Changeset 121381 in webkit for trunk/Source/JavaScriptCore

Timestamp:

Jun 27, 2012, 4:08:26 PM (13 years ago)

Author:

[email protected]

Message:

JSLock should be per-JSGlobalData
​https://bugs.webkit.org/show_bug.cgi?id=89123

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

• API/APIShims.h:

(APIEntryShimWithoutLock):
(JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock): Added an extra parameter to the constructor to
determine whether we should ref the JSGlobalData or not. We want to ref all the time except for in the
HeapTimer class because timerDidFire could run after somebody has started to tear down that particular
JSGlobalData, so we wouldn't want to resurrect the ref count of that JSGlobalData from 0 back to 1 after
its destruction has begun.
(JSC::APIEntryShimWithoutLock::~APIEntryShimWithoutLock):
(JSC::APIEntryShim::APIEntryShim):
(APIEntryShim):
(JSC::APIEntryShim::~APIEntryShim):
(JSC::APIEntryShim::init): Factored out common initialization code for the various APIEntryShim constructors.
Also moved the timeoutChecker stop and start here because we need to start after we've grabbed the API lock
and before we've released it, which can only done in APIEntryShim.
(JSC::APICallbackShim::~APICallbackShim): We no longer need to synchronize here.

• API/JSContextRef.cpp:

(JSGlobalContextCreate):
(JSGlobalContextCreateInGroup):
(JSGlobalContextRelease):
(JSContextCreateBacktrace):

• JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
• heap/CopiedSpace.cpp:

(JSC::CopiedSpace::tryAllocateSlowCase):

• heap/Heap.cpp:

(JSC::Heap::protect):
(JSC::Heap::unprotect):
(JSC::Heap::collect):
(JSC::Heap::setActivityCallback):
(JSC::Heap::activityCallback):
(JSC::Heap::sweeper):

• heap/Heap.h: Changed m_activityCallback and m_sweeper to be raw pointers rather than OwnPtrs because they

are now responsible for their own lifetime. Also changed the order of declaration of the GCActivityCallback
and the IncrementalSweeper to make sure they're the last things that get initialized during construction to
prevent any issues with uninitialized memory in the JSGlobalData/Heap they might care about.
(Heap):

• heap/HeapTimer.cpp: Refactored to allow for thread-safe operation and shutdown.

(JSC::HeapTimer::~HeapTimer):
(JSC::HeapTimer::invalidate):
(JSC):
(JSC::HeapTimer::didStartVMShutdown): Called at the beginning of ~JSGlobalData. If we're on the same thread
that the HeapTimer is running on, we kill the HeapTimer ourselves. If not, then we set some state in the
HeapTimer and schedule it to fire immediately so that it can notice and kill itself.
(JSC::HeapTimer::timerDidFire): We grab our mutex and check our JSGlobalData pointer. If it has been zero-ed
out, then we know the VM has started to shutdown and we should kill ourselves. Otherwise, grab the APIEntryShim,
but without ref-ing the JSGlobalData (we don't want to bring the JSGlobalData's ref-count from 0 to 1) in case
we were interrupted between releasing our mutex and trying to grab the APILock.

• heap/HeapTimer.h:

(HeapTimer):

• heap/IncrementalSweeper.cpp:

(JSC::IncrementalSweeper::doWork): We no longer need the API shim here since HeapTimer::timerDidFire handles
all of that for us.
(JSC::IncrementalSweeper::create):

• heap/IncrementalSweeper.h:

(IncrementalSweeper):

• heap/MarkedAllocator.cpp:

(JSC::MarkedAllocator::allocateSlowCase):

• heap/WeakBlock.cpp:

(JSC::WeakBlock::reap):

• jsc.cpp:

(functionGC):
(functionReleaseExecutableMemory):
(jscmain):

• runtime/Completion.cpp:

(JSC::checkSyntax):
(JSC::evaluate):

• runtime/GCActivityCallback.h:

(DefaultGCActivityCallback):
(JSC::DefaultGCActivityCallback::create):

• runtime/JSGlobalData.cpp:

(JSC::JSGlobalData::JSGlobalData):
(JSC::JSGlobalData::~JSGlobalData): Signals to the two HeapTimers (GCActivityCallback and IncrementalSweeper)
that the VM has started shutting down. It then waits until the HeapTimer is done with whatever activity
it needs to do before continuing with any further destruction. Also asserts that we do not currently hold the
APILock because this could potentially cause deadlock when we try to signal to the HeapTimers using their mutexes.
(JSC::JSGlobalData::sharedInstance): Protect the initialization for the shared instance with the GlobalJSLock.
(JSC::JSGlobalData::sharedInstanceInternal):

• runtime/JSGlobalData.h: Change to be ThreadSafeRefCounted so that we don't have to worry about refing and

de-refing JSGlobalDatas on separate threads since we don't do it that often anyways.
(JSGlobalData):
(JSC::JSGlobalData::apiLock):

• runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::~JSGlobalObject):
(JSC::JSGlobalObject::init):

• runtime/JSLock.cpp:

(JSC):
(JSC::GlobalJSLock::GlobalJSLock): For accessing the shared instance.
(JSC::GlobalJSLock::~GlobalJSLock):
(JSC::JSLockHolder::JSLockHolder): MutexLocker for JSLock. Also refs the JSGlobalData to keep it alive so that
it can successfully unlock it later without it disappearing from underneath it.
(JSC::JSLockHolder::~JSLockHolder):
(JSC::JSLock::JSLock):
(JSC::JSLock::~JSLock):
(JSC::JSLock::lock): Uses the spin lock for guarding the lock count and owner thread fields. Uses the mutex for
actually waiting for long periods.
(JSC::JSLock::unlock):
(JSC::JSLock::currentThreadIsHoldingLock):
(JSC::JSLock::dropAllLocks):
(JSC::JSLock::dropAllLocksUnconditionally):
(JSC::JSLock::grabAllLocks):
(JSC::JSLock::DropAllLocks::DropAllLocks):
(JSC::JSLock::DropAllLocks::~DropAllLocks):

• runtime/JSLock.h:

(JSC):
(GlobalJSLock):
(JSLockHolder):
(JSLock):
(DropAllLocks):

• runtime/WeakGCMap.h:

(JSC::WeakGCMap::set):

• testRegExp.cpp:

(realMain):

Source/WebCore:

No new tests. Current regression tests are sufficient.

Changed all sites that used JSLock to instead use the new JSLockHolder
and pass in the correct JS context that the code is about to interact with that
needs protection. Also added a couple JSLocks to places that didn't already
have it that needed it.

• bindings/js/GCController.cpp:

(WebCore::collect):
(WebCore::GCController::garbageCollectSoon):
(WebCore::GCController::garbageCollectNow):
(WebCore::GCController::discardAllCompiledCode):

• bindings/js/JSCustomSQLStatementErrorCallback.cpp:

(WebCore::JSSQLStatementErrorCallback::handleEvent):

• bindings/js/JSCustomVoidCallback.cpp:

(WebCore::JSCustomVoidCallback::handleEvent):

• bindings/js/JSCustomXPathNSResolver.cpp:

(WebCore::JSCustomXPathNSResolver::lookupNamespaceURI):

• bindings/js/JSErrorHandler.cpp:

(WebCore::JSErrorHandler::handleEvent):

• bindings/js/JSEventCustom.cpp:

(WebCore::toJS):

• bindings/js/JSEventListener.cpp:

(WebCore::JSEventListener::handleEvent):

• bindings/js/JSInjectedScriptHostCustom.cpp:

(WebCore::InjectedScriptHost::nodeAsScriptValue):
(WebCore::JSInjectedScriptHost::inspectedObject):

• bindings/js/JSInjectedScriptManager.cpp:

(WebCore::InjectedScriptManager::createInjectedScript):
(WebCore::InjectedScriptManager::canAccessInspectedWindow):

• bindings/js/JSLazyEventListener.cpp:

(WebCore::JSLazyEventListener::initializeJSFunction):

• bindings/js/JSMainThreadExecState.h:

(WebCore::JSMainThreadExecState::evaluate):

• bindings/js/JSMutationCallbackCustom.cpp:

(WebCore::JSMutationCallback::handleEvent):

• bindings/js/JSNodeFilterCondition.cpp:

(WebCore::JSNodeFilterCondition::acceptNode):

• bindings/js/JSRequestAnimationFrameCallbackCustom.cpp:

(WebCore::JSRequestAnimationFrameCallback::handleEvent):

• bindings/js/JavaScriptCallFrame.cpp:

(WebCore::JavaScriptCallFrame::evaluate):

• bindings/js/PageScriptDebugServer.cpp:

(WebCore::PageScriptDebugServer::recompileAllJSFunctions):

• bindings/js/ScheduledAction.cpp:

(WebCore::ScheduledAction::executeFunctionInContext):

• bindings/js/ScriptCachedFrameData.cpp:

(WebCore::ScriptCachedFrameData::ScriptCachedFrameData):
(WebCore::ScriptCachedFrameData::restore):
(WebCore::ScriptCachedFrameData::clear):

• bindings/js/ScriptController.cpp:

(WebCore::ScriptController::evaluateInWorld):
(WebCore::ScriptController::clearWindowShell):
(WebCore::ScriptController::initScript):
(WebCore::ScriptController::updateDocument):
(WebCore::ScriptController::cacheableBindingRootObject):
(WebCore::ScriptController::bindingRootObject):
(WebCore::ScriptController::windowScriptNPObject):
(WebCore::ScriptController::jsObjectForPluginElement):
(WebCore::ScriptController::clearScriptObjects):

• bindings/js/ScriptControllerMac.mm:

