Diff
Modified: trunk/Source/_javascript_Core/API/JSAPIWrapperObject.mm (210823 => 210824)
--- trunk/Source/_javascript_Core/API/JSAPIWrapperObject.mm 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/_javascript_Core/API/JSAPIWrapperObject.mm 2017-01-17 20:25:36 UTC (rev 210824)
@@ -48,7 +48,7 @@
void JSAPIWrapperObjectHandleOwner::finalize(JSC::Handle<JSC::Unknown> handle, void*)
{
- JSC::JSAPIWrapperObject* wrapperObject = static_cast<JSC::JSAPIWrapperObject*>(handle.get().asCell());
+ JSC::JSAPIWrapperObject* wrapperObject = JSC::jsCast<JSC::JSAPIWrapperObject*>(handle.get().asCell());
if (!wrapperObject->wrappedObject())
return;
Modified: trunk/Source/_javascript_Core/API/JSCallbackObject.h (210823 => 210824)
--- trunk/Source/_javascript_Core/API/JSCallbackObject.h 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/_javascript_Core/API/JSCallbackObject.h 2017-01-17 20:25:36 UTC (rev 210824)
@@ -232,7 +232,6 @@
static EncodedJSValue callbackGetter(ExecState*, EncodedJSValue, PropertyName);
std::unique_ptr<JSCallbackObjectData> m_callbackObjectData;
- const ClassInfo* m_classInfo;
};
} // namespace JSC
Modified: trunk/Source/_javascript_Core/API/JSCallbackObjectFunctions.h (210823 => 210824)
--- trunk/Source/_javascript_Core/API/JSCallbackObjectFunctions.h 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/_javascript_Core/API/JSCallbackObjectFunctions.h 2017-01-17 20:25:36 UTC (rev 210824)
@@ -74,17 +74,11 @@
template <class Parent>
JSCallbackObject<Parent>::~JSCallbackObject()
{
- VM* vm = this->HeapCell::vm();
- vm->currentlyDestructingCallbackObject = this;
- ASSERT(m_classInfo);
- vm->currentlyDestructingCallbackObjectClassInfo = m_classInfo;
JSObjectRef thisRef = toRef(static_cast<JSObject*>(this));
for (JSClassRef jsClass = classRef(); jsClass; jsClass = jsClass->parentClass) {
if (JSObjectFinalizeCallback finalize = jsClass->finalize)
finalize(thisRef);
}
- vm->currentlyDestructingCallbackObject = nullptr;
- vm->currentlyDestructingCallbackObjectClassInfo = nullptr;
}
template <class Parent>
@@ -123,8 +117,6 @@
JSObjectInitializeCallback initialize = initRoutines[i];
initialize(toRef(exec), toRef(this));
}
-
- m_classInfo = this->classInfo();
}
template <class Parent>
Modified: trunk/Source/_javascript_Core/API/JSObjectRef.cpp (210823 => 210824)
--- trunk/Source/_javascript_Core/API/JSObjectRef.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/_javascript_Core/API/JSObjectRef.cpp 2017-01-17 20:25:36 UTC (rev 210824)
@@ -380,38 +380,21 @@
return result;
}
-// API objects have private properties, which may get accessed during destruction. This
-// helper lets us get the ClassInfo of an API object from a function that may get called
-// during destruction.
