[SCM] WebKit Debian packaging branch, webkit-1.1, updated. upstream/1.1.19-706-ge5415e9
ggaren at apple.com
ggaren at apple.com
Thu Feb 4 21:22:11 UTC 2010
The following commit has been merged in the webkit-1.1 branch:
commit d5c184ed80bcd5a06f60015ed97bf919259b1dc3
Author: ggaren at apple.com <ggaren at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Wed Jan 20 23:30:02 2010 +0000
<rdar://problem/7562708> REGRESSION(53460): Heap::destroy may not run
all destructors
Reviewed by Oliver Hunt.
* runtime/Collector.cpp:
(JSC::Heap::freeBlocks): Instead of fully marking protected objects,
just set their mark bits. This prevents protected objects from keeping
unprotected objects alive. Destructor order is not guaranteed, so it's
OK to destroy objects pointed to by protected objects before destroying
protected objects.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@53572 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/JavaScriptCore/ChangeLog b/JavaScriptCore/ChangeLog
index deba3e0..7bdb50c 100644
--- a/JavaScriptCore/ChangeLog
+++ b/JavaScriptCore/ChangeLog
@@ -1,3 +1,17 @@
+2010-01-20 Geoffrey Garen <ggaren at apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ <rdar://problem/7562708> REGRESSION(53460): Heap::destroy may not run
+ all destructors
+
+ * runtime/Collector.cpp:
+ (JSC::Heap::freeBlocks): Instead of fully marking protected objects,
+ just set their mark bits. This prevents protected objects from keeping
+ unprotected objects alive. Destructor order is not guaranteed, so it's
+ OK to destroy objects pointed to by protected objects before destroying
+ protected objects.
+
2010-01-19 David Levin <levin at chromium.org>
Reviewed by Oliver Hunt.
diff --git a/JavaScriptCore/runtime/Collector.cpp b/JavaScriptCore/runtime/Collector.cpp
index e02c289..63139a2 100644
--- a/JavaScriptCore/runtime/Collector.cpp
+++ b/JavaScriptCore/runtime/Collector.cpp
@@ -337,7 +337,9 @@ void Heap::freeBlocks()
ProtectCountSet protectedValuesCopy = m_protectedValues;
clearMarkBits();
- markProtectedObjects(m_globalData->markStack);
+ ProtectCountSet::iterator protectedValuesEnd = protectedValuesCopy.end();
+ for (ProtectCountSet::iterator it = protectedValuesCopy.begin(); it != protectedValuesEnd; ++it)
+ markCell(it->first);
m_heap.nextCell = 0;
m_heap.nextBlock = 0;
@@ -348,9 +350,9 @@ void Heap::freeBlocks()
ASSERT(!protectedObjectCount());
- ProtectCountSet::iterator protectedValuesEnd = protectedValuesCopy.end();
- for (ProtectCountSet::iterator protectedValuesIt = protectedValuesCopy.begin(); protectedValuesIt != protectedValuesEnd; ++protectedValuesIt)
- protectedValuesIt->first->~JSCell();
+ protectedValuesEnd = protectedValuesCopy.end();
+ for (ProtectCountSet::iterator it = protectedValuesCopy.begin(); it != protectedValuesEnd; ++it)
+ it->first->~JSCell();
for (size_t block = 0; block < m_heap.usedBlocks; ++block)
freeBlockPtr(m_heap.blocks[block]);
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list