(WebCore::ScriptController::windowScriptObject):

• bindings/js/ScriptDebugServer.cpp:

(WebCore::ScriptDebugServer::dispatchDidPause):

• bindings/js/ScriptEventListener.cpp:

(WebCore::eventListenerHandlerBody):
(WebCore::eventListenerHandlerLocation):

• bindings/js/ScriptFunctionCall.cpp:

(WebCore::ScriptCallArgumentHandler::appendArgument):
(WebCore::ScriptFunctionCall::call):
(WebCore::ScriptFunctionCall::construct):
(WebCore::ScriptCallback::call):

• bindings/js/ScriptObject.cpp:

(WebCore::ScriptGlobalObject::set):
(WebCore::ScriptGlobalObject::get):
(WebCore::ScriptGlobalObject::remove):

• bindings/js/ScriptValue.cpp:

(WebCore::ScriptValue::getString):
(WebCore::ScriptValue::toInspectorValue):

• bindings/js/WorkerScriptController.cpp:

(WebCore::WorkerScriptController::~WorkerScriptController):
(WebCore::WorkerScriptController::initScript):
(WebCore::WorkerScriptController::evaluate):
(WebCore::WorkerScriptController::disableEval):

• bindings/objc/WebScriptObject.mm:

(_didExecute):
(-[WebScriptObject callWebScriptMethod:withArguments:]):
(-[WebScriptObject evaluateWebScript:]):
(-[WebScriptObject setValue:forKey:]):
(-[WebScriptObject valueForKey:]):
(-[WebScriptObject removeWebScriptKey:]):
(-[WebScriptObject hasWebScriptKey:]):
(-[WebScriptObject stringRepresentation]):
(-[WebScriptObject webScriptValueAtIndex:]):
(-[WebScriptObject setWebScriptValueAtIndex:value:]):
(+[WebScriptObject _convertValueToObjcValue:originRootObject:rootObject:]):

• bindings/scripts/CodeGeneratorJS.pm:

(GenerateCallbackImplementation):

• bindings/scripts/test/JS/JSTestCallback.cpp:

(WebCore::JSTestCallback::callbackWithNoParam):
(WebCore::JSTestCallback::callbackWithClass1Param):
(WebCore::JSTestCallback::callbackWithClass2Param):
(WebCore::JSTestCallback::callbackWithStringList):
(WebCore::JSTestCallback::callbackWithBoolean):
(WebCore::JSTestCallback::callbackRequiresThisToPass):

• bridge/NP_jsobject.cpp:

(_NPN_InvokeDefault):
(_NPN_Invoke):
(_NPN_Evaluate):
(_NPN_GetProperty):
(_NPN_SetProperty):
(_NPN_RemoveProperty):
(_NPN_HasProperty):
(_NPN_HasMethod):
(_NPN_Enumerate):
(_NPN_Construct):

• bridge/c/c_class.cpp:

(JSC::Bindings::CClass::~CClass):
(JSC::Bindings::CClass::methodsNamed):
(JSC::Bindings::CClass::fieldNamed):

• bridge/c/c_instance.cpp:

(JSC::Bindings::CInstance::moveGlobalExceptionToExecState):
(JSC::Bindings::CInstance::invokeMethod):
(JSC::Bindings::CInstance::invokeDefaultMethod):
(JSC::Bindings::CInstance::invokeConstruct):
(JSC::Bindings::CInstance::getPropertyNames):

• bridge/c/c_runtime.cpp:

(JSC::Bindings::CField::valueFromInstance):
(JSC::Bindings::CField::setValueToInstance):

• bridge/c/c_utility.cpp:

(JSC::Bindings::convertValueToNPVariant):
(JSC::Bindings::convertNPVariantToValue):

• bridge/jni/jni_jsobject.mm:

(JavaJSObject::call):
(JavaJSObject::eval):
(JavaJSObject::getMember):
(JavaJSObject::setMember):
(JavaJSObject::removeMember):
(JavaJSObject::getSlot):
(JavaJSObject::setSlot):
(JavaJSObject::toString):
(JavaJSObject::convertValueToJObject):
(JavaJSObject::convertJObjectToValue):

• bridge/jni/jni_objc.mm:

(JSC::Bindings::dispatchJNICall):

• bridge/jni/jsc/JNIUtilityPrivate.cpp:

(JSC::Bindings::convertValueToJValue):

• bridge/jni/jsc/JavaClassJSC.cpp:

(JavaClass::JavaClass):
(JavaClass::~JavaClass):

• bridge/jni/jsc/JavaInstanceJSC.cpp:

(JavaInstance::stringValue):

• bridge/jni/jsc/JavaMethodJSC.cpp:

(appendClassName):
(JavaMethod::signature):

• bridge/jni/jsc/JavaStringJSC.h:

(JSC::Bindings::JavaString::JavaString):
(JSC::Bindings::JavaString::~JavaString):
(JSC::Bindings::JavaString::utf8):
(JSC::Bindings::JavaString::init):

• bridge/jsc/BridgeJSC.cpp:

(JSC::Bindings::Instance::createRuntimeObject):
(JSC::Bindings::Instance::newRuntimeObject):

• bridge/objc/objc_instance.mm:

(ObjcInstance::moveGlobalExceptionToExecState):
(ObjcInstance::invokeObjcMethod):
(ObjcInstance::invokeDefaultMethod):
(ObjcInstance::setValueOfUndefinedField):
(ObjcInstance::getValueOfUndefinedField):

• bridge/objc/objc_runtime.mm:

(JSC::Bindings::ObjcField::valueFromInstance):
(JSC::Bindings::ObjcField::setValueToInstance):

• bridge/objc/objc_utility.mm:

(JSC::Bindings::convertValueToObjcValue):
(JSC::Bindings::convertNSStringToString):
(JSC::Bindings::convertObjcValueToValue):

• bridge/qt/qt_instance.cpp:

(JSC::Bindings::QtInstance::~QtInstance):
(JSC::Bindings::QtInstance::getQtInstance):
(JSC::Bindings::QtInstance::newRuntimeObject):

• bridge/qt/qt_pixmapruntime.cpp:

(JSC::Bindings::QtPixmapInstance::createPixmapRuntimeObject):

• bridge/qt/qt_runtime.cpp:

(JSC::Bindings::convertValueToQVariant):
(JSC::Bindings::convertQVariantToValue):
(JSC::Bindings::QtRuntimeMetaMethod::call):
(JSC::Bindings::QtRuntimeConnectionMethod::call):

• bridge/qt/qt_runtime_qt4.cpp:

(JSC::Bindings::convertValueToQVariant):
(JSC::Bindings::convertQVariantToValue):
(JSC::Bindings::QtRuntimeMetaMethod::call):
(JSC::Bindings::QtRuntimeConnectionMethod::call):

• bridge/runtime_root.cpp:

(JSC::Bindings::RootObject::gcProtect):
(JSC::Bindings::RootObject::gcUnprotect):

• html/HTMLCanvasElement.cpp:

(WebCore::HTMLCanvasElement::createImageBuffer):

• html/HTMLImageLoader.cpp:

(WebCore::HTMLImageLoader::notifyFinished):

• plugins/PluginView.cpp:

(WebCore::PluginView::start):
(WebCore::PluginView::stop):
(WebCore::PluginView::performRequest):
(WebCore::PluginView::npObject):
(WebCore::PluginView::privateBrowsingStateChanged):

• plugins/blackberry/PluginViewBlackBerry.cpp:

(WebCore::PluginView::dispatchNPEvent):
(WebCore::PluginView::setNPWindowIfNeeded):
(WebCore::PluginView::platformStart):
(WebCore::PluginView::getWindowInfo):

• plugins/efl/PluginViewEfl.cpp:

(WebCore::PluginView::dispatchNPEvent):

• plugins/gtk/PluginViewGtk.cpp:

(WebCore::PluginView::dispatchNPEvent):
(WebCore::PluginView::handleKeyboardEvent):
(WebCore::PluginView::handleMouseEvent):
(WebCore::PluginView::setNPWindowIfNeeded):
(WebCore::PluginView::platformStart):

• plugins/mac/PluginViewMac.mm:

(WebCore::PluginView::setNPWindowIfNeeded):
(WebCore::PluginView::dispatchNPEvent):

• plugins/qt/PluginViewQt.cpp:

(WebCore::PluginView::dispatchNPEvent):
(WebCore::PluginView::setNPWindowIfNeeded):
(WebCore::PluginView::platformStart):

• plugins/win/PluginViewWin.cpp:

(WebCore::PluginView::dispatchNPEvent):
(WebCore::PluginView::handleKeyboardEvent):
(WebCore::PluginView::handleMouseEvent):
(WebCore::PluginView::setNPWindowRect):

• testing/js/WebCoreTestSupport.cpp:

(WebCoreTestSupport::injectInternalsObject):
(WebCoreTestSupport::resetInternalsObject):

• xml/XMLHttpRequest.cpp:

(WebCore::XMLHttpRequest::dropProtection):

Source/WebKit/blackberry:

Changed all sites that used JSLock to instead use the new JSLockHolder
and pass in the correct JS context that the code is about to interact with that
needs protection. Also added a couple JSLocks to places that didn't already
have it that needed it.

• Api/BlackBerryGlobal.cpp:

(BlackBerry::WebKit::clearMemoryCaches):

• WebCoreSupport/ClientExtension.cpp:
• WebCoreSupport/PagePopupBlackBerry.cpp:

(WebCore::PagePopupBlackBerry::installDomFunction):

• WebKitSupport/DumpRenderTreeSupport.cpp:

(DumpRenderTreeSupport::computedStyleIncludingVisitedInfo):

Source/WebKit/efl:

Changed all sites that used JSLock to instead use the new JSLockHolder
and pass in the correct JS context that the code is about to interact with that
needs protection. Also added a couple JSLocks to places that didn't already
have it that needed it.