-static const ClassInfo* classInfoPrivate(JSObject* jsObject)
-{
- VM* vm = jsObject->vm();
-
- if (vm->currentlyDestructingCallbackObject != jsObject)
- return jsObject->classInfo();
-
- return vm->currentlyDestructingCallbackObjectClassInfo;
-}
-
void* JSObjectGetPrivate(JSObjectRef object)
{
JSObject* jsObject = uncheckedToJS(object);
- const ClassInfo* classInfo = classInfoPrivate(jsObject);
-
// Get wrapped object if proxied
- if (classInfo->isSubClassOf(JSProxy::info())) {
- jsObject = static_cast<JSProxy*>(jsObject)->target();
- classInfo = jsObject->classInfo();
- }
+ if (jsObject->inherits(JSProxy::info()))
+ jsObject = jsCast<JSProxy*>(jsObject)->target();
- if (classInfo->isSubClassOf(JSCallbackObject<JSGlobalObject>::info()))
- return static_cast<JSCallbackObject<JSGlobalObject>*>(jsObject)->getPrivate();
- if (classInfo->isSubClassOf(JSCallbackObject<JSDestructibleObject>::info()))
- return static_cast<JSCallbackObject<JSDestructibleObject>*>(jsObject)->getPrivate();
+ if (jsObject->inherits(JSCallbackObject<JSGlobalObject>::info()))
+ return jsCast<JSCallbackObject<JSGlobalObject>*>(jsObject)->getPrivate();
+ if (jsObject->inherits(JSCallbackObject<JSDestructibleObject>::info()))
+ return jsCast<JSCallbackObject<JSDestructibleObject>*>(jsObject)->getPrivate();
#if JSC_OBJC_API_ENABLED
- if (classInfo->isSubClassOf(JSCallbackObject<JSAPIWrapperObject>::info()))
- return static_cast<JSCallbackObject<JSAPIWrapperObject>*>(jsObject)->getPrivate();
+ if (jsObject->inherits(JSCallbackObject<JSAPIWrapperObject>::info()))
+ return jsCast<JSCallbackObject<JSAPIWrapperObject>*>(jsObject)->getPrivate();
#endif
return 0;
@@ -421,24 +404,20 @@
{
JSObject* jsObject = uncheckedToJS(object);
- const ClassInfo* classInfo = classInfoPrivate(jsObject);
-
// Get wrapped object if proxied
- if (classInfo->isSubClassOf(JSProxy::info())) {
+ if (jsObject->inherits(JSProxy::info()))
jsObject = jsCast<JSProxy*>(jsObject)->target();
- classInfo = jsObject->classInfo();
- }
- if (classInfo->isSubClassOf(JSCallbackObject<JSGlobalObject>::info())) {
+ if (jsObject->inherits(JSCallbackObject<JSGlobalObject>::info())) {
jsCast<JSCallbackObject<JSGlobalObject>*>(jsObject)->setPrivate(data);
return true;
}
- if (classInfo->isSubClassOf(JSCallbackObject<JSDestructibleObject>::info())) {
+ if (jsObject->inherits(JSCallbackObject<JSDestructibleObject>::info())) {
jsCast<JSCallbackObject<JSDestructibleObject>*>(jsObject)->setPrivate(data);
return true;
}
#if JSC_OBJC_API_ENABLED
- if (classInfo->isSubClassOf(JSCallbackObject<JSAPIWrapperObject>::info())) {
+ if (jsObject->inherits(JSCallbackObject<JSAPIWrapperObject>::info())) {
jsCast<JSCallbackObject<JSAPIWrapperObject>*>(jsObject)->setPrivate(data);
return true;
}
Modified: trunk/Source/_javascript_Core/ChangeLog (210823 => 210824)
--- trunk/Source/_javascript_Core/ChangeLog 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/_javascript_Core/ChangeLog 2017-01-17 20:25:36 UTC (rev 210824)
@@ -1,3 +1,73 @@
+2017-01-17 Filip Pizlo <[email protected]>
+
+ Unreviewed, roll out http://trac.webkit.org/changeset/210821
+ It was causing crashes.
+
+ * API/JSAPIWrapperObject.mm:
+ (JSAPIWrapperObjectHandleOwner::finalize):
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::JSCallbackObject<Parent>::~JSCallbackObject):
+ (JSC::JSCallbackObject<Parent>::init):
+ * API/JSObjectRef.cpp:
+ (JSObjectGetPrivate):
+ (JSObjectSetPrivate):
+ (classInfoPrivate): Deleted.
