Changeset 34946 in webkit for trunk/JavaScriptCore/kjs/JSVariableObject.cpp

Timestamp:

Jul 1, 2008, 11:35:03 PM (17 years ago)

Author:

[email protected]

Message:

Reviewed by Darin.

​https://bugs.webkit.org/show_bug.cgi?id=19834
Failed assertion in JavaScriptCore/VM/SegmentedVector.h:82

Creating a global object with a custom prototype resets it twice (wasteful!).
So, addStaticGlobals() was called twice, but JSGlobalObject::reset() didn't reset
the register array.

• kjs/JSGlobalObject.cpp: (KJS::JSGlobalObject::reset): Call setRegisterArray(0, 0).

• kjs/JSVariableObject.h: Changed registerArray to OwnArrayPtr. Also, added private copy constructor and operator= to ensure that no one attempts to copy this object (for whatever reason, I couldn't make Noncopyable work).

• kjs/JSGlobalObject.h: (KJS::JSGlobalObject::addStaticGlobals): Allocate registerArray with new[].

• kjs/JSVariableObject.cpp: (KJS::JSVariableObject::copyRegisterArray): Allocate registerArray with new[]. (KJS::JSVariableObject::setRegisterArray): Avoid hitting an assertion in OwnArrayPtr when "changing" the value from 0 to 0.

File:

• trunk/JavaScriptCore/kjs/JSVariableObject.cpp (modified) (3 diffs)

trunk/JavaScriptCore/kjs/JSVariableObject.cpp

@@ -68 +68 @@
     JSObject::mark();
 
-    if(!d->registerArray)
+    if (!d->registerArray)
         return;
     
@@ -88 +88 @@
     ASSERT(!d->registerArray);
 
-    Register* registerArray = static_cast<Register*>(fastMalloc(count * sizeof(Register)));
+    Register* registerArray = new Register[count];
     memcpy(registerArray, src, count * sizeof(Register));
 
@@ -96 +96 @@
 void JSVariableObject::setRegisterArray(Register* registerArray, size_t count)
 {
-    d->registerArray.set(registerArray);
+    if (registerArray != d->registerArray.get())
+        d->registerArray.set(registerArray);
     d->registerArraySize = count;
     d->registers = registerArray + count;