• ewk/ewk_frame.cpp:

(ewk_frame_script_execute):

• ewk/ewk_view.cpp:

(ewk_view_js_object_add):

Source/WebKit/gtk:

Changed all sites that used JSLock to instead use the new JSLockHolder
and pass in the correct JS context that the code is about to interact with that
needs protection. Also added a couple JSLocks to places that didn't already
have it that needed it.

• WebCoreSupport/DumpRenderTreeSupportGtk.cpp:

(DumpRenderTreeSupportGtk::gcCountJavascriptObjects):

Source/WebKit/mac:

Changed all sites that used JSLock to instead use the new JSLockHolder
and pass in the correct JS context that the code is about to interact with that
needs protection. Also added a couple JSLocks to places that didn't already
have it that needed it.

• DOM/WebDOMOperations.mm:

(JSC):

• Misc/WebCoreStatistics.mm:

(+[WebCoreStatistics javaScriptObjectsCount]):
(+[WebCoreStatistics javaScriptGlobalObjectsCount]):
(+[WebCoreStatistics javaScriptProtectedObjectsCount]):
(+[WebCoreStatistics javaScriptProtectedGlobalObjectsCount]):
(+[WebCoreStatistics javaScriptProtectedObjectTypeCounts]):
(+[WebCoreStatistics javaScriptObjectTypeCounts]):
(+[WebCoreStatistics shouldPrintExceptions]):
(+[WebCoreStatistics setShouldPrintExceptions:]):
(+[WebCoreStatistics memoryStatistics]):
(+[WebCoreStatistics javaScriptReferencedObjectsCount]):

• Plugins/Hosted/NetscapePluginInstanceProxy.mm:

(WebKit::NetscapePluginInstanceProxy::evaluate):
(WebKit::NetscapePluginInstanceProxy::invoke):
(WebKit::NetscapePluginInstanceProxy::invokeDefault):
(WebKit::NetscapePluginInstanceProxy::construct):
(WebKit::NetscapePluginInstanceProxy::getProperty):
(WebKit::NetscapePluginInstanceProxy::setProperty):
(WebKit::NetscapePluginInstanceProxy::removeProperty):
(WebKit::NetscapePluginInstanceProxy::hasMethod):
(WebKit::NetscapePluginInstanceProxy::enumerate):
(WebKit::NetscapePluginInstanceProxy::addValueToArray):
(WebKit::NetscapePluginInstanceProxy::moveGlobalExceptionToExecState):

• Plugins/WebNetscapePluginStream.mm:

(WebNetscapePluginStream::wantsAllStreams):

• Plugins/WebNetscapePluginView.mm:

(-[WebNetscapePluginView sendEvent:isDrawRect:]):
(-[WebNetscapePluginView privateBrowsingModeDidChange]):
(-[WebNetscapePluginView setWindowIfNecessary]):
(-[WebNetscapePluginView createPluginScriptableObject]):
(-[WebNetscapePluginView getFormValue:]):
(-[WebNetscapePluginView evaluateJavaScriptPluginRequest:]):
(-[WebNetscapePluginView webFrame:didFinishLoadWithReason:]):
(-[WebNetscapePluginView loadPluginRequest:]):
(-[WebNetscapePluginView _printedPluginBitmap]):

• Plugins/WebPluginController.mm:

(+[WebPluginController plugInViewWithArguments:fromPluginPackage:]):
(-[WebPluginController stopOnePlugin:]):
(-[WebPluginController destroyOnePlugin:]):
(-[WebPluginController startAllPlugins]):
(-[WebPluginController addPlugin:]):

• WebView/WebFrame.mm:

(-[WebFrame _stringByEvaluatingJavaScriptFromString:forceUserGesture:]):
(-[WebFrame _stringByEvaluatingJavaScriptFromString:withGlobalObject:inScriptWorld:]):

• WebView/WebScriptDebugDelegate.mm:

(-[WebScriptCallFrame scopeChain]):
(-[WebScriptCallFrame evaluateWebScript:]):

• WebView/WebView.mm:

(+[WebView _reportException:inContext:]):
(-[WebView aeDescByEvaluatingJavaScriptFromString:]):
(-[WebView _computedStyleIncludingVisitedInfo:forElement:]):

Source/WebKit/qt:

Changed all sites that used JSLock to instead use the new JSLockHolder
and pass in the correct JS context that the code is about to interact with that
needs protection. Also added a couple JSLocks to places that didn't already
have it that needed it.

• Api/qwebframe.cpp:

(QWebFramePrivate::addQtSenderToGlobalObject):
(QWebFrame::addToJavaScriptWindowObject):

• WebCoreSupport/DumpRenderTreeSupportQt.cpp:

(DumpRenderTreeSupportQt::injectInternalsObject):
(DumpRenderTreeSupportQt::resetInternalsObject):

Source/WebKit/win:

Changed all sites that used JSLock to instead use the new JSLockHolder
and pass in the correct JS context that the code is about to interact with that
needs protection. Also added a couple JSLocks to places that didn't already
have it that needed it.

• WebCoreStatistics.cpp:

(WebCoreStatistics::javaScriptObjectsCount):
(WebCoreStatistics::javaScriptGlobalObjectsCount):
(WebCoreStatistics::javaScriptProtectedObjectsCount):
(WebCoreStatistics::javaScriptProtectedGlobalObjectsCount):
(WebCoreStatistics::javaScriptProtectedObjectTypeCounts):

• WebFrame.cpp:

(WebFrame::stringByEvaluatingJavaScriptInScriptWorld):

• WebJavaScriptCollector.cpp:

(WebJavaScriptCollector::objectCount):

• WebView.cpp:

(WebView::stringByEvaluatingJavaScriptFromString):
(WebView::reportException):
(WebView::elementFromJS):

Source/WebKit2:

Changed all sites that used JSLock to instead use the new JSLockHolder
and pass in the correct JS context that the code is about to interact with that
needs protection. Also added a couple JSLocks to places that didn't already
have it that needed it.

• Shared/mac/WebMemorySampler.mac.mm:

(WebKit::WebMemorySampler::sampleWebKit):

• WebProcess/InjectedBundle/InjectedBundle.cpp:

(WebKit::InjectedBundle::javaScriptObjectsCount):
(WebKit::InjectedBundle::reportException):

• WebProcess/Plugins/Netscape/JSNPObject.cpp:

(WebKit::JSNPObject::callMethod):
(WebKit::JSNPObject::callObject):
(WebKit::JSNPObject::callConstructor):
(WebKit::JSNPObject::put):
(WebKit::JSNPObject::deleteProperty):
(WebKit::JSNPObject::getOwnPropertyNames):
(WebKit::JSNPObject::propertyGetter):

• WebProcess/Plugins/Netscape/NPJSObject.cpp:

(WebKit::NPJSObject::hasMethod):
(WebKit::NPJSObject::invoke):
(WebKit::NPJSObject::invokeDefault):
(WebKit::NPJSObject::hasProperty):
(WebKit::NPJSObject::getProperty):
(WebKit::NPJSObject::setProperty):
(WebKit::NPJSObject::removeProperty):
(WebKit::NPJSObject::enumerate):
(WebKit::NPJSObject::construct):

• WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:

(WebKit::NPRuntimeObjectMap::convertJSValueToNPVariant):
(WebKit::NPRuntimeObjectMap::evaluate):
(WebKit::NPRuntimeObjectMap::moveGlobalExceptionToExecState):

• WebProcess/WebPage/WebFrame.cpp:

(WebKit::WebFrame::jsWrapperForWorld):
(WebKit::WebFrame::computedStyleIncludingVisitedInfo):

• WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::runJavaScriptInMainFrame):

• WebProcess/WebProcess.cpp:

(WebKit::WebProcess::getWebCoreStatistics):

Location:

trunk/Source/JavaScriptCore

Files:

• API/APIShims.h (modified) (4 diffs)
• API/JSContextRef.cpp (modified) (4 diffs)
• ChangeLog (modified) (1 diff)
• JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def (modified) (6 diffs)
• heap/CopiedSpace.cpp (modified) (1 diff)
• heap/Heap.cpp (modified) (7 diffs)
• heap/Heap.h (modified) (2 diffs)
• heap/HeapTimer.cpp (modified) (6 diffs)
• heap/HeapTimer.h (modified) (3 diffs)
• heap/IncrementalSweeper.cpp (modified) (3 diffs)
• heap/IncrementalSweeper.h (modified) (1 diff)
• heap/MarkedAllocator.cpp (modified) (2 diffs)
• heap/WeakBlock.cpp (modified) (1 diff)
• jsc.cpp (modified) (3 diffs)
• runtime/Completion.cpp (modified) (2 diffs)
• runtime/GCActivityCallback.h (modified) (2 diffs)
• runtime/JSGlobalData.cpp (modified) (5 diffs)
• runtime/JSGlobalData.h (modified) (5 diffs)
• runtime/JSGlobalObject.cpp (modified) (2 diffs)
• runtime/JSLock.cpp (modified) (7 diffs)
• runtime/JSLock.h (modified) (4 diffs)
• runtime/WeakGCMap.h (modified) (1 diff)
• testRegExp.cpp (modified) (1 diff)

trunk/Source/JavaScriptCore/API/APIShims.h

@@ -29 +29 @@
 #include "CallFrame.h"
 #include "GCActivityCallback.h"
+#include "IncrementalSweeper.h"
 #include "JSLock.h"
 #include <wtf/WTFThreadData.h>
@@ -35 +36 @@
 
 class APIEntryShimWithoutLock {
+public:
+    enum RefGlobalDataTag { DontRefGlobalData = 0, RefGlobalData };
+
 protected:
-    APIEntryShimWithoutLock(JSGlobalData* globalData, bool registerThread)
-        : m_globalData(globalData)
+    APIEntryShimWithoutLock(JSGlobalData* globalData, bool registerThread, RefGlobalDataTag shouldRefGlobalData)
+        : m_shouldRefGlobalData(shouldRefGlobalData)
+        , m_globalData(globalData)
         , m_entryIdentifierTable(wtfThreadData().setCurrentIdentifierTable(globalData->identifierTable))
     {
+        if (shouldRefGlobalData)
+            m_globalData->ref();
         UNUSED_PARAM(registerThread);
         if (registerThread)
             globalData->heap.machineThreads().addCurrentThread();
         m_globalData->heap.activityCallback()->synchronize();
-        m_globalData->timeoutChecker.start();
+        m_globalData->heap.sweeper()->synchronize();
     }
 
