Ignore:
Timestamp:
Jan 21, 2008, 10:18:10 PM (17 years ago)
Author:
[email protected]
Message:

JavaScriptCore:

Reviewed by Maciej Stachowiak.


Fixed http://bugs.webkit.org/show_bug.cgi?id=16909
REGRESSION: Amazon.com crash (ActivationImp)


(and a bunch of other crashes)


Plus, a .7% SunSpider speedup to boot.


Replaced the buggy currentExec and savedExec mechanisms with an
explicit ExecState stack.

  • kjs/collector.cpp: (KJS::Collector::collect): Explicitly mark the ExecState stack.

(KJS::Collector::reportOutOfMemoryToAllExecStates): Slight change in
behavior: We no longer throw an exception in any global ExecStates,
since global ExecStates are more like pseudo-ExecStates, and aren't
used for script execution. (It's unclear what would happen if you left
an exception waiting around in a global ExecState, but it probably
wouldn't be good.)

WebCore:

Reviewed by Maciej Stachowiak.

Adapted WebCore to the fix for http://bugs.webkit.org/show_bug.cgi?id=16909
REGRESSION: Amazon.com crash (ActivationImp)

  • bindings/js/kjs_proxy.cpp: (WebCore::KJSProxy::~KJSProxy): No convenient way to make this assertion anymore. (It wasn't firing for anyone, anyway, so it's no big loss.)
  • bindings/objc/WebScriptObject.mm: (+[WebScriptObject throwException:]): Use the ExecState stack, instead of currentExec. (-[WebScriptObject setException:]): ditto. Also, a slight change in behavior: If no ExecStates are active, we no longer throw an exception in the global ExecState. The JavaScriptCore ChangeLog explains why. This also matches the behavior of +throwException.

LayoutTests:

Layout test for http://bugs.webkit.org/show_bug.cgi?id=16909
REGRESSION: Amazon.com crash (ActivationImp)

  • fast/js/exec-state-marking-expected.txt: Added.
  • fast/js/exec-state-marking.html: Added.
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/JavaScriptCore/kjs/JSGlobalObject.h

    r29663 r29710  
    7777            JSGlobalObjectData(JSGlobalObject* globalObject)
    7878                : JSVariableObjectData(&inlineSymbolTable)
    79                 , globalExec(globalObject, globalObject, 0)
     79                , globalExec(globalObject)
    8080            {
    8181            }
     
    8888           
    8989            ExecState globalExec;
    90             ExecState* currentExec;
    9190            int recursion;
    9291
     
    212211        void setDebugger(Debugger* debugger) { d()->debugger = debugger; }
    213212
    214         void setCurrentExec(ExecState* exec) { d()->currentExec = exec; }
    215         ExecState* currentExec() const { return d()->currentExec; }
    216 
    217213        // FIXME: Let's just pick one compatible behavior and go with it.
    218214        void setCompatMode(CompatMode mode) { d()->compatMode = mode; }
Note: See TracChangeset for help on using the changeset viewer.