[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc

ggaren at apple.com ggaren at apple.com
Wed Dec 22 11:41:28 UTC 2010 

The following commit has been merged in the debian/experimental branch:
commit 652ada999e374dbd8de6212f64625948b92a741e
Author: ggaren at apple.com <ggaren at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Tue Aug 3 22:55:34 2010 +0000

    Fixed a crash seen on the GTK 64bit buildbot.
    
    Reviewed by Oliver Hunt.
    
    When JSArray is allocated for the vptr stealing hack, it's not allocated
    in the heap, so the JSArray constructor can't safely call Heap::heap().
    
    Since this was subtle enough to confuse smart people, I've changed JSArray
    to have an explicit vptr stealing constructor.
    
    * JavaScriptCore.xcodeproj/project.pbxproj:
    * runtime/JSArray.cpp:
    (JSC::JSArray::JSArray):
    * runtime/JSArray.h:
    (JSC::JSArray::):
    * runtime/JSGlobalData.cpp:
    (JSC::JSGlobalData::storeVPtrs):
    
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@64602 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/JavaScriptCore/ChangeLog b/JavaScriptCore/ChangeLog
index 291584f..502fee7 100644
--- a/JavaScriptCore/ChangeLog
+++ b/JavaScriptCore/ChangeLog
@@ -1,3 +1,23 @@
+2010-08-03  Geoffrey Garen  <ggaren at apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Fixed a crash seen on the GTK 64bit buildbot.
+        
+        When JSArray is allocated for the vptr stealing hack, it's not allocated
+        in the heap, so the JSArray constructor can't safely call Heap::heap().
+        
+        Since this was subtle enough to confuse smart people, I've changed JSArray
+        to have an explicit vptr stealing constructor.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * runtime/JSArray.cpp:
+        (JSC::JSArray::JSArray):
+        * runtime/JSArray.h:
+        (JSC::JSArray::):
+        * runtime/JSGlobalData.cpp:
+        (JSC::JSGlobalData::storeVPtrs):
+
 2010-08-03  Alex Milowski  <alex at milowski.com>
 
         Reviewed by Beth Dakin.
diff --git a/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj b/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
index ffd6601..4616e47 100644
--- a/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
+++ b/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
@@ -2293,7 +2293,6 @@
 			isa = PBXProject;
 			buildConfigurationList = 149C277108902AFE008A9EFC /* Build configuration list for PBXProject "JavaScriptCore" */;
 			compatibilityVersion = "Xcode 2.4";
-			developmentRegion = English;
 			hasScannedForEncodings = 1;
 			knownRegions = (
 				English,
diff --git a/JavaScriptCore/runtime/JSArray.cpp b/JavaScriptCore/runtime/JSArray.cpp
index 8ca6617..ffae5ca 100644
--- a/JavaScriptCore/runtime/JSArray.cpp
+++ b/JavaScriptCore/runtime/JSArray.cpp
@@ -126,6 +126,24 @@ inline void JSArray::checkConsistency(ConsistencyCheckType)
 
 #endif
 
+JSArray::JSArray(VPtrStealingHackType)
+    : JSObject(createStructure(jsNull()))
+{
+    unsigned initialCapacity = 0;
+
+    ArrayStorage* storage = static_cast<ArrayStorage*>(fastZeroedMalloc(storageSize(initialCapacity)));
+    storage->m_allocBase = storage;
+    m_indexBias = 0;
+    setArrayStorage(storage);
+    m_vectorLength = initialCapacity;
+
+    checkConsistency();
+    
+    // It's not safe to call Heap::heap(this) in order to report extra memory
+    // cost here, because the VPtrStealingHackType JSArray is not allocated on
+    // the heap. For the same reason, it's OK not to report extra cost.
+}
+
 JSArray::JSArray(NonNullPassRefPtr<Structure> structure)
     : JSObject(structure)
 {
diff --git a/JavaScriptCore/runtime/JSArray.h b/JavaScriptCore/runtime/JSArray.h
index d6b9b8b..6ad823e 100644
--- a/JavaScriptCore/runtime/JSArray.h
+++ b/JavaScriptCore/runtime/JSArray.h
@@ -62,6 +62,9 @@ namespace JSC {
         friend class Walker;
 
     public:
+        enum VPtrStealingHackType { VPtrStealingHack };
+        JSArray(VPtrStealingHackType);
+
         explicit JSArray(NonNullPassRefPtr<Structure>);
         JSArray(NonNullPassRefPtr<Structure>, unsigned initialLength, ArrayCreationMode);
         JSArray(NonNullPassRefPtr<Structure>, const ArgList& initialValues);
diff --git a/JavaScriptCore/runtime/JSGlobalData.cpp b/JavaScriptCore/runtime/JSGlobalData.cpp
index 065cbe1..abb2db2 100644
--- a/JavaScriptCore/runtime/JSGlobalData.cpp
+++ b/JavaScriptCore/runtime/JSGlobalData.cpp
@@ -85,7 +85,7 @@ void JSGlobalData::storeVPtrs()
     void* storage = &cell;
 
     COMPILE_ASSERT(sizeof(JSArray) <= sizeof(CollectorCell), sizeof_JSArray_must_be_less_than_CollectorCell);
-    JSCell* jsArray = new (storage) JSArray(JSArray::createStructure(jsNull()));
+    JSCell* jsArray = new (storage) JSArray(JSArray::VPtrStealingHack);
     JSGlobalData::jsArrayVPtr = jsArray->vptr();
     jsArray->~JSCell();
 

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list