     ~APIEntryShimWithoutLock()
     {
-        m_globalData->timeoutChecker.stop();
         wtfThreadData().setCurrentIdentifierTable(m_entryIdentifierTable);
+        if (m_shouldRefGlobalData)
+            m_globalData->deref();
     }
 
-private:
+protected:
+    RefGlobalDataTag m_shouldRefGlobalData;
     JSGlobalData* m_globalData;
     IdentifierTable* m_entryIdentifierTable;
@@ -62 +71 @@
     // Normal API entry
     APIEntryShim(ExecState* exec, bool registerThread = true)
-        : APIEntryShimWithoutLock(&exec->globalData(), registerThread)
-        , m_lock(exec)
+        : APIEntryShimWithoutLock(&exec->globalData(), registerThread, RefGlobalData)
     {
+        init();
+    }
+
+    // This constructor is necessary for HeapTimer to prevent it from accidentally resurrecting 
+    // the ref count of a "dead" JSGlobalData.
+    APIEntryShim(JSGlobalData* globalData, RefGlobalDataTag refGlobalData, bool registerThread = true)
+        : APIEntryShimWithoutLock(globalData, registerThread, refGlobalData)
+    {
+        init();
     }
 
     // JSPropertyNameAccumulator only has a globalData.
     APIEntryShim(JSGlobalData* globalData, bool registerThread = true)
-        : APIEntryShimWithoutLock(globalData, registerThread)
-        , m_lock(globalData->isSharedInstance() ? LockForReal : SilenceAssertionsOnly)
+        : APIEntryShimWithoutLock(globalData, registerThread, RefGlobalData)
     {
+        init();
+    }
+
+    ~APIEntryShim()
+    {
+        m_globalData->timeoutChecker.stop();
+        m_globalData->apiLock().unlock();
     }
 
 private:
-    JSLock m_lock;
+    void init()
+    {
+        m_globalData->apiLock().lock();
+        m_globalData->timeoutChecker.start();
+    }
 };
 
@@ -89 +116 @@
     ~APICallbackShim()
     {
-        m_globalData->heap.activityCallback()->synchronize();
         wtfThreadData().setCurrentIdentifierTable(m_globalData->identifierTable);
     }

trunk/Source/JavaScriptCore/API/JSContextRef.cpp

@@ -79 +79 @@
     // we use a shared one for backwards compatibility.
     if (NSVersionOfLinkTimeLibrary("JavaScriptCore") <= webkitFirstVersionWithConcurrentGlobalContexts) {
-        JSLock lock(LockForReal);
         return JSGlobalContextCreateInGroup(toRef(&JSGlobalData::sharedInstance()), globalObjectClass);
     }
@@ -91 +90 @@
     initializeThreading();
 
-    JSLock lock(LockForReal);
     RefPtr<JSGlobalData> globalData = group ? PassRefPtr<JSGlobalData>(toJS(group)) : JSGlobalData::createContextGroup(ThreadStackTypeSmall);
 
     APIEntryShim entryShim(globalData.get(), false);
-
     globalData->makeUsableFromMultipleThreads();
 
@@ -125 +122 @@
 void JSGlobalContextRelease(JSGlobalContextRef ctx)
 {
-    ExecState* exec = toJS(ctx);
-    JSLock lock(exec);
-
-    JSGlobalData& globalData = exec->globalData();
-    IdentifierTable* savedIdentifierTable = wtfThreadData().setCurrentIdentifierTable(globalData.identifierTable);
-
-    bool protectCountIsZero = Heap::heap(exec->dynamicGlobalObject())->unprotect(exec->dynamicGlobalObject());
-    if (protectCountIsZero) {
-        globalData.heap.activityCallback()->synchronize();
-        globalData.heap.reportAbandonedObjectGraph();
-    }
-    globalData.deref();
+    IdentifierTable* savedIdentifierTable;
+    ExecState* exec = toJS(ctx);
+    {
+        JSLockHolder lock(exec);
+
+        JSGlobalData& globalData = exec->globalData();
+        savedIdentifierTable = wtfThreadData().setCurrentIdentifierTable(globalData.identifierTable);
+
+        bool protectCountIsZero = Heap::heap(exec->dynamicGlobalObject())->unprotect(exec->dynamicGlobalObject());
+        if (protectCountIsZero)
+            globalData.heap.reportAbandonedObjectGraph();
+        globalData.deref();
+    }
 
     wtfThreadData().setCurrentIdentifierTable(savedIdentifierTable);
@@ -167 +165 @@
 {
     ExecState* exec = toJS(ctx);
-    JSLock lock(exec);
+    JSLockHolder lock(exec);
 
     unsigned count = 0;

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2012-06-25  Mark Hahnenberg  <[email protected]>
+
+        JSLock should be per-JSGlobalData
+        https://bugs.webkit.org/show_bug.cgi?id=89123
+
+        Reviewed by Geoffrey Garen.
+
+        * API/APIShims.h:
+        (APIEntryShimWithoutLock):
+        (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock): Added an extra parameter to the constructor to 
+        determine whether we should ref the JSGlobalData or not. We want to ref all the time except for in the 
+        HeapTimer class because timerDidFire could run after somebody has started to tear down that particular 
+        JSGlobalData, so we wouldn't want to resurrect the ref count of that JSGlobalData from 0 back to 1 after 
+        its destruction has begun. 
+        (JSC::APIEntryShimWithoutLock::~APIEntryShimWithoutLock):
+        (JSC::APIEntryShim::APIEntryShim):
+        (APIEntryShim):
+        (JSC::APIEntryShim::~APIEntryShim):
+        (JSC::APIEntryShim::init): Factored out common initialization code for the various APIEntryShim constructors.
+        Also moved the timeoutChecker stop and start here because we need to start after we've grabbed the API lock
+        and before we've released it, which can only done in APIEntryShim.
+        (JSC::APICallbackShim::~APICallbackShim): We no longer need to synchronize here.
+        * API/JSContextRef.cpp:
+        (JSGlobalContextCreate):
+        (JSGlobalContextCreateInGroup):
+        (JSGlobalContextRelease):
+        (JSContextCreateBacktrace):
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * heap/CopiedSpace.cpp:
+        (JSC::CopiedSpace::tryAllocateSlowCase):
+        * heap/Heap.cpp:
+        (JSC::Heap::protect):
+        (JSC::Heap::unprotect):
+        (JSC::Heap::collect):
+        (JSC::Heap::setActivityCallback):
+        (JSC::Heap::activityCallback):
+        (JSC::Heap::sweeper):
+        * heap/Heap.h: Changed m_activityCallback and m_sweeper to be raw pointers rather than OwnPtrs because they 
+        are now responsible for their own lifetime. Also changed the order of declaration of the GCActivityCallback
+        and the IncrementalSweeper to make sure they're the last things that get initialized during construction to 
+        prevent any issues with uninitialized memory in the JSGlobalData/Heap they might care about.
+        (Heap):
+        * heap/HeapTimer.cpp: Refactored to allow for thread-safe operation and shutdown.
+        (JSC::HeapTimer::~HeapTimer):
+        (JSC::HeapTimer::invalidate):
+        (JSC):
+        (JSC::HeapTimer::didStartVMShutdown): Called at the beginning of ~JSGlobalData. If we're on the same thread 
+        that the HeapTimer is running on, we kill the HeapTimer ourselves. If not, then we set some state in the 
+        HeapTimer and schedule it to fire immediately so that it can notice and kill itself.
+        (JSC::HeapTimer::timerDidFire): We grab our mutex and check our JSGlobalData pointer. If it has been zero-ed
+        out, then we know the VM has started to shutdown and we should kill ourselves. Otherwise, grab the APIEntryShim,
+        but without ref-ing the JSGlobalData (we don't want to bring the JSGlobalData's ref-count from 0 to 1) in case 
+        we were interrupted between releasing our mutex and trying to grab the APILock.
+        * heap/HeapTimer.h:
+        (HeapTimer):
+        * heap/IncrementalSweeper.cpp:
+        (JSC::IncrementalSweeper::doWork): We no longer need the API shim here since HeapTimer::timerDidFire handles 
+        all of that for us. 
+        (JSC::IncrementalSweeper::create):
+        * heap/IncrementalSweeper.h:
+        (IncrementalSweeper):
+        * heap/MarkedAllocator.cpp:
+        (JSC::MarkedAllocator::allocateSlowCase):
+        * heap/WeakBlock.cpp:
+        (JSC::WeakBlock::reap):
+        * jsc.cpp:
+        (functionGC):
+        (functionReleaseExecutableMemory):
+        (jscmain):
+        * runtime/Completion.cpp:
+        (JSC::checkSyntax):
+        (JSC::evaluate):
+        * runtime/GCActivityCallback.h:
+        (DefaultGCActivityCallback):
+        (JSC::DefaultGCActivityCallback::create):
+        * runtime/JSGlobalData.cpp:
+        (JSC::JSGlobalData::JSGlobalData):
+        (JSC::JSGlobalData::~JSGlobalData): Signals to the two HeapTimers (GCActivityCallback and IncrementalSweeper)
+        that the VM has started shutting down. It then waits until the HeapTimer is done with whatever activity 
+        it needs to do before continuing with any further destruction. Also asserts that we do not currently hold the 
+        APILock because this could potentially cause deadlock when we try to signal to the HeapTimers using their mutexes.
+        (JSC::JSGlobalData::sharedInstance): Protect the initialization for the shared instance with the GlobalJSLock.
+        (JSC::JSGlobalData::sharedInstanceInternal):
+        * runtime/JSGlobalData.h: Change to be ThreadSafeRefCounted so that we don't have to worry about refing and 
+        de-refing JSGlobalDatas on separate threads since we don't do it that often anyways.
+        (JSGlobalData):
+        (JSC::JSGlobalData::apiLock):
+        * runtime/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::~JSGlobalObject):
+        (JSC::JSGlobalObject::init):
+        * runtime/JSLock.cpp:
+        (JSC):
+        (JSC::GlobalJSLock::GlobalJSLock): For accessing the shared instance.
+        (JSC::GlobalJSLock::~GlobalJSLock):
+        (JSC::JSLockHolder::JSLockHolder): MutexLocker for JSLock. Also refs the JSGlobalData to keep it alive so that 
+        it can successfully unlock it later without it disappearing from underneath it.
+        (JSC::JSLockHolder::~JSLockHolder):
+        (JSC::JSLock::JSLock):
+        (JSC::JSLock::~JSLock):
+        (JSC::JSLock::lock): Uses the spin lock for guarding the lock count and owner thread fields. Uses the mutex for 
+        actually waiting for long periods. 
+        (JSC::JSLock::unlock):
+        (JSC::JSLock::currentThreadIsHoldingLock):
+        (JSC::JSLock::dropAllLocks):
+        (JSC::JSLock::dropAllLocksUnconditionally):
+        (JSC::JSLock::grabAllLocks):
+        (JSC::JSLock::DropAllLocks::DropAllLocks):
+        (JSC::JSLock::DropAllLocks::~DropAllLocks):
+        * runtime/JSLock.h:
+        (JSC):
+        (GlobalJSLock):
+        (JSLockHolder):
+        (JSLock):
+        (DropAllLocks):
+        * runtime/WeakGCMap.h:
+        (JSC::WeakGCMap::set):
+        * testRegExp.cpp:
+        (realMain):
+
 2012-06-27  Filip Pizlo  <[email protected]>
 

