity);
>@@ -121,8 +135,13 @@ namespace JSC {
> 
>         ~AssemblerData()
>         {
>-            if (m_buffer && !isInlineBuffer())
>+            if (m_buffer && !isInlineBuffer()) {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+                assemblerDataHeap().free(m_buffer);
>+#else
>                 fastFree(m_buffer);
>+#endif
>+            }
>         }
> 
>         char* buffer() const { return m_buffer; }
>@@ -133,10 +152,19 @@ namespace JSC {
>         {
>             m_capacity = m_capacity + m_capacity / 2 + extraCapacity;
>             if (isInlineBuffer()) {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+                m_buffer = static_cast<char*>(assemblerDataHeap().malloc(m_capacity));
>+#else
>                 m_buffer = static_cast<char*>(fastMalloc(m_capacity));
>+#endif
>                 memcpy(m_buffer, m_inlineBuffer, InlineCapacity);
>-            } else
>+            } else {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+                m_buffer = static_cast<char*>(assemblerDataHeap().realloc(m_buffer, m_capacity));
>+#else
>                 m_buffer = static_cast<char*>(fastRealloc(m_buffer, m_capacity));
>+#endif
>+            }
>         }
> 
>     private:
>diff --git a/Source/JavaScriptCore/bytecode/AccessCase.cpp b/Source/JavaScriptCore/bytecode/AccessCase.cpp
>index c10859aced3db78b664976a08b8e5b48d652b2f3..bcef178777db2d4263cc9d829b78455687a5ba65 100644
>--- a/Source/JavaScriptCore/bytecode/AccessCase.cpp
>+++ b/Source/JavaScriptCore/bytecode/AccessCase.cpp
>@@ -54,6 +54,14 @@ namespace AccessCaseInternal {
> static const bool verbose = false;
> }
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& AccessCase::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> AccessCase::AccessCase(VM& vm, JSCell* owner, AccessType type, PropertyOffset offset, Structure* structure, const ObjectPropertyConditionSet& conditionSet, std::unique_ptr<PolyProtoAccessChain> prototypeAccessChain)
>     : m_type(type)
>     , m_offset(offset)
>diff --git a/Source/JavaScriptCore/bytecode/AccessCase.h b/Source/JavaScriptCore/bytecode/AccessCase.h
>index 170af5d0e52d03f31fadb12981930a538fdcb071..a9f3e2245af21b04f4b0567570e8992dd20ca9f3 100644
>--- a/Source/JavaScriptCore/bytecode/AccessCase.h
>+++ b/Source/JavaScriptCore/bytecode/AccessCase.h
>@@ -77,7 +77,11 @@ struct AccessGenerationState;
> // code. This allows us to only regenerate once we've accumulated (hopefully) more than one new
> // AccessCase.
> class AccessCase {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    WTF_MAKE_FAST_ALLOCATED_FROM_DEBUG_HEAP(AccessCase);
>+#else
>     WTF_MAKE_FAST_ALLOCATED;
>+#endif
> public:
>     enum AccessType : uint8_t {
>         Load,
>diff --git a/Source/JavaScriptCore/bytecode/BytecodeBasicBlock.cpp b/Source/JavaScriptCore/bytecode/BytecodeBasicBlock.cpp
>index 33bb0c06635381e898f65a874f1f36a8c94823af..77d43e818fef5a9eadcd3c25f8638c4e2fc1e2fe 100644
>--- a/Source/JavaScriptCore/bytecode/BytecodeBasicBlock.cpp
>+++ b/Source/JavaScriptCore/bytecode/BytecodeBasicBlock.cpp
>@@ -47,6 +47,14 @@ static bool isJumpTarget(OpcodeID opcodeID, const Vector<InstructionStream::Offs
>     return std::binary_search(jumpTargets.begin(), jumpTargets.end(), bytecodeOffset);
> }
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& BytecodeBasicBlock::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> template<typename Block>
> void BytecodeBasicBlock::computeImpl(Block* codeBlock, const InstructionStream& instructions, Vector<std::unique_ptr<BytecodeBasicBlock>>& basicBlocks)
> {
>diff --git a/Source/JavaScriptCore/bytecode/BytecodeBasicBlock.h b/Source/JavaScriptCore/bytecode/BytecodeBasicBlock.h
>index 20e124c585bf6af82a4c4cf8c718afe4f3484b64..505c424b34f425282880c7914485938b96b78ba0 100644
>--- a/Source/JavaScriptCore/bytecode/BytecodeBasicBlock.h
>+++ b/Source/JavaScriptCore/bytecode/BytecodeBasicBlock.h
>@@ -37,7 +37,11 @@ class UnlinkedCodeBlock;
> struct Instruction;
> 
> class BytecodeBasicBlock {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    WTF_MAKE_STRUCT_FAST_ALLOCATED_FROM_DEBUG_HEAP(BytecodeBasicBlock);
>+#else
>     WTF_MAKE_FAST_ALLOCATED;
>+#endif
> public:
>     enum SpecialBlockType { EntryBlock, ExitBlock };
>     BytecodeBasicBlock(const InstructionStream::Ref&);
>diff --git a/Source/JavaScriptCore/bytecode/CodeBlock.cpp b/Source/JavaScriptCore/bytecode/CodeBlock.cpp
>index bc9ed129def31a37d4f78451c3a167a71b8dee09..c9166cba7d91fd02c29f0412088f389a7acc6a28 100644
>--- a/Source/JavaScriptCore/bytecode/CodeBlock.cpp
>+++ b/Source/JavaScriptCore/bytecode/CodeBlock.cpp
>@@ -109,6 +109,14 @@
> 
> namespace JSC {
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& CodeBlock::RareData::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> const ClassInfo CodeBlock::s_info = {
>     "CodeBlock", nullptr, nullptr, nullptr,
>     CREATE_METHOD_TABLE(CodeBlock)
>diff --git a/Source/JavaScriptCore/bytecode/CodeBlock.h b/Source/JavaScriptCore/bytecode/CodeBlock.h
>index a93c36fb918f3b30cab0c798e61e70ca591b18cf..8c9a00817fee1a545d59e6f4bdf38253b7f61682 100644
>--- a/Source/JavaScriptCore/bytecode/CodeBlock.h
>+++ b/Source/JavaScriptCore/bytecode/CodeBlock.h
>@@ -841,7 +841,11 @@ class CodeBlock : public JSCell {
>     NO_RETURN_DUE_TO_CRASH void endValidationDidFail();
> 
>     struct RareData {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        WTF_MAKE_STRUCT_FAST_ALLOCATED_FROM_DEBUG_HEAP(CodeBlock::RareData);
>+#else
>         WTF_MAKE_FAST_ALLOCATED;
>+#endif
>     public:
>         Vector<HandlerInfo> m_exceptionHandlers;
> 
>diff --git a/Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp b/Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp
>index c695f7e36dc376c5553bb30bebb7e53ec1b19186..11b89e83a357a6ff4e778ff557d4ef932d3d2872 100644
>--- a/Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp
>+++ b/Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp
>@@ -212,6 +212,13 @@ void AccessGenerationState::emitExplicitExceptionHandler()
>     }
> }
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& PolymorphicAccess::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
> 
> PolymorphicAccess::PolymorphicAccess() { }
> PolymorphicAccess::~PolymorphicAccess() { }
>diff --git a/Source/JavaScriptCore/bytecode/PolymorphicAccess.h b/Source/JavaScriptCore/bytecode/PolymorphicAccess.h
>index 30558551cbcab019f458f739d569ceee1c0462ae..ee983fb1ceab77e15689d148fcab45e93ef1cc9b 100644
>--- a/Source/JavaScriptCore/bytecode/PolymorphicAccess.h
>+++ b/Source/JavaScriptCore/bytecode/PolymorphicAccess.h
>@@ -129,7 +129,11 @@ class AccessGenerationResult {
> 
> class PolymorphicAccess {
>     WTF_MAKE_NONCOPYABLE(PolymorphicAccess);
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    WTF_MAKE_STRUCT_FAST_ALLOCATED_FROM_DEBUG_HEAP(PolymorphicAccess);
>+#else
>     WTF_MAKE_FAST_ALLOCATED;
>+#endif
> public:
>     PolymorphicAccess();
>     ~PolymorphicAccess();
>diff --git a/Source/JavaScriptCore/bytecode/StructureStubClearingWatchpoint.cpp b/Source/JavaScriptCore/bytecode/StructureStubClearingWatchpoint.cpp
>index 30a1f055259e3ded1a7168ee3526f72c084bee5a..417877aeb1c3ad6b26af7aa5759a428777958200 100644
>--- a/Source/JavaScriptCore/bytecode/StructureStubClearingWatchpoint.cpp
>+++ b/Source/JavaScriptCore/bytecode/StructureStubClearingWatchpoint.cpp
>@@ -34,6 +34,14 @@
> 
> namespace JSC {
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& StructureStubClearingWatchpoint::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> void StructureStubClearingWatchpoint::fireInternal(VM& vm, const FireDetail&)
> {
>     if (!m_holder->isValid())
>diff --git a/Source/JavaScriptCore/bytecode/StructureStubClearingWatchpoint.h b/Source/JavaScriptCore/bytecode/StructureStubClearingWatchpoint.h
>index 31f6aa4885e4abda12b47038d5383e373b9a1d80..d8046a6c74cf690183ace29c2e6609ab41702d8c 100644
>--- a/Source/JavaScriptCore/bytecode/StructureStubClearingWatchpoint.h
>+++ b/Source/JavaScriptCore/bytecode/StructureStubClearingWatchpoint.h
>@@ -42,7 +42,11 @@ class WatchpointsOnStructureStubInfo;
> 
> class StructureStubClearingWatchpoint final : public Watchpoint {
>     WTF_MAKE_NONCOPYABLE(StructureStubClearingWatchpoint);
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    WTF_MAKE_STRUCT_FAST_ALLOCATED_FROM_DEBUG_HEAP(StructureStubClearingWatchpoint);
>+#else
>     WTF_MAKE_FAST_ALLOCATED;
>+#endif
> public:
>     StructureStubClearingWatchpoint(const ObjectPropertyCondition& key, WatchpointsOnStructureStubInfo& holder)
>         : Watchpoint(Watchpoint::Type::StructureStubClearing)
>diff --git a/Source/JavaScriptCore/bytecode/UnlinkedMetadataTable.cpp b/Source/JavaScriptCore/bytecode/UnlinkedMetadataTable.cpp
>new file mode 100644
>index 0000000000000000000000000000000000000000..dac4c13cfa0b127694f2edf991fe3a7e9c3f74b8
>--- /dev/null
>+++ b/Source/JavaScriptCore/bytecode/UnlinkedMetadataTable.cpp
>@@ -0,0 +1,40 @@
>+/*
>+ * Copyright (C) 2019 Apple Inc. All rights reserved.
>+ *
>+ * Redistribution and use in source and binary forms, with or without
>+ * modification, are permitted provided that the following conditions
>+ * are met:
>+ * 1. Redistributions of source code must retain the above copyright
>+ *    notice, this list of conditions and the following disclaimer.
>+ * 2. Redistributions in binary form must reproduce the above copyright
>+ *    notice, this list of conditions and the following disclaimer in the
>+ *    documentation and/or other materials provided with the distribution.
>+ *
>+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
>+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
>+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
>+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
>+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
>+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
>+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
>+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
>+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
>+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
>+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
>+ */
>+
>+#include "config.h"
>+#include "UnlinkedMetadataTableInlines.h"
>+
>+#include "Instruction.h"
>+#include "Opcode.h"
>+
>+namespace JSC {
>+
>+WTF::DebugHeap& metadataTableHeap()
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap("WebKit MetadataTable");
>+    return heap;
>+}
>+
>+}
>diff --git a/Source/JavaScriptCore/bytecode/UnlinkedMetadataTable.h b/Source/JavaScriptCore/bytecode/UnlinkedMetadataTable.h
>index 4991c158ba023f247f3b979222449605bd9f5c66..5fc975c6181ebcc7ca84ac228330e6d7b1b2027f 100644
>--- a/Source/JavaScriptCore/bytecode/UnlinkedMetadataTable.h
>+++ b/Source/JavaScriptCore/bytecode/UnlinkedMetadataTable.h
>@@ -31,6 +31,8 @@
> 
> namespace JSC {
> 
>+JS_EXPORT_PRIVATE WTF::DebugHeap& metadataTableHeap();
>+
> class MetadataTable;
> 
> class UnlinkedMetadataTable : public RefCounted<UnlinkedMetadataTable> {
>diff --git a/Source/JavaScriptCore/bytecode/UnlinkedMetadataTableInlines.h b/Source/JavaScriptCore/bytecode/UnlinkedMetadataTableInlines.h
>index 3353922ca83c31d6697ea5e6ba5238c16386938a..85deb67220049747b2819c701bdf489feeb5312c 100644
>--- a/Source/JavaScriptCore/bytecode/UnlinkedMetadataTableInlines.h
>+++ b/Source/JavaScriptCore/bytecode/UnlinkedMetadataTableInlines.h
>@@ -35,15 +35,24 @@ ALWAYS_INLINE UnlinkedMetadataTable::UnlinkedMetadataTable()
>     : m_hasMetadata(false)
>     , m_isFinalized(false)
>     , m_isLinked(false)
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    , m_rawBuffer(metadataTableHeap().calloc(1, sizeof(LinkingData) + s_offsetTableSize))
>+#else
>     , m_rawBuffer(fastZeroedMalloc(sizeof(LinkingData) + s_offsetTableSize))
>+#endif
> {
> }
> 
> ALWAYS_INLINE UnlinkedMetadataTable::~UnlinkedMetadataTable()
> {
>     ASSERT(!m_isLinked);
>-    if (m_hasMetadata || !m_isFinalized)
>+    if (m_hasMetadata || !m_isFinalized) {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        metadataTableHeap().free(m_rawBuffer);
>+#else
>         fastFree(m_rawBuffer);
>+#endif
>+    }
> }
> 
> ALWAYS_INLINE unsigned UnlinkedMetadataTable::addEntry(OpcodeID opcodeID)
>@@ -80,7 +89,11 @@ ALWAYS_INLINE void UnlinkedMetadataTable::finalize()
>     ASSERT(!m_isFinalized);
>     m_isFinalized = true;
>     if (!m_hasMetadata) {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        metadataTableHeap().free(m_rawBuffer);
>+#else
>         fastFree(m_rawBuffer);
>+#endif
>         m_rawBuffer = nullptr;
>         return;
>     }
>@@ -110,9 +123,17 @@ ALWAYS_INLINE RefPtr<MetadataTable> UnlinkedMetadataTable::link()
>     uint8_t* buffer;
>     if (!m_isLinked) {
>         m_isLinked = true;
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        m_rawBuffer = buffer = reinterpret_cast<uint8_t*>(metadataTableHeap().realloc(m_rawBuffer, sizeof(LinkingData) + totalSize));
>+#else
>         m_rawBuffer = buffer = reinterpret_cast<uint8_t*>(fastRealloc(m_rawBuffer, sizeof(LinkingData) + totalSize));
>+#endif
>     } else {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        buffer = reinterpret_cast<uint8_t*>(metadataTableHeap().malloc(sizeof(LinkingData) + totalSize));
>+#else
>         buffer = reinterpret_cast<uint8_t*>(fastMalloc(sizeof(LinkingData) + totalSize));
>+#endif
>         memcpy(buffer, m_rawBuffer, sizeof(LinkingData) + s_offsetTableSize);
>     }
>     memset(buffer + sizeof(LinkingData) + s_offsetTableSize, 0, totalSize - s_offsetTableSize);
>@@ -128,10 +149,18 @@ ALWAYS_INLINE void UnlinkedMetadataTable::unlink(MetadataTable& metadataTable)
>     if (metadataTable.buffer() == buffer()) {
>         ASSERT(m_isLinked);
>         m_isLinked = false;
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        m_rawBuffer = metadataTableHeap().realloc(m_rawBuffer, sizeof(LinkingData) + s_offsetTableSize);
>+#else
>         m_rawBuffer = fastRealloc(m_rawBuffer, sizeof(LinkingData) + s_offsetTableSize);
>+#endif
>         return;
>     }
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    metadataTableHeap().free(&metadataTable.linkingData());
>+#else
>     fastFree(&metadataTable.linkingData());
>+#endif
> }
> 
> } // namespace JSC
>diff --git a/Source/JavaScriptCore/bytecode/ValueProfile.h b/Source/JavaScriptCore/bytecode/ValueProfile.h
>index fa0d3b07a3c446bd1a0030e5124184e3b44fae95..f282f10b59499670c3b28872e2b947de8cace69b 100644
>--- a/Source/JavaScriptCore/bytecode/ValueProfile.h
>+++ b/Source/JavaScriptCore/bytecode/ValueProfile.h
>@@ -206,11 +206,18 @@ struct ValueProfileAndOperand {
> struct ValueProfileAndOperandBuffer {
>     ValueProfileAndOperandBuffer(unsigned size)
>         : m_size(size)
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        , m_buffer(VMDebugHeap())
>+#endif
>     {
>         // FIXME: ValueProfile has more stuff than we need. We could optimize these value profiles
>         // to be more space efficient.
>         // https://bugs.webkit.org/show_bug.cgi?id=175413
>-        m_buffer = MallocPtr<ValueProfileAndOperand>::malloc(m_size * sizeof(ValueProfileAndOperand));
>+        m_buffer = MallocPtr<ValueProfileAndOperand>::malloc(m_size * sizeof(ValueProfileAndOperand)
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+            , VMDebugHeap()
>+#endif
>+            );
>         for (unsigned i = 0; i < m_size; ++i)
>             new (&m_buffer.get()[i]) ValueProfileAndOperand();
>     }
>diff --git a/Source/JavaScriptCore/bytecode/Watchpoint.cpp b/Source/JavaScriptCore/bytecode/Watchpoint.cpp
>index 3d70df42aa33cb369364d93fdb4a2468f33cc30c..2c14909cf9cab74557f3293d0d7ac983901e2c1c 100644
>--- a/Source/JavaScriptCore/bytecode/Watchpoint.cpp
>+++ b/Source/JavaScriptCore/bytecode/Watchpoint.cpp
>@@ -39,6 +39,20 @@
> 
> namespace JSC {
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& Watchpoint::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+
>+WTF::DebugHeap& WatchpointSet::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> void StringFireDetail::dump(PrintStream& out) const
> {
>     out.print(m_string);
>diff --git a/Source/JavaScriptCore/bytecode/Watchpoint.h b/Source/JavaScriptCore/bytecode/Watchpoint.h
>index ee8dd75ea1e2d5d76e8ba905814f763c8905b7ba..439538f42c0247430a8d4494abb6d96733d8f295 100644
>--- a/Source/JavaScriptCore/bytecode/Watchpoint.h
>+++ b/Source/JavaScriptCore/bytecode/Watchpoint.h
>@@ -139,7 +139,11 @@ class WatchpointSet;
> class Watchpoint : public PackedRawSentinelNode<Watchpoint> {
>     WTF_MAKE_NONCOPYABLE(Watchpoint);
>     WTF_MAKE_NONMOVABLE(Watchpoint);
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    WTF_MAKE_STRUCT_FAST_ALLOCATED_FROM_DEBUG_HEAP(Watchpoint);
>+#else
>     WTF_MAKE_FAST_ALLOCATED;
>+#endif
> public:
> #define JSC_DEFINE_WATCHPOINT_TYPES(type, _) type,
>     enum class Type : uint8_t {
>@@ -172,6 +176,9 @@ class DeferredWatchpointFire;
> class VM;
> 
> class WatchpointSet : public ThreadSafeRefCounted<WatchpointSet> {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    WTF_MAKE_STRUCT_FAST_ALLOCATED_FROM_DEBUG_HEAP(WatchpointSet);
>+#endif
>     friend class LLIntOffsetsExtractor;
>     friend class DeferredWatchpointFire;
> public:
>diff --git a/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp b/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp
>index 667dac047e187ed7e6db983af30611b4efd7ae39..e7304441ef86a2c4c437286808261850fc8d5fdf 100644
>--- a/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp
>+++ b/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp
>@@ -86,6 +86,14 @@ struct VarArgsOp<CallOp, std::enable_if_t<!std::is_same<CallOp, OpTailCall>::val
> };
> 
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& BytecodeGenerator::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> template<typename T>
> static inline void shrinkToFit(T& segmentedVector)
> {
>diff --git a/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h b/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h
>index 1c90313c1affb5950ba5dc69afbffac8ce4aa6d8..8314732355bebda59a20869d5a6db64ca1525d8d 100644
>--- a/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h
>+++ b/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h
>@@ -361,7 +361,11 @@ namespace JSC {
>     };
> 
>     class BytecodeGenerator {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        WTF_MAKE_FAST_ALLOCATED_FROM_DEBUG_HEAP(BytecodeGenerator);
>+#else
>         WTF_MAKE_FAST_ALLOCATED;
>+#endif
>         WTF_MAKE_NONCOPYABLE(BytecodeGenerator);
> 
>         friend class BoundLabel;
>diff --git a/Source/JavaScriptCore/dfg/DFGBasicBlock.cpp b/Source/JavaScriptCore/dfg/DFGBasicBlock.cpp
>index 1ddc62e33573adc23e4befef548b2aca3ce201a8..06e80173f70de1f369c56dc000978e0986e6f4f4 100644
>--- a/Source/JavaScriptCore/dfg/DFGBasicBlock.cpp
>+++ b/Source/JavaScriptCore/dfg/DFGBasicBlock.cpp
>@@ -32,6 +32,14 @@
> 
> namespace JSC { namespace DFG {
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& BasicBlock::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> BasicBlock::BasicBlock(
>     unsigned bytecodeBegin, unsigned numArguments, unsigned numLocals, float executionCount)
>     : bytecodeBegin(bytecodeBegin)
>diff --git a/Source/JavaScriptCore/dfg/DFGBasicBlock.h b/Source/JavaScriptCore/dfg/DFGBasicBlock.h
>index 4c58c9c5e784f85d9828159fbf0bdd4713cc9aba..89db0c72cdd44674a495d684caf2940dc45f673f 100644
>--- a/Source/JavaScriptCore/dfg/DFGBasicBlock.h
>+++ b/Source/JavaScriptCore/dfg/DFGBasicBlock.h
>@@ -45,6 +45,9 @@ typedef Vector<BasicBlock*, 2> PredecessorList;
> typedef Vector<Node*, 8> BlockNodeList;
> 
> struct BasicBlock : RefCounted<BasicBlock> {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    WTF_MAKE_STRUCT_FAST_ALLOCATED_FROM_DEBUG_HEAP(BasicBlock);
>+#endif
>     BasicBlock(
>         unsigned bytecodeBegin, unsigned numArguments, unsigned numLocals,
>         float executionCount);
>diff --git a/Source/JavaScriptCore/dfg/DFGNode.cpp b/Source/JavaScriptCore/dfg/DFGNode.cpp
>index 760aa587979fa19c3393825b7c51920ed585988b..db2e35a5321c2fd7a1e672c8bdade2e1d1222315 100644
>--- a/Source/JavaScriptCore/dfg/DFGNode.cpp
>+++ b/Source/JavaScriptCore/dfg/DFGNode.cpp
>@@ -37,6 +37,14 @@ namespace JSC { namespace DFG {
> 
> const char Node::HashSetTemplateInstantiationString[] = "::JSC::DFG::Node*";
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& Node::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> bool MultiPutByOffsetData::writesStructures() const
> {
>     for (unsigned i = variants.size(); i--;) {
>diff --git a/Source/JavaScriptCore/dfg/DFGNode.h b/Source/JavaScriptCore/dfg/DFGNode.h
>index 28b1d4982f05c82fc67770e0c22f78013c81a3cd..139f282620f1e92099a92145583191fa6ea84cca 100644
>--- a/Source/JavaScriptCore/dfg/DFGNode.h
>+++ b/Source/JavaScriptCore/dfg/DFGNode.h
>@@ -55,6 +55,7 @@
> #include "TypeLocation.h"
> #include "ValueProfile.h"
> #include <type_traits>
>+#include <wtf/FastMalloc.h>
> #include <wtf/ListDump.h>
> #include <wtf/LoggingHashSet.h>
> 
>@@ -279,7 +280,11 @@ enum class BucketOwnerType : uint32_t {
> //
> // Node represents a single operation in the data flow graph.
> struct Node {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    WTF_MAKE_STRUCT_FAST_ALLOCATED_FROM_DEBUG_HEAP(DFG::Node);
>+#else
>     WTF_MAKE_FAST_ALLOCATED;
>+#endif
> public:
>     static const char HashSetTemplateInstantiationString[];
>     
>diff --git a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
>index debd03eb1ec685d07c0a75b1e8d3fa4a9e5c6752..27799d487a9d4cc9c7d33bf353fe4e6c27f357df 100644
>--- a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
>+++ b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
>@@ -71,6 +71,14 @@
> 
> namespace JSC { namespace DFG {
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& SpeculativeJIT::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> SpeculativeJIT::SpeculativeJIT(JITCompiler& jit)
>     : m_jit(jit)
>     , m_graph(m_jit.graph())
>diff --git a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
>index d9ce5baf25f0c493215e6a65904ad4beced0a77d..a7270dbd2cfb99053e9bf706ab130c356a89066c 100644
>--- a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
>+++ b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
>@@ -69,8 +69,11 @@ enum GeneratedOperandType { GeneratedOperandTypeUnknown, GeneratedOperandInteger
> // to propagate type information (including information that has
> // only speculatively been asserted) through the dataflow.
> class SpeculativeJIT {
>-    WTF_MAKE_FAST_ALLOCATED;
>-
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        WTF_MAKE_FAST_ALLOCATED_FROM_DEBUG_HEAP(SpeculativeJIT);
>+#else
>+        WTF_MAKE_FAST_ALLOCATED;
>+#endif
>     friend struct OSRExit;
> private:
>     typedef JITCompiler::TrustedImm32 TrustedImm32;
>diff --git a/Source/JavaScriptCore/heap/BlockDirectory.cpp b/Source/JavaScriptCore/heap/BlockDirectory.cpp
>index 7eee4a8746b6bd18852a7ab62874bbaf57abe289..89ce087e2e7f79363c6ebd684ce68a9cc848de21 100644
>--- a/Source/JavaScriptCore/heap/BlockDirectory.cpp
>+++ b/Source/JavaScriptCore/heap/BlockDirectory.cpp
>@@ -38,6 +38,14 @@
> 
> namespace JSC {
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& BlockDirectory::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> BlockDirectory::BlockDirectory(Heap* heap, size_t cellSize)
>     : m_cellSize(static_cast<unsigned>(cellSize))
>     , m_heap(heap)
>diff --git a/Source/JavaScriptCore/heap/BlockDirectory.h b/Source/JavaScriptCore/heap/BlockDirectory.h
>index a7bcaa6b9ebd4bad63d7e78110918e3e436387d1..df4f7e0828b62d00b516490600632b26447ac133 100644
>--- a/Source/JavaScriptCore/heap/BlockDirectory.h
>+++ b/Source/JavaScriptCore/heap/BlockDirectory.h
>@@ -73,8 +73,12 @@ class LLIntOffsetsExtractor;
> 
> class BlockDirectory {
>     WTF_MAKE_NONCOPYABLE(BlockDirectory);
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    WTF_MAKE_FAST_ALLOCATED_FROM_DEBUG_HEAP(BlockDirectory);
>+#else
>     WTF_MAKE_FAST_ALLOCATED;
>-    
>+#endif
>+
>     friend class LLIntOffsetsExtractor;
> 
> public:
>diff --git a/Source/JavaScriptCore/heap/FastMallocAlignedMemoryAllocator.cpp b/Source/JavaScriptCore/heap/FastMallocAlignedMemoryAllocator.cpp
>index cee66b0be01c1f3d2b9b6470e7cd0076010d9835..06431c994ae86061a053da6f7abd5b8997681796 100644
>--- a/Source/JavaScriptCore/heap/FastMallocAlignedMemoryAllocator.cpp
>+++ b/Source/JavaScriptCore/heap/FastMallocAlignedMemoryAllocator.cpp
>@@ -32,6 +32,9 @@
> namespace JSC {
> 
> FastMallocAlignedMemoryAllocator::FastMallocAlignedMemoryAllocator()
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    : m_heap("WebKit FastMallocAlignedMemoryAllocator")
>+#endif
> {
> }
> 
>@@ -41,12 +44,22 @@ FastMallocAlignedMemoryAllocator::~FastMallocAlignedMemoryAllocator()
> 
> void* FastMallocAlignedMemoryAllocator::tryAllocateAlignedMemory(size_t alignment, size_t size)
> {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    return m_heap.memalign(alignment, size, true);
>+#else
>     return tryFastAlignedMalloc(alignment, size);
>+#endif
>+
> }
> 
> void FastMallocAlignedMemoryAllocator::freeAlignedMemory(void* basePtr)
> {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    return m_heap.free(basePtr);
>+#else
>     fastAlignedFree(basePtr);
>+#endif
>+
> }
> 
> void FastMallocAlignedMemoryAllocator::dump(PrintStream& out) const
>@@ -61,12 +74,20 @@ void* FastMallocAlignedMemoryAllocator::tryAllocateMemory(size_t size)
> 
> void FastMallocAlignedMemoryAllocator::freeMemory(void* pointer)
> {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    return m_heap.free(pointer);
>+#else
>     FastMalloc::free(pointer);
>+#endif
> }
> 
> void* FastMallocAlignedMemoryAllocator::tryReallocateMemory(void* pointer, size_t size)
> {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    return m_heap.realloc(pointer, size);
>+#else
>     return FastMalloc::tryRealloc(pointer, size);
>+#endif
> }
> 
> } // namespace JSC
>diff --git a/Source/JavaScriptCore/heap/FastMallocAlignedMemoryAllocator.h b/Source/JavaScriptCore/heap/FastMallocAlignedMemoryAllocator.h
>index cfa770b0ecf31dc147db4cceedeacaf0114124f5..372af41db5886f7176f1b492dc900c201fea673f 100644
>--- a/Source/JavaScriptCore/heap/FastMallocAlignedMemoryAllocator.h
>+++ b/Source/JavaScriptCore/heap/FastMallocAlignedMemoryAllocator.h
>@@ -27,6 +27,10 @@
> 
> #include "AlignedMemoryAllocator.h"
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+#include <wtf/DebugHeap.h>
>+#endif
>+
> namespace JSC {
> 
> class FastMallocAlignedMemoryAllocator : public AlignedMemoryAllocator {
>@@ -42,6 +46,11 @@ class FastMallocAlignedMemoryAllocator : public AlignedMemoryAllocator {
>     void* tryAllocateMemory(size_t) override;
>     void freeMemory(void*) override;
>     void* tryReallocateMemory(void*, size_t) override;
>+
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+private:
>+    WTF::DebugHeap m_heap;
>+#endif
> };
> 
> } // namespace JSC
>diff --git a/Source/JavaScriptCore/heap/GCSegmentedArray.cpp b/Source/JavaScriptCore/heap/GCSegmentedArray.cpp
>new file mode 100644
>index 0000000000000000000000000000000000000000..3b8d9fcf658fadf0e3d249130667296b8b53350a
>--- /dev/null
>+++ b/Source/JavaScriptCore/heap/GCSegmentedArray.cpp
>@@ -0,0 +1,40 @@
>+/*
>+ * Copyright (C) 2018 Apple Inc. All rights reserved.
>+ *
>+ * Redistribution and use in source and binary forms, with or without
>+ * modification, are permitted provided that the following conditions
>+ * are met:
>+ * 1. Redistributions of source code must retain the above copyright
>+ *    notice, this list of conditions and the following disclaimer.
>+ * 2. Redistributions in binary form must reproduce the above copyright
>+ *    notice, this list of conditions and the following disclaimer in the
>+ *    documentation and/or other materials provided with the distribution.
>+ *
>+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
>+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
>+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
>+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
>+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
>+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
>+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
>+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
>+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
>+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
>+ * THE POSSIBILITY OF SUCH DAMAGE.