+ * bytecode/EvalCodeBlock.cpp:
+ (JSC::EvalCodeBlock::destroy):
+ * bytecode/FunctionCodeBlock.cpp:
+ (JSC::FunctionCodeBlock::destroy):
+ * bytecode/ModuleProgramCodeBlock.cpp:
+ (JSC::ModuleProgramCodeBlock::destroy):
+ * bytecode/ProgramCodeBlock.cpp:
+ (JSC::ProgramCodeBlock::destroy):
+ * bytecode/UnlinkedEvalCodeBlock.cpp:
+ (JSC::UnlinkedEvalCodeBlock::destroy):
+ * bytecode/UnlinkedFunctionCodeBlock.cpp:
+ (JSC::UnlinkedFunctionCodeBlock::destroy):
+ * bytecode/UnlinkedFunctionExecutable.cpp:
+ (JSC::UnlinkedFunctionExecutable::destroy):
+ * bytecode/UnlinkedModuleProgramCodeBlock.cpp:
+ (JSC::UnlinkedModuleProgramCodeBlock::destroy):
+ * bytecode/UnlinkedProgramCodeBlock.cpp:
+ (JSC::UnlinkedProgramCodeBlock::destroy):
+ * heap/CodeBlockSet.cpp:
+ (JSC::CodeBlockSet::lastChanceToFinalize):
+ (JSC::CodeBlockSet::deleteUnmarkedAndUnreferenced):
+ * heap/MarkedAllocator.cpp:
+ (JSC::MarkedAllocator::allocateSlowCaseImpl):
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::Handle::sweep):
+ * jit/JITThunks.cpp:
+ (JSC::JITThunks::finalize):
+ * runtime/AbstractModuleRecord.cpp:
+ (JSC::AbstractModuleRecord::destroy):
+ * runtime/ExecutableBase.cpp:
+ (JSC::ExecutableBase::clearCode):
+ * runtime/JSCellInlines.h:
+ (JSC::JSCell::classInfo):
+ (JSC::JSCell::callDestructor):
+ * runtime/JSLock.h:
+ (JSC::JSLock::exclusiveThread):
+ (JSC::JSLock::ownerThread): Deleted.
+ * runtime/JSModuleNamespaceObject.cpp:
+ (JSC::JSModuleNamespaceObject::destroy):
+ * runtime/JSModuleRecord.cpp:
+ (JSC::JSModuleRecord::destroy):
+ * runtime/JSPropertyNameEnumerator.cpp:
+ (JSC::JSPropertyNameEnumerator::destroy):
+ * runtime/JSSegmentedVariableObject.h:
+ * runtime/SymbolTable.cpp:
+ (JSC::SymbolTable::destroy):
+ * runtime/VM.h:
+ * wasm/js/JSWebAssemblyCallee.cpp:
+ (JSC::JSWebAssemblyCallee::destroy):
+ * wasm/js/WebAssemblyModuleRecord.cpp:
+ (JSC::WebAssemblyModuleRecord::destroy):
+ * wasm/js/WebAssemblyToJSCallee.cpp:
+ (JSC::WebAssemblyToJSCallee::WebAssemblyToJSCallee):
+ (JSC::WebAssemblyToJSCallee::destroy):
+
2017-01-16 Filip Pizlo <[email protected]>
JSCell::classInfo() shouldn't have a bunch of mitigations for being called during destruction
Modified: trunk/Source/_javascript_Core/bytecode/EvalCodeBlock.cpp (210823 => 210824)
--- trunk/Source/_javascript_Core/bytecode/EvalCodeBlock.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/_javascript_Core/bytecode/EvalCodeBlock.cpp 2017-01-17 20:25:36 UTC (rev 210824)
@@ -39,7 +39,7 @@
void EvalCodeBlock::destroy(JSCell* cell)
{
- static_cast<EvalCodeBlock*>(cell)->~EvalCodeBlock();
+ jsCast<EvalCodeBlock*>(cell)->~EvalCodeBlock();
}
} // namespace JSC
Modified: trunk/Source/_javascript_Core/bytecode/FunctionCodeBlock.cpp (210823 => 210824)
--- trunk/Source/_javascript_Core/bytecode/FunctionCodeBlock.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/_javascript_Core/bytecode/FunctionCodeBlock.cpp 2017-01-17 20:25:36 UTC (rev 210824)
@@ -39,7 +39,7 @@
void FunctionCodeBlock::destroy(JSCell* cell)
{
- static_cast<FunctionCodeBlock*>(cell)->~FunctionCodeBlock();
+ jsCast<FunctionCodeBlock*>(cell)->~FunctionCodeBlock();
}
} // namespace JSC
Modified: trunk/Source/_javascript_Core/bytecode/ModuleProgramCodeBlock.cpp (210823 => 210824)
--- trunk/Source/_javascript_Core/bytecode/ModuleProgramCodeBlock.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/_javascript_Core/bytecode/ModuleProgramCodeBlock.cpp 2017-01-17 20:25:36 UTC (rev 210824)