trunk/Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def

@@ -7 +7 @@
     ??0DateInstance@JSC@@IAE@PAVExecState@1@PAVStructure@1@@Z
     ??0DefaultGCActivityCallback@JSC@@QAE@PAVHeap@1@@Z
-    ??0DropAllLocks@JSLock@JSC@@QAE@W4JSLockBehavior@2@@Z
+    ??0DropAllLocks@JSLock@JSC@@QAE@PAVExecState@2@@Z
+    ??0DropAllLocks@JSLock@JSC@@QAE@PAVJSGlobalData@2@@Z
     ??0DynamicGlobalObjectScope@JSC@@QAE@AAVJSGlobalData@1@PAVJSGlobalObject@1@@Z 
     ??0InternalFunction@JSC@@IAE@PAVJSGlobalObject@1@PAVStructure@1@@Z
     ??0JSGlobalObject@JSC@@IAE@AAVJSGlobalData@1@PAVStructure@1@PBUGlobalObjectMethodTable@1@@Z
-    ??0JSLock@JSC@@QAE@PAVExecState@1@@Z
+    ??0JSLockHolder@JSC@@QAE@AAVJSGlobalData@1@@Z
+    ??0JSLockHolder@JSC@@QAE@PAVExecState@1@@Z
+    ??0JSLockHolder@JSC@@QAE@PAVJSGlobalData@1@@Z
     ??0MD5@WTF@@QAE@XZ
     ??0Mutex@WTF@@QAE@XZ
@@ -34 +37 @@
     ??1JSGlobalData@JSC@@QAE@XZ
     ??1JSGlobalObject@JSC@@QAE@XZ
+    ??1JSLockHolder@JSC@@QAE@XZ
     ??1Mutex@WTF@@QAE@XZ
     ??1RefCountedLeakCounter@WTF@@QAE@XZ
@@ -125 +129 @@
     ?cryptographicallyRandomValues@WTF@@YAXPAXI@Z
     ?currentThread@WTF@@YAIXZ
-    ?currentThreadIsHoldingLock@JSLock@JSC@@SA_NXZ
     ?currentTime@WTF@@YANXZ
     ?data@CString@WTF@@QBEPBDXZ
@@ -237 +240 @@
     ?jsString@JSC@@YAPAVJSString@1@PAVJSGlobalData@1@ABVUString@1@@Z
     ?length@CString@WTF@@QBEIXZ
-    ?lock@JSLock@JSC@@SAXW4JSLockBehavior@2@@Z
+    ?lock@JSLock@JSC@@QAEXXZ
     ?lock@Mutex@WTF@@QAEXXZ
     ?lockAtomicallyInitializedStaticMutex@WTF@@YAXXZ
-    ?lockCount@JSLock@JSC@@SAHXZ
     ?match@RegExp@JSC@@QAEHAAVJSGlobalData@2@ABVUString@2@IAAV?$Vector@H$0CA@@WTF@@@Z
     ?materializePropertyMap@Structure@JSC@@AAEXAAVJSGlobalData@2@@Z
@@ -325 +327 @@
     ?substringSharingImpl@UString@JSC@@QBE?AV12@II@Z
     ?suggestedNewPropertyStorageSize@Structure@JSC@@QAEIXZ
+    ?sweeper@Heap@JSC@@QAEPAVIncrementalSweeper@2@XZ
     ?synthesizePrototype@JSValue@JSC@@QBEPAVJSObject@2@PAVExecState@2@@Z
     ?thisObject@DebuggerCallFrame@JSC@@QBEPAVJSObject@2@XZ
@@ -354 +357 @@
     ?tryLock@Mutex@WTF@@QAE_NXZ
     ?type@DebuggerCallFrame@JSC@@QBE?AW4Type@12@XZ
-    ?unlock@JSLock@JSC@@SAXW4JSLockBehavior@2@@Z
+    ?unlock@JSLock@JSC@@QAEXXZ
     ?unlock@Mutex@WTF@@QAEXXZ
     ?unlockAtomicallyInitializedStaticMutex@WTF@@YAXXZ

trunk/Source/JavaScriptCore/heap/CopiedSpace.cpp

@@ -67 +67 @@
         return tryAllocateOversize(bytes, outPtr);
     
+    ASSERT(m_heap->globalData()->apiLock().currentThreadIsHoldingLock());
     m_heap->didAllocate(m_allocator.currentCapacity());
 

trunk/Source/JavaScriptCore/heap/Heap.cpp

@@ -161 +161 @@
 }
 
-static inline bool isValidSharedInstanceThreadState()
-{
-    if (!JSLock::lockCount())
-        return false;
-
-    if (!JSLock::currentThreadIsHoldingLock())
-        return false;
-
-    return true;
+static inline bool isValidSharedInstanceThreadState(JSGlobalData* globalData)
+{
+    return globalData->apiLock().currentThreadIsHoldingLock();
 }
 
@@ -177 +171 @@
         return false;
 
-    if (globalData->isSharedInstance() && !isValidSharedInstanceThreadState())
+    if (globalData->isSharedInstance() && !isValidSharedInstanceThreadState(globalData))
         return false;
 
@@ -328 +322 @@
 {
     ASSERT(k);
-    ASSERT(JSLock::currentThreadIsHoldingLock() || !m_globalData->isSharedInstance());
+    ASSERT(m_globalData->apiLock().currentThreadIsHoldingLock());
 
     if (!k.isCell())
@@ -339 +333 @@
 {
     ASSERT(k);
-    ASSERT(JSLock::currentThreadIsHoldingLock() || !m_globalData->isSharedInstance());
+    ASSERT(m_globalData->apiLock().currentThreadIsHoldingLock());
 
     if (!k.isCell())
@@ -693 +687 @@
     
     GCPHASE(Collect);
+    ASSERT(globalData()->apiLock().currentThreadIsHoldingLock());
     ASSERT(globalData()->identifierTable == wtfThreadData().currentIdentifierTable());
     ASSERT(m_isSafeToCollect);
@@ -778 +773 @@
 }
 
-void Heap::setActivityCallback(PassOwnPtr<GCActivityCallback> activityCallback)
+void Heap::setActivityCallback(GCActivityCallback* activityCallback)
 {
     m_activityCallback = activityCallback;
@@ -785 +780 @@
 GCActivityCallback* Heap::activityCallback()
 {
-    return m_activityCallback.get();
+    return m_activityCallback;
 }
 
 IncrementalSweeper* Heap::sweeper()
 {
-    return m_sweeper.get();
+    return m_sweeper;
 }
 

trunk/Source/JavaScriptCore/heap/Heap.h

@@ -100 +100 @@
 
         JS_EXPORT_PRIVATE GCActivityCallback* activityCallback();
-        JS_EXPORT_PRIVATE void setActivityCallback(PassOwnPtr<GCActivityCallback>);
+        JS_EXPORT_PRIVATE void setActivityCallback(GCActivityCallback*);
         JS_EXPORT_PRIVATE void setGarbageCollectionTimerEnabled(bool);
 