>+ */
>+
>+#include "config.h"
>+#include "GCSegmentedArray.h"
>+
>+#include <wtf/NeverDestroyed.h>
>+
>+namespace JSC {
>+
>+WTF::DebugHeap& segmentedArrayHeap()
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap("WebKit GCSegmentedArray");
>+    return heap;
>+}
>+
>+} // namespace JSC
>+
>diff --git a/Source/JavaScriptCore/heap/GCSegmentedArray.h b/Source/JavaScriptCore/heap/GCSegmentedArray.h
>index af2c9621613b2d9799906711ce3fbc44496dd2e2..8cb145b49672925a6b89db53b71c5b62695a57c3 100644
>--- a/Source/JavaScriptCore/heap/GCSegmentedArray.h
>+++ b/Source/JavaScriptCore/heap/GCSegmentedArray.h
>@@ -29,8 +29,16 @@
> #include <wtf/Forward.h>
> #include <wtf/Noncopyable.h>
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+#include <wtf/DebugHeap.h>
>+#endif
>+
> namespace JSC {
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+extern WTF::DebugHeap& segmentedArrayHeap();
>+#endif
>+
> template <typename T>
> class GCArraySegment : public DoublyLinkedListNode<GCArraySegment<T>> {
>     friend class WTF::DoublyLinkedListNode<GCArraySegment<T>>;
>diff --git a/Source/JavaScriptCore/heap/GCSegmentedArrayInlines.h b/Source/JavaScriptCore/heap/GCSegmentedArrayInlines.h
>index b4638f928e6ab089e4147d3e36c43b717b61e7f6..5c8296c3adca896a1522a12b814d9ee8c6d920a8 100644
>--- a/Source/JavaScriptCore/heap/GCSegmentedArrayInlines.h
>+++ b/Source/JavaScriptCore/heap/GCSegmentedArrayInlines.h
>@@ -126,14 +126,24 @@ void GCSegmentedArray<T>::fillVector(Vector<T>& vector)
> template <typename T>
> inline GCArraySegment<T>* GCArraySegment<T>::create()
> {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    return new (NotNull, segmentedArrayHeap().malloc(blockSize)) GCArraySegment<T>();
>+#else
>     return new (NotNull, fastMalloc(blockSize)) GCArraySegment<T>();
>+#endif
>+
> }
> 
> template <typename T>
> inline void GCArraySegment<T>::destroy(GCArraySegment* segment)
> {
>     segment->~GCArraySegment();
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    segmentedArrayHeap().free(segment);
>+#else
>     fastFree(segment);
>+#endif
>+
> }
> 
> template <typename T>
>diff --git a/Source/JavaScriptCore/heap/IsoAlignedMemoryAllocator.cpp b/Source/JavaScriptCore/heap/IsoAlignedMemoryAllocator.cpp
>index 6912870c26f552837a9f3bfbdf714ba398922884..bf70706d7c5899351bc975dc14917fe98abb7df0 100644
>--- a/Source/JavaScriptCore/heap/IsoAlignedMemoryAllocator.cpp
>+++ b/Source/JavaScriptCore/heap/IsoAlignedMemoryAllocator.cpp
>@@ -27,10 +27,23 @@
> #include "IsoAlignedMemoryAllocator.h"
> #include "MarkedBlock.h"
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+#include <wtf/DebugHeap.h>
>+#endif
>+
> namespace JSC {
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+static WTF::DebugHeap& debugHeap()
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap("WebKit IsoAlignedMemoryAllocator");
>+    return heap;
>+}
>+#endif
>+
> IsoAlignedMemoryAllocator::IsoAlignedMemoryAllocator()
> {
>+
> }
> 
> IsoAlignedMemoryAllocator::~IsoAlignedMemoryAllocator()
>@@ -39,7 +52,12 @@ IsoAlignedMemoryAllocator::~IsoAlignedMemoryAllocator()
>         void* block = m_blocks[i];
>         if (!m_committed[i])
>             WTF::fastCommitAlignedMemory(block, MarkedBlock::blockSize);
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        debugHeap().free(block);
>+#else
>         fastAlignedFree(block);
>+#endif
>+
>     }
> }
> 
>@@ -60,7 +78,11 @@ void* IsoAlignedMemoryAllocator::tryAllocateAlignedMemory(size_t alignment, size
>         return result;
>     }
>     
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    void* result = debugHeap().memalign(MarkedBlock::blockSize, MarkedBlock::blockSize, true);
>+#else
>     void* result = tryFastAlignedMalloc(MarkedBlock::blockSize, MarkedBlock::blockSize);
>+#endif
>     if (!result)
>         return nullptr;
>     unsigned index = m_blocks.size();
>diff --git a/Source/JavaScriptCore/heap/IsoAlignedMemoryAllocator.h b/Source/JavaScriptCore/heap/IsoAlignedMemoryAllocator.h
>index e585d82c5ab68c45752b9a270c20017e2b3ae68e..358fcb3a94cb80dcd060e917f3a1ad4e1950b302 100644
>--- a/Source/JavaScriptCore/heap/IsoAlignedMemoryAllocator.h
>+++ b/Source/JavaScriptCore/heap/IsoAlignedMemoryAllocator.h
>@@ -30,6 +30,7 @@
> #include <wtf/HashMap.h>
> #include <wtf/Vector.h>
> 
>+
> namespace JSC {
> 
> class IsoAlignedMemoryAllocator : public AlignedMemoryAllocator {
>diff --git a/Source/JavaScriptCore/heap/MarkedBlock.cpp b/Source/JavaScriptCore/heap/MarkedBlock.cpp
>index 4954348738a789d237be7182934078c175189053..6fc9d34be0acd37db2301257434289f90152f14b 100644
>--- a/Source/JavaScriptCore/heap/MarkedBlock.cpp
>+++ b/Source/JavaScriptCore/heap/MarkedBlock.cpp
>@@ -47,6 +47,20 @@ const size_t MarkedBlock::blockSize;
> static const bool computeBalance = false;
> static size_t balance;
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& MarkedBlock::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+
>+WTF::DebugHeap& MarkedBlock::Handle::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> MarkedBlock::Handle* MarkedBlock::tryCreate(Heap& heap, AlignedMemoryAllocator* alignedMemoryAllocator)
> {
>     if (computeBalance) {
>diff --git a/Source/JavaScriptCore/heap/MarkedBlock.h b/Source/JavaScriptCore/heap/MarkedBlock.h
>index 4392932aec70fcf220848afe657e80f54b5799a1..bc50ea7ea2d5cd103d4f741c869ba39754b25f1d 100644
>--- a/Source/JavaScriptCore/heap/MarkedBlock.h
>+++ b/Source/JavaScriptCore/heap/MarkedBlock.h
>@@ -55,6 +55,9 @@ typedef uint32_t HeapVersion;
> 
> class MarkedBlock {
>     WTF_MAKE_NONCOPYABLE(MarkedBlock);
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    WTF_MAKE_STRUCT_FAST_ALLOCATED_FROM_DEBUG_HEAP(MarkedBlock);
>+#endif
>     friend class LLIntOffsetsExtractor;
>     friend struct VerifyMarked;
> 
>@@ -102,7 +105,11 @@ class MarkedBlock {
>         
>     class Handle {
>         WTF_MAKE_NONCOPYABLE(Handle);
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        WTF_MAKE_STRUCT_FAST_ALLOCATED_FROM_DEBUG_HEAP(MarkedBlock::Handle);
>+#else
>         WTF_MAKE_FAST_ALLOCATED;
>+#endif
>         friend class LLIntOffsetsExtractor;
>         friend class MarkedBlock;
>         friend struct VerifyMarked;
>diff --git a/Source/JavaScriptCore/heap/WeakBlock.cpp b/Source/JavaScriptCore/heap/WeakBlock.cpp
>index 323ce6ffac688ae14b10dc84c85d122df021fba8..4078571b0f276dbb7a809a48a67fa6bb412df5de 100644
>--- a/Source/JavaScriptCore/heap/WeakBlock.cpp
>+++ b/Source/JavaScriptCore/heap/WeakBlock.cpp
>@@ -35,16 +35,33 @@
> 
> namespace JSC {
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+static WTF::DebugHeap& debugHeap()
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap("WebKit JSC WeakBlock");
>+    return heap;
>+}
>+#endif
>+
> WeakBlock* WeakBlock::create(Heap& heap, CellContainer container)
> {
>     heap.didAllocateBlock(WeakBlock::blockSize);
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    return new (NotNull, debugHeap().malloc(blockSize)) WeakBlock(container);
>+#else
>     return new (NotNull, fastMalloc(blockSize)) WeakBlock(container);
>+#endif
>+
> }
> 
> void WeakBlock::destroy(Heap& heap, WeakBlock* block)
> {
>     block->~WeakBlock();
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    debugHeap().free(block);
>+#else
>     fastFree(block);
>+#endif
>     heap.didFreeBlock(WeakBlock::blockSize);
> }
> 
>diff --git a/Source/JavaScriptCore/jit/JITCode.cpp b/Source/JavaScriptCore/jit/JITCode.cpp
>index 703b319526ab2df391b3b0367236f07415e6feac..a4795aedfdec27d38806a3fbb237729ac5a3b666 100644
>--- a/Source/JavaScriptCore/jit/JITCode.cpp
>+++ b/Source/JavaScriptCore/jit/JITCode.cpp
>@@ -32,6 +32,14 @@
> 
> namespace JSC {
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& DirectJITCode::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> JITCode::JITCode(JITType jitType, ShareAttribute shareAttribute)
>     : m_jitType(jitType)
>     , m_shareAttribute(shareAttribute)
>diff --git a/Source/JavaScriptCore/jit/JITCode.h b/Source/JavaScriptCore/jit/JITCode.h
>index e8c4c46464225f739532099af63142867a084483..7abfcf9f207f0f77db206ac83404aa5a1b0801dd 100644
>--- a/Source/JavaScriptCore/jit/JITCode.h
>+++ b/Source/JavaScriptCore/jit/JITCode.h
>@@ -238,6 +238,9 @@ class JITCodeWithCodeRef : public JITCode {
> };
> 
> class DirectJITCode : public JITCodeWithCodeRef {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    WTF_MAKE_STRUCT_FAST_ALLOCATED_FROM_DEBUG_HEAP(DirectJITCode);
>+#endif
> public:
>     DirectJITCode(JITType);
>     DirectJITCode(CodeRef<JSEntryPtrTag>, CodePtr<JSEntryPtrTag> withArityCheck, JITType, JITCode::ShareAttribute = JITCode::ShareAttribute::NotShared);
>diff --git a/Source/JavaScriptCore/jit/RegisterAtOffsetList.cpp b/Source/JavaScriptCore/jit/RegisterAtOffsetList.cpp
>index eb1f28378c3ce5436c5c97ed8da24c066a5756d7..ae6f486953bd0e0dec74c7176d5bde2127fb97e0 100644
>--- a/Source/JavaScriptCore/jit/RegisterAtOffsetList.cpp
>+++ b/Source/JavaScriptCore/jit/RegisterAtOffsetList.cpp
>@@ -31,7 +31,15 @@
> #include <wtf/ListDump.h>
> 
> namespace JSC {
>-    
>+
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& RegisterAtOffsetList::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> RegisterAtOffsetList::RegisterAtOffsetList() { }
> 
> RegisterAtOffsetList::RegisterAtOffsetList(RegisterSet registerSet, OffsetBaseType offsetBaseType)
>diff --git a/Source/JavaScriptCore/jit/RegisterAtOffsetList.h b/Source/JavaScriptCore/jit/RegisterAtOffsetList.h
>index 173cf949866cc0961c40574f2c2f999d4e4dd610..8bc070ce259a0a349368723200e2066a7a5c68fd 100644
>--- a/Source/JavaScriptCore/jit/RegisterAtOffsetList.h
>+++ b/Source/JavaScriptCore/jit/RegisterAtOffsetList.h
>@@ -33,7 +33,11 @@
> namespace JSC {
> 
> class RegisterAtOffsetList {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    WTF_MAKE_STRUCT_FAST_ALLOCATED_FROM_DEBUG_HEAP(RegisterAtOffsetList);
>+#else
>     WTF_MAKE_FAST_ALLOCATED;
>+#endif
> public:
>     enum OffsetBaseType { FramePointerBased, ZeroBased };
> 
>diff --git a/Source/JavaScriptCore/jsc.cpp b/Source/JavaScriptCore/jsc.cpp
>index c110dc43f1763866489ca44882a56c19c29531ce..3b746997446dd9057771b8159bdc39352dc7bb37 100644
>--- a/Source/JavaScriptCore/jsc.cpp
>+++ b/Source/JavaScriptCore/jsc.cpp
>@@ -1401,6 +1401,7 @@ class JSCMemoryFootprint : public JSDestructibleObject {
> 
>         addProperty(vm, "current", jsNumber(footprint.current));
>         addProperty(vm, "peak", jsNumber(footprint.peak));
>+        WTF::fastMallocDumpMallocStats();
>     }
> 
>     DECLARE_INFO;
>diff --git a/Source/JavaScriptCore/parser/Nodes.cpp b/Source/JavaScriptCore/parser/Nodes.cpp
>index 15bdb56dab60e7fe435c2c4adad742a1e79fe351..f36e4983a5a877548a4d0d7b3b046a2ee50bd3c5 100644
>--- a/Source/JavaScriptCore/parser/Nodes.cpp
>+++ b/Source/JavaScriptCore/parser/Nodes.cpp
>@@ -33,6 +33,15 @@
> 
> namespace JSC {
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& ParserArenaRoot::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+
>+#endif
>+
> // ------------------------------ StatementNode --------------------------------
> 
> void StatementNode::setLoc(unsigned firstLine, unsigned lastLine, int startOffset, int lineStartOffset)
>diff --git a/Source/JavaScriptCore/parser/Nodes.h b/Source/JavaScriptCore/parser/Nodes.h
>index 728f736e7ad5f1a82091303ac091342e7e1e3fe5..7ba6548acf8ef68b2013b85ca7d26f82ac1edd0a 100644
>--- a/Source/JavaScriptCore/parser/Nodes.h
>+++ b/Source/JavaScriptCore/parser/Nodes.h
>@@ -129,7 +129,11 @@ namespace JSC {
>         typedef int __thisIsHereToForceASemicolonAfterThisMacro
> 
>     class ParserArenaRoot {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        WTF_MAKE_FAST_ALLOCATED_FROM_DEBUG_HEAP(ParserArenaRoot);
>+#else
>         WTF_MAKE_FAST_ALLOCATED;
>+#endif
>     protected:
>         ParserArenaRoot(ParserArena&);
> 
>diff --git a/Source/JavaScriptCore/parser/ParserArena.cpp b/Source/JavaScriptCore/parser/ParserArena.cpp
>index a276887708c409644db81bcced8ae71b5c04e9a8..30ee024813ed97d3f65c9b81c11b36277bec3d1f 100644
>--- a/Source/JavaScriptCore/parser/ParserArena.cpp
>+++ b/Source/JavaScriptCore/parser/ParserArena.cpp
>@@ -31,6 +31,20 @@
> 
> namespace JSC {
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& IdentifierArena::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+
>+static WTF::DebugHeap& debugHeap()
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap("WebKit JSC ParserArena");
>+    return heap;
>+}
>+#endif
>+
> ParserArena::ParserArena()
>     : m_freeableMemory(0)
>     , m_freeablePoolEnd(0)
>@@ -49,12 +63,22 @@ inline void ParserArena::deallocateObjects()
>     for (size_t i = 0; i < size; ++i)
>         m_deletableObjects[i]->~ParserArenaDeletable();
> 
>-    if (m_freeablePoolEnd)
>+    if (m_freeablePoolEnd) {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        debugHeap().free(freeablePool());
>+#else
>         fastFree(freeablePool());
>+#endif
>+    }
> 
>     size = m_freeablePools.size();
>-    for (size_t i = 0; i < size; ++i)
>+    for (size_t i = 0; i < size; ++i) {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        debugHeap().free(m_freeablePools[i]);
>+#else
>         fastFree(m_freeablePools[i]);
>+#endif
>+    }
> }
> 
> ParserArena::~ParserArena()
>@@ -67,7 +91,11 @@ void ParserArena::allocateFreeablePool()
>     if (m_freeablePoolEnd)
>         m_freeablePools.append(freeablePool());
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    char* pool = static_cast<char*>(debugHeap().malloc(freeablePoolSize));
>+#else
>     char* pool = static_cast<char*>(fastMalloc(freeablePoolSize));
>+#endif
>     m_freeableMemory = pool;
>     m_freeablePoolEnd = pool + freeablePoolSize;
>     ASSERT(freeablePool() == pool);
>diff --git a/Source/JavaScriptCore/parser/ParserArena.h b/Source/JavaScriptCore/parser/ParserArena.h
>index 67b782dd3dc6cb52c178f336df338a726d986969..390ea75098379fdcb3383f28a5295afa5034a78f 100644
>--- a/Source/JavaScriptCore/parser/ParserArena.h
>+++ b/Source/JavaScriptCore/parser/ParserArena.h
>@@ -36,7 +36,11 @@ namespace JSC {
>     class ParserArenaDeletable;
> 
>     class IdentifierArena {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        WTF_MAKE_FAST_ALLOCATED_FROM_DEBUG_HEAP(IdentifierArena);
>+#else
>         WTF_MAKE_FAST_ALLOCATED;
>+#endif
>     public:
>         IdentifierArena()
>         {
>diff --git a/Source/JavaScriptCore/parser/SourceProvider.cpp b/Source/JavaScriptCore/parser/SourceProvider.cpp
>index 15f00f306a3063adedc38a8fd1677b5bb9abb996..d2f6714b1aec0f6b4601119709bc48336da305c7 100644
>--- a/Source/JavaScriptCore/parser/SourceProvider.cpp
>+++ b/Source/JavaScriptCore/parser/SourceProvider.cpp
>@@ -31,6 +31,14 @@
> 
> namespace JSC {
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& StringSourceProvider::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> SourceProvider::SourceProvider(const SourceOrigin& sourceOrigin, URL&& url, const TextPosition& startPosition, SourceProviderSourceType sourceType)
>     : m_sourceType(sourceType)
>     , m_url(WTFMove(url))
>diff --git a/Source/JavaScriptCore/parser/SourceProvider.h b/Source/JavaScriptCore/parser/SourceProvider.h
>index d8e04156907183ba94074718b989857b62b5aab5..b04849617c36c8ec4599f536aa6fad4c3e23187d 100644
>--- a/Source/JavaScriptCore/parser/SourceProvider.h
>+++ b/Source/JavaScriptCore/parser/SourceProvider.h
>@@ -101,6 +101,9 @@ class UnlinkedFunctionCodeBlock;
>     };
> 
>     class StringSourceProvider : public SourceProvider {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        WTF_MAKE_FAST_ALLOCATED_FROM_DEBUG_HEAP(StringSourceProvider);
>+#endif
>     public:
>         static Ref<StringSourceProvider> create(const String& source, const SourceOrigin& sourceOrigin, URL&& url, const TextPosition& startPosition = TextPosition(), SourceProviderSourceType sourceType = SourceProviderSourceType::Program)
>         {
>diff --git a/Source/JavaScriptCore/parser/SourceProviderCache.cpp b/Source/JavaScriptCore/parser/SourceProviderCache.cpp
>index ccc67272c81b4153a6e67dd4018e2d276830d2c3..cf7d7286586498dae845493f1af34e8f54d20a24 100644
>--- a/Source/JavaScriptCore/parser/SourceProviderCache.cpp
>+++ b/Source/JavaScriptCore/parser/SourceProviderCache.cpp
>@@ -30,6 +30,20 @@
> 
> namespace JSC {
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& SourceProviderCache::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+
>+WTF::DebugHeap& SourceProviderCacheItem::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> SourceProviderCache::~SourceProviderCache()
> {
>     clear();
>diff --git a/Source/JavaScriptCore/parser/SourceProviderCache.h b/Source/JavaScriptCore/parser/SourceProviderCache.h
>index 05a851f9ae5bfeea201ec8ddb82c194a7980db9e..da3d27d322101967a919c33d4e597686929b6b29 100644
>--- a/Source/JavaScriptCore/parser/SourceProviderCache.h
>+++ b/Source/JavaScriptCore/parser/SourceProviderCache.h
>@@ -32,7 +32,11 @@
> namespace JSC {
> 
> class SourceProviderCache : public RefCounted<SourceProviderCache> {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    WTF_MAKE_STRUCT_FAST_ALLOCATED_FROM_DEBUG_HEAP(SourceProviderCache);
>+#else
>     WTF_MAKE_FAST_ALLOCATED;
>+#endif
> public:
>     SourceProviderCache() { }
>     JS_EXPORT_PRIVATE ~SourceProviderCache();
>diff --git a/Source/JavaScriptCore/parser/SourceProviderCacheItem.h b/Source/JavaScriptCore/parser/SourceProviderCacheItem.h
>index 7775b69e9bdcd00955cb909b8a139734b8ff5640..19c8fd562ec6b236daeb7b46e370e234317404a5 100644
>--- a/Source/JavaScriptCore/parser/SourceProviderCacheItem.h
>+++ b/Source/JavaScriptCore/parser/SourceProviderCacheItem.h
>@@ -58,7 +58,11 @@ struct SourceProviderCacheItemCreationParameters {
> #endif
> 
> class SourceProviderCacheItem {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    WTF_MAKE_STRUCT_FAST_ALLOCATED_FROM_DEBUG_HEAP(SourceProviderCacheItem);
>+#else
>     WTF_MAKE_FAST_ALLOCATED;
>+#endif
> public:
>     static std::unique_ptr<SourceProviderCacheItem> create(const SourceProviderCacheItemCreationParameters&);
>     ~SourceProviderCacheItem();
>@@ -112,7 +116,11 @@ inline std::unique_ptr<SourceProviderCacheItem> SourceProviderCacheItem::create(
> {
>     size_t variableCount = parameters.usedVariables.size();
>     size_t objectSize = sizeof(SourceProviderCacheItem) + sizeof(UniquedStringImpl*) * variableCount;
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    void* slot = SourceProviderCacheItem::debugHeap("WebKit SourceProviderCacheItem").malloc(objectSize);
>+#else
>     void* slot = fastMalloc(objectSize);
>+#endif
>     return std::unique_ptr<SourceProviderCacheItem>(new (slot) SourceProviderCacheItem(parameters));
> }
> 
>diff --git a/Source/JavaScriptCore/runtime/CachedTypes.cpp b/Source/JavaScriptCore/runtime/CachedTypes.cpp
>index 3b610a8d7778a7d7b81ba0be6c137a4bd7636a3d..fe1cc039126b7753a88e9e3fca2dd18b5e7ea945 100644
>--- a/Source/JavaScriptCore/runtime/CachedTypes.cpp
>+++ b/Source/JavaScriptCore/runtime/CachedTypes.cpp
>@@ -40,6 +40,7 @@
> #include "UnlinkedModuleProgramCodeBlock.h"
> #include "UnlinkedProgramCodeBlock.h"
> #include <wtf/FastMalloc.h>
>+#include <wtf/MallocPtr.h>
> #include <wtf/Optional.h>
> #include <wtf/UUID.h>
> #include <wtf/text/AtomicStringImpl.h>
>@@ -147,7 +148,11 @@ class Encoder {
>     Ref<CachedBytecode> release()
>     {
>         size_t size = m_baseOffset + m_currentPage->size();
>-        MallocPtr<uint8_t> buffer = MallocPtr<uint8_t>::malloc(size);
>+        MallocPtr<uint8_t> buffer = MallocPtr<uint8_t>::malloc(size
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        , VMDebugHeap()
>+#endif
>+        );
>         unsigned offset = 0;
>         for (const auto& page : m_pages) {
>             memcpy(buffer.get() + offset, page.buffer(), page.size());
>@@ -161,10 +166,18 @@ class Encoder {
>     class Page {
>     public:
>         Page(size_t size)
>-            : m_offset(0)
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+            : m_buffer(VMDebugHeap())
>             , m_capacity(size)
>+#else
>+            : m_capacity(size)
>+#endif
>         {
>-            m_buffer = MallocPtr<uint8_t>::malloc(size);
>+            m_buffer = MallocPtr<uint8_t>::malloc(size
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+                , VMDebugHeap()
>+#endif
>+                );
>         }
> 
>         bool malloc(size_t size, ptrdiff_t& result)
>@@ -195,7 +208,7 @@ class Encoder {
> 
>     private:
>         MallocPtr<uint8_t> m_buffer;
>-        ptrdiff_t m_offset;
>+        ptrdiff_t m_offset { 0 };
>         size_t m_capacity;
>     };
> 
>diff --git a/Source/JavaScriptCore/runtime/PropertyMapHashTable.h b/Source/JavaScriptCore/runtime/PropertyMapHashTable.h
>index 70e9a71d0ddb064cc255b4e3e22a90abdeaf3828..f30b4b13e38bc7bec48253c150b20bc98fd05f53 100644
>--- a/Source/JavaScriptCore/runtime/PropertyMapHashTable.h
>+++ b/Source/JavaScriptCore/runtime/PropertyMapHashTable.h
>@@ -205,6 +205,8 @@ class PropertyTable final : public JSCell {
>     static const unsigned EmptyEntryIndex = 0;
> 
> private:
>+    JS_EXPORT_PRIVATE static WTF::DebugHeap& debugHeap();
>+
>     PropertyTable(VM&, unsigned initialCapacity);
>     PropertyTable(VM&, const PropertyTable&);
>     PropertyTable(VM&, unsigned initialCapacity, const PropertyTable&);
>@@ -514,14 +516,24 @@ inline void PropertyTable::rehash(unsigned newCapacity)
>     m_indexMask = m_indexSize - 1;
>     m_keyCount = 0;
>     m_deletedCount = 0;
>+
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    m_index = static_cast<unsigned*>(debugHeap().calloc(1, dataSize()));
>+#else
>     m_index = static_cast<unsigned*>(fastZeroedMalloc(dataSize()));
>+#endif
> 
>     for (; iter != end; ++iter) {
>         ASSERT(canInsert());
>         reinsert(*iter);
>     }
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    debugHeap().free(oldEntryIndices);
>+#else
>     fastFree(oldEntryIndices);
>+#endif
>+
> }
> 
> inline unsigned PropertyTable::tableCapacity() const { return m_indexSize >> 1; }
>diff --git a/Source/JavaScriptCore/runtime/PropertyTable.cpp b/Source/JavaScriptCore/runtime/PropertyTable.cpp
>index 59ec41c49ae82f47f6986806dd6143944a42b5d6..5cd0eb8b09f4ae13807a6ff5651571e5667989ef 100644
>--- a/Source/JavaScriptCore/runtime/PropertyTable.cpp
>+++ b/Source/JavaScriptCore/runtime/PropertyTable.cpp
>@@ -32,6 +32,14 @@ namespace JSC {
> 
> const ClassInfo PropertyTable::s_info = { "PropertyTable", nullptr, nullptr, nullptr, CREATE_METHOD_TABLE(PropertyTable) };
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& PropertyTable::debugHeap()
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap("WebKit JSC PropertyTable");
>+    return heap;
>+}
>+#endif
>+
> PropertyTable* PropertyTable::create(VM& vm, unsigned initialCapacity)
> {
>     PropertyTable* table = new (NotNull, allocateCell<PropertyTable>(vm.heap)) PropertyTable(vm, initialCapacity);
>@@ -57,7 +65,11 @@ PropertyTable::PropertyTable(VM& vm, unsigned initialCapacity)
>     : JSCell(vm, vm.propertyTableStructure.get())
>     , m_indexSize(sizeForCapacity(initialCapacity))
>     , m_indexMask(m_indexSize - 1)
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    , m_index(static_cast<unsigned*>(debugHeap().calloc(1, dataSize())))
>+#else
>     , m_index(static_cast<unsigned*>(fastZeroedMalloc(dataSize())))
>+#endif
>     , m_keyCount(0)
>     , m_deletedCount(0)
> {
>@@ -68,7 +80,11 @@ PropertyTable::PropertyTable(VM& vm, const PropertyTable& other)
>     : JSCell(vm, vm.propertyTableStructure.get())
>     , m_indexSize(other.m_indexSize)
>     , m_indexMask(other.m_indexMask)
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    , m_index(static_cast<unsigned*>(debugHeap().malloc(dataSize())))
>+#else
>     , m_index(static_cast<unsigned*>(fastMalloc(dataSize())))
>+#endif
>     , m_keyCount(other.m_keyCount)
>     , m_deletedCount(other.m_deletedCount)
> {
>@@ -90,7 +106,11 @@ PropertyTable::PropertyTable(VM& vm, unsigned initialCapacity, const PropertyTab
>     : JSCell(vm, vm.propertyTableStructure.get())
>     , m_indexSize(sizeForCapacity(initialCapacity))
>     , m_indexMask(m_indexSize - 1)
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    , m_index(static_cast<unsigned*>(debugHeap().calloc(1, dataSize())))
>+#else
>     , m_index(static_cast<unsigned*>(fastZeroedMalloc(dataSize())))
>+#endif
>     , m_keyCount(0)
>     , m_deletedCount(0)
> {
>@@ -121,7 +141,12 @@ PropertyTable::~PropertyTable()
>     for (iterator iter = begin(); iter != end; ++iter)
>         iter->key->deref();
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    debugHeap().free(m_index);
>+#else
>     fastFree(m_index);
>+#endif
>+
> }
> 
> } // namespace JSC
>diff --git a/Source/JavaScriptCore/runtime/SymbolTable.cpp b/Source/JavaScriptCore/runtime/SymbolTable.cpp
>index c93607e891447d6ace3d80c2e4e373f5685d726b..3537b3cc5730f16d33fe13361324fd68d454f1f4 100644
>--- a/Source/JavaScriptCore/runtime/SymbolTable.cpp
>+++ b/Source/JavaScriptCore/runtime/SymbolTable.cpp
>@@ -39,6 +39,14 @@ namespace JSC {
> 
> const ClassInfo SymbolTable::s_info = { "SymbolTable", nullptr, nullptr, nullptr, CREATE_METHOD_TABLE(SymbolTable) };
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& SymbolTableEntry::FatEntry::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> SymbolTableEntry& SymbolTableEntry::copySlow(const SymbolTableEntry& other)
> {
>     ASSERT(other.isFat());
>diff --git a/Source/JavaScriptCore/runtime/SymbolTable.h b/Source/JavaScriptCore/runtime/SymbolTable.h
>index 3fd1c46e1adf7ceade4e16b11ba7c10000274fb0..196515a49b49b05ea74781f22e613c07bab6d547 100644
>--- a/Source/JavaScriptCore/runtime/SymbolTable.h
>+++ b/Source/JavaScriptCore/runtime/SymbolTable.h
>@@ -332,7 +332,11 @@ struct SymbolTableEntry {
>     static const intptr_t FlagBits = 6;
>     
>     class FatEntry {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        WTF_MAKE_STRUCT_FAST_ALLOCATED_FROM_DEBUG_HEAP(SymbolTableEntry::FatEntry);
>+#else
>         WTF_MAKE_FAST_ALLOCATED;
>+#endif
>     public:
>         FatEntry(intptr_t bits)
>             : m_bits(bits & ~SlimFlag)
>diff --git a/Source/JavaScriptCore/runtime/VM.cpp b/Source/JavaScriptCore/runtime/VM.cpp
>index a630116cc2ca027404b00180f0a6549a8674ec8b..bd77caff9f5e8a2b34bd7aecd5d184abffe37c67 100644
>--- a/Source/JavaScriptCore/runtime/VM.cpp
>+++ b/Source/JavaScriptCore/runtime/VM.cpp
>@@ -250,6 +250,14 @@ inline unsigned VM::nextID()
> 
> static bool vmCreationShouldCrash = false;
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& VMDebugHeap()
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap("WebKit VM");
>+    return heap;
>+}
>+#endif
>+
> VM::VM(VMType vmType, HeapType heapType)
>     : m_id(nextID())
>     , m_apiLock(adoptRef(new JSLock(this)))
>@@ -321,6 +329,9 @@ VM::VM(VMType vmType, HeapType heapType)
>     , m_typeProfilerEnabledCount(0)
>     , m_primitiveGigacageEnabled(IsWatched)
>     , m_controlFlowProfilerEnabledCount(0)
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    , m_exceptionFuzzBuffer(VMDebugHeap())
>+#endif
> {
>     if (UNLIKELY(vmCreationShouldCrash))
>         CRASH_WITH_INFO(0x4242424220202020, 0xbadbeef0badbeef, 0x1234123412341234, 0x1337133713371337);
>@@ -558,8 +569,13 @@ VM::~VM()
> #endif
> 
> #if ENABLE(DFG_JIT)
>-    for (unsigned i = 0; i < m_scratchBuffers.size(); ++i)
>+    for (unsigned i = 0; i < m_scratchBuffers.size(); ++i) {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        VMDebugHeap().free(m_scratchBuffers[i]);
>+#else
>         fastFree(m_scratchBuffers[i]);
>+#endif
>+    }
> #endif
> }
> 
>diff --git a/Source/JavaScriptCore/runtime/VM.h b/Source/JavaScriptCore/runtime/VM.h
>index b985d47ea4d95edddc9c0cf36689653376f7d1df..8aac8dc15e09272fe8c4015668fcc2ea6d1f7eae 100644
>--- a/Source/JavaScriptCore/runtime/VM.h
>+++ b/Source/JavaScriptCore/runtime/VM.h
>@@ -223,6 +223,10 @@ class QueuedTask {
> 
> class ConservativeRoots;
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& VMDebugHeap();
>+#endif
>+
> #if COMPILER(MSVC)
> #pragma warning(push)
> #pragma warning(disable: 4200) // Disable "zero-sized array in struct/union" warning
>@@ -235,8 +239,11 @@ struct ScratchBuffer {
> 
>     static ScratchBuffer* create(size_t size)
>     {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        ScratchBuffer* result = new (VMDebugHeap().malloc(ScratchBuffer::allocationSize(size))) ScratchBuffer;
>+#else
>         ScratchBuffer* result = new (fastMalloc(ScratchBuffer::allocationSize(size))) ScratchBuffer;
>-
>+#endif
>         return result;
>     }
> 
>@@ -770,8 +777,13 @@ class VM : public ThreadSafeRefCounted<VM>, public DoublyLinkedListNode<VM> {
>     EncodedJSValue* exceptionFuzzingBuffer(size_t size)
>     {
>         ASSERT(Options::useExceptionFuzz());
>-        if (!m_exceptionFuzzBuffer)
>+        if (!m_exceptionFuzzBuffer) {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+            m_exceptionFuzzBuffer = MallocPtr<EncodedJSValue>::malloc(size, VMDebugHeap());
>+#else
>             m_exceptionFuzzBuffer = MallocPtr<EncodedJSValue>::malloc(size);
>+#endif
>+        }
>         return m_exceptionFuzzBuffer.get();
>     }
> 
>diff --git a/Source/JavaScriptCore/runtime/WeakMapImpl.h b/Source/JavaScriptCore/runtime/WeakMapImpl.h
>index 8b45ffe15912937d01c8bb10a767ec93d3ded65a..e44048999da40597a9208e11ce7f3668c4d795e1 100644
>--- a/Source/JavaScriptCore/runtime/WeakMapImpl.h
>+++ b/Source/JavaScriptCore/runtime/WeakMapImpl.h
>@@ -180,7 +180,11 @@ class WeakMapBuffer {
>     static MallocPtr<WeakMapBuffer, JSValueMalloc> create(uint32_t capacity)
>     {
>         size_t allocationSize = WeakMapBuffer::allocationSize(capacity);
>-        auto buffer = MallocPtr<WeakMapBuffer, JSValueMalloc>::malloc(allocationSize);
>+        auto buffer = MallocPtr<WeakMapBuffer, JSValueMalloc>::malloc(allocationSize
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+            , VMDebugHeap()
>+#endif
>+            );
>         buffer->reset(capacity);
>         return buffer;
>     }
>@@ -207,6 +211,9 @@ class WeakMapImpl : public JSDestructibleObject {
> 
>     WeakMapImpl(VM& vm, Structure* structure)
>         : Base(vm, structure)
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        , m_buffer(VMDebugHeap())
>+#endif
>     {
>     }
> 
>diff --git a/Source/JavaScriptCore/wasm/WasmInstance.cpp b/Source/JavaScriptCore/wasm/WasmInstance.cpp
>index dcbaa357e63a2beb9594f635a6805495c6306983..5b9c775d9277da882599cd65d84182a57e0e19cd 100644
>--- a/Source/JavaScriptCore/wasm/WasmInstance.cpp
>+++ b/Source/JavaScriptCore/wasm/WasmInstance.cpp
>@@ -44,7 +44,11 @@ size_t globalMemoryByteSize(Module& module)
> Instance::Instance(Context* context, Ref<Module>&& module, EntryFrame** pointerToTopEntryFrame, void** pointerToActualStackLimit, StoreTopCallFrameCallback&& storeTopCallFrame)
>     : m_context(context)
>     , m_module(WTFMove(module))
>-    , m_globals(MallocPtr<uint64_t>::malloc(globalMemoryByteSize(m_module.get())))
>+    , m_globals(MallocPtr<uint64_t>::malloc(globalMemoryByteSize(m_module.get())
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        , VMDebugHeap()
>+#endif
>+        ))
>     , m_pointerToTopEntryFrame(pointerToTopEntryFrame)
>     , m_pointerToActualStackLimit(pointerToActualStackLimit)
>     , m_storeTopCallFrame(WTFMove(storeTopCallFrame))
>diff --git a/Source/JavaScriptCore/wasm/WasmTable.cpp b/Source/JavaScriptCore/wasm/WasmTable.cpp
>index e5c608cb1f028c8644399c59a07d23790d4e37a9..597bf876b5a249b29041f5825ec7210fa037ed35 100644
>--- a/Source/JavaScriptCore/wasm/WasmTable.cpp
>+++ b/Source/JavaScriptCore/wasm/WasmTable.cpp
>@@ -59,6 +59,10 @@ Table::~Table()
> }
> 
> Table::Table(uint32_t initial, Optional<uint32_t> maximum)
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    : m_importableFunctions(VMDebugHeap())
>+    , m_instances(VMDebugHeap())
>+#endif
> {
>     setLength(initial);
>     m_maximum = maximum;
>@@ -66,9 +70,17 @@ Table::Table(uint32_t initial, Optional<uint32_t> maximum)
> 
>     // FIXME: It might be worth trying to pre-allocate maximum here. The spec recommends doing so.
