Changeset 34946 in webkit for trunk/JavaScriptCore/kjs

Timestamp:

Jul 1, 2008, 11:35:03 PM (17 years ago)

Author:

[email protected]

Message:

Reviewed by Darin.

​https://bugs.webkit.org/show_bug.cgi?id=19834
Failed assertion in JavaScriptCore/VM/SegmentedVector.h:82

Creating a global object with a custom prototype resets it twice (wasteful!).
So, addStaticGlobals() was called twice, but JSGlobalObject::reset() didn't reset
the register array.

• kjs/JSGlobalObject.cpp: (KJS::JSGlobalObject::reset): Call setRegisterArray(0, 0).

• kjs/JSVariableObject.h: Changed registerArray to OwnArrayPtr. Also, added private copy constructor and operator= to ensure that no one attempts to copy this object (for whatever reason, I couldn't make Noncopyable work).

• kjs/JSGlobalObject.h: (KJS::JSGlobalObject::addStaticGlobals): Allocate registerArray with new[].

• kjs/JSVariableObject.cpp: (KJS::JSVariableObject::copyRegisterArray): Allocate registerArray with new[]. (KJS::JSVariableObject::setRegisterArray): Avoid hitting an assertion in OwnArrayPtr when "changing" the value from 0 to 0.

Location:

trunk/JavaScriptCore/kjs

Files:

• JSGlobalObject.cpp (modified) (1 diff)
• JSGlobalObject.h (modified) (1 diff)
• JSVariableObject.cpp (modified) (3 diffs)
• JSVariableObject.h (modified) (2 diffs)

trunk/JavaScriptCore/kjs/JSGlobalObject.cpp

@@ -175 +175 @@
     _prop.clear();
     symbolTable().clear();
+    setRegisterArray(0, 0);
 
     // Prototypes

trunk/JavaScriptCore/kjs/JSGlobalObject.h

@@ -260 +260 @@
     {
         size_t registerArraySize = d()->registerArraySize;
-        Register* registerArray = static_cast<Register*>(fastMalloc((registerArraySize + count) * sizeof(Register)));
+        Register* registerArray = new Register[registerArraySize + count];
         if (d()->registerArray)
             memcpy(registerArray + count, d()->registerArray.get(), registerArraySize * sizeof(Register));

trunk/JavaScriptCore/kjs/JSVariableObject.cpp

@@ -68 +68 @@
     JSObject::mark();
 
-    if(!d->registerArray)
+    if (!d->registerArray)
         return;
     
@@ -88 +88 @@
     ASSERT(!d->registerArray);
 
-    Register* registerArray = static_cast<Register*>(fastMalloc(count * sizeof(Register)));
+    Register* registerArray = new Register[count];
     memcpy(registerArray, src, count * sizeof(Register));
 
@@ -96 +96 @@
 void JSVariableObject::setRegisterArray(Register* registerArray, size_t count)
 {
-    d->registerArray.set(registerArray);
+    if (registerArray != d->registerArray.get())
+        d->registerArray.set(registerArray);
     d->registerArraySize = count;
     d->registers = registerArray + count;

trunk/JavaScriptCore/kjs/JSVariableObject.h

@@ -34 +34 @@
 #include "SymbolTable.h"
 #include "UnusedParam.h"
-#include <wtf/OwnPtr.h>
+#include <wtf/OwnArrayPtr.h>
 #include <wtf/UnusedParam.h>
 
@@ -70 +70 @@
                 ASSERT(symbolTable_);
             }
-            
+
             SymbolTable* symbolTable; // Maps name -> offset from "r" in register file.
             Register* registers; // Pointers to the register past the end of local storage. (Local storage indexes are negative.)
-            OwnPtr<Register> registerArray; // Independent copy of registers, used when a variable object copies its registers out of the register file.
+            OwnArrayPtr<Register> registerArray; // Independent copy of registers, used when a variable object copies its registers out of the register file.
             size_t registerArraySize;
+
+        private:
+            JSVariableObjectData(const JSVariableObjectData&);
+            JSVariableObjectData& operator=(const JSVariableObjectData&);
         };