-        IncrementalSweeper* sweeper();
+        JS_EXPORT_PRIVATE IncrementalSweeper* sweeper();
 
         // true if an allocation or collection is in progress
@@ -238 +238 @@
         double m_lastCodeDiscardTime;
 
-        OwnPtr<GCActivityCallback> m_activityCallback;
-        OwnPtr<IncrementalSweeper> m_sweeper;
-        
         DoublyLinkedList<ExecutableBase> m_compiledCode;
+        
+        GCActivityCallback* m_activityCallback;
+        IncrementalSweeper* m_sweeper;
     };
 

trunk/Source/JavaScriptCore/heap/HeapTimer.cpp

@@ -27 +27 @@
 #include "HeapTimer.h"
 
+#include "APIShims.h"
+#include "JSObject.h"
+#include "JSString.h"
+#include "ScopeChain.h"
 #include <wtf/Threading.h>
 
@@ -47 +51 @@
 HeapTimer::~HeapTimer()
 {
-    invalidate();
+    CFRunLoopRemoveTimer(m_runLoop.get(), m_timer.get(), kCFRunLoopCommonModes);
+    CFRunLoopTimerInvalidate(m_timer.get());
 }
 
@@ -61 +66 @@
 void HeapTimer::invalidate()
 {
-    CFRunLoopRemoveTimer(m_runLoop.get(), m_timer.get(), kCFRunLoopCommonModes);
-    CFRunLoopTimerInvalidate(m_timer.get());
+    m_globalData = 0;
+    CFRunLoopTimerSetNextFireDate(m_timer.get(), CFAbsoluteTimeGetCurrent() - s_decade);
+}
+
+void HeapTimer::didStartVMShutdown()
+{
+    if (CFRunLoopGetCurrent() == m_runLoop.get()) {
+        invalidate();
+        delete this;
+        return;
+    }
+    ASSERT(!m_globalData->apiLock().currentThreadIsHoldingLock());
+    MutexLocker locker(m_shutdownMutex);
+    invalidate();
 }
 
@@ -68 +85 @@
 {
     HeapTimer* agent = static_cast<HeapTimer*>(info);
-    agent->doWork();
+    agent->m_shutdownMutex.lock();
+    if (!agent->m_globalData) {
+        agent->m_shutdownMutex.unlock();
+        delete agent;
+        return;
+    }
+    {
+        // We don't ref here to prevent us from resurrecting the ref count of a "dead" JSGlobalData.
+        APIEntryShim shim(agent->m_globalData, APIEntryShimWithoutLock::DontRefGlobalData);
+        agent->doWork();
+    }
+    agent->m_shutdownMutex.unlock();
 }
 
@@ -82 +110 @@
 }
 
+void HeapTimer::didStartVMShutdown()
+{
+    delete this;
+}
+
 void HeapTimer::synchronize()
 {
@@ -90 +123 @@
 }
 
-
 #endif
     

trunk/Source/JavaScriptCore/heap/HeapTimer.h

@@ -28 +28 @@
 
 #include <wtf/RetainPtr.h>
+#include <wtf/Threading.h>
 
 #if USE(CF)
@@ -47 +48 @@
     
     virtual ~HeapTimer();
-    
+
+    void didStartVMShutdown();
     virtual void synchronize();
     virtual void doWork() = 0;
@@ -60 +62 @@
     RetainPtr<CFRunLoopRef> m_runLoop;
     CFRunLoopTimerContext m_context;
+
+    Mutex m_shutdownMutex;
 #endif
     

trunk/Source/JavaScriptCore/heap/IncrementalSweeper.cpp

@@ -46 +46 @@
 void IncrementalSweeper::doWork()
 {
-    APIEntryShim shim(m_globalData);
     doSweep(WTF::monotonicallyIncreasingTime());
 }
@@ -56 +55 @@
 }
 
-PassOwnPtr<IncrementalSweeper> IncrementalSweeper::create(Heap* heap)
+IncrementalSweeper* IncrementalSweeper::create(Heap* heap)
 {
-    return adoptPtr(new IncrementalSweeper(heap, CFRunLoopGetCurrent()));
+    return new IncrementalSweeper(heap, CFRunLoopGetCurrent());
 }
 
@@ -111 +110 @@
 }
 
-PassOwnPtr<IncrementalSweeper> IncrementalSweeper::create(Heap* heap)
+IncrementalSweeper* IncrementalSweeper::create(Heap* heap)
 {
-    return adoptPtr(new IncrementalSweeper(heap->globalData()));
+    return new IncrementalSweeper(heap->globalData());
 }
 

trunk/Source/JavaScriptCore/heap/IncrementalSweeper.h

@@ -40 +40 @@
 class IncrementalSweeper : public HeapTimer {
 public:
-    static PassOwnPtr<IncrementalSweeper> create(Heap*);
+    static IncrementalSweeper* create(Heap*);
     void startSweeping(const HashSet<MarkedBlock*>& blockSnapshot);
     virtual void doWork();

trunk/Source/JavaScriptCore/heap/MarkedAllocator.cpp

@@ -4 +4 @@
 #include "GCActivityCallback.h"
 #include "Heap.h"
+#include "JSGlobalData.h"
 #include <wtf/CurrentTime.h>
 
@@ -57 +58 @@
 void* MarkedAllocator::allocateSlowCase()
 {
+    ASSERT(m_heap->globalData()->apiLock().currentThreadIsHoldingLock());
 #if COLLECT_ON_EVERY_ALLOCATION
     m_heap->collectAllGarbage();

trunk/Source/JavaScriptCore/heap/WeakBlock.cpp

@@ -128 +128 @@
             continue;
 
-        if (Heap::isMarked(weakImpl->jsValue().asCell()))
+        if (Heap::isMarked(weakImpl->jsValue().asCell())) {
+            ASSERT(weakImpl->state() == WeakImpl::Live);
             continue;
+        }
 
         weakImpl->setState(WeakImpl::Dead);

trunk/Source/JavaScriptCore/jsc.cpp

@@ -300 +300 @@
 EncodedJSValue JSC_HOST_CALL functionGC(ExecState* exec)
 {
-    JSLock lock(SilenceAssertionsOnly);
+    JSLockHolder lock(exec);
     exec->heap()->collectAllGarbage();
     return JSValue::encode(jsUndefined());
@@ -308 +308 @@
 EncodedJSValue JSC_HOST_CALL functionReleaseExecutableMemory(ExecState* exec)
 {
-    JSLock lock(SilenceAssertionsOnly);
+    JSLockHolder lock(exec);
     exec->globalData().releaseExecutableMemory();
     return JSValue::encode(jsUndefined());
@@ -668 +668 @@
 int jscmain(int argc, char** argv)
 {
-    JSLock lock(SilenceAssertionsOnly);
-
+    
     RefPtr<JSGlobalData> globalData = JSGlobalData::create(ThreadStackTypeLarge, LargeHeap);
+    JSLockHolder lock(globalData.get());
 
     CommandLine options;

trunk/Source/JavaScriptCore/runtime/Completion.cpp

@@ -38 +38 @@
 bool checkSyntax(ExecState* exec, const SourceCode& source, JSValue* returnedException)
 {
-    JSLock lock(exec);
+    JSLockHolder lock(exec);
     ASSERT(exec->globalData().identifierTable == wtfThreadData().currentIdentifierTable());
 
@@ -54 +54 @@
 JSValue evaluate(ExecState* exec, ScopeChainNode* scopeChain, const SourceCode& source, JSValue thisValue, JSValue* returnedException)
 {
-    JSLock lock(exec);
+    JSLockHolder lock(exec);
     ASSERT(exec->globalData().identifierTable == wtfThreadData().currentIdentifierTable());
     if (exec->globalData().isCollectorBusy())

trunk/Source/JavaScriptCore/runtime/GCActivityCallback.h

@@ -70 +70 @@
 class DefaultGCActivityCallback : public GCActivityCallback {
 public:
-    static PassOwnPtr<DefaultGCActivityCallback> create(Heap*);
+    static DefaultGCActivityCallback* create(Heap*);
 
     DefaultGCActivityCallback(Heap*);
@@ -92 +92 @@
 };
 
-inline PassOwnPtr<DefaultGCActivityCallback> DefaultGCActivityCallback::create(Heap* heap)
+inline DefaultGCActivityCallback* DefaultGCActivityCallback::create(Heap* heap)
 {
-    return adoptPtr(new DefaultGCActivityCallback(heap));
+    return new DefaultGCActivityCallback(heap);
 }
 

trunk/Source/JavaScriptCore/runtime/JSGlobalData.cpp

@@ -35 +35 @@
 #include "DebuggerActivation.h"
 #include "FunctionConstructor.h"
+#include "GCActivityCallback.h"
 #include "GetterSetter.h"
 #include "HostCallReturnValue.h"
+#include "IncrementalSweeper.h"
 #include "Interpreter.h"
 #include "JSActivation.h"
@@ -179 +181 @@
     interpreter = new Interpreter;
 