>     // But for now, we're not doing that.
>-    m_importableFunctions = MallocPtr<WasmToWasmImportableFunction>::malloc((sizeof(WasmToWasmImportableFunction) * Checked<size_t>(allocatedLength(m_length))).unsafeGet());
>+    m_importableFunctions = MallocPtr<WasmToWasmImportableFunction>::malloc((sizeof(WasmToWasmImportableFunction) * Checked<size_t>(allocatedLength(m_length))).unsafeGet()
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        , VMDebugHeap()
>+#endif
>+        );
>     // FIXME this over-allocates and could be smarter about not committing all of that memory https://bugs.webkit.org/show_bug.cgi?id=181425
>-    m_instances = MallocPtr<Instance*>::malloc((sizeof(Instance*) * Checked<size_t>(allocatedLength(m_length))).unsafeGet());
>+    m_instances = MallocPtr<Instance*>::malloc((sizeof(Instance*) * Checked<size_t>(allocatedLength(m_length))).unsafeGet()
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        , VMDebugHeap()
>+#endif
>+    );
>     for (uint32_t i = 0; i < allocatedLength(m_length); ++i) {
>         new (&m_importableFunctions.get()[i]) WasmToWasmImportableFunction();
>         ASSERT(m_importableFunctions.get()[i].signatureIndex == Wasm::Signature::invalidIndex); // We rely on this in compiled code.
>diff --git a/Source/JavaScriptCore/wasm/js/JSWebAssemblyTable.cpp b/Source/JavaScriptCore/wasm/js/JSWebAssemblyTable.cpp
>index 5be49dd76ad4e3e4b40f971289cf15b7b6b269d7..36d021d9e86ce7ed22c4ff4f646a78a5592e335f 100644
>--- a/Source/JavaScriptCore/wasm/js/JSWebAssemblyTable.cpp
>+++ b/Source/JavaScriptCore/wasm/js/JSWebAssemblyTable.cpp
>@@ -59,11 +59,18 @@ Structure* JSWebAssemblyTable::createStructure(VM& vm, JSGlobalObject* globalObj
> JSWebAssemblyTable::JSWebAssemblyTable(VM& vm, Structure* structure, Ref<Wasm::Table>&& table)
>     : Base(vm, structure)
>     , m_table(WTFMove(table))
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    , m_jsFunctions(VMDebugHeap())
>+#endif
> {
>     // FIXME: It might be worth trying to pre-allocate maximum here. The spec recommends doing so.
>     // But for now, we're not doing that.
>     // FIXME this over-allocates and could be smarter about not committing all of that memory https://bugs.webkit.org/show_bug.cgi?id=181425
>-    m_jsFunctions = MallocPtr<WriteBarrier<JSObject>>::malloc((sizeof(WriteBarrier<JSObject>) * Checked<size_t>(allocatedLength())).unsafeGet());
>+    m_jsFunctions = MallocPtr<WriteBarrier<JSObject>>::malloc((sizeof(WriteBarrier<JSObject>) * Checked<size_t>(allocatedLength())).unsafeGet()
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        , VMDebugHeap()
>+#endif
>+        );
>     for (uint32_t i = 0; i < allocatedLength(); ++i)
>         new(&m_jsFunctions.get()[i]) WriteBarrier<JSObject>();
> }
>diff --git a/Source/WTF/WTF.xcodeproj/project.pbxproj b/Source/WTF/WTF.xcodeproj/project.pbxproj
>index 30204fcd8882fa155c61745a3f33d892689b787b..571a1bc1124e68ade6f0263297921da7968b870d 100644
>--- a/Source/WTF/WTF.xcodeproj/project.pbxproj
>+++ b/Source/WTF/WTF.xcodeproj/project.pbxproj
>@@ -36,8 +36,13 @@
> 		0F824A681B7443A0002E345D /* ParkingLot.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F824A641B7443A0002E345D /* ParkingLot.cpp */; };
> 		0F8E85DB1FD485B000691889 /* CountingLock.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F8E85DA1FD485B000691889 /* CountingLock.cpp */; };
> 		0F8F2B92172E0103007DBDA5 /* CompilationThread.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F8F2B8F172E00F0007DBDA5 /* CompilationThread.cpp */; };
>+		0F95B63320CB4B7700479635 /* DebugHeap.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F95B63220CB4B7700479635 /* DebugHeap.cpp */; };
>+		0F95B63720CB5EFD00479635 /* StringBuffer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F95B63620CB5EFD00479635 /* StringBuffer.cpp */; };
> 		0F9D3360165DBA73005AD387 /* FilePrintStream.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F9D335B165DBA73005AD387 /* FilePrintStream.cpp */; };
> 		0F9D3362165DBA73005AD387 /* PrintStream.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F9D335D165DBA73005AD387 /* PrintStream.cpp */; };
>+		0FA6F38F20CC580F00A03DCD /* SegmentedVector.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FA6F38E20CC580E00A03DCD /* SegmentedVector.cpp */; };
>+		0FA6F39320CC73A300A03DCD /* SmallPtrSet.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FA6F39220CC73A200A03DCD /* SmallPtrSet.cpp */; };
>+		0FA6F39520CCACE900A03DCD /* UniqueArray.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FA6F39420CCACE900A03DCD /* UniqueArray.cpp */; };
> 		0FDDBFA71666DFA300C55FEF /* StringPrintStream.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FDDBFA51666DFA300C55FEF /* StringPrintStream.cpp */; };
> 		0FE1646A1B6FFC9600400E7C /* Lock.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FE164681B6FFC9600400E7C /* Lock.cpp */; };
> 		0FE4479C1B7AAA03009498EB /* WordLock.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FE4479A1B7AAA03009498EB /* WordLock.cpp */; };
>@@ -159,6 +164,10 @@
> 		DCEE22011CEA7551000C2396 /* BlockObjCExceptions.mm in Sources */ = {isa = PBXBuildFile; fileRef = DCEE21FD1CEA7551000C2396 /* BlockObjCExceptions.mm */; };
> 		E15556F518A0CC18006F48FB /* CryptographicUtilities.cpp in Sources */ = {isa = PBXBuildFile; fileRef = E15556F318A0CC18006F48FB /* CryptographicUtilities.cpp */; };
> 		E311FB171F0A568B003C08DE /* ThreadGroup.cpp in Sources */ = {isa = PBXBuildFile; fileRef = E311FB151F0A568B003C08DE /* ThreadGroup.cpp */; };
>+		E3149A37228BB42200BFA6C7 /* Bag.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FEBA64120CF37100074941C /* Bag.cpp */; };
>+		E3149A38228BB42C00BFA6C7 /* RefCountedArray.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FA6F39020CC61EB00A03DCD /* RefCountedArray.cpp */; };
>+		E3149A39228BB43500BFA6C7 /* Vector.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F95B63420CB53C100479635 /* Vector.cpp */; };
>+		E3149A3B228BDCAC00BFA6C7 /* ConcurrentBuffer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = E3149A3A228BDCAB00BFA6C7 /* ConcurrentBuffer.cpp */; };
> 		E388886F20C9095100E632BC /* WorkerPool.cpp in Sources */ = {isa = PBXBuildFile; fileRef = E388886D20C9095100E632BC /* WorkerPool.cpp */; };
> 		E38C41251EB4E04C0042957D /* CPUTimeCocoa.cpp in Sources */ = {isa = PBXBuildFile; fileRef = E38C41241EB4E04C0042957D /* CPUTimeCocoa.cpp */; };
> 		E38C41281EB4E0680042957D /* CPUTime.cpp in Sources */ = {isa = PBXBuildFile; fileRef = E38C41261EB4E0680042957D /* CPUTime.cpp */; };
>@@ -240,12 +249,20 @@
> 		0F8F2B9B172F2594007DBDA5 /* ConversionMode.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ConversionMode.h; sourceTree = "<group>"; };
> 		0F93274A1C17F4B700CF6564 /* Box.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Box.h; sourceTree = "<group>"; };
> 		0F9495831C571CC900413A48 /* OrderMaker.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = OrderMaker.h; sourceTree = "<group>"; };
>+		0F95B63120CB4B7700479635 /* DebugHeap.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DebugHeap.h; sourceTree = "<group>"; };
>+		0F95B63220CB4B7700479635 /* DebugHeap.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = DebugHeap.cpp; sourceTree = "<group>"; };
>+		0F95B63420CB53C100479635 /* Vector.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Vector.cpp; sourceTree = "<group>"; };
>+		0F95B63620CB5EFD00479635 /* StringBuffer.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = StringBuffer.cpp; sourceTree = "<group>"; };
> 		0F9D335B165DBA73005AD387 /* FilePrintStream.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = FilePrintStream.cpp; sourceTree = "<group>"; };
> 		0F9D335C165DBA73005AD387 /* FilePrintStream.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = FilePrintStream.h; sourceTree = "<group>"; };
> 		0F9D335D165DBA73005AD387 /* PrintStream.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = PrintStream.cpp; sourceTree = "<group>"; };
> 		0F9D335E165DBA73005AD387 /* PrintStream.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PrintStream.h; sourceTree = "<group>"; };
> 		0F9DAA041FD1C37B0079C5B2 /* StackShot.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = StackShot.h; sourceTree = "<group>"; };
> 		0F9DAA051FD1C37B0079C5B2 /* StackShotProfiler.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = StackShotProfiler.h; sourceTree = "<group>"; };
>+		0FA6F38E20CC580E00A03DCD /* SegmentedVector.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SegmentedVector.cpp; sourceTree = "<group>"; };
>+		0FA6F39020CC61EB00A03DCD /* RefCountedArray.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = RefCountedArray.cpp; sourceTree = "<group>"; };
>+		0FA6F39220CC73A200A03DCD /* SmallPtrSet.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SmallPtrSet.cpp; sourceTree = "<group>"; };
>+		0FA6F39420CCACE900A03DCD /* UniqueArray.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = UniqueArray.cpp; sourceTree = "<group>"; };
> 		0FB14E18180FA218009B6B4D /* Bag.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Bag.h; sourceTree = "<group>"; };
> 		0FB14E1A1810E1DA009B6B4D /* BagToHashMap.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = BagToHashMap.h; sourceTree = "<group>"; };
> 		0FB317C31C488001007E395A /* SystemTracing.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SystemTracing.h; sourceTree = "<group>"; };
>@@ -265,6 +282,7 @@
> 		0FE4479B1B7AAA03009498EB /* WordLock.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WordLock.h; sourceTree = "<group>"; };
> 		0FEB3DCE1BB5D684009D7AAD /* SharedTask.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SharedTask.h; sourceTree = "<group>"; };
> 		0FEB3DD01BB7366B009D7AAD /* ParallelVectorIterator.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ParallelVectorIterator.h; sourceTree = "<group>"; };
>+		0FEBA64120CF37100074941C /* Bag.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Bag.cpp; sourceTree = "<group>"; };
> 		0FEC3C4F1F323C6800F59B6C /* CagedPtr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = CagedPtr.h; sourceTree = "<group>"; };
> 		0FEC3C5C1F368A9700F59B6C /* ReadWriteLock.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = ReadWriteLock.cpp; sourceTree = "<group>"; };
> 		0FEC3C5D1F368A9700F59B6C /* ReadWriteLock.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ReadWriteLock.h; sourceTree = "<group>"; };
>@@ -656,6 +674,7 @@
> 		E300E521203D645F00DA79BE /* UniqueArray.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = UniqueArray.h; sourceTree = "<group>"; };
> 		E311FB151F0A568B003C08DE /* ThreadGroup.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ThreadGroup.cpp; sourceTree = "<group>"; };
> 		E311FB161F0A568B003C08DE /* ThreadGroup.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ThreadGroup.h; sourceTree = "<group>"; };
>+		E3149A3A228BDCAB00BFA6C7 /* ConcurrentBuffer.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ConcurrentBuffer.cpp; sourceTree = "<group>"; };
> 		E3200AB41E9A536D003B59D2 /* PlatformRegisters.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PlatformRegisters.h; sourceTree = "<group>"; };
> 		E33D5F871FBED66700BF625E /* RecursableLambda.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = RecursableLambda.h; sourceTree = "<group>"; };
> 		E34CD0D022810A020020D299 /* Packed.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = Packed.h; sourceTree = "<group>"; };
>@@ -873,6 +892,7 @@
> 				0F43D8EF1DB5ADDC00108FB6 /* AutomaticThread.cpp */,
> 				0F43D8F01DB5ADDC00108FB6 /* AutomaticThread.h */,
> 				DCEE22041CEB9869000C2396 /* BackwardsGraph.h */,
>+				0FEBA64120CF37100074941C /* Bag.cpp */,
> 				0FB14E18180FA218009B6B4D /* Bag.h */,
> 				0FB14E1A1810E1DA009B6B4D /* BagToHashMap.h */,
> 				A8A4725F151A825A004123FF /* Bitmap.h */,
>@@ -901,6 +921,7 @@
> 				0F8F2B90172E00F0007DBDA5 /* CompilationThread.h */,
> 				A8A47270151A825A004123FF /* Compiler.h */,
> 				46BA9EAB1F4CD61E009A2BBC /* CompletionHandler.h */,
>+				E3149A3A228BDCAB00BFA6C7 /* ConcurrentBuffer.cpp */,
> 				0FB467821FDE282B003FCB09 /* ConcurrentBuffer.h */,
> 				0F30CB581FCDF133004B5323 /* ConcurrentPtrHashSet.cpp */,
> 				0F30CB591FCDF133004B5323 /* ConcurrentPtrHashSet.h */,
>@@ -925,6 +946,8 @@
> 				A8A47278151A825A004123FF /* DataLog.h */,
> 				A8A47279151A825A004123FF /* DateMath.cpp */,
> 				A8A4727A151A825A004123FF /* DateMath.h */,
>+				0F95B63220CB4B7700479635 /* DebugHeap.cpp */,
>+				0F95B63120CB4B7700479635 /* DebugHeap.h */,
> 				996B17841EBA441C007E10EB /* DebugUtilities.h */,
> 				0F2B66A417B6B4F700A7AE3F /* DeferrableRefCounted.h */,
> 				A8A4727E151A825A004123FF /* Deque.h */,
>@@ -1100,6 +1123,7 @@
> 				A8A472FE151A825B004123FF /* RedBlackTree.h */,
> 				26299B6D17A9E5B800ADEBE5 /* Ref.h */,
> 				A8A472FF151A825B004123FF /* RefCounted.h */,
>+				0FA6F39020CC61EB00A03DCD /* RefCountedArray.cpp */,
> 				A8A47300151A825B004123FF /* RefCountedArray.h */,
> 				A8A47301151A825B004123FF /* RefCountedLeakCounter.cpp */,
> 				A8A47302151A825B004123FF /* RefCountedLeakCounter.h */,
>@@ -1115,6 +1139,7 @@
> 				0FEC84B01BDACD390080FF74 /* ScopedLambda.h */,
> 				0F66B2841DC97BAB004A1D3F /* Seconds.cpp */,
> 				0F66B2851DC97BAB004A1D3F /* Seconds.h */,
>+				0FA6F38E20CC580E00A03DCD /* SegmentedVector.cpp */,
> 				A8A47306151A825B004123FF /* SegmentedVector.h */,
> 				A8A47307151A825B004123FF /* SentinelLinkedList.h */,
> 				A8A4731A151A825B004123FF /* SetForScope.h */,
>@@ -1128,6 +1153,7 @@
> 				A748744F17A0BDAE00FA04CB /* SixCharacterHash.cpp */,
> 				A748745017A0BDAE00FA04CB /* SixCharacterHash.h */,
> 				A8A4730C151A825B004123FF /* SizeLimits.cpp */,
>+				0FA6F39220CC73A200A03DCD /* SmallPtrSet.cpp */,
> 				7936D6A91C99F8AE000D1AED /* SmallPtrSet.h */,
> 				A30D412D1F0DE13F00B71954 /* SoftLinking.h */,
> 				79038E05224B05A7004C0738 /* SpanningTree.h */,
>@@ -1178,6 +1204,7 @@
> 				E360C7642127B85B00C90F0E /* UnalignedAccess.h */,
> 				E360C7652127B85C00C90F0E /* Unexpected.h */,
> 				A8A4735C151A825B004123FF /* UnionFind.h */,
>+				0FA6F39420CCACE900A03DCD /* UniqueArray.cpp */,
> 				E300E521203D645F00DA79BE /* UniqueArray.h */,
> 				5C7C88D31D0A3A0A009D2F6D /* UniqueRef.h */,
> 				CD7600FF1F90A3CA00026E26 /* UnsafePointer.h */,
>@@ -1193,6 +1220,7 @@
> 				7AFEC6AE1EB22AC600DADE36 /* UUID.h */,
> 				A8A4736F151A825B004123FF /* ValueCheck.h */,
> 				7CD0D5A71D55322A000CC9E1 /* Variant.h */,
>+				0F95B63420CB53C100479635 /* Vector.cpp */,
> 				A8A47370151A825B004123FF /* Vector.h */,
> 				A8A47371151A825B004123FF /* VectorTraits.h */,
> 				A8A47372151A825B004123FF /* VMTags.h */,
>@@ -1284,6 +1312,7 @@
> 				C2BCFC531F621F3F00C9222C /* LineEnding.cpp */,
> 				C2BCFC541F621F3F00C9222C /* LineEnding.h */,
> 				14E785E71DFB330100209BD1 /* OrdinalNumber.h */,
>+				0F95B63620CB5EFD00479635 /* StringBuffer.cpp */,
> 				A8A47323151A825B004123FF /* StringBuffer.h */,
> 				A8A47324151A825B004123FF /* StringBuilder.cpp */,
> 				A8A47325151A825B004123FF /* StringBuilder.h */,
>@@ -1504,6 +1533,7 @@
> 				9BC70F05176C379D00101DEC /* AtomicStringTable.cpp in Sources */,
> 				1469419D16EAB10A0024E146 /* AutodrainedPool.cpp in Sources */,
> 				0F43D8F11DB5ADDC00108FB6 /* AutomaticThread.cpp in Sources */,
>+				E3149A37228BB42200BFA6C7 /* Bag.cpp in Sources */,
> 				8134013815B092FD001FF0B8 /* Base64.cpp in Sources */,
> 				A8A473A8151A825B004123FF /* bignum-dtoa.cc in Sources */,
> 				A8A473AA151A825B004123FF /* bignum.cc in Sources */,
>@@ -1516,6 +1546,7 @@
> 				A8A47460151A825B004123FF /* CollatorDefault.cpp in Sources */,
> 				A8A47463151A825B004123FF /* CollatorICU.cpp in Sources */,
> 				0F8F2B92172E0103007DBDA5 /* CompilationThread.cpp in Sources */,
>+				E3149A3B228BDCAC00BFA6C7 /* ConcurrentBuffer.cpp in Sources */,
> 				0F30CB5A1FCDF134004B5323 /* ConcurrentPtrHashSet.cpp in Sources */,
> 				0F8E85DB1FD485B000691889 /* CountingLock.cpp in Sources */,
> 				E38C41281EB4E0680042957D /* CPUTime.cpp in Sources */,
>@@ -1528,6 +1559,7 @@
> 				A8A4739C151A825B004123FF /* CurrentTime.cpp in Sources */,
> 				A8A4739E151A825B004123FF /* DataLog.cpp in Sources */,
> 				A8A473A0151A825B004123FF /* DateMath.cpp in Sources */,
>+				0F95B63320CB4B7700479635 /* DebugHeap.cpp in Sources */,
> 				1ACADD841884480100D8B71D /* DeprecatedSymbolsUsedBySafari.mm in Sources */,
> 				A8A473AE151A825B004123FF /* diy-fp.cc in Sources */,
> 				A8A473B0151A825B004123FF /* double-conversion.cc in Sources */,
>@@ -1588,6 +1620,7 @@
> 				A3B725EC987446AD93F1A440 /* RandomDevice.cpp in Sources */,
> 				A8A47414151A825B004123FF /* RandomNumber.cpp in Sources */,
> 				0FEC3C5E1F368A9700F59B6C /* ReadWriteLock.cpp in Sources */,
>+				E3149A38228BB42C00BFA6C7 /* RefCountedArray.cpp in Sources */,
> 				A8A4741A151A825B004123FF /* RefCountedLeakCounter.cpp in Sources */,
> 				2CDED0F318115C85004DBA70 /* RunLoop.cpp in Sources */,
> 				2CDED0EF18115C38004DBA70 /* RunLoopCF.cpp in Sources */,
>@@ -1595,14 +1628,17 @@
> 				A3EE5C3D21FFAC7D00FABD61 /* SchedulePairCF.cpp in Sources */,
> 				A3EE5C4021FFACA200FABD61 /* SchedulePairMac.mm in Sources */,
> 				0F66B28E1DC97BAB004A1D3F /* Seconds.cpp in Sources */,
>+				0FA6F38F20CC580F00A03DCD /* SegmentedVector.cpp in Sources */,
> 				A8A47421151A825B004123FF /* SHA1.cpp in Sources */,
> 				5311BD531EA71CAD00525281 /* Signals.cpp in Sources */,
> 				A748745217A0BDAE00FA04CB /* SixCharacterHash.cpp in Sources */,
> 				A8A47425151A825B004123FF /* SizeLimits.cpp in Sources */,
>+				0FA6F39320CC73A300A03DCD /* SmallPtrSet.cpp in Sources */,
> 				A8A47427151A825B004123FF /* StackBounds.cpp in Sources */,
> 				FEEA4DF9216D7BE400AC0602 /* StackPointer.cpp in Sources */,
> 				FEDACD3D1630F83F00C69634 /* StackStats.cpp in Sources */,
> 				3337DB9CE743410FAF076E17 /* StackTrace.cpp in Sources */,
>+				0F95B63720CB5EFD00479635 /* StringBuffer.cpp in Sources */,
> 				A8A4743C151A825B004123FF /* StringBuilder.cpp in Sources */,
> 				E38D6E271F5522E300A75CC4 /* StringBuilderJSON.cpp in Sources */,
> 				A5BA15FB182435A600A82E69 /* StringCF.cpp in Sources */,
>@@ -1626,6 +1662,7 @@
> 				5311BD5C1EA822F900525281 /* ThreadMessage.cpp in Sources */,
> 				0F66B2901DC97BAB004A1D3F /* TimeWithDynamicClockType.cpp in Sources */,
> 				0F7075F51FBF53CD00489AF0 /* TimingScope.cpp in Sources */,
>+				0FA6F39520CCACE900A03DCD /* UniqueArray.cpp in Sources */,
> 				5CC0EE7621629F1900A1A842 /* URL.cpp in Sources */,
> 				5C1F0595216437B30039302C /* URLCF.cpp in Sources */,
> 				5CC0EE892162BC2200A1A842 /* URLCocoa.mm in Sources */,
>@@ -1636,6 +1673,7 @@
> 				1C181C931D307AB800F5FA16 /* UTextProviderUTF16.cpp in Sources */,
> 				A8A47469151A825B004123FF /* UTF8Conversion.cpp in Sources */,
> 				7AFEC6B11EB22B5900DADE36 /* UUID.cpp in Sources */,
>+				E3149A39228BB43500BFA6C7 /* Vector.cpp in Sources */,
> 				0F66B2921DC97BAB004A1D3F /* WallTime.cpp in Sources */,
> 				1FA47C8A152502DA00568D1B /* WebCoreThread.cpp in Sources */,
> 				0FE4479C1B7AAA03009498EB /* WordLock.cpp in Sources */,
>diff --git a/Source/WTF/wtf/Bag.cpp b/Source/WTF/wtf/Bag.cpp
>new file mode 100644
>index 0000000000000000000000000000000000000000..fe7d7312c4205ab8333074bade6372c97ae34088
>--- /dev/null
>+++ b/Source/WTF/wtf/Bag.cpp
>@@ -0,0 +1,46 @@
>+/*
>+ * Copyright (C) 2018 Apple Inc. All rights reserved.
>+ *
>+ * Redistribution and use in source and binary forms, with or without
>+ * modification, are permitted provided that the following conditions
>+ * are met:
>+ * 1. Redistributions of source code must retain the above copyright
>+ *    notice, this list of conditions and the following disclaimer.
>+ * 2. Redistributions in binary form must reproduce the above copyright
>+ *    notice, this list of conditions and the following disclaimer in the
>+ *    documentation and/or other materials provided with the distribution.
>+ *
>+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
>+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
>+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
>+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
>+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
>+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
>+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
>+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
>+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
>+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
>+ * THE POSSIBILITY OF SUCH DAMAGE.
>+ */
>+
>+#include "config.h"
>+#include "Bag.h"
>+
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+#include "NeverDestroyed.h"
>+#endif
>+
>+namespace WTF {
>+namespace Private {
>+
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& bagNodeDebugHeap()
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap("WebKit BagNode");
>+    return heap;
>+}
>+#endif
>+
>+} // namespace Private
>+} // namespace WTF
>+
>diff --git a/Source/WTF/wtf/Bag.h b/Source/WTF/wtf/Bag.h
>index 7490ddd5b64cbda70dd3ccfbcaae490da16333a1..fa68fd57557d71b8aae99c06791e8cfdcf590179 100644
>--- a/Source/WTF/wtf/Bag.h
>+++ b/Source/WTF/wtf/Bag.h
>@@ -34,9 +34,35 @@ namespace WTF {
> 
> namespace Private {
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+extern WTF::DebugHeap& bagNodeDebugHeap();
>+#endif
>+
> template<typename T, typename PassedPtrTraits = DumbPtrTraits<T>>
> class BagNode {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+public:
>+    void* operator new(size_t size)
>+    {
>+        return bagNodeDebugHeap().malloc(size);
>+    }
>+
>+    void operator delete(void* p)
>+    {
>+        bagNodeDebugHeap().free(p);
>+    }
>+
>+    void* operator new(size_t, void* p) { return p; }
>+    void* operator new[](size_t, void* p) { return p; }
>+
>+    void* operator new(size_t, NotNullTag, void* location)
>+    {
>+        ASSERT(location);
>+        return location;
>+    }
>+#else
>     WTF_MAKE_FAST_ALLOCATED;
>+#endif
> public:
>     using PtrTraits = typename PassedPtrTraits::template RebindTraits<BagNode>;
> 
>diff --git a/Source/WTF/wtf/BitVector.cpp b/Source/WTF/wtf/BitVector.cpp
>index e125a950c846dfba7c54c14453a4fa46e4aa3b04..1eebba4cea1f1ba18f46bd969f5c7ebcff7dff0c 100644
>--- a/Source/WTF/wtf/BitVector.cpp
>+++ b/Source/WTF/wtf/BitVector.cpp
>@@ -32,8 +32,22 @@
> #include <wtf/FastMalloc.h>
> #include <wtf/StdLibExtras.h>
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+#include <wtf/NeverDestroyed.h>
>+#endif
>+
> namespace WTF {
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+
>+static DebugHeap& bitVectorDebugHeap()
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap("WebKit BitVector");
>+    return heap;
>+}
>+
>+#endif
>+
> void BitVector::setSlow(const BitVector& other)
> {
>     uintptr_t newBitsOrPointer;
>@@ -76,13 +90,21 @@ BitVector::OutOfLineBits* BitVector::OutOfLineBits::create(size_t numBits)
> {
>     numBits = (numBits + bitsInPointer() - 1) & ~(static_cast<size_t>(bitsInPointer()) - 1);
>     size_t size = sizeof(OutOfLineBits) + sizeof(uintptr_t) * (numBits / bitsInPointer());
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    OutOfLineBits* result = new (NotNull, bitVectorDebugHeap().malloc(size)) OutOfLineBits(numBits);
>+#else
>     OutOfLineBits* result = new (NotNull, fastMalloc(size)) OutOfLineBits(numBits);
>+#endif
>     return result;
> }
> 
> void BitVector::OutOfLineBits::destroy(OutOfLineBits* outOfLineBits)
> {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    bitVectorDebugHeap().free(outOfLineBits);
>+#else
>     fastFree(outOfLineBits);
>+#endif
> }
> 
> void BitVector::resizeOutOfLine(size_t numBits)
>diff --git a/Source/WTF/wtf/ConcurrentBuffer.cpp b/Source/WTF/wtf/ConcurrentBuffer.cpp
>new file mode 100644
>index 0000000000000000000000000000000000000000..a59bc8b6259b7963b1cedd5deec87122cdc8fd0f
>--- /dev/null
>+++ b/Source/WTF/wtf/ConcurrentBuffer.cpp
>@@ -0,0 +1,44 @@
>+/*
>+ * Copyright (C) 2018 Apple Inc. All rights reserved.
>+ *
>+ * Redistribution and use in source and binary forms, with or without
>+ * modification, are permitted provided that the following conditions
>+ * are met:
>+ * 1. Redistributions of source code must retain the above copyright
>+ *    notice, this list of conditions and the following disclaimer.
>+ * 2. Redistributions in binary form must reproduce the above copyright
>+ *    notice, this list of conditions and the following disclaimer in the
>+ *    documentation and/or other materials provided with the distribution.
>+ *
>+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
>+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
>+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
>+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
>+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
>+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
>+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
>+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
>+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
>+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
>+ * THE POSSIBILITY OF SUCH DAMAGE.
>+ */
>+
>+#include "config.h"
>+#include <wtf/ConcurrentBuffer.h>
>+
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+#include <wtf/NeverDestroyed.h>
>+#endif
>+
>+namespace WTF {
>+
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& concurrentBufferDebugHeap()
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap("WebKit ConcurrentBuffer");
>+    return heap;
>+}
>+#endif
>+
>+} // namespace WTF
>+
>diff --git a/Source/WTF/wtf/ConcurrentBuffer.h b/Source/WTF/wtf/ConcurrentBuffer.h
>index 6da7e28be57a22c1e0345e6464dbd2ae63b2af95..31488b301c9f59a6f6a43e6b2ad189cb80290fc7 100644
>--- a/Source/WTF/wtf/ConcurrentBuffer.h
>+++ b/Source/WTF/wtf/ConcurrentBuffer.h
>@@ -34,6 +34,10 @@
> 
> namespace WTF {
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF_EXPORT_PRIVATE WTF::DebugHeap& concurrentBufferDebugHeap();
>+#endif
>+
> // ConcurrentBuffer is suitable for when you plan to store immutable data and sometimes append to it.
> // It supports storing data that is not copy-constructable but bit-copyable.
> template<typename T>
>@@ -52,8 +56,13 @@ class ConcurrentBuffer {
>             for (size_t i = 0; i < array->size; ++i)
>                 array->data[i].~T();
>         }
>-        for (Array* array : m_allArrays)
>+        for (Array* array : m_allArrays) {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+            concurrentBufferDebugHeap().free(array);
>+#else
>             fastFree(array);
>+#endif
>+        }
>     }
> 
>     // Growing is not concurrent. This assumes you are holding some other lock before you do this.
>@@ -98,7 +107,11 @@ class ConcurrentBuffer {
>         Checked<size_t> objectSize = sizeof(T);
>         objectSize *= size;
>         objectSize += static_cast<size_t>(OBJECT_OFFSETOF(Array, data));
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        Array* result = static_cast<Array*>(concurrentBufferDebugHeap().malloc(objectSize.unsafeGet()));
>+#else
>         Array* result = static_cast<Array*>(fastMalloc(objectSize.unsafeGet()));
>+#endif
>         result->size = size;
>         return result;
>     }
>diff --git a/Source/WTF/wtf/DebugHeap.cpp b/Source/WTF/wtf/DebugHeap.cpp
>new file mode 100644
>index 0000000000000000000000000000000000000000..9e5bac5fea05fdfcdb85099c5cd46ee22684e45c
>--- /dev/null
>+++ b/Source/WTF/wtf/DebugHeap.cpp
>@@ -0,0 +1,81 @@
>+/*
>+ * Copyright (C) 2018 Apple Inc. All rights reserved.
>+ *
>+ * Redistribution and use in source and binary forms, with or without
>+ * modification, are permitted provided that the following conditions
>+ * are met:
>+ * 1. Redistributions of source code must retain the above copyright
>+ *    notice, this list of conditions and the following disclaimer.
>+ * 2. Redistributions in binary form must reproduce the above copyright
>+ *    notice, this list of conditions and the following disclaimer in the
>+ *    documentation and/or other materials provided with the distribution.
>+ *
>+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
>+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
>+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
>+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
>+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
>+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
>+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
>+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
>+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
>+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
>+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
>+ */
>+
>+#include "config.h"
>+#include "DebugHeap.h"
>+
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+
>+#include <cstdlib>
>+#include <thread>
>+
>+namespace WTF {
>+
>+DebugHeap::DebugHeap(const char* heapName)
>+    : m_zone(malloc_create_zone(0, 0))
>+{
>+    malloc_set_zone_name(m_zone, heapName);
>+}
>+
>+void* DebugHeap::malloc(size_t size)
>+{
>+    void* result = malloc_zone_malloc(m_zone, size);
>+    if (!result)
>+        CRASH();
>+    return result;
>+}
>+
>+void* DebugHeap::calloc(size_t numElements, size_t elementSize)
>+{
>+    void* result = malloc_zone_calloc(m_zone, numElements, elementSize);
>+    if (!result)
>+        CRASH();
>+    return result;
>+}
>+
>+void* DebugHeap::memalign(size_t alignment, size_t size, bool crashOnFailure)
>+{
>+    void* result = malloc_zone_memalign(m_zone, alignment, size);
>+    if (!result && crashOnFailure)
>+        CRASH();
>+    return result;
>+}
>+
>+void* DebugHeap::realloc(void* object, size_t size)
>+{
>+    void* result = malloc_zone_realloc(m_zone, object, size);
>+    if (!result)
>+        CRASH();
>+    return result;
>+}
>+
>+void DebugHeap::free(void* object)
>+{
>+    malloc_zone_free(m_zone, object);
>+}
>+
>+#endif // ENABLE(MALLOC_HEAP_BREAKDOWN)
>+
>+} // namespace WTF
>diff --git a/Source/WTF/wtf/DebugHeap.h b/Source/WTF/wtf/DebugHeap.h
>new file mode 100644
>index 0000000000000000000000000000000000000000..3f61ae1eb1ea6d93902fa15bb8c9bb889f8adc3c
>--- /dev/null
>+++ b/Source/WTF/wtf/DebugHeap.h
>@@ -0,0 +1,57 @@
>+/*
>+ * Copyright (C) 2018 Apple Inc. All rights reserved.
