Changeset 29710 in webkit for trunk/JavaScriptCore/kjs/ExecState.h

Timestamp:

Jan 21, 2008, 10:18:10 PM (17 years ago)

Author:

[email protected]

Message:

JavaScriptCore:

Reviewed by Maciej Stachowiak.

Fixed ​http://bugs.webkit.org/show_bug.cgi?id=16909
REGRESSION: Amazon.com crash (ActivationImp)

(and a bunch of other crashes)

Plus, a .7% SunSpider speedup to boot.

Replaced the buggy currentExec and savedExec mechanisms with an
explicit ExecState stack.

• kjs/collector.cpp: (KJS::Collector::collect): Explicitly mark the ExecState stack.

(KJS::Collector::reportOutOfMemoryToAllExecStates): Slight change in
behavior: We no longer throw an exception in any global ExecStates,
since global ExecStates are more like pseudo-ExecStates, and aren't
used for script execution. (It's unclear what would happen if you left
an exception waiting around in a global ExecState, but it probably
wouldn't be good.)

WebCore:

Reviewed by Maciej Stachowiak.

Adapted WebCore to the fix for ​http://bugs.webkit.org/show_bug.cgi?id=16909
REGRESSION: Amazon.com crash (ActivationImp)

• bindings/js/kjs_proxy.cpp: (WebCore::KJSProxy::~KJSProxy): No convenient way to make this assertion anymore. (It wasn't firing for anyone, anyway, so it's no big loss.)

• bindings/objc/WebScriptObject.mm: (+[WebScriptObject throwException:]): Use the ExecState stack, instead of currentExec. (-[WebScriptObject setException:]): ditto. Also, a slight change in behavior: If no ExecStates are active, we no longer throw an exception in the global ExecState. The JavaScriptCore ChangeLog explains why. This also matches the behavior of +throwException.

LayoutTests:

Layout test for ​http://bugs.webkit.org/show_bug.cgi?id=16909
REGRESSION: Amazon.com crash (ActivationImp)

• fast/js/exec-state-marking-expected.txt: Added.
• fast/js/exec-state-marking.html: Added.

File:

• trunk/JavaScriptCore/kjs/ExecState.h (modified) (6 diffs)

trunk/JavaScriptCore/kjs/ExecState.h

@@ -52 +52 @@
     struct LocalStorageEntry;
     
+    typedef Vector<ExecState*, 16> ExecStateStack;
+
     /**
      * Represents the current state of script execution. This is
@@ -86 +88 @@
         
         ExecState* callingExecState() { return m_callingExec; }
-        ExecState* savedExec() { return m_savedExec; }
         
         ActivationImp* activationObject() { return m_activation; }
@@ -107 +108 @@
         bool inSwitch() const { return (m_switchDepth > 0); }
 
-        void mark();
-        
         // These pointers are used to avoid accessing global variables for these,
         // to avoid taking PIC branches in Mach-O binaries.
@@ -179 +178 @@
         }
 
+        ExecState(JSGlobalObject*);
         ExecState(JSGlobalObject*, JSObject* thisObject, ProgramNode*);
         ExecState(JSGlobalObject*, EvalNode*, ExecState* callingExecState);
@@ -185 +185 @@
         ~ExecState();
 
+        static void markActiveExecStates();
+        static ExecStateStack& activeExecStates();
+
     private:
         // ExecStates are always stack-allocated, and the garbage collector
@@ -195 +198 @@
 
         ExecState* m_callingExec;
-        ExecState* m_savedExec;
+
         ScopeNode* m_scopeNode;