-    if (isSharedInstance())
-        turnOffVerifier();
-
     // Need to be careful to keep everything consistent here
+    JSLockHolder lock(this);
     IdentifierTable* existingEntryIdentifierTable = wtfThreadData().setCurrentIdentifierTable(identifierTable);
-    JSLock lock(SilenceAssertionsOnly);
     structureStructure.set(*this, Structure::createStructure(*this));
     debuggerActivationStructure.set(*this, DebuggerActivation::createStructure(*this, 0, jsNull()));
@@ -223 +222 @@
 JSGlobalData::~JSGlobalData()
 {
+    ASSERT(!m_apiLock.currentThreadIsHoldingLock());
+    heap.activityCallback()->didStartVMShutdown();
+    heap.sweeper()->didStartVMShutdown();
     heap.lastChanceToFinalize();
 
@@ -312 +314 @@
 JSGlobalData& JSGlobalData::sharedInstance()
 {
+    GlobalJSLock globalLock;
     JSGlobalData*& instance = sharedInstanceInternal();
     if (!instance) {
@@ -322 +325 @@
 JSGlobalData*& JSGlobalData::sharedInstanceInternal()
 {
-    ASSERT(JSLock::currentThreadIsHoldingLock());
     static JSGlobalData* sharedInstance;
     return sharedInstance;

trunk/Source/JavaScriptCore/runtime/JSGlobalData.h

@@ -36 +36 @@
 #include "Intrinsic.h"
 #include "JITStubs.h"
+#include "JSLock.h"
 #include "JSValue.h"
 #include "LLIntData.h"
@@ -47 +48 @@
 #include <wtf/Forward.h>
 #include <wtf/HashMap.h>
-#include <wtf/RefCounted.h>
 #include <wtf/SimpleStats.h>
+#include <wtf/ThreadSafeRefCounted.h>
 #include <wtf/ThreadSpecific.h>
 #include <wtf/WTFThreadData.h>
@@ -153 +154 @@
 #endif
 
-    class JSGlobalData : public RefCounted<JSGlobalData> {
+    class JSGlobalData : public ThreadSafeRefCounted<JSGlobalData> {
     public:
         // WebCore has a one-to-one mapping of threads to JSGlobalDatas;
@@ -181 +182 @@
         void makeUsableFromMultipleThreads() { heap.machineThreads().makeUsableFromMultipleThreads(); }
 
+    private:
+        JSLock m_apiLock;
+
+    public:
         Heap heap; // The heap is our first data member to ensure that it's destructed after all the objects that reference it.
 
@@ -410 +415 @@
 #undef registerTypedArrayFunction
 
+        JSLock& apiLock() { return m_apiLock; }
+
     private:
         friend class LLIntOffsetsExtractor;

trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp

@@ -124 +124 @@
 JSGlobalObject::~JSGlobalObject()
 {
-    ASSERT(JSLock::currentThreadIsHoldingLock());
-
     if (m_debugger)
         m_debugger->detach(this);
@@ -140 +138 @@
 void JSGlobalObject::init(JSObject* thisValue)
 {
-    ASSERT(JSLock::currentThreadIsHoldingLock());
+    ASSERT(globalData().apiLock().currentThreadIsHoldingLock());
     
     m_globalScopeChain.set(globalData(), this, ScopeChainNode::create(0, this, &globalData(), this, thisValue));

trunk/Source/JavaScriptCore/runtime/JSLock.cpp

@@ -24 +24 @@
 #include "Heap.h"
 #include "CallFrame.h"
+#include "JSGlobalObject.h"
 #include "JSObject.h"
 #include "ScopeChain.h"
@@ -38 +39 @@
 #if (OS(DARWIN) || USE(PTHREADS))
 
-// Acquire this mutex before accessing lock-related data.
-static pthread_mutex_t JSMutex = PTHREAD_MUTEX_INITIALIZER;
-
-// Thread-specific key that tells whether a thread holds the JSMutex, and how many times it was taken recursively.
-pthread_key_t JSLockCount;
-
-static void createJSLockCount()
-{
-    pthread_key_create(&JSLockCount, 0);
-}
-
-pthread_once_t createJSLockCountOnce = PTHREAD_ONCE_INIT;
-
-// Lock nesting count.
-intptr_t JSLock::lockCount()
-{
-    pthread_once(&createJSLockCountOnce, createJSLockCount);
-
-    return reinterpret_cast<intptr_t>(pthread_getspecific(JSLockCount));
-}
-
-static void setLockCount(intptr_t count)
-{
-    ASSERT(count >= 0);
-    pthread_setspecific(JSLockCount, reinterpret_cast<void*>(count));
-}
-
-JSLock::JSLock(ExecState* exec)
-    : m_lockBehavior(exec->globalData().isSharedInstance() ? LockForReal : SilenceAssertionsOnly)
-{
-    lock(m_lockBehavior);
-}
-
-JSLock::JSLock(JSGlobalData* globalData)
-    : m_lockBehavior(globalData->isSharedInstance() ? LockForReal : SilenceAssertionsOnly)
-{
-    lock(m_lockBehavior);
-}
-
-void JSLock::lock(JSLockBehavior lockBehavior)
-{
-#ifdef NDEBUG
-    // Locking "not for real" is a debug-only feature.
-    if (lockBehavior == SilenceAssertionsOnly)
-        return;
-#endif
-
-    pthread_once(&createJSLockCountOnce, createJSLockCount);
-
-    intptr_t currentLockCount = lockCount();
-    if (!currentLockCount && lockBehavior == LockForReal) {
-        int result = pthread_mutex_lock(&JSMutex);
-        ASSERT_UNUSED(result, !result);
+static pthread_mutex_t sharedInstanceLock = PTHREAD_MUTEX_INITIALIZER;
+
+GlobalJSLock::GlobalJSLock()
+{
+    pthread_mutex_lock(&sharedInstanceLock);
+}
+
+GlobalJSLock::~GlobalJSLock()
+{
+    pthread_mutex_unlock(&sharedInstanceLock);
+}
+
+JSLockHolder::JSLockHolder(ExecState* exec)
+    : m_globalData(&exec->globalData())
+{
+    m_globalData->apiLock().lock();
+}
+
+JSLockHolder::JSLockHolder(JSGlobalData* globalData)
+    : m_globalData(globalData)
+{
+    m_globalData->apiLock().lock();
+}
+
+JSLockHolder::JSLockHolder(JSGlobalData& globalData)
+    : m_globalData(&globalData)
+{
+    m_globalData->apiLock().lock();
+}
+
+JSLockHolder::~JSLockHolder()
+{
+    m_globalData->apiLock().unlock();
+}
+
+JSLock::JSLock()
+    : m_lockCount(0)
+{
+    m_spinLock.Init();
+}
+
+JSLock::~JSLock()
+{
+}
+
+void JSLock::lock()
+{
+    ThreadIdentifier currentThread = WTF::currentThread();
+    {
+        SpinLockHolder holder(&m_spinLock);
+        if (m_ownerThread == currentThread && m_lockCount) {
+            m_lockCount++;
+            return;
+        }
     }
-    setLockCount(currentLockCount + 1);
-}
-
-void JSLock::unlock(JSLockBehavior lockBehavior)
-{
-    ASSERT(lockCount());
-
-#ifdef NDEBUG
-    // Locking "not for real" is a debug-only feature.
-    if (lockBehavior == SilenceAssertionsOnly)
-        return;
-#endif
-
-    intptr_t newLockCount = lockCount() - 1;
-    setLockCount(newLockCount);
-    if (!newLockCount && lockBehavior == LockForReal) {
-        int result = pthread_mutex_unlock(&JSMutex);
-        ASSERT_UNUSED(result, !result);
+
+    m_lock.lock();
+
+    {
+        SpinLockHolder holder(&m_spinLock);
+        m_ownerThread = currentThread;
+        ASSERT(!m_lockCount);
+        m_lockCount = 1;
     }
 }
 
+void JSLock::unlock()
+{
+    ASSERT(currentThreadIsHoldingLock());
+
+    SpinLockHolder holder(&m_spinLock);
+    m_lockCount--;
+
+    if (!m_lockCount)
+        m_lock.unlock();
+}
+
 void JSLock::lock(ExecState* exec)
 {
-    lock(exec->globalData().isSharedInstance() ? LockForReal : SilenceAssertionsOnly);
+    exec->globalData().apiLock().lock();
 }
 
 void JSLock::unlock(ExecState* exec)
 {
-    unlock(exec->globalData().isSharedInstance() ? LockForReal : SilenceAssertionsOnly);
+    exec->globalData().apiLock().unlock();
 }
 
 bool JSLock::currentThreadIsHoldingLock()
 {
-    pthread_once(&createJSLockCountOnce, createJSLockCount);
-    return !!pthread_getspecific(JSLockCount);
+    return m_lockCount && m_ownerThread == WTF::currentThread();
 }
 
@@ -150 +152 @@
 // write over the second thread's call frames.
 //
-// In avoid JS stack corruption we enforce a policy of only ever allowing two
+// To avoid JS stack corruption we enforce a policy of only ever allowing two
 // threads to use a JS context concurrently, and only allowing the second of
 // these threads to execute until it has completed and fully returned from its
@@ -159 +161 @@
 // again through a callback, then the locks will not be dropped when DropAllLocks
 // is called (since lockDropDepth is non-zero).  Since this thread is still holding
-// the locks, only it will re able to re-enter JSC (either be returning from the
+// the locks, only it will be able to re-enter JSC (either be returning from the
 // callback, or by re-entering through another call to evaulate script or call
 // function).
@@ -169 +171 @@
 // would likely increase complexity and overhead.
 //
-static unsigned lockDropDepth = 0;
+
+// This function returns the number of locks that were dropped.
+unsigned JSLock::dropAllLocks()
+{
+    if (m_lockDropDepth++)
+        return 0;
+
+    return dropAllLocksUnconditionally();
+}
+
+unsigned JSLock::dropAllLocksUnconditionally()
+{
+    unsigned lockCount = m_lockCount;
+    for (unsigned i = 0; i < lockCount; i++)
+        unlock();
+
+    return lockCount;
+}
+
+void JSLock::grabAllLocks(unsigned lockCount)
+{
+    for (unsigned i = 0; i < lockCount; i++)
+        lock();
+
+    m_lockDropDepth--;
+}
 