>+ *
>+ * Redistribution and use in source and binary forms, with or without
>+ * modification, are permitted provided that the following conditions
>+ * are met:
>+ * 1. Redistributions of source code must retain the above copyright
>+ *    notice, this list of conditions and the following disclaimer.
>+ * 2. Redistributions in binary form must reproduce the above copyright
>+ *    notice, this list of conditions and the following disclaimer in the
>+ *    documentation and/or other materials provided with the distribution.
>+ *
>+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
>+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
>+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
>+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
>+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
>+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
>+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
>+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
>+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
>+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
>+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
>+ */
>+
>+#ifndef WTF_DebugHeap_h
>+#define WTF_DebugHeap_h
>+
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+
>+#if OS(DARWIN)
>+#include <malloc/malloc.h>
>+#endif
>+
>+namespace WTF {
>+
>+class DebugHeap {
>+public:
>+    WTF_EXPORT_PRIVATE DebugHeap(const char* heapName);
>+    
>+    WTF_EXPORT_PRIVATE void* malloc(size_t);
>+    WTF_EXPORT_PRIVATE void* calloc(size_t numElements, size_t elementSize);
>+    WTF_EXPORT_PRIVATE void* memalign(size_t alignment, size_t, bool crashOnFailure);
>+    WTF_EXPORT_PRIVATE void* realloc(void*, size_t);
>+    WTF_EXPORT_PRIVATE void free(void*);
>+    
>+private:
>+#if OS(DARWIN)
>+    malloc_zone_t* m_zone;
>+#endif
>+};
>+
>+} // namespace WTF
>+
>+#endif // ENABLE(MALLOC_HEAP_BREAKDOWN)
>+
>+#endif // WTF_DebugHeap_h
>diff --git a/Source/WTF/wtf/FastBitVector.cpp b/Source/WTF/wtf/FastBitVector.cpp
>index 0f0e4876ad39afda1745e4145d025f2255b48ab1..4bd2ac5b6a5bc59b91bc167c1038d0b1c19ecffb 100644
>--- a/Source/WTF/wtf/FastBitVector.cpp
>+++ b/Source/WTF/wtf/FastBitVector.cpp
>@@ -26,15 +26,39 @@
> #include "config.h"
> #include <wtf/FastBitVector.h>
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+#include <wtf/NeverDestroyed.h>
>+#endif
>+
> namespace WTF {
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+
>+DebugHeap& fastBitVectorDebugHeap()
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap("WebKit FastBitVector");
>+    return heap;
>+}
>+
>+#endif
>+
> void FastBitVectorWordOwner::setEqualsSlow(const FastBitVectorWordOwner& other)
> {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    uint32_t* newArray = static_cast<uint32_t*>(
>+        fastBitVectorDebugHeap().calloc(other.arrayLength(), sizeof(uint32_t)));
>+#else
>     uint32_t* newArray = static_cast<uint32_t*>(
>         fastCalloc(other.arrayLength(), sizeof(uint32_t)));
>+#endif
>     memcpy(newArray, other.m_words, other.arrayLength() * sizeof(uint32_t));
>-    if (m_words)
>+    if (m_words) {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        fastBitVectorDebugHeap().free(m_words);
>+#else
>         fastFree(m_words);
>+#endif
>+    }
>     m_words = newArray;
>     m_numBits = other.m_numBits;
> }
>@@ -48,10 +72,19 @@ void FastBitVectorWordOwner::resizeSlow(size_t numBits)
>     // Use fastCalloc instead of fastRealloc because we expect the common
>     // use case for this method to be initializing the size of the bitvector.
>     
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    uint32_t* newArray = static_cast<uint32_t*>(fastBitVectorDebugHeap().calloc(newLength, sizeof(uint32_t)));
>+#else
>     uint32_t* newArray = static_cast<uint32_t*>(fastCalloc(newLength, sizeof(uint32_t)));
>+#endif
>     memcpy(newArray, m_words, arrayLength() * sizeof(uint32_t));
>-    if (m_words)
>+    if (m_words) {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        fastBitVectorDebugHeap().free(m_words);
>+#else
>         fastFree(m_words);
>+#endif
>+    }
>     m_words = newArray;
> }
> 
>diff --git a/Source/WTF/wtf/FastBitVector.h b/Source/WTF/wtf/FastBitVector.h
>index 9119a1d5112866dcb52702c3f15792a883d30f7f..8043582757cd907ef3f69180af11d19b17b0f465 100644
>--- a/Source/WTF/wtf/FastBitVector.h
>+++ b/Source/WTF/wtf/FastBitVector.h
>@@ -35,6 +35,8 @@ namespace WTF {
> 
> class PrintStream;
> 
>+WTF_EXPORT_PRIVATE DebugHeap& fastBitVectorDebugHeap();
>+
> inline size_t fastBitVectorArrayLength(size_t numBits) { return (numBits + 31) / 32; }
> 
> class FastBitVectorWordView {
>@@ -84,8 +86,13 @@ class FastBitVectorWordOwner {
>     
>     ~FastBitVectorWordOwner()
>     {
>-        if (m_words)
>+        if (m_words) {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+            fastBitVectorDebugHeap().free(m_words);
>+#else
>             fastFree(m_words);
>+#endif
>+        }
>     }
>     
>     FastBitVectorWordView view() const { return FastBitVectorWordView(m_words, m_numBits); }
>diff --git a/Source/WTF/wtf/FastMalloc.cpp b/Source/WTF/wtf/FastMalloc.cpp
>index cdffc75e35738c79d0b58f0a2bbf9529bc380bf9..981823d9174c0367572ea0053cc4369b928fa39a 100644
>--- a/Source/WTF/wtf/FastMalloc.cpp
>+++ b/Source/WTF/wtf/FastMalloc.cpp
>@@ -45,6 +45,20 @@
> #include <malloc/malloc.h>
> #endif
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+#include <wtf/Atomics.h>
>+#include <wtf/HashMap.h>
>+#include <wtf/Lock.h>
>+#include <wtf/NeverDestroyed.h>
>+#include <wtf/SetForScope.h>
>+#include <wtf/StackShot.h>
>+
>+#if PLATFORM(COCOA)
>+#include <notify.h>
>+#endif
>+
>+#endif
>+
> namespace WTF {
> 
> #if !defined(NDEBUG)
>@@ -268,6 +282,181 @@ void fastEnableMiniMode() { }
> 
> namespace WTF {
> 
>+#define TRACK_MALLOCS 1
>+
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN) && TRACK_MALLOCS
>+
>+static std::atomic<unsigned> avoidRecordingCount;
>+
>+class AvoidRecordingScope {
>+public:
>+    AvoidRecordingScope()
>+    {
>+        ++avoidRecordingCount;
>+    }
>+
>+    ~AvoidRecordingScope()
>+    {
>+        --avoidRecordingCount;
>+    }
>+};
>+
>+class MallocCallTracker
>+{
>+public:
>+    MallocCallTracker();
>+
>+    void recordMalloc(void*, size_t);
>+    void recordRealloc(void* oldAddress, void* newAddress, size_t);
>+    void recordFree(void*);
>+    
>+    void dumpStats();
>+
>+    static MallocCallTracker& singleton();
>+
>+private:
>+    struct MallocSiteData {
>+        StackShot stack;
>+        size_t size;
>+        
>+        MallocSiteData(size_t stackSize, size_t allocationSize)
>+            : stack(stackSize)
>+            , size(allocationSize)
>+        {
>+        }
>+    };
>+
>+    HashMap<void*, std::unique_ptr<MallocSiteData>> m_addressMallocSiteData;
>+    Lock m_mutex;
>+};
>+
>+MallocCallTracker& MallocCallTracker::singleton()
>+{
>+    AvoidRecordingScope avoidRecording;
>+    static NeverDestroyed<MallocCallTracker> tracker;
>+    return tracker;
>+}
>+
>+
>+MallocCallTracker::MallocCallTracker()
>+{
>+    int token;
>+    notify_register_dispatch("com.apple.WebKit.dumpUntrackedMallocs", &token, dispatch_get_main_queue(), ^(int) {
>+        MallocCallTracker::singleton().dumpStats();
>+    });
>+}
>+
>+void MallocCallTracker::recordMalloc(void* address, size_t allocationSize)
>+{
>+    AvoidRecordingScope avoidRecording;
>+
>+    const size_t stackSize = 10;
>+    auto siteData = std::make_unique<MallocSiteData>(stackSize, allocationSize);
>+
>+    LockHolder lockHolder(m_mutex);
>+    auto addResult = m_addressMallocSiteData.add(address, WTFMove(siteData));
>+//    if (!addResult.isNewEntry)
>+//        WTFLogAlways("recordMalloc saw address %p for the second time", address);
>+    UNUSED_PARAM(addResult);
>+}
>+
>+void MallocCallTracker::recordRealloc(void* oldAddress, void* newAddress, size_t newSize)
>+{
>+    AvoidRecordingScope avoidRecording;
>+
>+    LockHolder lockHolder(m_mutex);
>+
>+    auto it = m_addressMallocSiteData.find(oldAddress);
>+    if (it == m_addressMallocSiteData.end()) {
>+        ASSERT_NOT_REACHED();
>+        return;
>+    }
>+    
>+    it->value->size = newSize;
>+    auto addResult = m_addressMallocSiteData.add(newAddress, WTFMove(it->value));
>+    ASSERT_UNUSED(addResult, addResult.isNewEntry);
>+    
>+    m_addressMallocSiteData.remove(it);
>+}
>+
>+void MallocCallTracker::recordFree(void* address)
>+{
>+    AvoidRecordingScope avoidRecording;
>+
>+    LockHolder lockHolder(m_mutex);
>+    bool removed = m_addressMallocSiteData.remove(address);
>+    UNUSED_PARAM(removed);
>+//    if (!removed)
>+//        WTFLogAlways("recordFree got address %p for which there is no entry", address);
>+}
>+
>+void MallocCallTracker::dumpStats()
>+{
>+    AvoidRecordingScope avoidRecording;
>+
>+    {
>+        LockHolder lockHolder(m_mutex);
>+
>+        // Build a hash of stack to address vector
>+        struct MallocSiteTotals {
>+            Vector<MallocSiteData*> siteData;
>+            size_t count { 0 };
>+            size_t totalSize { 0 };
>+        };
>+
>+        size_t totalUntrackedSize = 0;
>+        size_t totalUntrackedCount = 0;
>+
>+        HashMap<unsigned, std::unique_ptr<MallocSiteTotals>> callSiteToMallocData;
>+        for (const auto& it : m_addressMallocSiteData) {
>+            auto result = callSiteToMallocData.ensure(it.value->stack.hash(), [] () {
>+                return std::make_unique<MallocSiteTotals>();
>+            });
>+            auto& siteTotal = result.iterator->value;
>+            siteTotal->siteData.append(it.value.get());
>+            ++siteTotal->count;
>+            siteTotal->totalSize += it.value->size;
>+            totalUntrackedSize += it.value->size;
>+            ++totalUntrackedCount;
>+        }
>+        
>+        Vector<unsigned> stackHashes;
>+        auto stackKeys = callSiteToMallocData.keys();
>+        for (auto key : stackKeys)
>+            stackHashes.append(key);
>+        
>+        // Sort by reverse total size.
>+        std::sort(stackHashes.begin(), stackHashes.end(), [&] (unsigned a, unsigned b) {
>+            const auto& aSiteTotals = callSiteToMallocData.get(a);
>+            const auto& bSiteTotals = callSiteToMallocData.get(b);
>+
>+            return aSiteTotals->totalSize > bSiteTotals->totalSize;
>+        });
>+
>+        WTFLogAlways("Total untracked bytes: %lu (%lu allocations)\n", totalUntrackedSize, totalUntrackedCount);
>+
>+        const size_t numStacksToDump = 100;
>+        for (size_t i = 0; i < std::min(numStacksToDump, stackHashes.size()); ++i) {
>+            const auto& mallocDataForStack = callSiteToMallocData.get(stackHashes[i]);
>+
>+            WTFLogAlways("Total allocation size: %lu (%lu allocations)\n", mallocDataForStack->totalSize, mallocDataForStack->count);
>+            const size_t framesToSkip = 6;
>+            WTFPrintBacktrace(mallocDataForStack->siteData[0]->stack.array() + framesToSkip, mallocDataForStack->siteData[0]->stack.size() - framesToSkip);
>+            WTFLogAlways("\n");
>+        }
>+    }
>+}
>+void fastMallocDumpMallocStats()
>+{
>+    MallocCallTracker::singleton().dumpStats();
>+}
>+#else
>+void fastMallocDumpMallocStats()
>+{
>+}
>+#endif
>+
>+
> bool isFastMallocEnabled()
> {
>     return bmalloc::api::isEnabled();
>@@ -275,8 +464,19 @@ bool isFastMallocEnabled()
> 
> void* fastMalloc(size_t size)
> {
>+//    if (size > 255) {
>+//        WTFLogAlways("fastMalloc %lu\n", size);
>+//        WTFReportBacktrace();
>+//        WTFLogAlways("\n");
>+//    }
>+
>     ASSERT_IS_WITHIN_LIMIT(size);
>-    return bmalloc::api::malloc(size);
>+    void* result = bmalloc::api::malloc(size);
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN) && TRACK_MALLOCS
>+    if (!avoidRecordingCount)
>+        MallocCallTracker::singleton().recordMalloc(result, size);
>+#endif
>+    return result;
> }
> 
> void* fastCalloc(size_t numElements, size_t elementSize)
>@@ -293,12 +493,21 @@ void* fastCalloc(size_t numElements, size_t elementSize)
> void* fastRealloc(void* object, size_t size)
> {
>     ASSERT_IS_WITHIN_LIMIT(size);
>-    return bmalloc::api::realloc(object, size);
>+    void* result = bmalloc::api::realloc(object, size);
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN) && TRACK_MALLOCS
>+    if (!avoidRecordingCount)
>+        MallocCallTracker::singleton().recordRealloc(object, result, size);
>+#endif
>+    return result;
> }
> 
> void fastFree(void* object)
> {
>     bmalloc::api::free(object);
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN) && TRACK_MALLOCS
>+    if (!avoidRecordingCount)
>+        MallocCallTracker::singleton().recordFree(object);
>+#endif
> }
> 
> size_t fastMallocSize(const void*)
>@@ -317,13 +526,23 @@ size_t fastMallocGoodSize(size_t size)
> void* fastAlignedMalloc(size_t alignment, size_t size) 
> {
>     ASSERT_IS_WITHIN_LIMIT(size);
>-    return bmalloc::api::memalign(alignment, size);
>+    void* result = bmalloc::api::memalign(alignment, size);
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN) && TRACK_MALLOCS
>+    if (!avoidRecordingCount)
>+        MallocCallTracker::singleton().recordMalloc(result, size);
>+#endif
>+    return result;
> }
> 
> void* tryFastAlignedMalloc(size_t alignment, size_t size) 
> {
>     FAIL_IF_EXCEEDS_LIMIT(size);
>-    return bmalloc::api::tryMemalign(alignment, size);
>+    void* result = bmalloc::api::tryMemalign(alignment, size);
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN) && TRACK_MALLOCS
>+    if (!avoidRecordingCount)
>+        MallocCallTracker::singleton().recordMalloc(result, size);
>+#endif
>+    return result;
> }
> 
> void fastAlignedFree(void* p) 
>diff --git a/Source/WTF/wtf/FastMalloc.h b/Source/WTF/wtf/FastMalloc.h
>index efefb3a3133e83f64336fd2ec2da52a54832e621..69cbaba330362d8fecffdb65b41c1baa04062116 100644
>--- a/Source/WTF/wtf/FastMalloc.h
>+++ b/Source/WTF/wtf/FastMalloc.h
>@@ -24,6 +24,10 @@
> #include <stdlib.h>
> #include <wtf/StdLibExtras.h>
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+#include <wtf/DebugHeap.h>
>+#endif
>+
> namespace WTF {
> 
> #if !defined(NDEBUG)
>@@ -82,6 +86,8 @@ struct FastMallocStatistics {
> };
> WTF_EXPORT_PRIVATE FastMallocStatistics fastMallocStatistics();
> 
>+WTF_EXPORT_PRIVATE void fastMallocDumpMallocStats();
>+
> // This defines a type which holds an unsigned integer and is the same
> // size as the minimally aligned memory allocation.
> typedef unsigned long long AllocAlignmentInteger;
>@@ -307,3 +313,50 @@ typedef int __thisIsHereToForceASemicolonAfterThisMacro
> #define WTF_MAKE_STRUCT_FAST_ALLOCATED \
>     WTF_MAKE_FAST_ALLOCATED_IMPL \
> typedef int __thisIsHereToForceASemicolonAfterThisMacro
>+
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+
>+#define WTF_MAKE_FAST_ALLOCATED_FROM_DEBUG_HEAP_IMPL(classname) \
>+    void* operator new(size_t, void* p) { return p; } \
>+    void* operator new[](size_t, void* p) { return p; } \
>+    \
>+    void* operator new(size_t size) \
>+    { \
>+        return debugHeap("WebKit "#classname).malloc(size); \
>+    } \
>+    \
>+    void operator delete(void* p) \
>+    { \
>+        debugHeap("WebKit "#classname).free(p); \
>+    } \
>+    \
>+    void* operator new[](size_t size) \
>+    { \
>+        return debugHeap("WebKit "#classname).malloc(size); \
>+    } \
>+    \
>+    void operator delete[](void* p) \
>+    { \
>+        debugHeap("WebKit "#classname).free(p); \
>+    } \
>+    void* operator new(size_t, NotNullTag, void* location) \
>+    { \
>+        ASSERT(location); \
>+        return location; \
>+    } \
>+
>+#define WTF_MAKE_FAST_ALLOCATED_FROM_DEBUG_HEAP(classname) \
>+public: \
>+    WTF_MAKE_FAST_ALLOCATED_FROM_DEBUG_HEAP_IMPL(classname) \
>+private: \
>+    WTF_EXPORT static WTF::DebugHeap& debugHeap(const char*); \
>+typedef int __thisIsHereToForceASemicolonAfterThisMacro
>+
>+#define WTF_MAKE_STRUCT_FAST_ALLOCATED_FROM_DEBUG_HEAP(className) \
>+private: \
>+    WTF_EXPORT static WTF::DebugHeap& debugHeap(const char*); \
>+public: \
>+    WTF_MAKE_FAST_ALLOCATED_FROM_DEBUG_HEAP_IMPL(className) \
>+typedef int __thisIsHereToForceASemicolonAfterThisMacro
>+
>+#endif // ENABLE(MALLOC_HEAP_BREAKDOWN)
>diff --git a/Source/WTF/wtf/HashTable.cpp b/Source/WTF/wtf/HashTable.cpp
>index 8ccdf8454d8324bc737ad54c493776b61e439b8a..4a4486446d6cd4bbee39d19ca72cdcc7f98276dd 100644
>--- a/Source/WTF/wtf/HashTable.cpp
>+++ b/Source/WTF/wtf/HashTable.cpp
>@@ -20,11 +20,20 @@
> #include "config.h"
> #include <wtf/HashTable.h>
> 
>+#include "NeverDestroyed.h"
> #include <mutex>
> #include <wtf/DataLog.h>
> 
> namespace WTF {
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+DebugHeap& hashTableHeap()
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap("WebKit HashTable");
>+    return heap;
>+}
>+#endif
>+
> #if DUMP_HASHTABLE_STATS
> 
> std::atomic<unsigned> HashTableStats::numAccesses;
>diff --git a/Source/WTF/wtf/HashTable.h b/Source/WTF/wtf/HashTable.h
>index 2281d1f28ed858994fe6f9ab7663b0ff2cb2cebc..4e2fc69f7fa365d7f59f472fc2c8c9b709e52901 100644
>--- a/Source/WTF/wtf/HashTable.h
>+++ b/Source/WTF/wtf/HashTable.h
>@@ -43,8 +43,16 @@
> #include <wtf/DataLog.h>
> #endif
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+#include <wtf/DebugHeap.h>
>+#endif
>+
> namespace WTF {
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF_EXPORT_PRIVATE DebugHeap& hashTableHeap();
>+#endif
>+
> // Enables internal WTF consistency checks that are invoked automatically. Non-WTF callers can call checkTableConsistency() even if internal checks are disabled.
> #define CHECK_HASHTABLE_CONSISTENCY 0
> 
>@@ -1162,9 +1170,19 @@ namespace WTF {
>     {
>         // would use a template member function with explicit specializations here, but
>         // gcc doesn't appear to support that
>-        if (Traits::emptyValueIsZero)
>+        if (Traits::emptyValueIsZero) {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+            return static_cast<ValueType*>(hashTableHeap().calloc(size, sizeof(ValueType)));
>+#else
>             return static_cast<ValueType*>(fastZeroedMalloc(size * sizeof(ValueType)));
>+#endif
>+        }
>+
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        ValueType* result = static_cast<ValueType*>(hashTableHeap().malloc(size * sizeof(ValueType)));
>+#else
>         ValueType* result = static_cast<ValueType*>(fastMalloc(size * sizeof(ValueType)));
>+#endif
>         for (unsigned i = 0; i < size; i++)
>             initializeBucket(result[i]);
>         return result;
>@@ -1177,7 +1195,11 @@ namespace WTF {
>             if (!isDeletedBucket(table[i]))
>                 table[i].~ValueType();
>         }
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        hashTableHeap().free(table);
>+#else
>         fastFree(table);
>+#endif
>     }
> 
>     template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits>
>@@ -1286,7 +1308,11 @@ namespace WTF {
> 
>         m_deletedCount = 0;
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        hashTableHeap().free(oldTable);
>+#else
>         fastFree(oldTable);
>+#endif
> 
>         internalCheckTableConsistency();
>         return newEntry;
>diff --git a/Source/WTF/wtf/MallocPtr.h b/Source/WTF/wtf/MallocPtr.h
>index 83b3a51fba102890274f4ecead768ae643e36bba..8b9c1ba2a3c09f9774fb944323c02b1cdc8406c3 100644
>--- a/Source/WTF/wtf/MallocPtr.h
>+++ b/Source/WTF/wtf/MallocPtr.h
>@@ -27,6 +27,10 @@
> 
> #include <wtf/FastMalloc.h>
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+#include <wtf/DebugHeap.h>
>+#endif
>+
> // MallocPtr is a smart pointer class that calls fastFree in its destructor.
> // It is intended to be used for pointers where the C++ lifetime semantics
> // (calling constructors and destructors) is not desired. 
>@@ -35,24 +39,46 @@ namespace WTF {
> 
> template<typename T, typename Malloc = FastMalloc> class MallocPtr {
> public:
>-    MallocPtr()
>+    MallocPtr(
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        DebugHeap& heap
>+#endif
>+    )
>         : m_ptr(nullptr)
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        , m_heap(heap)
>+#endif
>     {
>     }
> 
>-    MallocPtr(std::nullptr_t)
>+    MallocPtr(std::nullptr_t
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        , DebugHeap& heap
>+#endif
>+        )
>         : m_ptr(nullptr)
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        , m_heap(heap)
>+#endif
>     {
>     }
> 
>     MallocPtr(MallocPtr&& other)
>         : m_ptr(other.leakPtr())
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        , m_heap(other.m_heap)
>+#endif
>     {
>     }
> 
>     ~MallocPtr()
>     {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        m_heap.free(m_ptr);
>+#else
>         Malloc::free(m_ptr);
>+#endif
>+
>     }
> 
>     T* get() const
>@@ -97,39 +123,91 @@ template<typename T, typename Malloc = FastMalloc> class MallocPtr {
>     void swap(MallocPtr& other)
>     {
>         std::swap(m_ptr, other.m_ptr);
>+        std::swap(m_heap, other.m_heap);
>     }
> 
>-    template<typename U> friend MallocPtr<U> adoptMallocPtr(U*);
>+    template<typename U> friend MallocPtr<U> adoptMallocPtr(U*
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        , DebugHeap&
>+#endif
>+        );
> 
>-    static MallocPtr malloc(size_t size)
>+    static MallocPtr malloc(size_t size
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        , DebugHeap& heap
>+#endif
>+        )
>     {
>-        return MallocPtr { static_cast<T*>(Malloc::malloc(size)) };
>+        return MallocPtr {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+            static_cast<T*>(heap.malloc(size)), heap
>+#else
>+            static_cast<T*>(Malloc::malloc(size))
>+#endif
>+        };
>     }
> 
>-    static MallocPtr tryMalloc(size_t size)
>+    static MallocPtr tryMalloc(size_t size
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        , DebugHeap& heap
>+#endif
>+        )
>     {
>-        return MallocPtr { static_cast<T*>(Malloc::tryMalloc(size)) };
>+        return MallocPtr {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+            static_cast<T*>(heap.malloc(size)), heap
>+#else
>+            static_cast<T*>(Malloc::tryMalloc(size))
>+#endif
>+        };
>     }
> 
>     void realloc(size_t newSize)
>     {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        m_ptr = static_cast<T*>(m_heap.realloc(m_ptr, newSize));
>+#else
>         m_ptr = static_cast<T*>(Malloc::realloc(m_ptr, newSize));
>+#endif
>+
>     }
> 
> private:
>-    explicit MallocPtr(T* ptr)
>+    explicit MallocPtr(T* ptr
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        , DebugHeap& heap
>+#endif
>+        )
>         : m_ptr(ptr)
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        , m_heap(heap)
>+#endif
>     {
>     }
> 
>     T* m_ptr;
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    DebugHeap& m_heap;
>+#endif
> };
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+static_assert(sizeof(MallocPtr<int>) == 2 * sizeof(int*), "");
>+#else
> static_assert(sizeof(MallocPtr<int>) == sizeof(int*), "");
>+#endif
> 
>-template<typename U> MallocPtr<U> adoptMallocPtr(U* ptr)
>+template<typename U> MallocPtr<U> adoptMallocPtr(U* ptr
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        , DebugHeap& heap
>+#endif
>+)
> {
>-    return MallocPtr<U>(ptr);
>+    return MallocPtr<U>(ptr
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        , heap
>+#endif
>+        );
> }
> 
> } // namespace WTF
>diff --git a/Source/WTF/wtf/MetaAllocator.cpp b/Source/WTF/wtf/MetaAllocator.cpp
>index c3b6937828c57f55b64fbe349e5e5cc7b7796c94..5858032cf35688b49151d036b29aecedd067ac34 100644
>--- a/Source/WTF/wtf/MetaAllocator.cpp
>+++ b/Source/WTF/wtf/MetaAllocator.cpp
>@@ -33,8 +33,26 @@
> #include <wtf/FastMalloc.h>
> #include <wtf/ProcessID.h>
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+#include <wtf/NeverDestroyed.h>
>+#endif
>+
> namespace WTF {
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& MetaAllocatorHandle::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+
>+static WTF::DebugHeap& metaAllocatorFreeSpaceDebugHeap()
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap("WebKit MetaAllocatorFreeSpace");
>+    return heap;
>+}
>+#endif
>+
> MetaAllocator::~MetaAllocator()
> {
>     for (FreeSpaceNode* node = m_freeSpaceSizeMap.first(); node;) {
>@@ -444,7 +462,11 @@ MetaAllocator::FreeSpaceNode* MetaAllocator::allocFreeSpaceNode()
> #ifndef NDEBUG
>     m_mallocBalance++;
> #endif
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    return new (NotNull, metaAllocatorFreeSpaceDebugHeap().malloc(sizeof(FreeSpaceNode))) FreeSpaceNode();
>+#else
>     return new (NotNull, fastMalloc(sizeof(FreeSpaceNode))) FreeSpaceNode();
>+#endif
> }
> 
> void MetaAllocator::freeFreeSpaceNode(FreeSpaceNode* node)
>@@ -452,7 +474,12 @@ void MetaAllocator::freeFreeSpaceNode(FreeSpaceNode* node)
> #ifndef NDEBUG
>     m_mallocBalance--;
> #endif
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    metaAllocatorFreeSpaceDebugHeap().free(node);
>+#else
>     fastFree(node);
>+#endif
>+
> }
> 
> #if ENABLE(META_ALLOCATOR_PROFILE)
>diff --git a/Source/WTF/wtf/MetaAllocatorHandle.h b/Source/WTF/wtf/MetaAllocatorHandle.h
>index d8c30e996b4810ddb6c33d05cc874b4ec48e654d..93425b45c0d7d99e4413ebb2f0d07df221730628 100644
>--- a/Source/WTF/wtf/MetaAllocatorHandle.h
>+++ b/Source/WTF/wtf/MetaAllocatorHandle.h
>@@ -39,6 +39,9 @@ class MetaAllocator;
> class PrintStream;
> 
> class MetaAllocatorHandle : public ThreadSafeRefCounted<MetaAllocatorHandle>, public RedBlackTree<MetaAllocatorHandle, void*>::Node {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    WTF_MAKE_FAST_ALLOCATED_FROM_DEBUG_HEAP(MetaAllocatorHandle);
>+#endif
> private:
>     MetaAllocatorHandle(MetaAllocator*, void* start, size_t sizeInBytes, void* ownerUID);
> 
>diff --git a/Source/WTF/wtf/Platform.h b/Source/WTF/wtf/Platform.h
>index 9973a4d0f64dc10ad8b62388d01de00cfdce4f9c..82849f8f7d4ab32c6570d55cda7daf3334974e6c 100644
>--- a/Source/WTF/wtf/Platform.h
>+++ b/Source/WTF/wtf/Platform.h
>@@ -1180,6 +1180,11 @@
> #endif
> #endif
> 
>+#if !defined(ENABLE_MALLOC_HEAP_BREAKDOWN) // &&&&    && !defined(NDEBUG)
>+/* Enable this to put each ISOHeap and other allocation categories into their own malloc heaps, so that tools like vmmap can show how big each heap is. */
>+#define ENABLE_MALLOC_HEAP_BREAKDOWN 1
>+#endif
>+
> #if PLATFORM(IOS_FAMILY) || PLATFORM(MAC)
> #define USE_COREMEDIA 1
> #define USE_VIDEOTOOLBOX 1
>diff --git a/Source/WTF/wtf/RefCountedArray.cpp b/Source/WTF/wtf/RefCountedArray.cpp
>new file mode 100644
>index 0000000000000000000000000000000000000000..9672ce1832ea0c586e2d5085f3d6780905402f70
>--- /dev/null
>+++ b/Source/WTF/wtf/RefCountedArray.cpp
>@@ -0,0 +1,42 @@
>+/*
>+ * Copyright (C) 2011-2018 Apple Inc. All rights reserved.
>+ *
>+ * Redistribution and use in source and binary forms, with or without
>+ * modification, are permitted provided that the following conditions
>+ * are met:
>+ * 1. Redistributions of source code must retain the above copyright
>+ *    notice, this list of conditions and the following disclaimer.
>+ * 2. Redistributions in binary form must reproduce the above copyright
>+ *    notice, this list of conditions and the following disclaimer in the
>+ *    documentation and/or other materials provided with the distribution.
>+ *
>+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
>+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
>+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
>+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
>+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
>+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
>+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
>+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
>+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
>+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
>+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
>+ */
>+
>+#include "config.h"
>+#include "RefCountedArray.h"
>+#include <wtf/NeverDestroyed.h>
>+
>+namespace WTF {
>+
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+
>+DebugHeap& refCountedArrayHeap()
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap("WebKit RefCountedArray");
>+    return heap;
>+}
>+
>+#endif
>+
>+} // namespace WTF
>diff --git a/Source/WTF/wtf/RefCountedArray.h b/Source/WTF/wtf/RefCountedArray.h
>index 63cd1ed949bf9ae151455d0ba38c548985318198..9418e699d098cf64e8b047925ac96d0dc6c227f8 100644
>--- a/Source/WTF/wtf/RefCountedArray.h
>+++ b/Source/WTF/wtf/RefCountedArray.h
>@@ -43,6 +43,10 @@
> 
> namespace WTF {
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF_EXPORT_PRIVATE WTF::DebugHeap& refCountedArrayHeap();
>+#endif
>+
> template<typename T, typename PtrTraits = DumbPtrTraits<T>>
> class RefCountedArray {
>     enum CommonCopyConstructorTag { CommonCopyConstructor };
>@@ -67,7 +71,11 @@ class RefCountedArray {
>             return;
>         }
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        T* data = (static_cast<Header*>(refCountedArrayHeap().malloc(Header::size() + sizeof(T) * size)))->payload();
>+#else
>         T* data = (static_cast<Header*>(fastMalloc(Header::size() + sizeof(T) * size)))->payload();
>+#endif
>         m_data = data;
>         Header::fromPayload(data)->refCount = 1;
>         Header::fromPayload(data)->length = size;
>@@ -94,7 +102,11 @@ class RefCountedArray {
>             return;
>         }
>         
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        T* data = (static_cast<Header*>(refCountedArrayHeap().malloc(Header::size() + sizeof(T) * other.size())))->payload();
>+#else
>         T* data = (static_cast<Header*>(fastMalloc(Header::size() + sizeof(T) * other.size())))->payload();
>+#endif
>         m_data = data;
>         Header::fromPayload(data)->refCount = 1;
>         Header::fromPayload(data)->length = other.size();
>@@ -121,7 +133,11 @@ class RefCountedArray {
>         if (--Header::fromPayload(data)->refCount)
>             return;
>         VectorTypeOperations<T>::destruct(begin(), end());
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        refCountedArrayHeap().free(Header::fromPayload(data));
>+#else
>         fastFree(Header::fromPayload(data));
>+#endif
>     }
>     
>     unsigned refCount() const
>@@ -205,7 +221,12 @@ class RefCountedArray {
>         if (--Header::fromPayload(oldData)->refCount)
>             return *this;
>         VectorTypeOperations<T>::destruct(oldData, oldData + Header::fromPayload(oldData)->length);
>+
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        refCountedArrayHeap().free(Header::fromPayload(oldData));
>+#else
>         fastFree(Header::fromPayload(oldData));
>+#endif
>         return *this;
>     }
> 
>diff --git a/Source/WTF/wtf/SegmentedVector.cpp b/Source/WTF/wtf/SegmentedVector.cpp
>new file mode 100644
>index 0000000000000000000000000000000000000000..b8d2488407040341f5fb1a94c88618bc5d7769c7
>--- /dev/null
>+++ b/Source/WTF/wtf/SegmentedVector.cpp
>@@ -0,0 +1,47 @@
>+/*
>+ * Copyright (C) 2018 Apple Inc. All rights reserved.