@@ -39,7 +39,7 @@
void ModuleProgramCodeBlock::destroy(JSCell* cell)
{
- static_cast<ModuleProgramCodeBlock*>(cell)->~ModuleProgramCodeBlock();
+ jsCast<ModuleProgramCodeBlock*>(cell)->~ModuleProgramCodeBlock();
}
} // namespace JSC
Modified: trunk/Source/_javascript_Core/bytecode/ProgramCodeBlock.cpp (210823 => 210824)
--- trunk/Source/_javascript_Core/bytecode/ProgramCodeBlock.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/_javascript_Core/bytecode/ProgramCodeBlock.cpp 2017-01-17 20:25:36 UTC (rev 210824)
@@ -39,7 +39,7 @@
void ProgramCodeBlock::destroy(JSCell* cell)
{
- static_cast<ProgramCodeBlock*>(cell)->~ProgramCodeBlock();
+ jsCast<ProgramCodeBlock*>(cell)->~ProgramCodeBlock();
}
} // namespace JSC
Modified: trunk/Source/_javascript_Core/bytecode/UnlinkedEvalCodeBlock.cpp (210823 => 210824)
--- trunk/Source/_javascript_Core/bytecode/UnlinkedEvalCodeBlock.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/_javascript_Core/bytecode/UnlinkedEvalCodeBlock.cpp 2017-01-17 20:25:36 UTC (rev 210824)
@@ -34,7 +34,7 @@
void UnlinkedEvalCodeBlock::destroy(JSCell* cell)
{
- static_cast<UnlinkedEvalCodeBlock*>(cell)->~UnlinkedEvalCodeBlock();
+ jsCast<UnlinkedEvalCodeBlock*>(cell)->~UnlinkedEvalCodeBlock();
}
}
Modified: trunk/Source/_javascript_Core/bytecode/UnlinkedFunctionCodeBlock.cpp (210823 => 210824)
--- trunk/Source/_javascript_Core/bytecode/UnlinkedFunctionCodeBlock.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/_javascript_Core/bytecode/UnlinkedFunctionCodeBlock.cpp 2017-01-17 20:25:36 UTC (rev 210824)
@@ -34,7 +34,7 @@
void UnlinkedFunctionCodeBlock::destroy(JSCell* cell)
{
- static_cast<UnlinkedFunctionCodeBlock*>(cell)->~UnlinkedFunctionCodeBlock();
+ jsCast<UnlinkedFunctionCodeBlock*>(cell)->~UnlinkedFunctionCodeBlock();
}
}
Modified: trunk/Source/_javascript_Core/bytecode/UnlinkedFunctionExecutable.cpp (210823 => 210824)
--- trunk/Source/_javascript_Core/bytecode/UnlinkedFunctionExecutable.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/_javascript_Core/bytecode/UnlinkedFunctionExecutable.cpp 2017-01-17 20:25:36 UTC (rev 210824)
@@ -119,7 +119,7 @@
void UnlinkedFunctionExecutable::destroy(JSCell* cell)
{
- static_cast<UnlinkedFunctionExecutable*>(cell)->~UnlinkedFunctionExecutable();
+ jsCast<UnlinkedFunctionExecutable*>(cell)->~UnlinkedFunctionExecutable();
}
void UnlinkedFunctionExecutable::visitChildren(JSCell* cell, SlotVisitor& visitor)
Modified: trunk/Source/_javascript_Core/bytecode/UnlinkedModuleProgramCodeBlock.cpp (210823 => 210824)
--- trunk/Source/_javascript_Core/bytecode/UnlinkedModuleProgramCodeBlock.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/_javascript_Core/bytecode/UnlinkedModuleProgramCodeBlock.cpp 2017-01-17 20:25:36 UTC (rev 210824)
@@ -42,7 +42,7 @@
void UnlinkedModuleProgramCodeBlock::destroy(JSCell* cell)
{
- static_cast<UnlinkedModuleProgramCodeBlock*>(cell)->~UnlinkedModuleProgramCodeBlock();
+ jsCast<UnlinkedModuleProgramCodeBlock*>(cell)->~UnlinkedModuleProgramCodeBlock();
}
}
Modified: trunk/Source/_javascript_Core/bytecode/UnlinkedProgramCodeBlock.cpp (210823 => 210824)
--- trunk/Source/_javascript_Core/bytecode/UnlinkedProgramCodeBlock.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/_javascript_Core/bytecode/UnlinkedProgramCodeBlock.cpp 2017-01-17 20:25:36 UTC (rev 210824)
@@ -42,7 +42,7 @@
void UnlinkedProgramCodeBlock::destroy(JSCell* cell)
{
- static_cast<UnlinkedProgramCodeBlock*>(cell)->~UnlinkedProgramCodeBlock();
