[SCM] WebKit Debian packaging branch, webkit-1.1, updated. upstream/1.1.19-706-ge5415e9

ggaren at apple.com ggaren at apple.com
Thu Feb 4 21:22:11 UTC 2010 

The following commit has been merged in the webkit-1.1 branch:
commit d5c184ed80bcd5a06f60015ed97bf919259b1dc3
Author: ggaren at apple.com <ggaren at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Wed Jan 20 23:30:02 2010 +0000

    <rdar://problem/7562708> REGRESSION(53460): Heap::destroy may not run
    all destructors
    
    Reviewed by Oliver Hunt.
    
    * runtime/Collector.cpp:
    (JSC::Heap::freeBlocks): Instead of fully marking protected objects,
    just set their mark bits. This prevents protected objects from keeping
    unprotected objects alive. Destructor order is not guaranteed, so it's
    OK to destroy objects pointed to by protected objects before destroying
    protected objects.
    
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@53572 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/JavaScriptCore/ChangeLog b/JavaScriptCore/ChangeLog
index deba3e0..7bdb50c 100644
--- a/JavaScriptCore/ChangeLog
+++ b/JavaScriptCore/ChangeLog
@@ -1,3 +1,17 @@
+2010-01-20  Geoffrey Garen  <ggaren at apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        <rdar://problem/7562708> REGRESSION(53460): Heap::destroy may not run
+        all destructors
+
+        * runtime/Collector.cpp:
+        (JSC::Heap::freeBlocks): Instead of fully marking protected objects,
+        just set their mark bits. This prevents protected objects from keeping
+        unprotected objects alive. Destructor order is not guaranteed, so it's
+        OK to destroy objects pointed to by protected objects before destroying
+        protected objects.
+
 2010-01-19  David Levin  <levin at chromium.org>
 
         Reviewed by Oliver Hunt.
diff --git a/JavaScriptCore/runtime/Collector.cpp b/JavaScriptCore/runtime/Collector.cpp
index e02c289..63139a2 100644
--- a/JavaScriptCore/runtime/Collector.cpp
+++ b/JavaScriptCore/runtime/Collector.cpp
@@ -337,7 +337,9 @@ void Heap::freeBlocks()
     ProtectCountSet protectedValuesCopy = m_protectedValues;
 
     clearMarkBits();
-    markProtectedObjects(m_globalData->markStack);
+    ProtectCountSet::iterator protectedValuesEnd = protectedValuesCopy.end();
+    for (ProtectCountSet::iterator it = protectedValuesCopy.begin(); it != protectedValuesEnd; ++it)
+        markCell(it->first);
 
     m_heap.nextCell = 0;
     m_heap.nextBlock = 0;
@@ -348,9 +350,9 @@ void Heap::freeBlocks()
 
     ASSERT(!protectedObjectCount());
 
-    ProtectCountSet::iterator protectedValuesEnd = protectedValuesCopy.end();
-    for (ProtectCountSet::iterator protectedValuesIt = protectedValuesCopy.begin(); protectedValuesIt != protectedValuesEnd; ++protectedValuesIt)
-        protectedValuesIt->first->~JSCell();
+    protectedValuesEnd = protectedValuesCopy.end();
+    for (ProtectCountSet::iterator it = protectedValuesCopy.begin(); it != protectedValuesEnd; ++it)
+        it->first->~JSCell();
 
     for (size_t block = 0; block < m_heap.usedBlocks; ++block)
         freeBlockPtr(m_heap.blocks[block]);

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list