>+ *
>+ * Redistribution and use in source and binary forms, with or without
>+ * modification, are permitted provided that the following conditions
>+ * are met:
>+ *
>+ * 1.  Redistributions of source code must retain the above copyright
>+ *     notice, this list of conditions and the following disclaimer.
>+ * 2.  Redistributions in binary form must reproduce the above copyright
>+ *     notice, this list of conditions and the following disclaimer in the
>+ *     documentation and/or other materials provided with the distribution.
>+ * 3.  Neither the name of Apple Inc. ("Apple") nor the names of
>+ *     its contributors may be used to endorse or promote products derived
>+ *     from this software without specific prior written permission.
>+ *
>+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
>+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
>+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
>+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
>+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
>+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
>+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
>+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
>+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
>+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
>+ */
>+
>+
>+#include "config.h"
>+#include "SegmentedVector.h"
>+
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+
>+#include "NeverDestroyed.h"
>+
>+namespace WTF {
>+
>+DebugHeap& segmentedVectorHeap()
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap("WebKit SegmentedVector");
>+    return heap;
>+}
>+
>+} // namespace WTF
>+
>+#endif // ENABLE(MALLOC_HEAP_BREAKDOWN)
>diff --git a/Source/WTF/wtf/SegmentedVector.h b/Source/WTF/wtf/SegmentedVector.h
>index e87939efcfbd55a2c8d2c48c51a67740963237d7..06c9b45216fc925ff15eba3d7121ee3d48846964 100644
>--- a/Source/WTF/wtf/SegmentedVector.h
>+++ b/Source/WTF/wtf/SegmentedVector.h
>@@ -33,6 +33,8 @@
> 
> namespace WTF {
> 
>+    DebugHeap& segmentedVectorHeap();
>+
>     // An iterator for SegmentedVector. It supports only the pre ++ operator
>     template <typename T, size_t SegmentSize = 8> class SegmentedVector;
>     template <typename T, size_t SegmentSize = 8> class SegmentedVectorIterator {
>@@ -225,8 +227,13 @@ namespace WTF {
>         {
>             for (size_t i = 0; i < m_size; ++i)
>                 at(i).~T();
>-            for (size_t i = 0; i < m_segments.size(); ++i)
>+            for (size_t i = 0; i < m_segments.size(); ++i) {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+                segmentedVectorHeap().free(m_segments[i]);
>+#else
>                 fastFree(m_segments[i]);
>+#endif
>+            }
>         }
> 
>         bool segmentExistsFor(size_t index)
>@@ -262,7 +269,11 @@ namespace WTF {
> 
>         void allocateSegment()
>         {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+            m_segments.append(static_cast<Segment*>(segmentedVectorHeap().malloc(sizeof(T) * SegmentSize)));
>+#else
>             m_segments.append(static_cast<Segment*>(fastMalloc(sizeof(T) * SegmentSize)));
>+#endif
>         }
> 
>         size_t m_size { 0 };
>diff --git a/Source/WTF/wtf/SmallPtrSet.cpp b/Source/WTF/wtf/SmallPtrSet.cpp
>new file mode 100644
>index 0000000000000000000000000000000000000000..3c57b6e3377300cba675eb2e97f3295ccebd4b4f
>--- /dev/null
>+++ b/Source/WTF/wtf/SmallPtrSet.cpp
>@@ -0,0 +1,43 @@
>+/*
>+ * Copyright (C) 2016 Apple Inc. All Rights Reserved.
>+ *
>+ * Redistribution and use in source and binary forms, with or without
>+ * modification, are permitted provided that the following conditions
>+ * are met:
>+ * 1. Redistributions of source code must retain the above copyright
>+ *    notice, this list of conditions and the following disclaimer.
>+ * 2. Redistributions in binary form must reproduce the above copyright
>+ *    notice, this list of conditions and the following disclaimer in the
>+ *    documentation and/or other materials provided with the distribution.
>+ *
>+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
>+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
>+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
>+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
>+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
>+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
>+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
>+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
>+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
>+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
>+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
>+ */
>+
>+#include "config.h"
>+#include "SmallPtrSet.h"
>+
>+#include "NeverDestroyed.h"
>+
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+
>+namespace WTF {
>+
>+DebugHeap& smallPtrSetHeap()
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap("WebKit smallPtrSetHeap");
>+    return heap;
>+}
>+
>+} // namespace WTF
>+
>+#endif
>diff --git a/Source/WTF/wtf/SmallPtrSet.h b/Source/WTF/wtf/SmallPtrSet.h
>index d4a6e210dc2dc4deb5603b8931218af491d218d5..7a05a74982cc86c35d7dffb95525cfdac89622f4 100644
>--- a/Source/WTF/wtf/SmallPtrSet.h
>+++ b/Source/WTF/wtf/SmallPtrSet.h
>@@ -32,6 +32,10 @@
> 
> namespace WTF {
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF_EXPORT_PRIVATE DebugHeap& smallPtrSetHeap();
>+#endif
>+
> template<typename PtrType, unsigned SmallArraySize = 8>
> class SmallPtrSet {
>     WTF_MAKE_NONCOPYABLE(SmallPtrSet);
>@@ -70,8 +74,13 @@ class SmallPtrSet {
> 
>     ~SmallPtrSet()
>     {
>-        if (!isSmall())
>+        if (!isSmall()) {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+            smallPtrSetHeap().free(m_buffer);
>+#else
>             fastFree(m_buffer);
>+#endif
>+        }
>     }
> 
>     inline void add(PtrType ptr)
>@@ -207,7 +216,11 @@ class SmallPtrSet {
>         bool wasSmall = isSmall();
>         void** oldBuffer = wasSmall ? m_smallStorage : m_buffer;
>         unsigned oldCapacity = m_capacity;
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        m_buffer = static_cast<void**>(smallPtrSetHeap().malloc(allocationSize));
>+#else
>         m_buffer = static_cast<void**>(fastMalloc(allocationSize));
>+#endif
>         memset(m_buffer, -1, allocationSize);
>         m_capacity = size;
> 
>@@ -218,8 +231,13 @@ class SmallPtrSet {
>             }
>         }
> 
>-        if (!wasSmall)
>+        if (!wasSmall) {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+            smallPtrSetHeap().free(oldBuffer);
>+#else
>             fastFree(oldBuffer);
>+#endif
>+        }
>     }
> 
> 
>diff --git a/Source/WTF/wtf/UniqueArray.cpp b/Source/WTF/wtf/UniqueArray.cpp
>new file mode 100644
>index 0000000000000000000000000000000000000000..b131b7c776553ff9a755a262a005a0faf9261463
>--- /dev/null
>+++ b/Source/WTF/wtf/UniqueArray.cpp
>@@ -0,0 +1,45 @@
>+/*
>+ *  Copyright (C) 2018 Apple Inc. All rights reserved.
>+ *
>+ *  This library is free software; you can redistribute it and/or
>+ *  modify it under the terms of the GNU Library General Public
>+ *  License as published by the Free Software Foundation; either
>+ *  version 2 of the License, or (at your option) any later version.
>+ *
>+ *  This library is distributed in the hope that it will be useful,
>+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
>+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
>+ *  Library General Public License for more details.
>+ *
>+ *  You should have received a copy of the GNU Library General Public License
>+ *  along with this library; see the file COPYING.LIB.  If not, write to
>+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
>+ *  Boston, MA 02110-1301, USA.
>+ *
>+ */
>+
>+#include "config.h"
>+#include "UniqueArray.h"
>+#include "NeverDestroyed.h"
>+
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+
>+namespace WTF {
>+
>+DebugHeap& uniqueArrayHeap()
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap("WebKit UniqueArray");
>+    return heap;
>+}
>+
>+DebugHeap& uniqueArrayElementHeap()
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap("WebKit UniqueArrayElement");
>+    return heap;
>+}
>+
>+} // namespace WTF
>+
>+#endif
>+
>+
>diff --git a/Source/WTF/wtf/UniqueArray.h b/Source/WTF/wtf/UniqueArray.h
>index a2b85853529311db46298535d3262c211a10426c..e4d511aa3d684dcec963507d3d391a572544a9a0 100644
>--- a/Source/WTF/wtf/UniqueArray.h
>+++ b/Source/WTF/wtf/UniqueArray.h
>@@ -31,11 +31,46 @@
> 
> namespace WTF {
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF_EXPORT_PRIVATE DebugHeap& uniqueArrayHeap();
>+WTF_EXPORT_PRIVATE DebugHeap& uniqueArrayElementHeap();
>+#endif
>+
> template<bool isTriviallyDestructible, typename T> struct UniqueArrayMaker;
> 
>+template<typename T>
>+struct UniqueArrayFree {
>+    static_assert(std::is_trivially_destructible<T>::value, "");
>+
>+    void operator()(T* pointer) const
>+    {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        uniqueArrayHeap().free(const_cast<typename std::remove_cv<T>::type*>(pointer));
>+#else
>+        fastFree(const_cast<typename std::remove_cv<T>::type*>(pointer));
>+#endif
>+    }
>+};
>+
>+template<typename T>
>+struct UniqueArrayFree<T[]> {
>+    static_assert(std::is_trivially_destructible<T>::value, "");
>+
>+    void operator()(T* pointer) const
>+    {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        uniqueArrayHeap().free(const_cast<typename std::remove_cv<T>::type*>(pointer));
>+#else
>+        fastFree(const_cast<typename std::remove_cv<T>::type*>(pointer));
>+#endif
>+
>+    }
>+};
>+
>+
> template<typename T>
> struct UniqueArrayMaker<true, T> {
>-    using ResultType = typename std::unique_ptr<T[], FastFree<T[]>>;
>+    using ResultType = typename std::unique_ptr<T[], UniqueArrayFree<T[]>>;
> 
>     static ResultType make(size_t size)
>     {
>@@ -49,7 +84,11 @@ struct UniqueArrayMaker<true, T> {
>         // Do not use placement new like `new (storage) T[size]()`. `new T[size]()` requires
>         // larger storage than the `sizeof(T) * size` storage since it want to store `size`
>         // to somewhere.
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        T* storage = static_cast<T*>(uniqueArrayHeap().malloc((Checked<size_t>(sizeof(T)) * size).unsafeGet()));
>+#else
>         T* storage = static_cast<T*>(fastMalloc((Checked<size_t>(sizeof(T)) * size).unsafeGet()));
>+#endif
>         VectorTypeOperations<T>::initialize(storage, storage + size);
>         return ResultType(storage);
>     }
>@@ -62,7 +101,38 @@ struct UniqueArrayMaker<false, T> {
>     // UniqueArrayElement has new [] and delete [] operators for FastMalloc. We allocate UniqueArrayElement[] and cast
>     // it to T[]. When deleting, the custom deleter casts T[] to UniqueArrayElement[] and deletes it.
>     class UniqueArrayElement {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+public:
>+    void* operator new(size_t, void* p) { return p; }
>+    void* operator new[](size_t, void* p) { return p; }
>+    void* operator new(size_t size)
>+    {
>+        return uniqueArrayElementHeap().malloc(size);
>+    }
>+
>+    void operator delete(void* p)
>+    {
>+        uniqueArrayElementHeap().free(p);
>+    }
>+
>+    void* operator new[](size_t size)
>+    {
>+        return uniqueArrayElementHeap().malloc(size);
>+    }
>+
>+    void operator delete[](void* p)
>+    {
>+        uniqueArrayElementHeap().free(p);
>+    }
>+
>+    void* operator new(size_t, NotNullTag, void* location)
>+    {
>+        ASSERT(location);
>+        return location;
>+    }
>+#else
>         WTF_MAKE_FAST_ALLOCATED;
>+#endif
>     public:
>         struct Deleter {
>             void operator()(T* pointer)
>diff --git a/Source/WTF/wtf/Vector.cpp b/Source/WTF/wtf/Vector.cpp
>new file mode 100644
>index 0000000000000000000000000000000000000000..c269cff27a421927b62165c2c620555943b8ef9b
>--- /dev/null
>+++ b/Source/WTF/wtf/Vector.cpp
>@@ -0,0 +1,38 @@
>+/*
>+ *  Copyright (C) 2018 Apple Inc. All rights reserved.
>+ *
>+ *  This library is free software; you can redistribute it and/or
>+ *  modify it under the terms of the GNU Library General Public
>+ *  License as published by the Free Software Foundation; either
>+ *  version 2 of the License, or (at your option) any later version.
>+ *
>+ *  This library is distributed in the hope that it will be useful,
>+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
>+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
>+ *  Library General Public License for more details.
>+ *
>+ *  You should have received a copy of the GNU Library General Public License
>+ *  along with this library; see the file COPYING.LIB.  If not, write to
>+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
>+ *  Boston, MA 02110-1301, USA.
>+ *
>+ */
>+
>+#include "config.h"
>+#include "Vector.h"
>+#include "NeverDestroyed.h"
>+
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+
>+namespace WTF {
>+
>+DebugHeap& vectorHeap()
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap("WebKit Vector");
>+    return heap;
>+}
>+
>+} // namespace WTF
>+
>+#endif
>+
>diff --git a/Source/WTF/wtf/Vector.h b/Source/WTF/wtf/Vector.h
>index e4e1b6288541157a24bdb3b06b88ab565c94e412..cadd06b53b61b053f43ee4daff35bb746dc3389f 100644
>--- a/Source/WTF/wtf/Vector.h
>+++ b/Source/WTF/wtf/Vector.h
>@@ -36,6 +36,10 @@
> #include <wtf/ValueCheck.h>
> #include <wtf/VectorTraits.h>
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+#include <wtf/DebugHeap.h>
>+#endif
>+
> #if ASAN_ENABLED
> extern "C" void __sanitizer_annotate_contiguous_container(const void* begin, const void* end, const void* old_mid, const void* new_mid);
> #endif
>@@ -46,6 +50,10 @@ class LLIntOffsetsExtractor;
> 
> namespace WTF {
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF_EXPORT_PRIVATE DebugHeap& vectorHeap();
>+#endif
>+
> template <bool needsDestruction, typename T>
> struct VectorDestructor;
> 
>@@ -290,7 +298,11 @@ class VectorBufferBase {
>             CRASH();
>         size_t sizeToAllocate = newCapacity * sizeof(T);
>         m_capacity = sizeToAllocate / sizeof(T);
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        m_buffer = static_cast<T*>(vectorHeap().malloc(sizeToAllocate));
>+#else
>         m_buffer = static_cast<T*>(fastMalloc(sizeToAllocate));
>+#endif
>     }
> 
>     bool tryAllocateBuffer(size_t newCapacity)
>@@ -301,11 +313,21 @@ class VectorBufferBase {
> 
>         size_t sizeToAllocate = newCapacity * sizeof(T);
>         T* newBuffer;
>+
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        if ((newBuffer = static_cast<T*>(vectorHeap().malloc(sizeToAllocate)))) {
>+            m_capacity = sizeToAllocate / sizeof(T);
>+            m_buffer = newBuffer;
>+            return true;
>+        }
>+#else
>         if (tryFastMalloc(sizeToAllocate).getValue(newBuffer)) {
>             m_capacity = sizeToAllocate / sizeof(T);
>             m_buffer = newBuffer;
>             return true;
>         }
>+#endif
>+
>         return false;
>     }
> 
>@@ -321,7 +343,12 @@ class VectorBufferBase {
>             CRASH();
>         size_t sizeToAllocate = newCapacity * sizeof(T);
>         m_capacity = sizeToAllocate / sizeof(T);
>+
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        m_buffer = static_cast<T*>(vectorHeap().realloc(m_buffer, sizeToAllocate));
>+#else
>         m_buffer = static_cast<T*>(fastRealloc(m_buffer, sizeToAllocate));
>+#endif
>     }
> 
>     void deallocateBuffer(T* bufferToDeallocate)
>@@ -334,7 +361,12 @@ class VectorBufferBase {
>             m_capacity = 0;
>         }
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        vectorHeap().free(bufferToDeallocate);
>+#else
>         fastFree(bufferToDeallocate);
>+#endif
>+
>     }
> 
>     T* buffer() { return m_buffer; }
>@@ -347,7 +379,11 @@ class VectorBufferBase {
>         T* buffer = m_buffer;
>         m_buffer = 0;
>         m_capacity = 0;
>-        return adoptMallocPtr(buffer);
>+        return adoptMallocPtr(buffer
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+            , vectorHeap()
>+#endif
>+        );
>     }
> 
> protected:
>@@ -551,7 +587,7 @@ class VectorBuffer : private VectorBufferBase<T> {
>     MallocPtr<T> releaseBuffer()
>     {
>         if (buffer() == inlineBuffer())
>-            return nullptr;
>+            return { vectorHeap() };
>         return Base::releaseBuffer();
>     }
> 
>@@ -1571,7 +1607,11 @@ inline MallocPtr<T> Vector<T, inlineCapacity, OverflowHandler, minCapacity>::rel
>         // that means it was using the inline buffer. In that case,
>         // we create a brand new buffer so the caller always gets one.
>         size_t bytes = m_size * sizeof(T);
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        buffer = adoptMallocPtr(static_cast<T*>(vectorHeap().malloc(bytes)), vectorHeap());
>+#else
>         buffer = adoptMallocPtr(static_cast<T*>(fastMalloc(bytes)));
>+#endif
>         memcpy(buffer.get(), data(), bytes);
>     }
>     m_size = 0;
>diff --git a/Source/WTF/wtf/text/CString.cpp b/Source/WTF/wtf/text/CString.cpp
>index e99778f17a723c90fab763b64cb13b3058a4307e..990bad982980712ec4826617537762c7487514c2 100644
>--- a/Source/WTF/wtf/text/CString.cpp
>+++ b/Source/WTF/wtf/text/CString.cpp
>@@ -30,15 +30,31 @@
> #include <string.h>
> #include <wtf/text/StringHasher.h>
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+#include <wtf/NeverDestroyed.h>
>+#endif
>+
> namespace WTF {
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+DebugHeap& CStringBufferHeap()
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap("WebKit CStringBuffer");
>+    return heap;
>+}
>+#endif
>+
> Ref<CStringBuffer> CStringBuffer::createUninitialized(size_t length)
> {
>     RELEASE_ASSERT(length < (std::numeric_limits<unsigned>::max() - sizeof(CStringBuffer)));
> 
>     // The +1 is for the terminating null character.
>     size_t size = sizeof(CStringBuffer) + length + 1;
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    CStringBuffer* stringBuffer = static_cast<CStringBuffer*>(CStringBufferHeap().malloc(size));
>+#else
>     CStringBuffer* stringBuffer = static_cast<CStringBuffer*>(fastMalloc(size));
>+#endif
>     return adoptRef(*new (NotNull, stringBuffer) CStringBuffer(length));
> }
> 
>diff --git a/Source/WTF/wtf/text/CString.h b/Source/WTF/wtf/text/CString.h
>index be697c2bb8b629cce1a5d2e06dcb9d5a192b9cca..dfd68a91812d11ad20fbb025a57d3cfd751c866e 100644
>--- a/Source/WTF/wtf/text/CString.h
>+++ b/Source/WTF/wtf/text/CString.h
>@@ -32,6 +32,10 @@
> 
> namespace WTF {
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF_EXPORT_PRIVATE DebugHeap& CStringBufferHeap();
>+#endif
>+
> // CStringBuffer is the ref-counted storage class for the characters in a CString.
> // The data is implicitly allocated 1 character longer than length(), as it is zero-terminated.
> class CStringBuffer : public RefCounted<CStringBuffer> {
>@@ -39,6 +43,13 @@ class CStringBuffer : public RefCounted<CStringBuffer> {
>     const char* data() { return mutableData(); }
>     size_t length() const { return m_length; }
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    void operator delete(void* p)
>+    {
>+        CStringBufferHeap().free(p);
>+    }
>+#endif
>+
> private:
>     friend class CString;
> 
>diff --git a/Source/WTF/wtf/text/StringBuffer.cpp b/Source/WTF/wtf/text/StringBuffer.cpp
>new file mode 100644
>index 0000000000000000000000000000000000000000..908533de8fe4dcf2e8d8552b0197bfd05c89c468
>--- /dev/null
>+++ b/Source/WTF/wtf/text/StringBuffer.cpp
>@@ -0,0 +1,46 @@
>+/*
>+ * Copyright (C) 2018 Apple Inc. All rights reserved.
>+ *
>+ * Redistribution and use in source and binary forms, with or without
>+ * modification, are permitted provided that the following conditions
>+ * are met:
>+ *
>+ * 1.  Redistributions of source code must retain the above copyright
>+ *     notice, this list of conditions and the following disclaimer. 
>+ * 2.  Redistributions in binary form must reproduce the above copyright
>+ *     notice, this list of conditions and the following disclaimer in the
>+ *     documentation and/or other materials provided with the distribution. 
>+ * 3.  Neither the name of Apple Inc. ("Apple") nor the names of its
>+ *     contributors may be used to endorse or promote products derived
>+ *     from this software without specific prior written permission. 
>+ *
>+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
>+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
>+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
>+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
>+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
>+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
>+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
>+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
>+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
>+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
>+ */
>+
>+#include "config.h"
>+#include "StringBuffer.h"
>+
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+
>+#include "NeverDestroyed.h"
>+
>+namespace WTF {
>+
>+DebugHeap& stringBufferHeap()
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap("WebKit StringBuffer");
>+    return heap;
>+}
>+
>+} // namespace WTF
>+
>+#endif
>diff --git a/Source/WTF/wtf/text/StringBuffer.h b/Source/WTF/wtf/text/StringBuffer.h
>index 5dcfecdfaa89a1683522b842c30941df572b85fc..e6d7b79a8514394435dc8ed2eb41e59aac2ec216 100644
>--- a/Source/WTF/wtf/text/StringBuffer.h
>+++ b/Source/WTF/wtf/text/StringBuffer.h
>@@ -31,23 +31,37 @@
> #include <limits>
> #include <unicode/utypes.h>
> #include <wtf/Assertions.h>
>+#include <wtf/DebugHeap.h>
>+#include <wtf/Noncopyable.h>
> #include <wtf/MallocPtr.h>
> 
> namespace WTF {
> 
>+WTF_EXPORT_PRIVATE DebugHeap& stringBufferHeap();
>+
> template <typename CharType>
> class StringBuffer {
>     WTF_MAKE_NONCOPYABLE(StringBuffer);
> public:
>     explicit StringBuffer(unsigned length)
>         : m_length(length)
>-        , m_data(m_length ? static_cast<CharType*>(fastMalloc((Checked<size_t>(m_length) * sizeof(CharType)).unsafeGet())) : nullptr)
>+        , m_data(m_length ? static_cast<CharType*>(
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+            stringBufferHeap().malloc((Checked<size_t>(m_length) * sizeof(CharType)).unsafeGet())
>+#else
>+            fastMalloc((Checked<size_t>(m_length) * sizeof(CharType)).unsafeGet())
>+#endif
>+            ) : nullptr)
>     {
>     }
> 
>     ~StringBuffer()
>     {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        stringBufferHeap().free(m_data);
>+#else
>         fastFree(m_data);
>+#endif
>     }
> 
>     void shrink(unsigned newLength)
>@@ -61,7 +75,12 @@ class StringBuffer {
>         if (newLength > m_length) {
>             if (newLength > std::numeric_limits<unsigned>::max() / sizeof(UChar))
>                 CRASH();
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+            m_data = static_cast<UChar*>(stringBufferHeap().realloc(m_data, newLength * sizeof(UChar)));
>+#else
>             m_data = static_cast<UChar*>(fastRealloc(m_data, newLength * sizeof(UChar)));
>+#endif
>+
>         }
>         m_length = newLength;
>     }
>@@ -75,7 +94,11 @@ class StringBuffer {
>     {
>         CharType* data = m_data;
>         m_data = 0;
>-        return adoptMallocPtr(data);
>+        return adoptMallocPtr(data
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+            , stringBufferHeap()
>+#endif
>+        );
>     }
> 
> private:
>diff --git a/Source/WTF/wtf/text/StringImpl.cpp b/Source/WTF/wtf/text/StringImpl.cpp
>index 0d80c32c7485d8f9c62934bb36efddefa475dde4..2f67a096528ecf46eab94d9c89a9d35ff00617d8 100644
>--- a/Source/WTF/wtf/text/StringImpl.cpp
>+++ b/Source/WTF/wtf/text/StringImpl.cpp
>@@ -102,6 +102,14 @@ void StringStats::printStats()
> }
> #endif
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& StringImpl::stringImplHeap()
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap("WebKit StringImpl");
>+    return heap;
>+}
>+#endif
>+
> StringImpl::StaticStringImpl StringImpl::s_atomicEmptyString("", StringImpl::StringAtomic);
> 
> StringImpl::~StringImpl()
>@@ -130,7 +138,11 @@ StringImpl::~StringImpl()
>     if (ownership == BufferOwned) {
>         // We use m_data8, but since it is a union with m_data16 this works either way.
>         ASSERT(m_data8);
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        stringImplHeap().free(const_cast<LChar*>(m_data8));
>+#else
>         fastFree(const_cast<LChar*>(m_data8));
>+#endif
>         return;
>     }
>     if (ownership == BufferExternal) {
>@@ -148,7 +160,12 @@ StringImpl::~StringImpl()
> void StringImpl::destroy(StringImpl* stringImpl)
> {
>     stringImpl->~StringImpl();
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    stringImplHeap().free(stringImpl);
>+#else
>     fastFree(stringImpl);
>+#endif
>+
> }
> 
> Ref<StringImpl> StringImpl::createFromLiteral(const char* characters, unsigned length)
>@@ -195,8 +212,11 @@ template<typename CharacterType> inline Ref<StringImpl> StringImpl::createUninit
>     // heap allocation from this call.
>     if (length > maxInternalLength<CharacterType>())
>         CRASH();
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    StringImpl* string = static_cast<StringImpl*>(stringImplHeap().malloc(allocationSize<CharacterType>(length)));
>+#else
>     StringImpl* string = static_cast<StringImpl*>(fastMalloc(allocationSize<CharacterType>(length)));
>-
>+#endif
>     data = string->tailPointer<CharacterType>();
>     return constructInternal<CharacterType>(*string, length);
> }
>@@ -226,9 +246,13 @@ template<typename CharacterType> inline Expected<Ref<StringImpl>, UTF8Conversion
>         return makeUnexpected(UTF8ConversionError::OutOfMemory);
> 
>     originalString->~StringImpl();
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    auto* string = static_cast<StringImpl*>(stringImplHeap().realloc(&originalString.leakRef(), allocationSize<CharacterType>(length)));
>+#else
>     StringImpl* string;
>     if (!tryFastRealloc(&originalString.leakRef(), allocationSize<CharacterType>(length)).getValue(string))
>         return makeUnexpected(UTF8ConversionError::OutOfMemory);
>+#endif
> 
>     data = string->tailPointer<CharacterType>();
>     return constructInternal<CharacterType>(*string, length);
>diff --git a/Source/WTF/wtf/text/StringImpl.h b/Source/WTF/wtf/text/StringImpl.h
>index e564648c543cd823de8f223c4237cc9269519304..8566f75bd41b74437f6c14dc27d3cfad01489703 100644
>--- a/Source/WTF/wtf/text/StringImpl.h
>+++ b/Source/WTF/wtf/text/StringImpl.h
>@@ -36,6 +36,10 @@
> #include <wtf/text/StringHasher.h>
> #include <wtf/text/UTF8ConversionError.h>
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+#include <wtf/DebugHeap.h>
>+#endif
>+
> #if USE(CF)
> typedef const struct __CFString * CFStringRef;
> #endif
>@@ -166,7 +170,29 @@ class StringImplShape {
> // Right now we use a mix of both, which makes code more confusing and has no benefit.
> 
> class StringImpl : private StringImplShape {
>-    WTF_MAKE_NONCOPYABLE(StringImpl); WTF_MAKE_FAST_ALLOCATED;
>+    WTF_MAKE_NONCOPYABLE(StringImpl);
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    void* operator new(size_t size)
>+    {
>+        return stringImplHeap().malloc(size);
>+    }
>+
>+    void operator delete(void* p)
>+    {
>+        stringImplHeap().free(p);
>+    }
>+
>+    void* operator new(size_t, void* p) { return p; }
>+    void* operator new[](size_t, void* p) { return p; }
>+
>+    void* operator new(size_t, NotNullTag, void* location)
>+    {
>+        ASSERT(location);
>+        return location;
>+    }
>+#else
>+    WTF_MAKE_FAST_ALLOCATED;
>+#endif
> 
>     friend class AtomicStringImpl;
>     friend class JSC::LLInt::Data;
>@@ -192,6 +218,11 @@ class StringImpl : private StringImplShape {
> 
>     // The bottom 6 bits in the hash are flags.
>     static constexpr const unsigned s_flagCount = 6;
>+
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    WTF_EXPORT_PRIVATE static WTF::DebugHeap& stringImplHeap();
>+#endif
>+
> private:
>     static constexpr const unsigned s_flagMask = (1u << s_flagCount) - 1;
>     static_assert(s_flagCount <= StringHasher::flagCount, "StringHasher reserves enough bits for StringImpl flags");
>@@ -863,6 +894,19 @@ inline StringImpl::StringImpl(unsigned length)
>     STRING_STATS_ADD_16BIT_STRING(m_length);
> }
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+inline StringImpl::StringImpl(MallocPtr<LChar> characters, unsigned length)
>+    : StringImplShape(s_refCountIncrement, length, static_cast<const LChar*>(nullptr), s_hashFlag8BitBuffer | StringNormal | BufferOwned)
>+{
>+    m_data8 = static_cast<const LChar*>(stringImplHeap().malloc(length));
>+    memcpy((void*)m_data8, characters.get(), length);
>+    
>+    ASSERT(m_data8);
>+    ASSERT(m_length);
>+
>+    STRING_STATS_ADD_8BIT_STRING(m_length);
>+}
>+#else
> inline StringImpl::StringImpl(MallocPtr<LChar> characters, unsigned length)
>     : StringImplShape(s_refCountIncrement, length, characters.leakPtr(), s_hashFlag8BitBuffer | StringNormal | BufferOwned)
> {
>@@ -871,6 +915,7 @@ inline StringImpl::StringImpl(MallocPtr<LChar> characters, unsigned length)
> 
>     STRING_STATS_ADD_8BIT_STRING(m_length);
> }
>+#endif
> 
> inline StringImpl::StringImpl(const UChar* characters, unsigned length, ConstructWithoutCopyingTag)
>     : StringImplShape(s_refCountIncrement, length, characters, StringNormal | BufferInternal)
>@@ -890,6 +935,19 @@ inline StringImpl::StringImpl(const LChar* characters, unsigned length, Construc
>     STRING_STATS_ADD_8BIT_STRING(m_length);
> }
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+inline StringImpl::StringImpl(MallocPtr<UChar> characters, unsigned length)
>+    : StringImplShape(s_refCountIncrement, length, static_cast<const UChar*>(nullptr), StringNormal | BufferOwned)
>+{
>+    m_data16 = static_cast<const UChar*>(stringImplHeap().malloc(length * sizeof(UChar)));
>+    memcpy((void*)m_data16, characters.get(), length * sizeof(UChar));
>+
>+    ASSERT(m_data16);
>+    ASSERT(m_length);
>+
>+    STRING_STATS_ADD_16BIT_STRING(m_length);
>+}
>+#else
> inline StringImpl::StringImpl(MallocPtr<UChar> characters, unsigned length)
>     : StringImplShape(s_refCountIncrement, length, characters.leakPtr(), StringNormal | BufferOwned)
> {
>@@ -898,6 +956,7 @@ inline StringImpl::StringImpl(MallocPtr<UChar> characters, unsigned length)
> 
>     STRING_STATS_ADD_16BIT_STRING(m_length);
> }
>+#endif
> 
> inline StringImpl::StringImpl(const LChar* characters, unsigned length, Ref<StringImpl>&& base)
>     : StringImplShape(s_refCountIncrement, length, characters, s_hashFlag8BitBuffer | StringNormal | BufferSubstring)
>@@ -950,7 +1009,11 @@ ALWAYS_INLINE Ref<StringImpl> StringImpl::createSubstringSharingImpl(StringImpl&
>     auto* ownerRep = ((rep.bufferOwnership() == BufferSubstring) ? rep.substringBuffer() : &rep);
> 
>     // We allocate a buffer that contains both the StringImpl struct as well as the pointer to the owner string.
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    auto* stringImpl = static_cast<StringImpl*>(stringImplHeap().malloc(substringSize));
>+#else
>     auto* stringImpl = static_cast<StringImpl*>(fastMalloc(substringSize));
>+#endif
>     if (rep.is8Bit())
>         return adoptRef(*new (NotNull, stringImpl) StringImpl(rep.m_data8 + offset, length, *ownerRep));
>     return adoptRef(*new (NotNull, stringImpl) StringImpl(rep.m_data16 + offset, length, *ownerRep));
>@@ -976,10 +1039,15 @@ template<typename CharacterType> ALWAYS_INLINE RefPtr<StringImpl> StringImpl::tr
>         return nullptr;
>     }
>     StringImpl* result;
>+
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    result = (StringImpl*)stringImplHeap().malloc(allocationSize<CharacterType>(length));
>+#else
>     if (!tryFastMalloc(allocationSize<CharacterType>(length)).getValue(result)) {
>         output = nullptr;
>         return nullptr;
>     }
>+#endif
>     output = result->tailPointer<CharacterType>();
> 
>     return constructInternal<CharacterType>(*result, length);
>@@ -992,7 +1060,17 @@ inline Ref<StringImpl> StringImpl::adopt(Vector<CharacterType, inlineCapacity, O
>         ASSERT(vector.data());
>         if (size > MaxLength)
>             CRASH();
>+
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        // We have to copy between malloc zones.
