Changeset 44844 in webkit for trunk/JavaScriptCore/runtime/JSFunction.cpp

Timestamp:

Jun 19, 2009, 12:10:49 AM (16 years ago)

Author:

[email protected]

Message:

Bug 26532: Native functions do not correctly unlink from optimised callsites when they're collected
<​https://bugs.webkit.org/show_bug.cgi?id=26532> <rdar://problem/6625385>

Reviewed by Gavin "Viceroy of Venezuela" Barraclough.

We need to make sure that each native function instance correctly unlinks any references to it
when it is collected. Allowing this to happen required a few changes:

• Every native function needs a codeblock to track the link information
• To have this codeblock, every function now also needs its own functionbodynode so we no longer get to have a single shared instance.
• Identifying a host function is now done by looking for CodeBlock::codeType() == NativeCode

File:

• trunk/JavaScriptCore/runtime/JSFunction.cpp (modified) (3 diffs)

trunk/JavaScriptCore/runtime/JSFunction.cpp

@@ -49 +49 @@
     : Base(&exec->globalData(), structure, name)
 #if ENABLE(JIT)
-    , m_body(exec->globalData().nativeFunctionThunk())
+    , m_body(FunctionBodyNode::createNativeThunk(&exec->globalData()))
 #else
     , m_body(0)
@@ -77 +77 @@
     // are based on a check for the this pointer value for this JSFunction - which will no longer be valid once
     // this memory is freed and may be reused (potentially for another, different JSFunction).
-    if (!isHostFunction()) {
-        if (m_body && m_body->isGenerated())
-            m_body->generatedBytecode().unlinkCallers();
+    if (m_body && m_body->isGenerated())
+        m_body->generatedBytecode().unlinkCallers();
+    if (!isHostFunction())
         scopeChain().~ScopeChain();
-    }
-    
 #endif
 }
@@ -89 +87 @@
 {
     Base::mark();
-    if (!isHostFunction()) {
-        m_body->mark();
+    m_body->mark();
+    if (!isHostFunction())
         scopeChain().mark();
-    }
 }