Changeset 76100 in webkit for trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp

Timestamp:

Jan 18, 2011, 8:33:12 PM (14 years ago)

Author:

[email protected]

Message:

2011-01-18 Kenneth Russell <​[email protected]>

Unreviewed, rolling out r76078.
​http://trac.webkit.org/changeset/76078
​https://bugs.webkit.org/show_bug.cgi?id=52668

Caused crashes of fast/canvas/webgl/constants.html,
fast/canvas/webgl/gl-enum-tests.html, and possibly other layout
test crashes in Release mode. WebGL crashes were observed with
"run-webkit-tests fast/canvas/webgl". It was necessary to run
multiple tests to provoke the crash.

• interpreter/RegisterFile.h: (JSC::RegisterFile::markGlobals):
• runtime/JSActivation.cpp: (JSC::JSActivation::markChildren):
• runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::markChildren):

File:

• trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp (modified) (2 diffs)

trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp

@@ -350 +350 @@
         (*it)->markAggregate(markStack);
 
+    RegisterFile& registerFile = globalData().interpreter->registerFile();
+    if (registerFile.globalObject() == this)
+        registerFile.markGlobals(markStack, &globalData().heap);
+
     markIfNeeded(markStack, d()->regExpConstructor);
     markIfNeeded(markStack, d()->errorConstructor);
@@ -394 +398 @@
     // guaranteed to be referenced elsewhere.
 
-    markStack.appendValues(d()->registers - symbolTable().size(), symbolTable().size());
+    Register* registerArray = d()->registerArray.get();
+    if (!registerArray)
+        return;
+
+    size_t size = d()->registerArraySize;
+    markStack.appendValues(reinterpret_cast<JSValue*>(registerArray), size);
 }