+ jsCast<UnlinkedProgramCodeBlock*>(cell)->~UnlinkedProgramCodeBlock();
}
}
Modified: trunk/Source/_javascript_Core/heap/CodeBlockSet.cpp (210823 => 210824)
--- trunk/Source/_javascript_Core/heap/CodeBlockSet.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/_javascript_Core/heap/CodeBlockSet.cpp 2017-01-17 20:25:36 UTC (rev 210824)
@@ -65,10 +65,10 @@
{
LockHolder locker(&m_lock);
for (CodeBlock* codeBlock : m_newCodeBlocks)
- codeBlock->structure()->classInfo()->methodTable.destroy(codeBlock);
+ codeBlock->classInfo()->methodTable.destroy(codeBlock);
for (CodeBlock* codeBlock : m_oldCodeBlocks)
- codeBlock->structure()->classInfo()->methodTable.destroy(codeBlock);
+ codeBlock->classInfo()->methodTable.destroy(codeBlock);
}
void CodeBlockSet::deleteUnmarkedAndUnreferenced(CollectionScope scope)
@@ -83,7 +83,7 @@
unmarked.append(codeBlock);
}
for (CodeBlock* codeBlock : unmarked) {
- codeBlock->structure()->classInfo()->methodTable.destroy(codeBlock);
+ codeBlock->classInfo()->methodTable.destroy(codeBlock);
set.remove(codeBlock);
}
unmarked.resize(0);
Modified: trunk/Source/_javascript_Core/heap/MarkedAllocator.cpp (210823 => 210824)
--- trunk/Source/_javascript_Core/heap/MarkedAllocator.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/_javascript_Core/heap/MarkedAllocator.cpp 2017-01-17 20:25:36 UTC (rev 210824)
@@ -211,7 +211,7 @@
didConsumeFreeList();
- AllocatingScope helpingHeap(*m_heap);
+ AllocatingScope healpingHeap(*m_heap);
m_heap->collectIfNecessaryOrDefer(deferralContext);
Modified: trunk/Source/_javascript_Core/heap/MarkedBlock.cpp (210823 => 210824)
--- trunk/Source/_javascript_Core/heap/MarkedBlock.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/_javascript_Core/heap/MarkedBlock.cpp 2017-01-17 20:25:36 UTC (rev 210824)
@@ -26,7 +26,6 @@
#include "config.h"
#include "MarkedBlock.h"
-#include "HelpingGCScope.h"
#include "JSCell.h"
#include "JSDestructibleObject.h"
#include "JSCInlines.h"
@@ -196,9 +195,6 @@
FreeList MarkedBlock::Handle::sweep(SweepMode sweepMode)
{
- // FIXME: Maybe HelpingGCScope should just be called SweepScope?
- HelpingGCScope helpingGCScope(*heap());
-
m_allocator->setIsUnswept(NoLockingNecessary, this, false);
m_weakSet.sweep();
Modified: trunk/Source/_javascript_Core/jit/JITThunks.cpp (210823 => 210824)
--- trunk/Source/_javascript_Core/jit/JITThunks.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/_javascript_Core/jit/JITThunks.cpp 2017-01-17 20:25:36 UTC (rev 210824)
@@ -84,7 +84,7 @@
void JITThunks::finalize(Handle<Unknown> handle, void*)
{
- auto* nativeExecutable = static_cast<NativeExecutable*>(handle.get().asCell());
+ auto* nativeExecutable = jsCast<NativeExecutable*>(handle.get().asCell());
weakRemove(*m_hostFunctionStubMap, std::make_tuple(nativeExecutable->function(), nativeExecutable->constructor(), nativeExecutable->name()), nativeExecutable);
}
Modified: trunk/Source/_javascript_Core/runtime/AbstractModuleRecord.cpp (210823 => 210824)
--- trunk/Source/_javascript_Core/runtime/AbstractModuleRecord.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/_javascript_Core/runtime/AbstractModuleRecord.cpp 2017-01-17 20:25:36 UTC (rev 210824)
@@ -46,7 +46,7 @@
void AbstractModuleRecord::destroy(JSCell* cell)
{
- AbstractModuleRecord* thisObject = static_cast<AbstractModuleRecord*>(cell);
+ AbstractModuleRecord* thisObject = jsCast<AbstractModuleRecord*>(cell);
