Changeset 31167 in webkit for trunk/JavaScriptCore/kjs/collector.cpp

Timestamp:

Mar 19, 2008, 6:00:15 PM (17 years ago)

Author:

[email protected]

Message:

JavaScriptCore:

2008-03-19 Sam Weinig <​[email protected]>

Reviewed by Anders Carlsson.

Fix for <rdar://problem/5785694>
Crash occurs at KJS::Collector::collect() when loading web clip widgets with a PAC file

Make the activeExecStates stack per JSGlobalObject instead of static to ensure
thread safety.

• JavaScriptCore.exp:
• kjs/ExecState.cpp: (KJS::InterpreterExecState::InterpreterExecState): (KJS::InterpreterExecState::~InterpreterExecState): (KJS::EvalExecState::EvalExecState): (KJS::EvalExecState::~EvalExecState): (KJS::FunctionExecState::FunctionExecState): (KJS::FunctionExecState::~FunctionExecState):
• kjs/ExecState.h: (KJS::):
• kjs/JSGlobalObject.cpp: (KJS::JSGlobalObject::mark):
• kjs/JSGlobalObject.h: (KJS::JSGlobalObject::activeExecStates):
• kjs/collector.cpp: (KJS::Collector::collect): (KJS::Collector::reportOutOfMemoryToAllExecStates): Iterate all JSGlobalObjects and report the OutOfMemory condition to all the ExecStates in each.

WebCore:

2008-03-19 Sam Weinig <​[email protected]>

Reviewed by Anders Carlsson.

Fix for <rdar://problem/5785694>
Crash occurs at KJS::Collector::collect() when loading web clip widgets with a PAC file

Make the activeExecStates stack per JSGlobalObject instead of static to ensure
thread safety.

• bindings/objc/WebScriptObject.mm: (+[WebScriptObject throwException:]): Change to throw an exception on the current GlobalObject instead of the top of the static activeExecStates stack. (-[WebScriptObject setException:]): Change to use the top of the rootObjects GlobalObject instead of the top of the static activeExecStates stack.

• bridge/c/c_instance.cpp:
• bridge/c/c_instance.h:
• bridge/jni/jni_instance.cpp: (JavaInstance::virtualBegin): (JavaInstance::virtualEnd):
• bridge/jni/jni_instance.h:
• bridge/objc/objc_instance.h:
• bridge/objc/objc_instance.mm: (ObjcInstance::~ObjcInstance): (ObjcInstance::virtualBegin): (ObjcInstance::virtualEnd):
• bridge/runtime.cpp: (KJS::Bindings::Instance::setDidExecuteFunction): (KJS::Bindings::Instance::didExecuteFunction): (KJS::Bindings::Instance::setCurrentGlobalObject): Added. (KJS::Bindings::Instance::currentGlobalObject): Added. (KJS::Bindings::Instance::begin): (KJS::Bindings::Instance::end):
• bridge/runtime.h: (KJS::Bindings::Instance::virtualBegin): Renamed from begin(). (KJS::Bindings::Instance::virtualEnd): Renamed from end(). We now store the currently active globalObject everytime we cross the runtime object boundary. To do this, we take advantage of the existing begin/end methods that are called when crossing this boundary, making begin set the current globalObject and then call the old begin, now called virtualBegin.

File:

• trunk/JavaScriptCore/kjs/collector.cpp (modified) (2 diffs)

trunk/JavaScriptCore/kjs/collector.cpp

@@ -936 +936 @@
   markStackObjectsConservatively();
   markProtectedObjects();
-  ExecState::markActiveExecStates();
   List::markProtectedLists();
 #if USE(MULTIPLE_THREADS)
@@ -1046 +1045 @@
 void Collector::reportOutOfMemoryToAllExecStates()
 {
-    ExecStateStack::const_iterator end = ExecState::activeExecStates().end();
-    for (ExecStateStack::const_iterator it = ExecState::activeExecStates().begin(); it != end; ++it) {
-        (*it)->setException(Error::create(*it, GeneralError, "Out of memory"));
-    }
+    if (!JSGlobalObject::head())
+        return;
+
+    JSGlobalObject* globalObject = JSGlobalObject::head();
+    do {
+        ExecStateStack::const_iterator end = globalObject->activeExecStates().end();
+        for (ExecStateStack::const_iterator it = globalObject->activeExecStates().begin(); it != end; ++it)
+            (*it)->setException(Error::create(*it, GeneralError, "Out of memory"));
+        globalObject = globalObject->next();
+    } while (globalObject != JSGlobalObject::head());
 }