>+        auto vectorBuffer = vector.releaseBuffer();
>+        auto stringImplBuffer = MallocPtr<CharacterType>::malloc(size, stringImplHeap());
>+        memcpy(stringImplBuffer.get(), vectorBuffer.get(), size);
>+        return adoptRef(*new StringImpl(WTFMove(stringImplBuffer), size));
>+#else
>         return adoptRef(*new StringImpl(vector.releaseBuffer(), size));
>+#endif
>+
>     }
>     return *empty();
> }
>diff --git a/Source/WTF/wtf/text/cf/StringImplCF.cpp b/Source/WTF/wtf/text/cf/StringImplCF.cpp
>index c3003abf2322182d8cefd6ddba4dbde056e354b2..67afaa7c1cfb75786f0b0db8c624ee6ccb139808 100644
>--- a/Source/WTF/wtf/text/cf/StringImplCF.cpp
>+++ b/Source/WTF/wtf/text/cf/StringImplCF.cpp
>@@ -24,7 +24,9 @@
> #if USE(CF)
> 
> #include <CoreFoundation/CoreFoundation.h>
>+#include <wtf/DebugHeap.h>
> #include <wtf/MainThread.h>
>+#include <wtf/NeverDestroyed.h>
> #include <wtf/RetainPtr.h>
> #include <wtf/Threading.h>
> 
>@@ -32,6 +34,14 @@ namespace WTF {
> 
> namespace StringWrapperCFAllocator {
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+static WTF::DebugHeap& stringWrapperCFAllocatorDebugHeap()
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap("WebKit stringWrapperCFAllocatorDebugHeap");
>+    return heap;
>+}
>+#endif
>+
>     static StringImpl* currentString;
> 
>     static const void* retain(const void* info)
>@@ -60,7 +70,11 @@ namespace StringWrapperCFAllocator {
>                 underlyingString->ref(); // Balanced by call to deref in deallocate below.
>             }
>         }
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        StringImpl** header = static_cast<StringImpl**>(stringWrapperCFAllocatorDebugHeap().malloc(sizeof(StringImpl*) + size));
>+#else
>         StringImpl** header = static_cast<StringImpl**>(fastMalloc(sizeof(StringImpl*) + size));
>+#endif
>         *header = underlyingString;
>         return header + 1;
>     }
>@@ -70,7 +84,11 @@ namespace StringWrapperCFAllocator {
>         size_t newAllocationSize = sizeof(StringImpl*) + newSize;
>         StringImpl** header = static_cast<StringImpl**>(pointer) - 1;
>         ASSERT(!*header);
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        header = static_cast<StringImpl**>(stringWrapperCFAllocatorDebugHeap().realloc(header, newAllocationSize));
>+#else
>         header = static_cast<StringImpl**>(fastRealloc(header, newAllocationSize));
>+#endif
>         return header + 1;
>     }
> 
>@@ -78,12 +96,21 @@ namespace StringWrapperCFAllocator {
>     {
>         StringImpl** header = static_cast<StringImpl**>(pointer) - 1;
>         StringImpl* underlyingString = *header;
>-        if (!underlyingString)
>+        if (!underlyingString) {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+            stringWrapperCFAllocatorDebugHeap().free(header);
>+#else
>             fastFree(header);
>+#endif
>+        }
>         else {
>             if (isMainThread()) {
>                 underlyingString->deref(); // Balanced by call to ref in allocate above.
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+                stringWrapperCFAllocatorDebugHeap().free(header);
>+#else
>                 fastFree(header);
>+#endif
>                 return;
>             }
> 
>@@ -91,7 +118,12 @@ namespace StringWrapperCFAllocator {
>                 StringImpl* underlyingString = *header;
>                 ASSERT(underlyingString);
>                 underlyingString->deref(); // Balanced by call to ref in allocate above.
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+                stringWrapperCFAllocatorDebugHeap().free(header);
>+#else
>                 fastFree(header);
>+#endif
>+
>             });
>         }
>     }
>diff --git a/Source/WebCore/bindings/js/SerializedScriptValue.cpp b/Source/WebCore/bindings/js/SerializedScriptValue.cpp
>index c4600f859d28e3635c98e5124075493a54602db5..89c3af36893bb1c5ece6d924660ab3da24705d85 100644
>--- a/Source/WebCore/bindings/js/SerializedScriptValue.cpp
>+++ b/Source/WebCore/bindings/js/SerializedScriptValue.cpp
>@@ -96,6 +96,14 @@
> namespace WebCore {
> using namespace JSC;
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& SerializedScriptValue::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> static const unsigned maximumFilterRecursion = 40000;
> 
> enum class SerializationReturnCode {
>diff --git a/Source/WebCore/bindings/js/SerializedScriptValue.h b/Source/WebCore/bindings/js/SerializedScriptValue.h
>index 7633bfd70821ade7bc9171a0757c14994fadc20c..773ca14d21be2d9a1ff059aed3dfac877460c414 100644
>--- a/Source/WebCore/bindings/js/SerializedScriptValue.h
>+++ b/Source/WebCore/bindings/js/SerializedScriptValue.h
>@@ -63,6 +63,9 @@ using WasmModuleArray = Vector<RefPtr<JSC::Wasm::Module>>;
> #endif
> 
> class SerializedScriptValue : public ThreadSafeRefCounted<SerializedScriptValue> {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    WTF_MAKE_FAST_ALLOCATED_FROM_DEBUG_HEAP(SerializedScriptValue);
>+#endif
> public:
>     WEBCORE_EXPORT static RefPtr<SerializedScriptValue> create(JSC::ExecState&, JSC::JSValue, SerializationErrorMode = SerializationErrorMode::Throwing);
> 
>diff --git a/Source/WebCore/css/CSSFontFace.cpp b/Source/WebCore/css/CSSFontFace.cpp
>index 0f3e03fbfb99b199107e52b36c901662910c8be3..71c23eabd572fbd515ddd2a381de8a537aabd4a7 100644
>--- a/Source/WebCore/css/CSSFontFace.cpp
>+++ b/Source/WebCore/css/CSSFontFace.cpp
>@@ -48,6 +48,14 @@
> 
> namespace WebCore {
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& CSSFontFace::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> template<typename T> void iterateClients(HashSet<CSSFontFace::Client*>& clients, T callback)
> {
>     Vector<Ref<CSSFontFace::Client>> clientsCopy;
>diff --git a/Source/WebCore/css/CSSFontFace.h b/Source/WebCore/css/CSSFontFace.h
>index ad06d1920386f1838ffe5137008015e998deac45..5a9d1a8981320313ade3a529583c1e1d1e6acdc0 100644
>--- a/Source/WebCore/css/CSSFontFace.h
>+++ b/Source/WebCore/css/CSSFontFace.h
>@@ -55,6 +55,9 @@ class FontFace;
> enum class ExternalResourceDownloadPolicy;
> 
> class CSSFontFace final : public RefCounted<CSSFontFace> {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    WTF_MAKE_FAST_ALLOCATED_FROM_DEBUG_HEAP(CSSFontFace);
>+#endif
> public:
>     static Ref<CSSFontFace> create(CSSFontSelector* fontSelector, StyleRuleFontFace* cssConnection = nullptr, FontFace* wrapper = nullptr, bool isLocalFallback = false)
>     {
>diff --git a/Source/WebCore/css/CSSSelector.cpp b/Source/WebCore/css/CSSSelector.cpp
>index f365a85e74db82657fbab888c0635541c0b6006f..4eb2937eb8045cf68d2ac356256f74b2c3a8ff25 100644
>--- a/Source/WebCore/css/CSSSelector.cpp
>+++ b/Source/WebCore/css/CSSSelector.cpp
>@@ -48,6 +48,14 @@ struct SameSizeAsCSSSelector {
> static_assert(CSSSelector::RelationType::Subselector == 0, "Subselector must be 0 for consumeCombinator.");
> static_assert(sizeof(CSSSelector) == sizeof(SameSizeAsCSSSelector), "CSSSelector should remain small.");
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& CSSSelector::RareData::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> CSSSelector::CSSSelector(const QualifiedName& tagQName, bool tagIsForNamespaceRule)
>     : m_relation(DescendantSpace)
>     , m_match(Tag)
>diff --git a/Source/WebCore/css/CSSSelector.h b/Source/WebCore/css/CSSSelector.h
>index 544cc2cd58abea8044435b16485c23858853ea55..63bb844af410a48f26cf7f312f28ea920e740215 100644
>--- a/Source/WebCore/css/CSSSelector.h
>+++ b/Source/WebCore/css/CSSSelector.h
>@@ -341,6 +341,9 @@ namespace WebCore {
>         CSSSelector& operator=(const CSSSelector&);
> 
>         struct RareData : public RefCounted<RareData> {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+            WTF_MAKE_STRUCT_FAST_ALLOCATED_FROM_DEBUG_HEAP(CSSSelector::RareData);
>+#endif
>             static Ref<RareData> create(AtomicString&& value) { return adoptRef(*new RareData(WTFMove(value))); }
>             ~RareData();
> 
>diff --git a/Source/WebCore/css/CSSValue.cpp b/Source/WebCore/css/CSSValue.cpp
>index cc3f59f30faeb55f7496ba8d98049d37b09c0470..aebe55b302283146bc7d9f762b6d696298c8b8dd 100644
>--- a/Source/WebCore/css/CSSValue.cpp
>+++ b/Source/WebCore/css/CSSValue.cpp
>@@ -84,6 +84,14 @@ bool CSSValue::isImplicitInitialValue() const
>     return m_classType == InitialClass && downcast<CSSInitialValue>(*this).isImplicit();
> }
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& CSSValue::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> CSSValue::Type CSSValue::cssValueType() const
> {
>     if (isInheritedValue())
>diff --git a/Source/WebCore/css/CSSValue.h b/Source/WebCore/css/CSSValue.h
>index 7edd3e231a7c1b20a0b01a468f51d594afb98536..331dc0347c14bd643f5e6adb3b4b36d36aca4f09 100644
>--- a/Source/WebCore/css/CSSValue.h
>+++ b/Source/WebCore/css/CSSValue.h
>@@ -39,6 +39,9 @@ class StyleSheetContents;
> enum CSSPropertyID : uint16_t;
> 
> class CSSValue : public RefCounted<CSSValue> {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    WTF_MAKE_FAST_ALLOCATED_FROM_DEBUG_HEAP(CSSValue);
>+#endif
> public:
>     enum Type {
>         CSS_INHERIT = 0,
>diff --git a/Source/WebCore/css/ElementRuleCollector.cpp b/Source/WebCore/css/ElementRuleCollector.cpp
>index 05d385a558c48c48ee8da90f6a18cb4e75a6a95a..b566d97e8b54ae27134559c209fcd7cd302e9a26 100644
>--- a/Source/WebCore/css/ElementRuleCollector.cpp
>+++ b/Source/WebCore/css/ElementRuleCollector.cpp
>@@ -225,7 +225,7 @@ void ElementRuleCollector::matchHostPseudoClassRules(bool includeEmptyRules, Sty
> 
>     auto& shadowAuthorStyle = m_element.shadowRoot()->styleScope().resolver().ruleSets().authorStyle();
>     auto& shadowHostRules = shadowAuthorStyle.hostPseudoClassRules();
>-    if (shadowHostRules.isEmpty())
>+    if (shadowHostRules.data.isEmpty())
>         return;
> 
>     SetForScope<bool> change(m_isMatchingHostPseudoClass, true);
>@@ -292,9 +292,9 @@ std::unique_ptr<RuleSet::RuleDataVector> ElementRuleCollector::collectSlottedPse
>         return { };
> 
>     auto ruleDataVector = std::make_unique<RuleSet::RuleDataVector>();
>-    ruleDataVector->reserveInitialCapacity(m_matchedRules.size());
>+    ruleDataVector->data.reserveInitialCapacity(m_matchedRules.size());
>     for (auto& matchedRule : m_matchedRules)
>-        ruleDataVector->uncheckedAppend(*matchedRule.ruleData);
>+        ruleDataVector->data.uncheckedAppend(*matchedRule.ruleData);
> 
>     return ruleDataVector;
> }
>@@ -455,8 +455,8 @@ void ElementRuleCollector::collectMatchingRulesForList(const RuleSet::RuleDataVe
>     if (!rules)
>         return;
> 
>-    for (unsigned i = 0, size = rules->size(); i < size; ++i) {
>-        const RuleData& ruleData = rules->data()[i];
>+    for (unsigned i = 0, size = rules->data.size(); i < size; ++i) {
>+        const RuleData& ruleData = rules->data.data()[i];
> 
>         if (!ruleData.canMatchPseudoElement() && m_pseudoStyleRequest.pseudoId != PseudoId::None)
>             continue;
>diff --git a/Source/WebCore/css/RuleSet.cpp b/Source/WebCore/css/RuleSet.cpp
>index 2e11ae1f9ab5d2f1e89bac095d69cac051855c00..ce84c0e9153873040873bc6172a64f1ce2ef5685 100644
>--- a/Source/WebCore/css/RuleSet.cpp
>+++ b/Source/WebCore/css/RuleSet.cpp
>@@ -52,6 +52,20 @@ namespace WebCore {
> 
> using namespace HTMLNames;
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& RuleSet::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+
>+WTF::DebugHeap& RuleSet::RuleDataVector::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> // -----------------------------------------------------------------
> 
> static inline MatchBasedOnRuleHash computeMatchBasedOnRuleHash(const CSSSelector& selector)
>@@ -175,13 +189,13 @@ void RuleSet::addToRuleSet(const AtomicString& key, AtomRuleMap& map, const Rule
>     auto& rules = map.add(key, nullptr).iterator->value;
>     if (!rules)
>         rules = std::make_unique<RuleDataVector>();
>-    rules->append(ruleData);
>+    rules->data.append(ruleData);
> }
> 
> static unsigned rulesCountForName(const RuleSet::AtomRuleMap& map, const AtomicString& name)
> {
>     if (const auto* rules = map.get(name))
>-        return rules->size();
>+        return rules->data.size();
>     return 0;
> }
> 
>@@ -294,7 +308,7 @@ void RuleSet::addRule(StyleRule* rule, unsigned selectorIndex, unsigned selector
> 
> #if ENABLE(VIDEO_TRACK)
>     if (cuePseudoElementSelector) {
>-        m_cuePseudoRules.append(ruleData);
>+        m_cuePseudoRules.data.append(ruleData);
>         return;
>     }
> #endif
>@@ -302,7 +316,7 @@ void RuleSet::addRule(StyleRule* rule, unsigned selectorIndex, unsigned selector
>     if (slottedPseudoElementSelector) {
>         // ::slotted pseudo elements work accross shadow boundary making filtering difficult.
>         ruleData.disableSelectorFiltering();
>-        m_slottedPseudoElementRules.append(ruleData);
>+        m_slottedPseudoElementRules.data.append(ruleData);
>         return;
>     }
> 
>@@ -317,7 +331,7 @@ void RuleSet::addRule(StyleRule* rule, unsigned selectorIndex, unsigned selector
>         m_hasHostPseudoClassRulesMatchingInShadowTree = isHostSelectorMatchingInShadowTree(*ruleData.selector());
> 
>     if (hostPseudoClassSelector) {
>-        m_hostPseudoClassRules.append(ruleData);
>+        m_hostPseudoClassRules.data.append(ruleData);
>         return;
>     }
> 
>@@ -332,12 +346,12 @@ void RuleSet::addRule(StyleRule* rule, unsigned selectorIndex, unsigned selector
>     }
> 
>     if (linkSelector) {
>-        m_linkPseudoClassRules.append(ruleData);
>+        m_linkPseudoClassRules.data.append(ruleData);
>         return;
>     }
> 
>     if (focusSelector) {
>-        m_focusPseudoClassRules.append(ruleData);
>+        m_focusPseudoClassRules.data.append(ruleData);
>         return;
>     }
> 
>@@ -348,7 +362,7 @@ void RuleSet::addRule(StyleRule* rule, unsigned selectorIndex, unsigned selector
>     }
> 
>     // If we didn't find a specialized map to stick it in, file under universal rules.
>-    m_universalRules.append(ruleData);
>+    m_universalRules.data.append(ruleData);
> }
> 
> void RuleSet::addPageRule(StyleRulePage* rule)
>@@ -411,7 +425,7 @@ bool RuleSet::hasShadowPseudoElementRules() const
>     if (!m_shadowPseudoElementRules.isEmpty())
>         return true;
> #if ENABLE(VIDEO_TRACK)
>-    if (!m_cuePseudoRules.isEmpty())
>+    if (!m_cuePseudoRules.data.isEmpty())
>         return true;
> #endif
>     return false;
>@@ -420,7 +434,7 @@ bool RuleSet::hasShadowPseudoElementRules() const
> static inline void shrinkMapVectorsToFit(RuleSet::AtomRuleMap& map)
> {
>     for (auto& vector : map.values())
>-        vector->shrinkToFit();
>+        vector->data.shrinkToFit();
> }
> 
> void RuleSet::shrinkToFit()
>@@ -430,14 +444,14 @@ void RuleSet::shrinkToFit()
>     shrinkMapVectorsToFit(m_tagLocalNameRules);
>     shrinkMapVectorsToFit(m_tagLowercaseLocalNameRules);
>     shrinkMapVectorsToFit(m_shadowPseudoElementRules);
>-    m_linkPseudoClassRules.shrinkToFit();
>+    m_linkPseudoClassRules.data.shrinkToFit();
> #if ENABLE(VIDEO_TRACK)
>-    m_cuePseudoRules.shrinkToFit();
>+    m_cuePseudoRules.data.shrinkToFit();
> #endif
>-    m_hostPseudoClassRules.shrinkToFit();
>-    m_slottedPseudoElementRules.shrinkToFit();
>-    m_focusPseudoClassRules.shrinkToFit();
>-    m_universalRules.shrinkToFit();
>+    m_hostPseudoClassRules.data.shrinkToFit();
>+    m_slottedPseudoElementRules.data.shrinkToFit();
>+    m_focusPseudoClassRules.data.shrinkToFit();
>+    m_universalRules.data.shrinkToFit();
>     m_pageRules.shrinkToFit();
>     m_features.shrinkToFit();
> }
>diff --git a/Source/WebCore/css/RuleSet.h b/Source/WebCore/css/RuleSet.h
>index ba5dc60fe34c6b7678246734d322ac2f7a02f57f..937f68845ae0aa12f22fee283dfa4aeaff149706 100644
>--- a/Source/WebCore/css/RuleSet.h
>+++ b/Source/WebCore/css/RuleSet.h
>@@ -101,7 +101,12 @@ struct SameSizeAsRuleData {
> COMPILE_ASSERT(sizeof(RuleData) == sizeof(SameSizeAsRuleData), RuleData_should_stay_small);
> 
> class RuleSet {
>-    WTF_MAKE_NONCOPYABLE(RuleSet); WTF_MAKE_FAST_ALLOCATED;
>+    WTF_MAKE_NONCOPYABLE(RuleSet);
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        WTF_MAKE_FAST_ALLOCATED_FROM_DEBUG_HEAP(RuleSet);
>+#else
>+        WTF_MAKE_FAST_ALLOCATED;
>+#endif
> public:
>     struct RuleSetSelectorPair {
>         RuleSetSelectorPair(const CSSSelector* selector, std::unique_ptr<RuleSet> ruleSet) : selector(selector), ruleSet(WTFMove(ruleSet)) { }
>@@ -114,7 +119,12 @@ class RuleSet {
>     RuleSet();
>     ~RuleSet();
> 
>-    typedef Vector<RuleData, 1> RuleDataVector;
>+    struct RuleDataVector {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        WTF_MAKE_STRUCT_FAST_ALLOCATED_FROM_DEBUG_HEAP(RuleSet::RuleDataVector);
>+#endif
>+        Vector<RuleData, 1> data;
>+    };
>     typedef HashMap<AtomicString, std::unique_ptr<RuleDataVector>> AtomRuleMap;
> 
>     void addRulesFromSheet(StyleSheetContents&, const MediaQueryEvaluator&, StyleResolver* = 0);
>diff --git a/Source/WebCore/css/StyleProperties.cpp b/Source/WebCore/css/StyleProperties.cpp
>index 4cf6c6f7ab7df9fc04334bbe8dd05a3b559e935c..437761a2ed5456f84f34bbde0fa6d178ff273789 100644
>--- a/Source/WebCore/css/StyleProperties.cpp
>+++ b/Source/WebCore/css/StyleProperties.cpp
>@@ -49,6 +49,26 @@
> 
> namespace WebCore {
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& StyleProperties::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+
>+WTF::DebugHeap& ImmutableStyleProperties::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+
>+WTF::DebugHeap& MutableStyleProperties::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> static size_t sizeForImmutableStylePropertiesWithPropertyCount(unsigned count)
> {
>     return sizeof(ImmutableStyleProperties) - sizeof(void*) + sizeof(CSSValue*) * count + sizeof(StylePropertyMetadata) * count;
>@@ -61,7 +81,11 @@ static bool isInitialOrInherit(const String& value)
> 
> Ref<ImmutableStyleProperties> ImmutableStyleProperties::create(const CSSProperty* properties, unsigned count, CSSParserMode cssParserMode)
> {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    void* slot = ImmutableStyleProperties::debugHeap("WebKit ImmutableStyleProperties").malloc(sizeForImmutableStylePropertiesWithPropertyCount(count));
>+#else
>     void* slot = WTF::fastMalloc(sizeForImmutableStylePropertiesWithPropertyCount(count));
>+#endif
>     return adoptRef(*new (NotNull, slot) ImmutableStyleProperties(properties, count, cssParserMode));
> }
> 
>diff --git a/Source/WebCore/css/StyleProperties.h b/Source/WebCore/css/StyleProperties.h
>index 0ca7e613468b5a78cca6b8e7692352b71e431a3f..e109c322d85cdd04e8ac4e43bc03e9a1c1347e60 100644
>--- a/Source/WebCore/css/StyleProperties.h
>+++ b/Source/WebCore/css/StyleProperties.h
>@@ -75,6 +75,9 @@ class StylePropertiesBase : public RefCounted<StylePropertiesBase> {
> };
> 
> class StyleProperties : public StylePropertiesBase {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    WTF_MAKE_FAST_ALLOCATED_FROM_DEBUG_HEAP(StyleProperties);
>+#endif
>     friend class PropertyReference;
> public:
>     class PropertyReference {
>@@ -177,6 +180,9 @@ class StyleProperties : public StylePropertiesBase {
> };
> 
> class ImmutableStyleProperties final : public StyleProperties {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    WTF_MAKE_FAST_ALLOCATED_FROM_DEBUG_HEAP(ImmutableStyleProperties);
>+#endif
> public:
>     WEBCORE_EXPORT ~ImmutableStyleProperties();
>     static Ref<ImmutableStyleProperties> create(const CSSProperty* properties, unsigned count, CSSParserMode);
>@@ -207,6 +213,9 @@ inline const StylePropertyMetadata* ImmutableStyleProperties::metadataArray() co
> }
> 
> class MutableStyleProperties final : public StyleProperties {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    WTF_MAKE_FAST_ALLOCATED_FROM_DEBUG_HEAP(MutableStyleProperties);
>+#endif
> public:
>     WEBCORE_EXPORT static Ref<MutableStyleProperties> create(CSSParserMode = HTMLQuirksMode);
>     static Ref<MutableStyleProperties> create(const CSSProperty* properties, unsigned count);
>@@ -349,3 +358,4 @@ SPECIALIZE_TYPE_TRAITS_END()
> SPECIALIZE_TYPE_TRAITS_BEGIN(WebCore::DeferredStyleProperties)
>     static bool isType(const WebCore::StylePropertiesBase& set) { return set.type() == WebCore::DeferredPropertiesType; }
> SPECIALIZE_TYPE_TRAITS_END()
>+
>diff --git a/Source/WebCore/css/StyleResolver.cpp b/Source/WebCore/css/StyleResolver.cpp
>index 2da5ec114c4b8a371342b52503407e1273a096bb..2294ef780ee0b8b59be92c560def630b4149d58e 100644
>--- a/Source/WebCore/css/StyleResolver.cpp
>+++ b/Source/WebCore/css/StyleResolver.cpp
>@@ -128,6 +128,14 @@ static const CSSPropertyID firstLowPriorityProperty = static_cast<CSSPropertyID>
> 
> static void extractDirectionAndWritingMode(const RenderStyle&, const StyleResolver::MatchResult&, TextDirection&, WritingMode&);
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& StyleResolver::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> inline void StyleResolver::State::cacheBorderAndBackground()
> {
>     m_hasUAAppearance = m_style->hasAppearance();
>diff --git a/Source/WebCore/css/StyleResolver.h b/Source/WebCore/css/StyleResolver.h
>index e25603c8b2d76c3afb739ac119cf6cc278cb2fc9..cb85820bdbb7123555ffeb2160c84bfe4dd733df 100644
>--- a/Source/WebCore/css/StyleResolver.h
>+++ b/Source/WebCore/css/StyleResolver.h
>@@ -124,7 +124,12 @@ struct ElementStyle {
> 
> // This class selects a RenderStyle for a given element based on a collection of stylesheets.
> class StyleResolver {
>-    WTF_MAKE_NONCOPYABLE(StyleResolver); WTF_MAKE_FAST_ALLOCATED;
>+    WTF_MAKE_NONCOPYABLE(StyleResolver);
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        WTF_MAKE_FAST_ALLOCATED_FROM_DEBUG_HEAP(StyleResolver);
>+#else
>+        WTF_MAKE_FAST_ALLOCATED;
>+#endif
> public:
>     StyleResolver(Document&);
>     ~StyleResolver();
>diff --git a/Source/WebCore/css/StyleRule.cpp b/Source/WebCore/css/StyleRule.cpp
>index 1eefeb8bd10c254b824bc06cd5b8aef06602184f..4bc4d02c9070dc5cbd5b796be5a5690e6e264059 100644
>--- a/Source/WebCore/css/StyleRule.cpp
>+++ b/Source/WebCore/css/StyleRule.cpp
>@@ -45,6 +45,20 @@ struct SameSizeAsStyleRuleBase : public WTF::RefCountedBase {
> 
> COMPILE_ASSERT(sizeof(StyleRuleBase) == sizeof(SameSizeAsStyleRuleBase), StyleRuleBase_should_stay_small);
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& StyleRule::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+
>+WTF::DebugHeap& StyleRuleBase::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> Ref<CSSRule> StyleRuleBase::createCSSOMWrapper(CSSStyleSheet* parentSheet) const
> {
>     return createCSSOMWrapper(parentSheet, nullptr);
>diff --git a/Source/WebCore/css/StyleRule.h b/Source/WebCore/css/StyleRule.h
>index 401d04942c31e13108b0bde8544541cca8feec08..756a7d78fe889bfe0a2a58a0f2d09872de34a106 100644
>--- a/Source/WebCore/css/StyleRule.h
>+++ b/Source/WebCore/css/StyleRule.h
>@@ -40,7 +40,11 @@ class StyleProperties;
> class StyleRuleKeyframes;
>     
> class StyleRuleBase : public WTF::RefCountedBase {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    WTF_MAKE_STRUCT_FAST_ALLOCATED_FROM_DEBUG_HEAP(StyleRuleBase);
>+#else
>     WTF_MAKE_FAST_ALLOCATED;
>+#endif
> public:
>     enum Type {
>         Unknown, // Not used.
>@@ -116,7 +120,11 @@ class StyleRuleBase : public WTF::RefCountedBase {
> };
> 
> class StyleRule final : public StyleRuleBase {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    WTF_MAKE_STRUCT_FAST_ALLOCATED_FROM_DEBUG_HEAP(StyleRule);
>+#else
>     WTF_MAKE_FAST_ALLOCATED;
>+#endif
> public:
>     static Ref<StyleRule> create(Ref<StylePropertiesBase>&& properties, bool hasDocumentSecurityOrigin, CSSSelectorList&& selectors)
>     {
>diff --git a/Source/WebCore/dom/ElementData.cpp b/Source/WebCore/dom/ElementData.cpp
>index 9515305584ba41e6af47aa3944f1918bdcd2df82..54232e1f6f9132814ba8831079deae1bd669e3b6 100644
>--- a/Source/WebCore/dom/ElementData.cpp
>+++ b/Source/WebCore/dom/ElementData.cpp
>@@ -33,6 +33,20 @@
> 
> namespace WebCore {
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& ShareableElementData::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+
>+WTF::DebugHeap& ElementData::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> void ElementData::destroy()
> {
>     if (is<UniqueElementData>(*this))
>@@ -65,7 +79,11 @@ static size_t sizeForShareableElementDataWithAttributeCount(unsigned count)
> 
> Ref<ShareableElementData> ShareableElementData::createWithAttributes(const Vector<Attribute>& attributes)
> {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    void* slot = ShareableElementData::debugHeap("WebKit ShareableElementData").malloc(sizeForShareableElementDataWithAttributeCount(attributes.size()));
>+#else
>     void* slot = WTF::fastMalloc(sizeForShareableElementDataWithAttributeCount(attributes.size()));
>+#endif
>     return adoptRef(*new (NotNull, slot) ShareableElementData(attributes));
> }
> 
>@@ -157,7 +175,11 @@ Ref<UniqueElementData> ElementData::makeUniqueCopy() const
> 
> Ref<ShareableElementData> UniqueElementData::makeShareableCopy() const
> {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    void* slot = ShareableElementData::debugHeap("WebKit ShareableElementData").malloc(sizeForShareableElementDataWithAttributeCount(m_attributeVector.size()));
>+#else
>     void* slot = WTF::fastMalloc(sizeForShareableElementDataWithAttributeCount(m_attributeVector.size()));
>+#endif
>     return adoptRef(*new (NotNull, slot) ShareableElementData(*this));
> }
> 
>diff --git a/Source/WebCore/dom/ElementData.h b/Source/WebCore/dom/ElementData.h
>index f6d1eafd736b2aa826beb2b7fe054ffc2d59b653..80d3dc729839d93bb080e4f5fee3d573175dc772 100644
>--- a/Source/WebCore/dom/ElementData.h
>+++ b/Source/WebCore/dom/ElementData.h
>@@ -76,7 +76,11 @@ class AttributeIteratorAccessor {
> };
> 
> class ElementData : public RefCounted<ElementData> {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    WTF_MAKE_FAST_ALLOCATED_FROM_DEBUG_HEAP(ElementData);
>+#else
>     WTF_MAKE_FAST_ALLOCATED;
>+#endif
> public:
>     // Override RefCounted's deref() to ensure operator delete is called on
>     // the appropriate subclass type.
