Ignore:
Timestamp:
Jun 5, 2015, 5:33:43 PM (10 years ago)
Author:
[email protected]
Message:

Subclasses of JSNonFinalObject with gc'able children need to implement visitChildren().
https://bugs.webkit.org/show_bug.cgi?id=145709

Reviewed by Geoffrey Garen.

  • jsc.cpp:

(functionSetElementRoot):

  • The Element class has a member of type Root which extends JSDestructibleObject. It should be stored in a WriteBarrier, and visited by visitChildren().
  • runtime/ClonedArguments.cpp:

(JSC::ClonedArguments::materializeSpecialsIfNecessary):
(JSC::ClonedArguments::visitChildren):

  • runtime/ClonedArguments.h:
  • Add missing visitChildren().
  • tests/stress/cloned-arguments-should-visit-callee-during-gc.js: Added.

(makeTransientFunction.transientFunc):
(makeTransientFunction):

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/jsc.cpp

    r185259 r185277  
    131131class Element : public JSNonFinalObject {
    132132public:
    133     Element(VM& vm, Structure* structure, Root* root)
     133    Element(VM& vm, Structure* structure)
    134134        : Base(vm, structure)
    135         , m_root(root)
    136135    {
    137136    }
     
    140139    static const bool needsDestruction = false;
    141140
    142     Root* root() const { return m_root; }
    143     void setRoot(Root* root) { m_root = root; }
     141    Root* root() const { return m_root.get(); }
     142    void setRoot(VM& vm, Root* root) { m_root.set(vm, this, root); }
    144143
    145144    static Element* create(VM& vm, JSGlobalObject* globalObject, Root* root)
    146145    {
    147146        Structure* structure = createStructure(vm, globalObject, jsNull());
    148         Element* element = new (NotNull, allocateCell<Element>(vm.heap, sizeof(Element))) Element(vm, structure, root);
    149         element->finishCreation(vm);
     147        Element* element = new (NotNull, allocateCell<Element>(vm.heap, sizeof(Element))) Element(vm, structure);
     148        element->finishCreation(vm, root);
    150149        return element;
    151150    }
    152151
    153     void finishCreation(VM&);
     152    void finishCreation(VM&, Root*);
     153
     154    static void visitChildren(JSCell* cell, SlotVisitor& visitor)
     155    {
     156        Element* thisObject = jsCast<Element*>(cell);
     157        ASSERT_GC_OBJECT_INHERITS(thisObject, info());
     158        Base::visitChildren(thisObject, visitor);
     159        visitor.append(&thisObject->m_root);
     160    }
    154161
    155162    static ElementHandleOwner* handleOwner();
     
    163170
    164171private:
    165     Root* m_root;
     172    WriteBarrier<Root> m_root;
    166173};
    167174
     
    422429}
    423430
    424 void Element::finishCreation(VM& vm)
     431void Element::finishCreation(VM& vm, Root* root)
    425432{
    426433    Base::finishCreation(vm);
     434    setRoot(vm, root);
    427435    m_root->setElement(this);
    428436}
     
    787795    Element* element = jsCast<Element*>(exec->argument(0));
    788796    Root* root = jsCast<Root*>(exec->argument(1));
    789     element->setRoot(root);
     797    element->setRoot(exec->vm(), root);
    790798    return JSValue::encode(jsUndefined());
    791799}
Note: See TracChangeset for help on using the changeset viewer.