JSC realm-less objects infrastructure

7d45839

Source/JavaScriptCore/runtime/JSObject.h

In JSC, every JSObject's Structure carries a pointer to the JSGlobalObject (realm) it was created in. This ties type identity to realm identity: two Wasm GC structs with identical RTTs but different realms required separate Structures, preventing StructureID-based type checks and forcing each object to carry a redundant RTT pointer for fast comparison. The Wasm GC spec makes these objects property-less and prototype-less, so realm attachment violates spec intent and bloats object size.

This commit decouples Structure from JSGlobalObject for Wasm GC types. It renames Structure::globalObject() / JSObject::globalObject() to realm() across the entire codebase (~300+ files), adds realmMayBeNull() for sites that must tolerate null, and inserts RELEASE_ASSERTs in realm() so accidental calls on realm-less objects crash loudly. Wasm GC structs and arrays now carry no realm pointer.

Before:
  WasmGC struct (Realm A)        WasmGC struct (Realm B)
  [holds RTT* for type check]    [holds RTT* for type check]
       │                               │
  Structure_A (realm=A)          Structure_B (realm=B)

After (this patch):
  WasmGC struct (any realm)      WasmGC struct (any realm)
       │                               │
       └──────► Structure_X (realm=nullptr) ◄──────┘

Significance

This commit lays the groundwork for shrinking Wasm GC object size by making their Structures realm-less and establishing a 1:1 Structure-to-RTT invariant VM-wide; the actual RTT pointer elimination and StructureID-based type check optimization are deferred to a follow-up patch. The nullable-realm invariant change touches every layer of JSC from LLInt through FTL/B3 and the entire WebCore binding layer.

Audit directions