 JSLock::DropAllLocks::DropAllLocks(ExecState* exec)
-    : m_lockBehavior(exec->globalData().isSharedInstance() ? LockForReal : SilenceAssertionsOnly)
-{
-    pthread_once(&createJSLockCountOnce, createJSLockCount);
-
-    if (lockDropDepth++) {
-        m_lockCount = 0;
-        return;
-    }
-
-    m_lockCount = JSLock::lockCount();
-    for (intptr_t i = 0; i < m_lockCount; i++)
-        JSLock::unlock(m_lockBehavior);
-}
-
-JSLock::DropAllLocks::DropAllLocks(JSLockBehavior JSLockBehavior)
-    : m_lockBehavior(JSLockBehavior)
-{
-    pthread_once(&createJSLockCountOnce, createJSLockCount);
-
-    if (lockDropDepth++) {
-        m_lockCount = 0;
-        return;
-    }
-
-    // It is necessary to drop even "unreal" locks, because having a non-zero lock count
-    // will prevent a real lock from being taken.
-
-    m_lockCount = JSLock::lockCount();
-    for (intptr_t i = 0; i < m_lockCount; i++)
-        JSLock::unlock(m_lockBehavior);
+    : m_lockCount(0)
+    , m_globalData(&exec->globalData())
+{
+    m_lockCount = m_globalData->apiLock().dropAllLocks();
+}
+
+JSLock::DropAllLocks::DropAllLocks(JSGlobalData* globalData)
+    : m_lockCount(0)
+    , m_globalData(globalData)
+{
+    m_lockCount = m_globalData->apiLock().dropAllLocks();
 }
 
 JSLock::DropAllLocks::~DropAllLocks()
 {
-    for (intptr_t i = 0; i < m_lockCount; i++)
-        JSLock::lock(m_lockBehavior);
-
-    --lockDropDepth;
+    m_globalData->apiLock().grabAllLocks(m_lockCount);
 }
 
 #else // (OS(DARWIN) || USE(PTHREADS))
 
-JSLock::JSLock(ExecState*)
-    : m_lockBehavior(SilenceAssertionsOnly)
-{
-}
-
-// If threading support is off, set the lock count to a constant value of 1 so ssertions
-// that the lock is held don't fail
-intptr_t JSLock::lockCount()
-{
-    return 1;
+GlobalJSLock::GlobalJSLock()
+{
+}
+
+GlobalJSLock::~GlobalJSLock()
+{
+}
+
+JSLockHolder::JSLockHolder(JSGlobalData*)
+{
+}
+
+JSLockHolder::JSLockHolder(JSGlobalData&)
+{
+}
+
+JSLockHolder::JSLockHolder(ExecState*)
+{
+}
+
+JSLockHolder::~JSLockHolder()
+{
+}
+
+JSLock::JSLock()
+{
+}
+
+JSLock::~JSLock()
+{
 }
 
@@ -231 +256 @@
 }
 
-void JSLock::lock(JSLockBehavior)
-{
-}
-
-void JSLock::unlock(JSLockBehavior)
+void JSLock::lock()
+{
+}
+
+void JSLock::unlock()
 {
 }
@@ -247 +272 @@
 }
 
+void JSLock::lock(JSGlobalData&)
+{
+}
+
+void JSLock::unlock(JSGlobalData&)
+{
+}
+
+unsigned JSLock::dropAllLocks()
+{
+    return 0;
+}
+
+unsigned JSLock::dropAllLocksUnconditionally()
+{
+    return 0;
+}
+
+void JSLock::grabAllLocks(unsigned)
+{
+}
+
 JSLock::DropAllLocks::DropAllLocks(ExecState*)
 {
 }
 
-JSLock::DropAllLocks::DropAllLocks(JSLockBehavior)
+JSLock::DropAllLocks::DropAllLocks(JSGlobalData*)
 {
 }

trunk/Source/JavaScriptCore/runtime/JSLock.h

@@ -24 +24 @@
 #include <wtf/Assertions.h>
 #include <wtf/Noncopyable.h>
+#include <wtf/RefPtr.h>
+#include <wtf/TCSpinLock.h>
+#include <wtf/Threading.h>
 
 namespace JSC {
@@ -31 +34 @@
     // JavaScript data structure or that interacts with shared state
     // such as the protect count hash table. The simplest way to lock
-    // is to create a local JSLock object in the scope where the lock 
-    // must be held. The lock is recursive so nesting is ok. The JSLock 
+    // is to create a local JSLockHolder object in the scope where the lock 
+    // must be held and pass it the context that requires protection. 
+    // The lock is recursive so nesting is ok. The JSLock 
     // object also acts as a convenience short-hand for running important
     // initialization routines.
@@ -45 +49 @@
     // thread acquired it to begin with.
 
-    // For contexts other than the single shared one, implicit locking is not done,
-    // but we still need to perform all the counting in order to keep debug
-    // assertions working, so that clients that use the shared context don't break.
-
     class ExecState;
     class JSGlobalData;
 
-    enum JSLockBehavior { SilenceAssertionsOnly, LockForReal };
+    // This class is used to protect the initialization of the legacy single 
+    // shared JSGlobalData.
+    class GlobalJSLock {
+        WTF_MAKE_NONCOPYABLE(GlobalJSLock);
+    public:
+        JS_EXPORT_PRIVATE GlobalJSLock();
+        JS_EXPORT_PRIVATE ~GlobalJSLock();
+    };
+
+    class JSLockHolder {
+    public:
+        JS_EXPORT_PRIVATE JSLockHolder(JSGlobalData*);
+        JS_EXPORT_PRIVATE JSLockHolder(JSGlobalData&);
+        JS_EXPORT_PRIVATE JSLockHolder(ExecState*);
+
+        JS_EXPORT_PRIVATE ~JSLockHolder();
+    private:
+        RefPtr<JSGlobalData> m_globalData;
+    };
 
     class JSLock {
         WTF_MAKE_NONCOPYABLE(JSLock);
     public:
-        JS_EXPORT_PRIVATE JSLock(ExecState*);
-        JSLock(JSGlobalData*);
+        JSLock();
+        JS_EXPORT_PRIVATE ~JSLock();
 
-        JSLock(JSLockBehavior lockBehavior)
-            : m_lockBehavior(lockBehavior)
-        {
-#ifdef NDEBUG
-            // Locking "not for real" is a debug-only feature.
-            if (lockBehavior == SilenceAssertionsOnly)
-                return;
-#endif
-            lock(lockBehavior);
-        }
+        JS_EXPORT_PRIVATE void lock();
+        JS_EXPORT_PRIVATE void unlock();
 
-        ~JSLock()
-        { 
-#ifdef NDEBUG
-            // Locking "not for real" is a debug-only feature.
-            if (m_lockBehavior == SilenceAssertionsOnly)
-                return;
-#endif
-            unlock(m_lockBehavior); 
-        }
-        
-        JS_EXPORT_PRIVATE static void lock(JSLockBehavior);
-        JS_EXPORT_PRIVATE static void unlock(JSLockBehavior);
         static void lock(ExecState*);
         static void unlock(ExecState*);
+        static void lock(JSGlobalData&);
+        static void unlock(JSGlobalData&);
 
-        JS_EXPORT_PRIVATE static intptr_t lockCount();
-        JS_EXPORT_PRIVATE static bool currentThreadIsHoldingLock();
+        JS_EXPORT_PRIVATE bool currentThreadIsHoldingLock();
 
-        JSLockBehavior m_lockBehavior;
+        unsigned dropAllLocks();
+        unsigned dropAllLocksUnconditionally();
+        void grabAllLocks(unsigned lockCount);
+
+        SpinLock m_spinLock;
+        Mutex m_lock;
+        ThreadIdentifier m_ownerThread;
+        intptr_t m_lockCount;
+        unsigned m_lockDropDepth;
 
         class DropAllLocks {
@@ -95 +102 @@
         public:
             JS_EXPORT_PRIVATE DropAllLocks(ExecState* exec);
-            JS_EXPORT_PRIVATE DropAllLocks(JSLockBehavior);
+            JS_EXPORT_PRIVATE DropAllLocks(JSGlobalData*);
             JS_EXPORT_PRIVATE ~DropAllLocks();
             
         private:
             intptr_t m_lockCount;
-            JSLockBehavior m_lockBehavior;
+            RefPtr<JSGlobalData> m_globalData;
         };
     };

trunk/Source/JavaScriptCore/runtime/WeakGCMap.h

@@ -76 +76 @@
     }
 
-    void set(JSGlobalData&, const KeyType& key, ExternalType value)
+    void set(JSGlobalData& globalData, const KeyType& key, ExternalType value)
     {
+        ASSERT_UNUSED(globalData, globalData.apiLock().currentThreadIsHoldingLock());
         typename MapType::AddResult result = m_map.add(key, 0);
         if (!result.isNewEntry)

trunk/Source/JavaScriptCore/testRegExp.cpp

@@ -496 +496 @@
 int realMain(int argc, char** argv)
 {
-    JSLock lock(SilenceAssertionsOnly);
-
     RefPtr<JSGlobalData> globalData = JSGlobalData::create(ThreadStackTypeLarge, LargeHeap);
+    JSLockHolder lock(globalData.get());
 
     CommandLine options;