>@@ -184,6 +188,12 @@ class ElementData : public RefCounted<ElementData> {
> #endif
> 
> class ShareableElementData : public ElementData {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+public:
>+    WTF_MAKE_FAST_ALLOCATED_FROM_DEBUG_HEAP_IMPL(ShareableElementData);
>+public:
>+    WTF_EXPORT static WTF::DebugHeap& debugHeap(const char*);
>+#endif
> public:
>     static Ref<ShareableElementData> createWithAttributes(const Vector<Attribute>&);
> 
>diff --git a/Source/WebCore/dom/MessageEvent.cpp b/Source/WebCore/dom/MessageEvent.cpp
>index afb24e5b76bec8baead175f79d081111ccab0881..8198db830571ae4a946f3b28bfeb549f9be1eaf1 100644
>--- a/Source/WebCore/dom/MessageEvent.cpp
>+++ b/Source/WebCore/dom/MessageEvent.cpp
>@@ -36,6 +36,14 @@ namespace WebCore {
> 
> using namespace JSC;
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& MessageEvent::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> MessageEvent::MessageEvent() = default;
> 
> inline MessageEvent::MessageEvent(const AtomicString& type, Init&& initializer, IsTrusted isTrusted)
>diff --git a/Source/WebCore/dom/MessageEvent.h b/Source/WebCore/dom/MessageEvent.h
>index 9216968263260d51047fcf62683abad24547187d..38d8f4d35b5fd57841802f3db268e0f125a4b6d0 100644
>--- a/Source/WebCore/dom/MessageEvent.h
>+++ b/Source/WebCore/dom/MessageEvent.h
>@@ -46,6 +46,9 @@ using MessageEventSource = Variant<RefPtr<WindowProxy>, RefPtr<MessagePort>>;
> #endif
> 
> class MessageEvent final : public Event {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    WTF_MAKE_FAST_ALLOCATED_FROM_DEBUG_HEAP(MessageEvent);
>+#endif
> public:
>     static Ref<MessageEvent> create(Vector<RefPtr<MessagePort>>&&, Ref<SerializedScriptValue>&&, const String& origin = { }, const String& lastEventId = { }, Optional<MessageEventSource>&& source = WTF::nullopt);
>     static Ref<MessageEvent> create(const AtomicString& type, Ref<SerializedScriptValue>&&, const String& origin, const String& lastEventId);
>diff --git a/Source/WebCore/dom/NodeRareData.cpp b/Source/WebCore/dom/NodeRareData.cpp
>index a723eaf879a278703b29247bc88bd40f5d1e85d4..313f187f2b37d08bb186f63c571f11e80495eb95 100644
>--- a/Source/WebCore/dom/NodeRareData.cpp
>+++ b/Source/WebCore/dom/NodeRareData.cpp
>@@ -45,4 +45,20 @@ COMPILE_ASSERT(sizeof(NodeRareData) == sizeof(SameSizeAsNodeRareData), NodeRareD
> // Ensure the 10 bits reserved for the m_connectedFrameCount cannot overflow
> static_assert(Page::maxNumberOfFrames < 1024, "Frame limit should fit in rare data count");
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& NodeListsNodeData::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& NodeRareData::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> } // namespace WebCore
>diff --git a/Source/WebCore/dom/NodeRareData.h b/Source/WebCore/dom/NodeRareData.h
>index 4f8502bf8f5f2e4787d4511635107b49cd597ee5..950c13f960e5cff852930a8555ed9705def3efa9 100644
>--- a/Source/WebCore/dom/NodeRareData.h
>+++ b/Source/WebCore/dom/NodeRareData.h
>@@ -44,7 +44,12 @@ template <> struct NodeListTypeIdentifier<RadioNodeList> { static int value() {
> template <> struct NodeListTypeIdentifier<LabelsNodeList> { static int value() { return 2; } };
> 
> class NodeListsNodeData {
>-    WTF_MAKE_NONCOPYABLE(NodeListsNodeData); WTF_MAKE_FAST_ALLOCATED;
>+    WTF_MAKE_NONCOPYABLE(NodeListsNodeData);
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    WTF_MAKE_STRUCT_FAST_ALLOCATED_FROM_DEBUG_HEAP(NodeListsNodeData);
>+#else
>+    WTF_MAKE_FAST_ALLOCATED;
>+#endif
> public:
>     NodeListsNodeData()
>         : m_childNodeList(nullptr)
>@@ -247,7 +252,12 @@ class NodeMutationObserverData {
> };
> 
> class NodeRareData : public NodeRareDataBase {
>-    WTF_MAKE_NONCOPYABLE(NodeRareData); WTF_MAKE_FAST_ALLOCATED;
>+    WTF_MAKE_NONCOPYABLE(NodeRareData);
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    WTF_MAKE_STRUCT_FAST_ALLOCATED_FROM_DEBUG_HEAP(NodeRareData);
>+#else
>+    WTF_MAKE_FAST_ALLOCATED;
>+#endif
> public:
> #if defined(DUMP_NODE_STATISTICS) && DUMP_NODE_STATISTICS
>     enum class UseType : uint16_t {
>diff --git a/Source/WebCore/dom/QualifiedName.cpp b/Source/WebCore/dom/QualifiedName.cpp
>index 986292ff951cb4ffac1ada6a5798601682b5cd3e..13c843d44e1ad7bab52da4686ee069bca3d57d95 100644
>--- a/Source/WebCore/dom/QualifiedName.cpp
>+++ b/Source/WebCore/dom/QualifiedName.cpp
>@@ -26,6 +26,20 @@
> 
> namespace WebCore {
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& QualifiedName::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+
>+WTF::DebugHeap& QualifiedName::QualifiedNameImpl::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> QualifiedName::QualifiedName(const AtomicString& p, const AtomicString& l, const AtomicString& n)
>     : m_impl(threadGlobalData().qualifiedNameCache().getOrCreate(QualifiedNameComponents { p.impl(), l.impl(), n.isEmpty() ? nullptr : n.impl() }))
> {
>diff --git a/Source/WebCore/dom/QualifiedName.h b/Source/WebCore/dom/QualifiedName.h
>index 8b762e5e89f78d24f17e8f8049106d27b1985d7e..659935e08980e64b9827134c4632e7d1a5c22aa6 100644
>--- a/Source/WebCore/dom/QualifiedName.h
>+++ b/Source/WebCore/dom/QualifiedName.h
>@@ -33,9 +33,18 @@ struct QualifiedNameComponents {
> };
> 
> class QualifiedName {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    WTF_MAKE_STRUCT_FAST_ALLOCATED_FROM_DEBUG_HEAP(QualifiedName);
>+#else
>     WTF_MAKE_FAST_ALLOCATED;
>+#endif
> public:
>     class QualifiedNameImpl : public RefCounted<QualifiedNameImpl> {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        WTF_MAKE_STRUCT_FAST_ALLOCATED_FROM_DEBUG_HEAP(QualifiedName::QualifiedNameImpl);
>+#else
>+        WTF_MAKE_FAST_ALLOCATED;
>+#endif
>     public:
>         static Ref<QualifiedNameImpl> create(const AtomicString& prefix, const AtomicString& localName, const AtomicString& namespaceURI)
>         {
>diff --git a/Source/WebCore/html/parser/HTMLDocumentParser.cpp b/Source/WebCore/html/parser/HTMLDocumentParser.cpp
>index 43abb5ed34b38127b1eddf6c2c508c9291c36051..b2c91400d1580b9d125acbb383dc649dc530977d 100644
>--- a/Source/WebCore/html/parser/HTMLDocumentParser.cpp
>+++ b/Source/WebCore/html/parser/HTMLDocumentParser.cpp
>@@ -48,6 +48,14 @@ namespace WebCore {
> 
> using namespace HTMLNames;
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& HTMLDocumentParser::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> HTMLDocumentParser::HTMLDocumentParser(HTMLDocument& document)
>     : ScriptableDocumentParser(document)
>     , m_options(document)
>diff --git a/Source/WebCore/html/parser/HTMLDocumentParser.h b/Source/WebCore/html/parser/HTMLDocumentParser.h
>index 9990d8b8d0c120f3f4cdb98b92464d3a1a04471f..1279909bbb6b5ab043c0f30f9dfc4beed7265e1c 100644
>--- a/Source/WebCore/html/parser/HTMLDocumentParser.h
>+++ b/Source/WebCore/html/parser/HTMLDocumentParser.h
>@@ -48,7 +48,11 @@ class HTMLResourcePreloader;
> class PumpSession;
> 
> class HTMLDocumentParser : public ScriptableDocumentParser, private HTMLScriptRunnerHost, private PendingScriptClient {
>-    WTF_MAKE_FAST_ALLOCATED;
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        WTF_MAKE_FAST_ALLOCATED_FROM_DEBUG_HEAP(HTMLDocumentParser);
>+#else
>+        WTF_MAKE_FAST_ALLOCATED;
>+#endif
> public:
>     static Ref<HTMLDocumentParser> create(HTMLDocument&);
>     virtual ~HTMLDocumentParser();
>diff --git a/Source/WebCore/loader/DocumentLoader.cpp b/Source/WebCore/loader/DocumentLoader.cpp
>index fceea1bed92b0ea596b28246738f238c4f3b8719..b741f7d4981ddc233bd6f4a8a6f452dabb666c27 100644
>--- a/Source/WebCore/loader/DocumentLoader.cpp
>+++ b/Source/WebCore/loader/DocumentLoader.cpp
>@@ -143,6 +143,14 @@ static bool areAllLoadersPageCacheAcceptable(const ResourceLoaderMap& loaders)
>     return true;
> }
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& DocumentLoader::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> DocumentLoader::DocumentLoader(const ResourceRequest& request, const SubstituteData& substituteData)
>     : FrameDestructionObserver(nullptr)
>     , m_cachedResourceLoader(CachedResourceLoader::create(this))
>diff --git a/Source/WebCore/loader/DocumentLoader.h b/Source/WebCore/loader/DocumentLoader.h
>index b1445e7bb92c5b6064fbe71f567a4892c4eb6195..555b705f7424a568ccb2b206a69ac70a029b9a93 100644
>--- a/Source/WebCore/loader/DocumentLoader.h
>+++ b/Source/WebCore/loader/DocumentLoader.h
>@@ -136,7 +136,11 @@ class DocumentLoader
>     , public FrameDestructionObserver
>     , public ContentSecurityPolicyClient
>     , private CachedRawResourceClient {
>-    WTF_MAKE_FAST_ALLOCATED;
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        WTF_MAKE_FAST_ALLOCATED_FROM_DEBUG_HEAP(DocumentLoader);
>+#else
>+        WTF_MAKE_FAST_ALLOCATED;
>+#endif
>     friend class ContentFilter;
> public:
>     static Ref<DocumentLoader> create(const ResourceRequest& request, const SubstituteData& data)
>diff --git a/Source/WebCore/loader/ResourceLoader.cpp b/Source/WebCore/loader/ResourceLoader.cpp
>index 8b66628f61cddb47d6e64108a2cb4d72ea032ab4..b549c2bed4b4a4af856a923b4f01c87ac2a41f08 100644
>--- a/Source/WebCore/loader/ResourceLoader.cpp
>+++ b/Source/WebCore/loader/ResourceLoader.cpp
>@@ -67,6 +67,14 @@
> 
> namespace WebCore {
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& ResourceLoader::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> ResourceLoader::ResourceLoader(Frame& frame, ResourceLoaderOptions options)
>     : m_frame { &frame }
>     , m_documentLoader { frame.loader().activeDocumentLoader() }
>diff --git a/Source/WebCore/loader/ResourceLoader.h b/Source/WebCore/loader/ResourceLoader.h
>index d17e58d6bd0449225c13b1a338fd1010f572eec6..b04ab73a951800fadeeec037bb6847ea63ba1b4f 100644
>--- a/Source/WebCore/loader/ResourceLoader.h
>+++ b/Source/WebCore/loader/ResourceLoader.h
>@@ -55,6 +55,9 @@ class NetworkLoadMetrics;
> class PreviewLoader;
> 
> class ResourceLoader : public CanMakeWeakPtr<ResourceLoader>, public RefCounted<ResourceLoader>, protected ResourceHandleClient {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    WTF_MAKE_FAST_ALLOCATED_FROM_DEBUG_HEAP(ResourceLoader);
>+#endif
> public:
>     virtual ~ResourceLoader() = 0;
> 
>diff --git a/Source/WebCore/loader/cache/CachedResource.cpp b/Source/WebCore/loader/cache/CachedResource.cpp
>index e430e447ac494636c984e74d40b91e65cdebb50b..464a52e8477a9f76371c99be23215d0afc29ae9d 100644
>--- a/Source/WebCore/loader/cache/CachedResource.cpp
>+++ b/Source/WebCore/loader/cache/CachedResource.cpp
>@@ -64,6 +64,14 @@
> 
> namespace WebCore {
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& CachedResource::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> ResourceLoadPriority CachedResource::defaultPriorityForResourceType(Type type)
> {
>     switch (type) {
>diff --git a/Source/WebCore/loader/cache/CachedResource.h b/Source/WebCore/loader/cache/CachedResource.h
>index 9bf51e0b22744aa62e775d9ee75537f31ba88204..3f12abddad05d3d51e6164e5376158b13228003a 100644
>--- a/Source/WebCore/loader/cache/CachedResource.h
>+++ b/Source/WebCore/loader/cache/CachedResource.h
>@@ -57,7 +57,12 @@ class TextResourceDecoder;
> // from CachedResourceClient, to get the function calls in case the requested data has arrived.
> // This class also does the actual communication with the loader to obtain the resource from the network.
> class CachedResource {
>-    WTF_MAKE_NONCOPYABLE(CachedResource); WTF_MAKE_FAST_ALLOCATED;
>+    WTF_MAKE_NONCOPYABLE(CachedResource);
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        WTF_MAKE_FAST_ALLOCATED_FROM_DEBUG_HEAP(CachedResource);
>+#else
>+        WTF_MAKE_FAST_ALLOCATED;
>+#endif
>     friend class MemoryCache;
> 
> public:
>diff --git a/Source/WebCore/page/PerformanceEntry.cpp b/Source/WebCore/page/PerformanceEntry.cpp
>index 1381f807f0a4141c5f977faf840ae7ca3ed5625b..9f7bec32b965bed98c6852a89a2f7068e5309612 100644
>--- a/Source/WebCore/page/PerformanceEntry.cpp
>+++ b/Source/WebCore/page/PerformanceEntry.cpp
>@@ -36,6 +36,14 @@
> 
> namespace WebCore {
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& PerformanceEntry::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> PerformanceEntry::PerformanceEntry(Type type, const String& name, const String& entryType, double startTime, double finishTime)
>     : m_name(name)
>     , m_entryType(entryType)
>diff --git a/Source/WebCore/page/PerformanceEntry.h b/Source/WebCore/page/PerformanceEntry.h
>index ed876bb2edbfc0c3fcb1d8de602e7a6dc4eeab87..ee66ea22b646322fc818308e20016ca6c6da5087 100644
>--- a/Source/WebCore/page/PerformanceEntry.h
>+++ b/Source/WebCore/page/PerformanceEntry.h
>@@ -38,6 +38,9 @@
> namespace WebCore {
> 
> class PerformanceEntry : public RefCounted<PerformanceEntry> {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    WTF_MAKE_FAST_ALLOCATED_FROM_DEBUG_HEAP(PerformanceEntry);
>+#endif
> public:
>     virtual ~PerformanceEntry();
> 
>diff --git a/Source/WebCore/platform/graphics/Font.cpp b/Source/WebCore/platform/graphics/Font.cpp
>index cc94d6cdcff86781006b59f756de0823d8462011..2992457d6789b0a5dc63121ebadb7c8017e5a888 100644
>--- a/Source/WebCore/platform/graphics/Font.cpp
>+++ b/Source/WebCore/platform/graphics/Font.cpp
>@@ -55,6 +55,14 @@ unsigned GlyphPage::s_count = 0;
> const float smallCapsFontSizeMultiplier = 0.7f;
> const float emphasisMarkFontSizeMultiplier = 0.5f;
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& Font::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> Font::Font(const FontPlatformData& platformData, Origin origin, Interstitial interstitial, Visibility visibility, OrientationFallback orientationFallback)
>     : m_platformData(platformData)
>     , m_origin(origin)
>diff --git a/Source/WebCore/platform/graphics/Font.h b/Source/WebCore/platform/graphics/Font.h
>index 11df1e6b9f6733bd9b1d36ee4e49823c97b04642..5a469ccd7a10b11e20033b648a249e30495de76d 100644
>--- a/Source/WebCore/platform/graphics/Font.h
>+++ b/Source/WebCore/platform/graphics/Font.h
>@@ -68,6 +68,9 @@ enum Pitch { UnknownPitch, FixedPitch, VariablePitch };
> enum class IsForPlatformFont : uint8_t { No, Yes };
> 
> class Font : public RefCounted<Font> {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    WTF_MAKE_FAST_ALLOCATED_FROM_DEBUG_HEAP(Font);
>+#endif
> public:
>     // Used to create platform fonts.
>     enum class Origin : uint8_t {
>diff --git a/Source/WebCore/platform/graphics/FontCascadeFonts.cpp b/Source/WebCore/platform/graphics/FontCascadeFonts.cpp
>index a9f41e1773b0014d5cbbd2f7ee1446dad4dd821d..d03bbec49e926fe5bb8a9f9d1dab7c748003e96b 100644
>--- a/Source/WebCore/platform/graphics/FontCascadeFonts.cpp
>+++ b/Source/WebCore/platform/graphics/FontCascadeFonts.cpp
>@@ -96,6 +96,14 @@ void FontCascadeFonts::GlyphPageCacheEntry::setSingleFontPage(RefPtr<GlyphPage>&
>     m_singleFont = page;
> }
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& FontCascadeFonts::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> FontCascadeFonts::FontCascadeFonts(RefPtr<FontSelector>&& fontSelector)
>     : m_cachedPrimaryFont(nullptr)
>     , m_fontSelector(fontSelector)
>diff --git a/Source/WebCore/platform/graphics/FontCascadeFonts.h b/Source/WebCore/platform/graphics/FontCascadeFonts.h
>index 206c48e34a398b4d717f7dabd0ae997d63478fc4..c52a7e88c06f588f073e9756492f7dcca54b73db 100644
>--- a/Source/WebCore/platform/graphics/FontCascadeFonts.h
>+++ b/Source/WebCore/platform/graphics/FontCascadeFonts.h
>@@ -44,6 +44,9 @@ class MixedFontGlyphPage;
> 
> class FontCascadeFonts : public RefCounted<FontCascadeFonts> {
>     WTF_MAKE_NONCOPYABLE(FontCascadeFonts);
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    WTF_MAKE_FAST_ALLOCATED_FROM_DEBUG_HEAP(FontCascadeFonts);
>+#endif
> public:
>     static Ref<FontCascadeFonts> create(RefPtr<FontSelector>&& fontSelector) { return adoptRef(*new FontCascadeFonts(WTFMove(fontSelector))); }
>     static Ref<FontCascadeFonts> createForPlatformFont(const FontPlatformData& platformData) { return adoptRef(*new FontCascadeFonts(platformData)); }
>diff --git a/Source/WebCore/platform/graphics/Region.cpp b/Source/WebCore/platform/graphics/Region.cpp
>index 9dcee8761625c01488b4d90d1af22e35435d4a5e..097a46fe0a1dee2fc1b88190625982aa9ca9e558 100644
>--- a/Source/WebCore/platform/graphics/Region.cpp
>+++ b/Source/WebCore/platform/graphics/Region.cpp
>@@ -37,6 +37,14 @@
> 
> namespace WebCore {
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& Region::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> Region::Region()
> {
> }
>diff --git a/Source/WebCore/platform/graphics/Region.h b/Source/WebCore/platform/graphics/Region.h
>index 79633fdb6adf34fffee8f8267483b8cff5ce1f3c..6bfd2b85df2514f9d80a567d5a4608221deffceb 100644
>--- a/Source/WebCore/platform/graphics/Region.h
>+++ b/Source/WebCore/platform/graphics/Region.h
>@@ -34,7 +34,11 @@
> namespace WebCore {
> 
> class Region {
>-    WTF_MAKE_FAST_ALLOCATED;
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        WTF_MAKE_FAST_ALLOCATED_FROM_DEBUG_HEAP(Region);
>+#else
>+        WTF_MAKE_FAST_ALLOCATED;
>+#endif
> 
> public:
>     WEBCORE_EXPORT Region();
>diff --git a/Source/WebCore/platform/graphics/avfoundation/objc/MediaSampleAVFObjC.mm b/Source/WebCore/platform/graphics/avfoundation/objc/MediaSampleAVFObjC.mm
>index 5c0f3dc061f05fc693a3787361efd8928f2209aa..0d950aab7d7af035dba99426740a945945cd7ca3 100644
>--- a/Source/WebCore/platform/graphics/avfoundation/objc/MediaSampleAVFObjC.mm
>+++ b/Source/WebCore/platform/graphics/avfoundation/objc/MediaSampleAVFObjC.mm
>@@ -43,7 +43,13 @@ namespace WebCore {
> 
> static inline void releaseUint8Vector(void *array, const void*)
> {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    // Is this really vector backing memory?
>+    WTF::vectorHeap().free(array);
>+#else
>     adoptMallocPtr(static_cast<uint8_t*>(array));
>+#endif
>+
> }
> 
> RefPtr<MediaSampleAVFObjC> MediaSampleAVFObjC::createImageSample(Vector<uint8_t>&& array, unsigned long width, unsigned long height)
>diff --git a/Source/WebCore/platform/graphics/cg/ImageBufferCG.cpp b/Source/WebCore/platform/graphics/cg/ImageBufferCG.cpp
>index 80b5d4fbd272dee435b5ce7c084ee359a501ed64..ba8b29be2118fe77a63da86f145d0ca327b19e25 100644
>--- a/Source/WebCore/platform/graphics/cg/ImageBufferCG.cpp
>+++ b/Source/WebCore/platform/graphics/cg/ImageBufferCG.cpp
>@@ -56,11 +56,23 @@
> #include <pal/spi/cocoa/IOSurfaceSPI.h>
> #endif
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+#include <wtf/DebugHeap.h>
>+#endif
>+
> // CA uses ARGB32 for textures and ARGB32 -> ARGB32 resampling is optimized.
> #define USE_ARGB32 PLATFORM(IOS_FAMILY)
> 
> namespace WebCore {
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+static WTF::DebugHeap& debugHeap()
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap("WebKit ImageBuffer");
>+    return heap;
>+}
>+#endif
>+
> static FloatSize scaleSizeToUserSpace(const FloatSize& logicalSize, const IntSize& backingStoreSize, const IntSize& internalSize)
> {
>     float xMagnification = static_cast<float>(backingStoreSize.width()) / internalSize.width();
>@@ -167,8 +179,16 @@ ImageBuffer::ImageBuffer(const FloatSize& size, float resolutionScale, CGColorSp
>     }
> 
>     if (!accelerateRendering) {
>+
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        m_data.data = debugHeap().calloc(m_data.backingStoreSize.height(), m_data.bytesPerRow.unsafeGet());
>+        if (!m_data.data)
>+            return;
>+#else
>         if (!tryFastCalloc(m_data.backingStoreSize.height(), m_data.bytesPerRow.unsafeGet()).getValue(m_data.data))
>             return;
>+#endif
>+
>         ASSERT(!(reinterpret_cast<intptr_t>(m_data.data) & 3));
> 
> #if USE_ARGB32
>@@ -178,7 +198,11 @@ ImageBuffer::ImageBuffer(const FloatSize& size, float resolutionScale, CGColorSp
> #endif
>         cgContext = adoptCF(CGBitmapContextCreate(m_data.data, m_data.backingStoreSize.width(), m_data.backingStoreSize.height(), 8, m_data.bytesPerRow.unsafeGet(), m_data.colorSpace, m_data.bitmapInfo));
>         const auto releaseImageData = [] (void*, const void* data, size_t) {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+            debugHeap().free(const_cast<void*>(data));
>+#else
>             fastFree(const_cast<void*>(data));
>+#endif
>         };
>         // Create a live image that wraps the data.
>         verifyImageBufferIsBigEnough(m_data.data, numBytes.unsafeGet());
>diff --git a/Source/WebCore/platform/network/ResourceHandle.cpp b/Source/WebCore/platform/network/ResourceHandle.cpp
>index 70ee4e7711fd748b68f7d9a0f2aa36bb03dc35b0..4eb3138fea71a4001b51bd66a3fe29f191caffa7 100644
>--- a/Source/WebCore/platform/network/ResourceHandle.cpp
>+++ b/Source/WebCore/platform/network/ResourceHandle.cpp
>@@ -43,6 +43,14 @@ namespace WebCore {
> 
> static bool shouldForceContentSniffing;
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& ResourceHandleInternal::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> typedef HashMap<AtomicString, ResourceHandle::BuiltinConstructor> BuiltinResourceHandleConstructorMap;
> static BuiltinResourceHandleConstructorMap& builtinResourceHandleConstructorMap()
> {
>diff --git a/Source/WebCore/platform/network/ResourceHandleInternal.h b/Source/WebCore/platform/network/ResourceHandleInternal.h
>index 243de9f8265aa9d033c7fb1aee3493417a19f5f1..e54a8101c96d09a598c4edca895658fcefbcf696 100644
>--- a/Source/WebCore/platform/network/ResourceHandleInternal.h
>+++ b/Source/WebCore/platform/network/ResourceHandleInternal.h
>@@ -59,7 +59,12 @@ typedef const struct __CFURLStorageSession* CFURLStorageSessionRef;
> namespace WebCore {
> 
> class ResourceHandleInternal {
>-    WTF_MAKE_NONCOPYABLE(ResourceHandleInternal); WTF_MAKE_FAST_ALLOCATED;
>+    WTF_MAKE_NONCOPYABLE(ResourceHandleInternal);
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        WTF_MAKE_FAST_ALLOCATED_FROM_DEBUG_HEAP(ResourceHandleInternal);
>+#else
>+        WTF_MAKE_FAST_ALLOCATED;
>+#endif
> public:
>     ResourceHandleInternal(ResourceHandle* loader, NetworkingContext* context, const ResourceRequest& request, ResourceHandleClient* client, bool defersLoading, bool shouldContentSniff, bool shouldContentEncodingSniff)
>         : m_context(context)
>diff --git a/Source/WebCore/platform/network/cf/FormDataStreamCFNet.cpp b/Source/WebCore/platform/network/cf/FormDataStreamCFNet.cpp
>index dfdde71a1f0b918671265504ac7a3fad919fd7e1..c4f022e677cb7dbd616374f2402c4deb6ade0027 100644
>--- a/Source/WebCore/platform/network/cf/FormDataStreamCFNet.cpp
>+++ b/Source/WebCore/platform/network/cf/FormDataStreamCFNet.cpp
>@@ -96,6 +96,14 @@ struct FormCreationContext {
>     unsigned long long streamLength;
> };
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+static WTF::DebugHeap& debugHeap()
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap("WebKit FormStreamFields");
>+    return heap;
>+}
>+#endif
>+
> struct FormStreamFields {
>     RefPtr<FormData> formData;
>     SchedulePairHashSet scheduledRunLoopPairs;
>@@ -107,6 +115,13 @@ struct FormStreamFields {
>     unsigned long long streamLength;
>     unsigned long long bytesSent;
>     Lock streamIsBeingOpenedOrClosedLock;
>+    
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    FormStreamFields()
>+        : currentData(debugHeap())
>+    {
>+    }
>+#endif
> };
> 
> static void closeCurrentStream(FormStreamFields* form)
>@@ -121,7 +136,7 @@ static void closeCurrentStream(FormStreamFields* form)
>         form->currentStreamRangeLength = BlobDataItem::toEndOfFile;
>     }
> 
>-    form->currentData = nullptr;
>+    form->currentData = { debugHeap() };
> }
> 
> // Return false if we cannot advance the stream. Currently the only possible failure is that the underlying file has been removed or changed since File.slice.
>diff --git a/Source/WebCore/rendering/RenderLayer.cpp b/Source/WebCore/rendering/RenderLayer.cpp
>index 7a9700e990461334e59aed36124a733875af54fd..51fd690ed38a2b4430411ac6c3f2f232dacf4532 100644
>--- a/Source/WebCore/rendering/RenderLayer.cpp
>+++ b/Source/WebCore/rendering/RenderLayer.cpp
>@@ -286,6 +286,14 @@ static bool clipRectsLogEnabled()
> }
> #endif
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& RenderLayer::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> RenderLayer::RenderLayer(RenderLayerModelObject& rendererLayerModelObject)
>     : m_isRenderViewLayer(rendererLayerModelObject.isRenderView())
>     , m_forcedStackingContext(rendererLayerModelObject.isMedia())
>diff --git a/Source/WebCore/rendering/RenderLayer.h b/Source/WebCore/rendering/RenderLayer.h
>index aa963062646924f3d234b9ee5e990cdd43598fff..5254a488f553e4a929191f58fbb91258d8ddef56 100644
>--- a/Source/WebCore/rendering/RenderLayer.h
>+++ b/Source/WebCore/rendering/RenderLayer.h
>@@ -125,7 +125,11 @@ struct ScrollRectToVisibleOptions {
> };
> 
> class RenderLayer final : public ScrollableArea {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    WTF_MAKE_FAST_ALLOCATED_FROM_DEBUG_HEAP(RenderLayer);
>+#else
>     WTF_MAKE_FAST_ALLOCATED;
>+#endif
> public:
>     friend class RenderReplica;
>     friend class RenderLayerFilters;
>diff --git a/Source/WebCore/rendering/RenderTable.cpp b/Source/WebCore/rendering/RenderTable.cpp
>index 99ad8da48f24d2fc2564774d252547fdbe001069..a7115a933be01e98df66d71fc0ae8ccf18353e62 100644
>--- a/Source/WebCore/rendering/RenderTable.cpp
>+++ b/Source/WebCore/rendering/RenderTable.cpp
>@@ -58,6 +58,14 @@ using namespace HTMLNames;
> 
> WTF_MAKE_ISO_ALLOCATED_IMPL(RenderTable);
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& TableLayout::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> RenderTable::RenderTable(Element& element, RenderStyle&& style)
>     : RenderBlock(element, WTFMove(style), 0)
>     , m_currentBorder(nullptr)
>diff --git a/Source/WebCore/rendering/TableLayout.h b/Source/WebCore/rendering/TableLayout.h
>index 5b6cd01d18ba91d940689f6f1ff7d6bd810ca385..7b2517ff185297a2f5cbb7684e8d73abd194436d 100644
>--- a/Source/WebCore/rendering/TableLayout.h
>+++ b/Source/WebCore/rendering/TableLayout.h
>@@ -29,7 +29,12 @@ namespace WebCore {
> class RenderTable;
> 
> class TableLayout {
>-    WTF_MAKE_NONCOPYABLE(TableLayout); WTF_MAKE_FAST_ALLOCATED;
>+    WTF_MAKE_NONCOPYABLE(TableLayout);
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    WTF_MAKE_FAST_ALLOCATED_FROM_DEBUG_HEAP(StyleInheritedData);
>+#else
>+    WTF_MAKE_FAST_ALLOCATED;
>+#endif
> public:
>     explicit TableLayout(RenderTable* table)
>         : m_table(table)
>diff --git a/Source/WebCore/rendering/style/RenderStyle.cpp b/Source/WebCore/rendering/style/RenderStyle.cpp
>index feeb708b2fb825c96850e13b4803a94b4067e211..9a37998c71596ef4a0b072bec31cb5ed4f1b8c6f 100644
>--- a/Source/WebCore/rendering/style/RenderStyle.cpp
>+++ b/Source/WebCore/rendering/style/RenderStyle.cpp
>@@ -86,6 +86,14 @@ struct SameSizeAsRenderStyle {
> 
> static_assert(sizeof(RenderStyle) == sizeof(SameSizeAsRenderStyle), "RenderStyle should stay small");
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& RenderStyle::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> RenderStyle& RenderStyle::defaultStyle()
> {
>     static NeverDestroyed<RenderStyle> style { CreateDefaultStyle };
>diff --git a/Source/WebCore/rendering/style/RenderStyle.h b/Source/WebCore/rendering/style/RenderStyle.h
>index 68576ac4caf2fa7607649cc99aaaf9551c3a65a2..63d845b38ca13cdf1778e3c772e12b864e8660b9 100644
>--- a/Source/WebCore/rendering/style/RenderStyle.h
>+++ b/Source/WebCore/rendering/style/RenderStyle.h
>@@ -130,7 +130,11 @@ using PseudoStyleCache = Vector<std::unique_ptr<RenderStyle>, 4>;
> template<typename T, typename U> inline bool compareEqual(const T& t, const U& u) { return t == static_cast<const T&>(u); }
> 
> class RenderStyle {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    WTF_MAKE_FAST_ALLOCATED_FROM_DEBUG_HEAP(RenderStyle);
>+#else
>     WTF_MAKE_FAST_ALLOCATED;
>+#endif
> 
> private:
>     enum CloneTag { Clone };
>diff --git a/Source/WebCore/rendering/style/SVGRenderStyle.cpp b/Source/WebCore/rendering/style/SVGRenderStyle.cpp
>index cd9f364b286271b17e651f71a3b25af38f556970..7fcdf27175489c879e0c7ef4b3f06a12445b59d2 100644
>--- a/Source/WebCore/rendering/style/SVGRenderStyle.cpp
>+++ b/Source/WebCore/rendering/style/SVGRenderStyle.cpp
>@@ -43,6 +43,14 @@ static const SVGRenderStyle& defaultSVGStyle()
>     return *style.get();
> }
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& SVGRenderStyle::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> Ref<SVGRenderStyle> SVGRenderStyle::createDefaultStyle()
> {
>     return adoptRef(*new SVGRenderStyle(CreateDefault));
>diff --git a/Source/WebCore/rendering/style/SVGRenderStyle.h b/Source/WebCore/rendering/style/SVGRenderStyle.h
>index 4244ca601448f1b10a8f1fcbf9170234d3a0179b..d0c8c357a0e896adc96526ba49b9ac6b4787a025 100644
>--- a/Source/WebCore/rendering/style/SVGRenderStyle.h
>+++ b/Source/WebCore/rendering/style/SVGRenderStyle.h
>@@ -31,6 +31,11 @@
> namespace WebCore {
> 
> class SVGRenderStyle : public RefCounted<SVGRenderStyle> {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    WTF_MAKE_FAST_ALLOCATED_FROM_DEBUG_HEAP(SVGRenderStyle);
>+#else
>+    WTF_MAKE_FAST_ALLOCATED;
>+#endif
> public:
>     static Ref<SVGRenderStyle> createDefaultStyle();
>     static Ref<SVGRenderStyle> create() { return adoptRef(*new SVGRenderStyle); }
>diff --git a/Source/WebCore/rendering/style/SVGRenderStyleDefs.cpp b/Source/WebCore/rendering/style/SVGRenderStyleDefs.cpp
>index 20b2a8114b0c8e9ebd4827079a9820f2ec0dcdc2..e473a78b5a43e815a50edcc0c86afd89114301a5 100644
>--- a/Source/WebCore/rendering/style/SVGRenderStyleDefs.cpp
>+++ b/Source/WebCore/rendering/style/SVGRenderStyleDefs.cpp
>@@ -35,6 +35,14 @@
> 
> namespace WebCore {
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& StyleFillData::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> StyleFillData::StyleFillData()
>     : opacity(SVGRenderStyle::initialFillOpacity())
>     , paintColor(SVGRenderStyle::initialFillPaintColor())
>diff --git a/Source/WebCore/rendering/style/SVGRenderStyleDefs.h b/Source/WebCore/rendering/style/SVGRenderStyleDefs.h
>index d87a8d3730c6431d715b3dfa277c0450e1ce01c2..e5b438e95fcb30798fc133339710e181a272158b 100644
>--- a/Source/WebCore/rendering/style/SVGRenderStyleDefs.h
>+++ b/Source/WebCore/rendering/style/SVGRenderStyleDefs.h
>@@ -138,6 +138,9 @@ enum class MaskType : uint8_t {
> 
> // Inherited/Non-Inherited Style Datastructures
> class StyleFillData : public RefCounted<StyleFillData> {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    WTF_MAKE_FAST_ALLOCATED_FROM_DEBUG_HEAP(StyleFillData);
>+#endif
> public:
>     static Ref<StyleFillData> create() { return adoptRef(*new StyleFillData); }
>     Ref<StyleFillData> copy() const;
>diff --git a/Source/WebCore/rendering/style/StyleBoxData.cpp b/Source/WebCore/rendering/style/StyleBoxData.cpp
>index a8b35e136fb08b31caec094e788d7ce645102421..bcc1478cd423462791ba38d3d9beeeebbd227fc9 100644
>--- a/Source/WebCore/rendering/style/StyleBoxData.cpp
>+++ b/Source/WebCore/rendering/style/StyleBoxData.cpp
>@@ -35,6 +35,14 @@ struct SameSizeAsStyleBoxData : public RefCounted<SameSizeAsStyleBoxData> {
> 
> COMPILE_ASSERT(sizeof(StyleBoxData) == sizeof(SameSizeAsStyleBoxData), StyleBoxData_should_not_grow);
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& StyleBoxData::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> StyleBoxData::StyleBoxData()
>     : m_minWidth(RenderStyle::initialMinSize())
>     , m_maxWidth(RenderStyle::initialMaxSize())
>diff --git a/Source/WebCore/rendering/style/StyleBoxData.h b/Source/WebCore/rendering/style/StyleBoxData.h
>index 89170374b34b084146d06398f65d059cd4d82cfd..bbcfac1dcefb3a665da5525036b9417ce89160d2 100644
>--- a/Source/WebCore/rendering/style/StyleBoxData.h
>+++ b/Source/WebCore/rendering/style/StyleBoxData.h
>@@ -32,6 +32,9 @@
> namespace WebCore {
> 
> class StyleBoxData : public RefCounted<StyleBoxData> {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    WTF_MAKE_FAST_ALLOCATED_FROM_DEBUG_HEAP(StyleBoxData);
>+#endif
> public:
>     static Ref<StyleBoxData> create() { return adoptRef(*new StyleBoxData); }
>     Ref<StyleBoxData> copy() const;
>diff --git a/Source/WebCore/rendering/style/StyleInheritedData.cpp b/Source/WebCore/rendering/style/StyleInheritedData.cpp
>index a5e357ee93123f12d7426f07300675a121fab557..cf7dcf9565d7130bc908d2041c9ba2448e689e6f 100644
>--- a/Source/WebCore/rendering/style/StyleInheritedData.cpp
>+++ b/Source/WebCore/rendering/style/StyleInheritedData.cpp
>@@ -26,6 +26,14 @@
> 
> namespace WebCore {
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& StyleInheritedData::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> StyleInheritedData::StyleInheritedData()
>     : horizontalBorderSpacing(RenderStyle::initialHorizontalBorderSpacing())
>     , verticalBorderSpacing(RenderStyle::initialVerticalBorderSpacing())
>diff --git a/Source/WebCore/rendering/style/StyleInheritedData.h b/Source/WebCore/rendering/style/StyleInheritedData.h
>index d6555835ac8e0930506055dfc8b19a2889280166..80c47d5e5b6e2cc9c322e9fc1e91cfec5b2de4cf 100644
>--- a/Source/WebCore/rendering/style/StyleInheritedData.h
>+++ b/Source/WebCore/rendering/style/StyleInheritedData.h
>@@ -31,6 +31,9 @@
> namespace WebCore {
> 
> class StyleInheritedData : public RefCounted<StyleInheritedData> {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    WTF_MAKE_FAST_ALLOCATED_FROM_DEBUG_HEAP(StyleInheritedData);
>+#endif
> public:
>     static Ref<StyleInheritedData> create() { return adoptRef(*new StyleInheritedData); }
>     Ref<StyleInheritedData> copy() const;
>diff --git a/Source/WebCore/rendering/style/StyleRareInheritedData.cpp b/Source/WebCore/rendering/style/StyleRareInheritedData.cpp
>index 899873da3b32f316317313292ade8fdaed04a749..0d8be472cff787e366e6e7bfd1a2d088dbd441a4 100644
>--- a/Source/WebCore/rendering/style/StyleRareInheritedData.cpp
>+++ b/Source/WebCore/rendering/style/StyleRareInheritedData.cpp
>@@ -77,6 +77,14 @@ struct GreaterThanOrSameSizeAsStyleRareInheritedData : public RefCounted<Greater
> 
> COMPILE_ASSERT(sizeof(StyleRareInheritedData) <= sizeof(GreaterThanOrSameSizeAsStyleRareInheritedData), StyleRareInheritedData_should_bit_pack);
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& StyleRareInheritedData::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> StyleRareInheritedData::StyleRareInheritedData()
>     : listStyleImage(RenderStyle::initialListStyleImage())
>     , textStrokeWidth(RenderStyle::initialTextStrokeWidth())
>diff --git a/Source/WebCore/rendering/style/StyleRareInheritedData.h b/Source/WebCore/rendering/style/StyleRareInheritedData.h
>index a0332d8d857280924941652269150f2813673ec7..a609aeef8d8faa1b4c10229c0b16d4fa133c433f 100644
>--- a/Source/WebCore/rendering/style/StyleRareInheritedData.h
>+++ b/Source/WebCore/rendering/style/StyleRareInheritedData.h
>@@ -53,6 +53,9 @@ class StyleImage;
> // By grouping them together, we save space, and only allocate this object when someone
> // actually uses one of these properties.
