Ignore:
Timestamp:
Mar 19, 2008, 6:00:15 PM (17 years ago)
Author:
[email protected]
Message:

JavaScriptCore:

2008-03-19 Sam Weinig <[email protected]>

Reviewed by Anders Carlsson.

Fix for <rdar://problem/5785694>
Crash occurs at KJS::Collector::collect() when loading web clip widgets with a PAC file

Make the activeExecStates stack per JSGlobalObject instead of static to ensure
thread safety.

  • JavaScriptCore.exp:
  • kjs/ExecState.cpp: (KJS::InterpreterExecState::InterpreterExecState): (KJS::InterpreterExecState::~InterpreterExecState): (KJS::EvalExecState::EvalExecState): (KJS::EvalExecState::~EvalExecState): (KJS::FunctionExecState::FunctionExecState): (KJS::FunctionExecState::~FunctionExecState):
  • kjs/ExecState.h: (KJS::):
  • kjs/JSGlobalObject.cpp: (KJS::JSGlobalObject::mark):
  • kjs/JSGlobalObject.h: (KJS::JSGlobalObject::activeExecStates):
  • kjs/collector.cpp: (KJS::Collector::collect): (KJS::Collector::reportOutOfMemoryToAllExecStates): Iterate all JSGlobalObjects and report the OutOfMemory condition to all the ExecStates in each.

WebCore:

2008-03-19 Sam Weinig <[email protected]>

Reviewed by Anders Carlsson.

Fix for <rdar://problem/5785694>
Crash occurs at KJS::Collector::collect() when loading web clip widgets with a PAC file

Make the activeExecStates stack per JSGlobalObject instead of static to ensure
thread safety.

  • bindings/objc/WebScriptObject.mm: (+[WebScriptObject throwException:]): Change to throw an exception on the current GlobalObject instead of the top of the static activeExecStates stack. (-[WebScriptObject setException:]): Change to use the top of the rootObjects GlobalObject instead of the top of the static activeExecStates stack.
  • bridge/c/c_instance.cpp:
  • bridge/c/c_instance.h:
  • bridge/jni/jni_instance.cpp: (JavaInstance::virtualBegin): (JavaInstance::virtualEnd):
  • bridge/jni/jni_instance.h:
  • bridge/objc/objc_instance.h:
  • bridge/objc/objc_instance.mm: (ObjcInstance::~ObjcInstance): (ObjcInstance::virtualBegin): (ObjcInstance::virtualEnd):
  • bridge/runtime.cpp: (KJS::Bindings::Instance::setDidExecuteFunction): (KJS::Bindings::Instance::didExecuteFunction): (KJS::Bindings::Instance::setCurrentGlobalObject): Added. (KJS::Bindings::Instance::currentGlobalObject): Added. (KJS::Bindings::Instance::begin): (KJS::Bindings::Instance::end):
  • bridge/runtime.h: (KJS::Bindings::Instance::virtualBegin): Renamed from begin(). (KJS::Bindings::Instance::virtualEnd): Renamed from end(). We now store the currently active globalObject everytime we cross the runtime object boundary. To do this, we take advantage of the existing begin/end methods that are called when crossing this boundary, making begin set the current globalObject and then call the old begin, now called virtualBegin.
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/JavaScriptCore/kjs/ExecState.cpp

    r30871 r31167  
    145145}
    146146
    147 void ExecState::markActiveExecStates()
    148 {
    149     ExecStateStack::const_iterator end = activeExecStates().end();
    150     for (ExecStateStack::const_iterator it = activeExecStates().begin(); it != end; ++it)
    151         (*it)->m_scopeChain.mark();
    152 }
    153 
    154 static inline ExecStateStack& inlineActiveExecStates()
    155 {
    156     static ExecStateStack staticActiveExecStates;
    157     return staticActiveExecStates;
    158 }
    159 
    160 ExecStateStack& ExecState::activeExecStates()
    161 {
    162     return inlineActiveExecStates();
    163 }
    164 
    165147GlobalExecState::GlobalExecState(JSGlobalObject* globalObject)
    166148    : ExecState(globalObject)
     
    175157    : ExecState(globalObject, thisObject, programNode)
    176158{
    177     inlineActiveExecStates().append(this);
     159    m_globalObject->activeExecStates().append(this);
    178160}
    179161
    180162InterpreterExecState::~InterpreterExecState()
    181163{
    182     ASSERT(inlineActiveExecStates().last() == this);
    183     inlineActiveExecStates().removeLast();
     164    ASSERT(m_globalObject->activeExecStates().last() == this);
     165    m_globalObject->activeExecStates().removeLast();
    184166}
    185167
     
    187169    : ExecState(globalObject, thisObj, evalNode, callingExec, scopeChain, variableObject)
    188170{
    189     inlineActiveExecStates().append(this);
     171    m_globalObject->activeExecStates().append(this);
    190172}
    191173
    192174EvalExecState::~EvalExecState()
    193175{
    194     ASSERT(inlineActiveExecStates().last() == this);
    195     inlineActiveExecStates().removeLast();
     176    ASSERT(m_globalObject->activeExecStates().last() == this);
     177    m_globalObject->activeExecStates().removeLast();
    196178}
    197179
     
    201183    : ExecState(globalObject, thisObject, functionBodyNode, callingExec, func, args)
    202184{
    203     inlineActiveExecStates().append(this);
     185    m_globalObject->activeExecStates().append(this);
    204186}
    205187
    206188FunctionExecState::~FunctionExecState()
    207189{
    208     ASSERT(inlineActiveExecStates().last() == this);
    209     inlineActiveExecStates().removeLast();
     190    ASSERT(m_globalObject->activeExecStates().last() == this);
     191    m_globalObject->activeExecStates().removeLast();
    210192
    211193    if (m_activation->needsPop())
Note: See TracChangeset for help on using the changeset viewer.