Changeset 98302 in webkit for trunk/Source/JavaScriptCore/heap


Ignore:
Timestamp:
Oct 24, 2011, 5:21:29 PM (14 years ago)
Author:
[email protected]
Message:

Crash in void JSC::validateCell<JSC::RegExp*>(JSC::RegExp*)
https://bugs.webkit.org/show_bug.cgi?id=70689

Reviewed by Filip Pizlo.

While performing codegen we need to make the GlobalData explicitly
aware of the codeblock being compiled, as compilation may trigger GC
and CodeBlock holds GC values, but has not yet been assigned to its
owner executable.

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::~BytecodeGenerator):

  • bytecompiler/BytecodeGenerator.h:
  • heap/AllocationSpace.cpp:

(JSC::AllocationSpace::allocateSlowCase):

  • heap/Heap.cpp:

(JSC::Heap::markRoots):

  • runtime/JSGlobalData.cpp:

(JSC::JSGlobalData::JSGlobalData):

  • runtime/JSGlobalData.h:

(JSC::JSGlobalData::startedCompiling):
(JSC::JSGlobalData::finishedCompiling):

Location:
trunk/Source/JavaScriptCore/heap
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/heap/AllocationSpace.cpp

    r96432 r98302  
    4545{
    4646#if COLLECT_ON_EVERY_ALLOCATION
    47     collectAllGarbage();
     47    m_heap->collectAllGarbage();
    4848    ASSERT(m_heap->m_operationInProgress == NoOperation);
    4949#endif

  • trunk/Source/JavaScriptCore/heap/Heap.cpp

    r97642 r98302  
    601601    }
    602602#endif
    603 
     603   
     604    if (CodeBlock* codeBlock = m_globalData->codeBlockBeingCompiled) {
     605        GCPHASE(VisitActiveCodeBlock);
     606        codeBlock->visitAggregate(visitor);
     607    }
     608   
    604609    {
    605610        GCPHASE(VisitMachineRoots);
Note: See TracChangeset for help on using the changeset viewer.