> class StyleRareInheritedData : public RefCounted<StyleRareInheritedData> {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        WTF_MAKE_FAST_ALLOCATED_FROM_DEBUG_HEAP(StyleRareInheritedData);
>+#endif
> public:
>     static Ref<StyleRareInheritedData> create() { return adoptRef(*new StyleRareInheritedData); }
>     Ref<StyleRareInheritedData> copy() const;
>diff --git a/Source/WebCore/rendering/style/StyleRareNonInheritedData.cpp b/Source/WebCore/rendering/style/StyleRareNonInheritedData.cpp
>index e560a925bcfa9291f75bacfd6e520ef8b6c1a66b..c3cae90137c3bbd2ae8d1beffa494cdee2459e9b 100644
>--- a/Source/WebCore/rendering/style/StyleRareNonInheritedData.cpp
>+++ b/Source/WebCore/rendering/style/StyleRareNonInheritedData.cpp
>@@ -37,6 +37,14 @@
> 
> namespace WebCore {
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& StyleRareNonInheritedData::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> StyleRareNonInheritedData::StyleRareNonInheritedData()
>     : opacity(RenderStyle::initialOpacity())
>     , aspectRatioDenominator(RenderStyle::initialAspectRatioDenominator())
>diff --git a/Source/WebCore/rendering/style/StyleRareNonInheritedData.h b/Source/WebCore/rendering/style/StyleRareNonInheritedData.h
>index 395849215baec6208a9dda9fd52e194b21d7c238..2e1f34b84dfa43cfb8c99117cb1dc3fe7bba0af5 100644
>--- a/Source/WebCore/rendering/style/StyleRareNonInheritedData.h
>+++ b/Source/WebCore/rendering/style/StyleRareNonInheritedData.h
>@@ -76,6 +76,9 @@ enum PageSizeType {
> // By grouping them together, we save space, and only allocate this object when someone
> // actually uses one of these properties.
> class StyleRareNonInheritedData : public RefCounted<StyleRareNonInheritedData> {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    WTF_MAKE_FAST_ALLOCATED_FROM_DEBUG_HEAP(StyleRareNonInheritedData);
>+#endif
> public:
>     static Ref<StyleRareNonInheritedData> create() { return adoptRef(*new StyleRareNonInheritedData); }
>     Ref<StyleRareNonInheritedData> copy() const;
>diff --git a/Source/WebCore/rendering/style/StyleSurroundData.cpp b/Source/WebCore/rendering/style/StyleSurroundData.cpp
>index 5c9bbdbecd4696806742608334012bc4af2af053..85da28d77927927ee64f7b4564fdf40423d8ce76 100644
>--- a/Source/WebCore/rendering/style/StyleSurroundData.cpp
>+++ b/Source/WebCore/rendering/style/StyleSurroundData.cpp
>@@ -24,6 +24,14 @@
> 
> namespace WebCore {
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& StyleSurroundData::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> StyleSurroundData::StyleSurroundData()
>     : margin(Fixed)
>     , padding(Fixed)
>diff --git a/Source/WebCore/rendering/style/StyleSurroundData.h b/Source/WebCore/rendering/style/StyleSurroundData.h
>index 1f618a04486446d7b0a0f8c0736aa77a02b69ab9..24188ebbca2e27b12c857abcf7de0a8a5ea7d494 100644
>--- a/Source/WebCore/rendering/style/StyleSurroundData.h
>+++ b/Source/WebCore/rendering/style/StyleSurroundData.h
>@@ -32,6 +32,9 @@
> namespace WebCore {
> 
> class StyleSurroundData : public RefCounted<StyleSurroundData> {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    WTF_MAKE_FAST_ALLOCATED_FROM_DEBUG_HEAP(StyleSurroundData);
>+#endif
> public:
>     static Ref<StyleSurroundData> create() { return adoptRef(*new StyleSurroundData); }
>     Ref<StyleSurroundData> copy() const;
>diff --git a/Source/WebCore/rendering/style/StyleTransformData.cpp b/Source/WebCore/rendering/style/StyleTransformData.cpp
>index eba3222d4740d9e3c319bda8c8049d45586f6040..79b31fdc4511a92652dc55853e600bb6e0dfc5f0 100644
>--- a/Source/WebCore/rendering/style/StyleTransformData.cpp
>+++ b/Source/WebCore/rendering/style/StyleTransformData.cpp
>@@ -26,6 +26,14 @@
> 
> namespace WebCore {
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& StyleTransformData::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> StyleTransformData::StyleTransformData()
>     : operations(RenderStyle::initialTransform())
>     , x(RenderStyle::initialTransformOriginX())
>diff --git a/Source/WebCore/rendering/style/StyleTransformData.h b/Source/WebCore/rendering/style/StyleTransformData.h
>index a36c9fad6b4a5309fafae087ba3f0fc600270850..3e02583bfd2415fb048ada0f3a1abbcb637c0455 100644
>--- a/Source/WebCore/rendering/style/StyleTransformData.h
>+++ b/Source/WebCore/rendering/style/StyleTransformData.h
>@@ -33,6 +33,9 @@
> namespace WebCore {
> 
> class StyleTransformData : public RefCounted<StyleTransformData> {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    WTF_MAKE_FAST_ALLOCATED_FROM_DEBUG_HEAP(StyleTransformData);
>+#endif
> public:
>     static Ref<StyleTransformData> create() { return adoptRef(*new StyleTransformData); }
>     Ref<StyleTransformData> copy() const;
>diff --git a/Source/WebCore/style/StyleInvalidationFunctions.h b/Source/WebCore/style/StyleInvalidationFunctions.h
>index 02ffd4064cfc5ab1759303c30054dff1a9cf8b82..b0a4001a78757e8dc2f2004b101451a3eba9510b 100644
>--- a/Source/WebCore/style/StyleInvalidationFunctions.h
>+++ b/Source/WebCore/style/StyleInvalidationFunctions.h
>@@ -42,7 +42,7 @@ inline void traverseRuleFeaturesInShadowTree(Element& element, TraverseFunction&
>     auto& shadowRuleSets = element.shadowRoot()->styleScope().resolver().ruleSets();
>     auto& authorStyle = shadowRuleSets.authorStyle();
>     bool hasHostPseudoClassRulesMatchingInShadowTree = authorStyle.hasHostPseudoClassRulesMatchingInShadowTree();
>-    if (authorStyle.hostPseudoClassRules().isEmpty() && !hasHostPseudoClassRulesMatchingInShadowTree)
>+    if (authorStyle.hostPseudoClassRules().data.isEmpty() && !hasHostPseudoClassRulesMatchingInShadowTree)
>         return;
>     function(shadowRuleSets.features(), hasHostPseudoClassRulesMatchingInShadowTree);
> }
>@@ -53,7 +53,7 @@ inline void traverseRuleFeaturesForSlotted(Element& element, TraverseFunction&&
>     auto assignedShadowRoots = assignedShadowRootsIfSlotted(element);
>     for (auto& assignedShadowRoot : assignedShadowRoots) {
>         auto& ruleSets = assignedShadowRoot->styleScope().resolver().ruleSets();
>-        if (ruleSets.authorStyle().slottedPseudoElementRules().isEmpty())
>+        if (ruleSets.authorStyle().slottedPseudoElementRules().data.isEmpty())
>             continue;
>         function(ruleSets.features(), false);
>     }
>@@ -67,7 +67,7 @@ inline void traverseRuleFeatures(Element& element, TraverseFunction&& function)
>     auto mayAffectShadowTree = [&] {
>         if (element.shadowRoot() && ruleSets.authorStyle().hasShadowPseudoElementRules())
>             return true;
>-        if (is<HTMLSlotElement>(element) && !ruleSets.authorStyle().slottedPseudoElementRules().isEmpty())
>+        if (is<HTMLSlotElement>(element) && !ruleSets.authorStyle().slottedPseudoElementRules().data.isEmpty())
>             return true;
>         return false;
>     };
>diff --git a/Source/WebCore/style/StyleInvalidator.cpp b/Source/WebCore/style/StyleInvalidator.cpp
>index dae11cb2f6289918453a12809ae43b8124b6b12b..29f866fce37e7bf13eb8d818819d4405e79a6a44 100644
>--- a/Source/WebCore/style/StyleInvalidator.cpp
>+++ b/Source/WebCore/style/StyleInvalidator.cpp
>@@ -106,7 +106,7 @@ Invalidator::CheckDescendants Invalidator::invalidateIfNeeded(Element& element,
>             element.invalidateStyleForSubtreeInternal();
>     }
> 
>-    bool shouldCheckForSlots = !m_ruleSet.slottedPseudoElementRules().isEmpty() && !m_didInvalidateHostChildren;
>+    bool shouldCheckForSlots = !m_ruleSet.slottedPseudoElementRules().data.isEmpty() && !m_didInvalidateHostChildren;
>     if (shouldCheckForSlots && is<HTMLSlotElement>(element)) {
>         auto* containingShadowRoot = element.containingShadowRoot();
>         if (containingShadowRoot && containingShadowRoot->host()) {
>@@ -192,7 +192,7 @@ void Invalidator::invalidateStyle(ShadowRoot& shadowRoot)
> {
>     ASSERT(!m_dirtiesAllStyle);
> 
>-    if (!m_ruleSet.hostPseudoClassRules().isEmpty() && shadowRoot.host())
>+    if (!m_ruleSet.hostPseudoClassRules().data.isEmpty() && shadowRoot.host())
>         shadowRoot.host()->invalidateStyleInternal();
> 
>     for (auto& child : childrenOfType<Element>(shadowRoot)) {
>diff --git a/Source/WebCore/style/StyleScope.cpp b/Source/WebCore/style/StyleScope.cpp
>index a4fe9a2586278cd5731c67bfde7dbe241ee1d306..4009d5404e4c5f90cbae6408cf8075f4b9d2c728 100644
>--- a/Source/WebCore/style/StyleScope.cpp
>+++ b/Source/WebCore/style/StyleScope.cpp
>@@ -456,10 +456,10 @@ static void filterEnabledNonemptyCSSStyleSheets(Vector<RefPtr<CSSStyleSheet>>& r
> static void invalidateHostAndSlottedStyleIfNeeded(ShadowRoot& shadowRoot, StyleResolver& resolver)
> {
>     auto& host = *shadowRoot.host();
>-    if (!resolver.ruleSets().authorStyle().hostPseudoClassRules().isEmpty())
>+    if (!resolver.ruleSets().authorStyle().hostPseudoClassRules().data.isEmpty())
>         host.invalidateStyle();
> 
>-    if (!resolver.ruleSets().authorStyle().slottedPseudoElementRules().isEmpty()) {
>+    if (!resolver.ruleSets().authorStyle().slottedPseudoElementRules().data.isEmpty()) {
>         for (auto& shadowChild : childrenOfType<Element>(host))
>             shadowChild.invalidateStyle();
>     }
>diff --git a/Source/WebCore/style/StyleSharingResolver.cpp b/Source/WebCore/style/StyleSharingResolver.cpp
>index 1052aa6feeb3ac322a71aa226a9c66ed8ca68ed3..c83f9a253838285e43b7de48a7796bd446500fd0 100644
>--- a/Source/WebCore/style/StyleSharingResolver.cpp
>+++ b/Source/WebCore/style/StyleSharingResolver.cpp
>@@ -99,7 +99,7 @@ std::unique_ptr<RenderStyle> SharingResolver::resolve(const Element& searchEleme
>         return nullptr;
>     if (elementHasDirectionAuto(element))
>         return nullptr;
>-    if (element.shadowRoot() && !element.shadowRoot()->styleScope().resolver().ruleSets().authorStyle().hostPseudoClassRules().isEmpty())
>+    if (element.shadowRoot() && !element.shadowRoot()->styleScope().resolver().ruleSets().authorStyle().hostPseudoClassRules().data.isEmpty())
>         return nullptr;
> 
>     Context context {
>@@ -289,7 +289,7 @@ bool SharingResolver::canShareStyleWithElement(const Context& context, const Sty
>     if (candidateElement.matchesDefaultPseudoClass() != element.matchesDefaultPseudoClass())
>         return false;
> 
>-    if (candidateElement.shadowRoot() && !candidateElement.shadowRoot()->styleScope().resolver().ruleSets().authorStyle().hostPseudoClassRules().isEmpty())
>+    if (candidateElement.shadowRoot() && !candidateElement.shadowRoot()->styleScope().resolver().ruleSets().authorStyle().hostPseudoClassRules().data.isEmpty())
>         return false;
> 
> #if ENABLE(FULLSCREEN_API)
>diff --git a/Source/WebCore/style/StyleTreeResolver.cpp b/Source/WebCore/style/StyleTreeResolver.cpp
>index 34edb5387d45d652527fad4ec881c5e0daed044c..15e6aa9010c4b69798914f1a6ff218caa4792271 100644
>--- a/Source/WebCore/style/StyleTreeResolver.cpp
>+++ b/Source/WebCore/style/StyleTreeResolver.cpp
>@@ -58,6 +58,14 @@ namespace WebCore {
> 
> namespace Style {
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& TreeResolver::Scope::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> TreeResolver::TreeResolver(Document& document)
>     : m_document(document)
> {
>diff --git a/Source/WebCore/style/StyleTreeResolver.h b/Source/WebCore/style/StyleTreeResolver.h
>index 899a9f68ea651f9fc340e8c25a1b89e37ad1add9..0459a65a36718c3293886f599ef8064a378219c5 100644
>--- a/Source/WebCore/style/StyleTreeResolver.h
>+++ b/Source/WebCore/style/StyleTreeResolver.h
>@@ -62,6 +62,9 @@ class TreeResolver {
>     ElementUpdate resolvePseudoStyle(Element&, const ElementUpdate&, PseudoId);
> 
>     struct Scope : RefCounted<Scope> {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        WTF_MAKE_STRUCT_FAST_ALLOCATED_FROM_DEBUG_HEAP(TreeResolver::Scope);
>+#endif
>         StyleResolver& styleResolver;
>         SelectorFilter selectorFilter;
>         SharingResolver sharingResolver;
>diff --git a/Source/WebCore/svg/animation/SMILTimeContainer.cpp b/Source/WebCore/svg/animation/SMILTimeContainer.cpp
>index e0423ce9815fa0f25563a3b54314086ac356ff44..32e622bdee82faa2dfbd357c18b7f6a77469943f 100644
>--- a/Source/WebCore/svg/animation/SMILTimeContainer.cpp
>+++ b/Source/WebCore/svg/animation/SMILTimeContainer.cpp
>@@ -38,6 +38,14 @@ namespace WebCore {
> static const Seconds SMILAnimationFrameDelay { 1_s / 60. };
> static const Seconds SMILAnimationFrameThrottledDelay { 1_s / 30. };
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+WTF::DebugHeap& SMILTimeContainer::debugHeap(const char* heapName)
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap(heapName);
>+    return heap;
>+}
>+#endif
>+
> SMILTimeContainer::SMILTimeContainer(SVGSVGElement& owner)
>     : m_timer(*this, &SMILTimeContainer::timerFired)
>     , m_ownerSVGElement(owner)
>diff --git a/Source/WebCore/svg/animation/SMILTimeContainer.h b/Source/WebCore/svg/animation/SMILTimeContainer.h
>index d8fc4f805ad99c618df3bb58baf9ba46c82c9ae1..f9014c619eabb61c562af74a05b4ab1a46c27903 100644
>--- a/Source/WebCore/svg/animation/SMILTimeContainer.h
>+++ b/Source/WebCore/svg/animation/SMILTimeContainer.h
>@@ -40,6 +40,9 @@ class SVGSMILElement;
> class SVGSVGElement;
> 
> class SMILTimeContainer final : public RefCounted<SMILTimeContainer>  {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    WTF_MAKE_FAST_ALLOCATED_FROM_DEBUG_HEAP(SMILTimeContainer);
>+#endif
> public:
>     static Ref<SMILTimeContainer> create(SVGSVGElement& owner) { return adoptRef(*new SMILTimeContainer(owner)); }
>     ~SMILTimeContainer();
>diff --git a/Source/WebKit/Shared/ShareableBitmap.cpp b/Source/WebKit/Shared/ShareableBitmap.cpp
>index 8fc5ad6c1b29a92c2cfa58cf312848f116e1b991..737ffe9c7e46a5147105fc2551ed0d988dc274ac 100644
>--- a/Source/WebKit/Shared/ShareableBitmap.cpp
>+++ b/Source/WebKit/Shared/ShareableBitmap.cpp
>@@ -30,9 +30,21 @@
> #include "WebCoreArgumentCoders.h"
> #include <WebCore/GraphicsContext.h>
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+#include <wtf/DebugHeap.h>
>+#endif
>+
> namespace WebKit {
> using namespace WebCore;
>-    
>+
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+static WTF::DebugHeap& debugHeap()
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap("WebKit ShareableBitmap");
>+    return heap;
>+}
>+#endif
>+
> ShareableBitmap::Handle::Handle()
> {
> }
>@@ -88,8 +100,14 @@ RefPtr<ShareableBitmap> ShareableBitmap::create(const IntSize& size, Configurati
>         return nullptr;
> 
>     void* data = 0;
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+    data = debugHeap().malloc(numBytes.unsafeGet());
>+    if (!data)
>+        return nullptr;
>+#else
>     if (!tryFastMalloc(numBytes.unsafeGet()).getValue(data))
>         return nullptr;
>+#endif
> 
>     return adoptRef(new ShareableBitmap(size, configuration, data));
> }
>@@ -160,8 +178,13 @@ ShareableBitmap::ShareableBitmap(const IntSize& size, Configuration configuratio
> 
> ShareableBitmap::~ShareableBitmap()
> {
>-    if (!isBackedBySharedMemory())
>+    if (!isBackedBySharedMemory()) {
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        debugHeap().free(m_data);
>+#else
>         fastFree(m_data);
>+#endif
>+    }
> }
> 
> void* ShareableBitmap::data() const
>diff --git a/Source/WebKit/UIProcess/mac/LegacySessionStateCoding.cpp b/Source/WebKit/UIProcess/mac/LegacySessionStateCoding.cpp
>index ea6c3777e50136cca586c3740c7ca4b2966e9943..9990fedda06e4ae05bf237d47d87ce998a2a51e9 100644
>--- a/Source/WebKit/UIProcess/mac/LegacySessionStateCoding.cpp
>+++ b/Source/WebKit/UIProcess/mac/LegacySessionStateCoding.cpp
>@@ -68,12 +68,24 @@ static const uint32_t maximumSessionStateDataSize = std::numeric_limits<uint32_t
> 
> template<typename T> void isValidEnum(T);
> 
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+static WTF::DebugHeap& debugHeap()
>+{
>+    static NeverDestroyed<WTF::DebugHeap> heap = WTF::DebugHeap("WebKit HistoryEntryDataEncoder");
>+    return heap;
>+}
>+#endif
>+
> class HistoryEntryDataEncoder {
> public:
>     HistoryEntryDataEncoder()
>         : m_bufferSize(0)
>         , m_bufferCapacity(512)
>-        , m_buffer(MallocPtr<uint8_t>::malloc(m_bufferCapacity))
>+        , m_buffer(MallocPtr<uint8_t>::malloc(m_bufferCapacity
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+            , debugHeap()
>+#endif
>+            ))
>         , m_bufferPointer(m_buffer.get())
>     {
>         // Keep format compatibility by encoding an unused uint64_t here.
>@@ -505,7 +517,11 @@ RefPtr<API::Data> encodeLegacySessionState(const SessionState& sessionState)
>     CFIndex length = CFDataGetLength(data.get());
> 
>     size_t bufferSize = length + sizeof(uint32_t);
>-    auto buffer = MallocPtr<uint8_t>::malloc(bufferSize);
>+    auto buffer = MallocPtr<uint8_t>::malloc(bufferSize
>+#if ENABLE(MALLOC_HEAP_BREAKDOWN)
>+        , debugHeap()
>+#endif
>+        );
> 
>     // Put the session state version number at the start of the buffer
>     buffer.get()[0] = (sessionStateDataVersion & 0xff000000) >> 24;
>diff --git a/Source/bmalloc/bmalloc/BPlatform.h b/Source/bmalloc/bmalloc/BPlatform.h
>index f7a4af43d3eb8291f9482f50594f142926ce303d..5e2a75d995e22ded359d7d981d3897f33569bf50 100644
>--- a/Source/bmalloc/bmalloc/BPlatform.h
>+++ b/Source/bmalloc/bmalloc/BPlatform.h
>@@ -245,6 +245,9 @@
> #define BUNUSED_PARAM(variable) (void)variable
> #endif
> 
>+/* Enable this to put each ISOHeap and other allocation categories into their own malloc heaps, so that tools like vmmap can show how big each heap is. */
>+#define BENABLE_MALLOC_HEAP_BREAKDOWN 1
>+
> /* This is used for debugging when hacking on how bmalloc calculates its physical footprint. */
> #define ENABLE_PHYSICAL_PAGE_MAP 0
> 
>diff --git a/Source/bmalloc/bmalloc/DebugHeap.cpp b/Source/bmalloc/bmalloc/DebugHeap.cpp
>index cd9910256a8cacc2d5adca27790ab11e928db1c0..4ddcaf78726032279dc0d0833e2cb77a5eb9f406 100644
>--- a/Source/bmalloc/bmalloc/DebugHeap.cpp
>+++ b/Source/bmalloc/bmalloc/DebugHeap.cpp
>@@ -47,8 +47,17 @@ DebugHeap::DebugHeap(std::lock_guard<Mutex>&)
>     malloc_set_zone_name(m_zone, "WebKit Using System Malloc");
> }
> 
>+void DebugHeap::setZoneName(const char* name)
>+{
>+    malloc_set_zone_name(m_zone, name);
>+}
>+
> void* DebugHeap::malloc(size_t size, bool crashOnFailure)
> {
>+    if (m_logMallocs && size > 1024) {
>+        fprintf(stderr, "DebugHeap::malloc %lu\n", size);
>+    }
>+
>     void* result = malloc_zone_malloc(m_zone, size);
>     if (!result && crashOnFailure)
>         BCRASH();
>@@ -57,6 +66,10 @@ void* DebugHeap::malloc(size_t size, bool crashOnFailure)
> 
> void* DebugHeap::memalign(size_t alignment, size_t size, bool crashOnFailure)
> {
>+    if (m_logMallocs && size > 1024) {
>+        fprintf(stderr, "DebugHeap::memalign %lu\n", size);
>+    }
>+
>     void* result = malloc_zone_memalign(m_zone, alignment, size);
>     if (!result && crashOnFailure)
>         BCRASH();
>@@ -65,6 +78,10 @@ void* DebugHeap::memalign(size_t alignment, size_t size, bool crashOnFailure)
> 
> void* DebugHeap::realloc(void* object, size_t size, bool crashOnFailure)
> {
>+    if (m_logMallocs && size > 1024) {
>+        fprintf(stderr, "DebugHeap::realloc %lu\n", size);
>+    }
>+
>     void* result = malloc_zone_realloc(m_zone, object, size);
>     if (!result && crashOnFailure)
>         BCRASH();
>@@ -143,6 +160,10 @@ void DebugHeap::dump()
> 
> void* DebugHeap::memalignLarge(size_t alignment, size_t size)
> {
>+    if (size > 1024) {
>+        fprintf(stderr, "DebugHeap::memalignLarge %lu\n", size);
>+    }
>+
>     alignment = roundUpToMultipleOf(m_pageSize, alignment);
>     size = roundUpToMultipleOf(m_pageSize, size);
>     void* result = tryVMAllocate(alignment, size);
>diff --git a/Source/bmalloc/bmalloc/DebugHeap.h b/Source/bmalloc/bmalloc/DebugHeap.h
>index 617dd69d2c186fce331b8a9f8a26b68fb2179d25..6f7a74bc0fdc114c8b95e2b410d1b91ae7df8221 100644
>--- a/Source/bmalloc/bmalloc/DebugHeap.h
>+++ b/Source/bmalloc/bmalloc/DebugHeap.h
>@@ -40,6 +40,9 @@ namespace bmalloc {
> class DebugHeap : private StaticPerProcess<DebugHeap> {
> public:
>     DebugHeap(std::lock_guard<Mutex>&);
>+
>+    void setZoneName(const char*);
>+    void setLogMallocs(bool f) { m_logMallocs = f; }
>     
>     void* malloc(size_t, bool crashOnFailure);
>     void* memalign(size_t alignment, size_t, bool crashOnFailure);
>@@ -62,6 +65,7 @@ class DebugHeap : private StaticPerProcess<DebugHeap> {
>     // This is the debug heap. We can use whatever data structures we like. It doesn't matter.
>     size_t m_pageSize { 0 };
>     std::unordered_map<void*, size_t> m_sizeMap;
>+    bool m_logMallocs { true };
> };
> DECLARE_STATIC_PER_PROCESS_STORAGE(DebugHeap);
> 
>diff --git a/Source/bmalloc/bmalloc/Heap.cpp b/Source/bmalloc/bmalloc/Heap.cpp
>index faee2d5182a4570b30af106faf6d79e79fe34304..3a6aaacc5982eaa7349f5815294ed3d6e7bf0e2d 100644
>--- a/Source/bmalloc/bmalloc/Heap.cpp
>+++ b/Source/bmalloc/bmalloc/Heap.cpp
>@@ -44,6 +44,34 @@
> 
> namespace bmalloc {
> 
>+class PrimaryDebugHeap : public DebugHeap
>+{
>+public:
>+    PrimaryDebugHeap(std::lock_guard<Mutex>& mutex)
>+        : DebugHeap(mutex)
>+    {
>+    }
>+};
>+
>+class PrimitiveGigacageDebugHeap : public DebugHeap
>+{
>+public:
>+    PrimitiveGigacageDebugHeap(std::lock_guard<Mutex>& mutex)
>+        : DebugHeap(mutex)
>+    {
>+    }
>+};
>+
>+class JSValueGigacageDebugHeap : public DebugHeap
>+{
>+public:
>+    JSValueGigacageDebugHeap(std::lock_guard<Mutex>& mutex)
>+        : DebugHeap(mutex)
>+    {
>+    }
>+};
>+
>+
> Heap::Heap(HeapKind kind, std::lock_guard<Mutex>&)
>     : m_kind(kind)
>     , m_vmPageSizePhysical(vmPageSizePhysical())
>diff --git a/Source/bmalloc/bmalloc/IsoHeap.h b/Source/bmalloc/bmalloc/IsoHeap.h
>index 35643e194ac2de4592f19580d400fc57999e9d9f..9c463a9fd33e9a9b91104eb198da79eeb744700d 100644
>--- a/Source/bmalloc/bmalloc/IsoHeap.h
>+++ b/Source/bmalloc/bmalloc/IsoHeap.h
>@@ -28,6 +28,10 @@
> #include "IsoConfig.h"
> #include "Mutex.h"
> 
>+#if BENABLE_MALLOC_HEAP_BREAKDOWN
>+#include <malloc/malloc.h>
>+#endif
>+
> namespace bmalloc {
> 
> template<typename Config> class IsoHeapImpl;
>@@ -44,6 +48,8 @@ template<typename Type>
> struct IsoHeap {
>     typedef IsoConfig<sizeof(Type)> Config;
>     
>+    IsoHeap(const char*);
>+
>     void* allocate();
>     void* tryAllocate();
>     void deallocate(void* p);
>@@ -64,6 +70,11 @@ struct IsoHeap {
>     unsigned m_allocatorOffsetPlusOne;
>     unsigned m_deallocatorOffsetPlusOne;
>     IsoHeapImpl<Config>* m_impl;
>+
>+#if BENABLE_MALLOC_HEAP_BREAKDOWN
>+    const char* m_heapClass;
>+    malloc_zone_t* m_zone;
>+#endif
> };
> 
> // Use this together with MAKE_BISO_MALLOCED_IMPL.
>diff --git a/Source/bmalloc/bmalloc/IsoHeapInlines.h b/Source/bmalloc/bmalloc/IsoHeapInlines.h
>index b0e8b988ef369af8ccf297bb5b8eda544f98ff75..50d7ef55e899a8d6addc8ccd76ea6dfdbbea6835 100644
>--- a/Source/bmalloc/bmalloc/IsoHeapInlines.h
>+++ b/Source/bmalloc/bmalloc/IsoHeapInlines.h
>@@ -43,6 +43,17 @@
> 
> namespace bmalloc { namespace api {
> 
>+template<typename Type>
>+IsoHeap<Type>::IsoHeap(const char* heapClass)
>+#if BENABLE_MALLOC_HEAP_BREAKDOWN
>+    : m_zone(malloc_create_zone(0, 0))
>+#endif
>+{
>+#if BENABLE_MALLOC_HEAP_BREAKDOWN
>+    malloc_set_zone_name(m_zone, heapClass);
>+#endif
>+}
>+
> template<typename Type>
> void* IsoHeap<Type>::allocate()
> {
>@@ -89,7 +100,7 @@ auto IsoHeap<Type>::impl() -> IsoHeapImpl<Config>&
> public: \
>     static ::bmalloc::api::IsoHeap<isoType>& bisoHeap() \
>     { \
>-        static ::bmalloc::api::IsoHeap<isoType> heap; \
>+        static ::bmalloc::api::IsoHeap<isoType> heap("WebKit_"#isoType); \
>         return heap; \
>     } \
>     \
>@@ -115,7 +126,7 @@ typedef int __makeBisoMallocedInlineMacroSemicolonifier
> #define MAKE_BISO_MALLOCED_IMPL(isoType) \
> ::bmalloc::api::IsoHeap<isoType>& isoType::bisoHeap() \
> { \
>-    static ::bmalloc::api::IsoHeap<isoType> heap; \
>+    static ::bmalloc::api::IsoHeap<isoType> heap("WebKit "#isoType); \
>     return heap; \
> } \
> \
>@@ -136,7 +147,7 @@ struct MakeBisoMallocedImplMacroSemicolonifier##isoType { }
> template<> \
> ::bmalloc::api::IsoHeap<isoType>& isoType::bisoHeap() \
> { \
>-    static ::bmalloc::api::IsoHeap<isoType> heap; \
>+    static ::bmalloc::api::IsoHeap<isoType> heap("WebKit_"#isoType); \
>     return heap; \
> } \
> \
>diff --git a/Source/bmalloc/bmalloc/IsoTLSInlines.h b/Source/bmalloc/bmalloc/IsoTLSInlines.h
>index 1d14b7af686411d7856872b96c0fc25c8179c14f..783daa209f03bea31cfc9e3e8c194b761322270b 100644
>--- a/Source/bmalloc/bmalloc/IsoTLSInlines.h
>+++ b/Source/bmalloc/bmalloc/IsoTLSInlines.h
>@@ -30,6 +30,10 @@
> #include "IsoTLS.h"
> #include "bmalloc.h"
> 
>+#if BOS(DARWIN)
>+#include <malloc/malloc.h>
>+#endif
>+
> namespace bmalloc {
> 
> template<typename Type>
>@@ -88,7 +92,11 @@ BNO_INLINE void* IsoTLS::allocateSlow(api::IsoHeap<Type>& handle, bool abortOnFa
>             determineMallocFallbackState();
>             continue;
>         case MallocFallbackState::FallBackToMalloc:
>+#if BENABLE_MALLOC_HEAP_BREAKDOWN
>+            return malloc_zone_malloc(handle.m_zone, Config::objectSize);
>+#else
>             return api::tryMalloc(Config::objectSize);
>+#endif
>         case MallocFallbackState::DoNotFallBack:
>             break;
>         }
>@@ -131,7 +139,11 @@ BNO_INLINE void IsoTLS::deallocateSlow(api::IsoHeap<Type>& handle, void* p)
>             determineMallocFallbackState();
>             continue;
>         case MallocFallbackState::FallBackToMalloc:
>+#if BENABLE_MALLOC_HEAP_BREAKDOWN
>+            return malloc_zone_free(handle.m_zone, p);
>+#else
>             return api::free(p);
>+#endif
>         case MallocFallbackState::DoNotFallBack:
>             break;
>         }

Flags:

ews-watchlist: commit-queue-

Actions: View | Formatted Diff | Diff

Attachments on bug 186422: 342237 | 342911 | 342912 | 352402 | 369931 | 369938 | 369939 | 369940 | 369941 | 370089 | 370092 | 370901 | 370923 | 370927 | 370930 | 370998 | 371234 | 371238 | 386485 | 386486 | 386487 | 386488 | 386497 | 386503 | 386506 | 386507 | 386508 | 386550 | 386632