thisObject->AbstractModuleRecord::~AbstractModuleRecord();
}
Modified: trunk/Source/_javascript_Core/runtime/ExecutableBase.cpp (210823 => 210824)
--- trunk/Source/_javascript_Core/runtime/ExecutableBase.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/_javascript_Core/runtime/ExecutableBase.cpp 2017-01-17 20:25:36 UTC (rev 210824)
@@ -60,29 +60,29 @@
m_numParametersForCall = NUM_PARAMETERS_NOT_COMPILED;
m_numParametersForConstruct = NUM_PARAMETERS_NOT_COMPILED;
- if (structure()->classInfo() == FunctionExecutable::info()) {
- FunctionExecutable* executable = static_cast<FunctionExecutable*>(this);
+ if (classInfo() == FunctionExecutable::info()) {
+ FunctionExecutable* executable = jsCast<FunctionExecutable*>(this);
executable->m_codeBlockForCall.clear();
executable->m_codeBlockForConstruct.clear();
return;
}
- if (structure()->classInfo() == EvalExecutable::info()) {
- EvalExecutable* executable = static_cast<EvalExecutable*>(this);
+ if (classInfo() == EvalExecutable::info()) {
+ EvalExecutable* executable = jsCast<EvalExecutable*>(this);
executable->m_evalCodeBlock.clear();
executable->m_unlinkedEvalCodeBlock.clear();
return;
}
- if (structure()->classInfo() == ProgramExecutable::info()) {
- ProgramExecutable* executable = static_cast<ProgramExecutable*>(this);
+ if (classInfo() == ProgramExecutable::info()) {
+ ProgramExecutable* executable = jsCast<ProgramExecutable*>(this);
executable->m_programCodeBlock.clear();
executable->m_unlinkedProgramCodeBlock.clear();
return;
}
- if (structure()->classInfo() == ModuleProgramExecutable::info()) {
- ModuleProgramExecutable* executable = static_cast<ModuleProgramExecutable*>(this);
+ if (classInfo() == ModuleProgramExecutable::info()) {
+ ModuleProgramExecutable* executable = jsCast<ModuleProgramExecutable*>(this);
executable->m_moduleProgramCodeBlock.clear();
executable->m_unlinkedModuleProgramCodeBlock.clear();
executable->m_moduleEnvironmentSymbolTable.clear();
@@ -89,7 +89,7 @@
return;
}
- ASSERT(structure()->classInfo() == NativeExecutable::info());
+ ASSERT(classInfo() == NativeExecutable::info());
}
void ExecutableBase::dump(PrintStream& out) const
Modified: trunk/Source/_javascript_Core/runtime/JSCellInlines.h (210823 => 210824)
--- trunk/Source/_javascript_Core/runtime/JSCellInlines.h 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/_javascript_Core/runtime/JSCellInlines.h 2017-01-17 20:25:36 UTC (rev 210824)
@@ -267,13 +267,17 @@
ALWAYS_INLINE const ClassInfo* JSCell::classInfo() const
{
- VM* vm;
- if (isLargeAllocation())
- vm = largeAllocation().vm();
- else
- vm = markedBlock().vm();
- ASSERT(vm->heap.mutatorState() == MutatorState::Running || vm->apiLock().ownerThread() != std::this_thread::get_id());
- return structure(*vm)->classInfo();
+ if (isLargeAllocation()) {
+ LargeAllocation& allocation = largeAllocation();
+ if (allocation.attributes().destruction == NeedsDestruction
+ && !(inlineTypeFlags() & StructureIsImmortal))
+ return static_cast<const JSDestructibleObject*>(this)->classInfo();
+ return structure(*allocation.vm())->classInfo();
+ }
+ MarkedBlock& block = markedBlock();
+ if (block.needsDestruction() && !(inlineTypeFlags() & StructureIsImmortal))
+ return static_cast<const JSDestructibleObject*>(this)->classInfo();
+ return structure(*block.vm())->classInfo();
}
inline bool JSCell::toBoolean(ExecState* exec) const
@@ -303,7 +307,7 @@
MethodTable::DestroyFunctionPtr destroy = classInfo->methodTable.destroy;
destroy(this);
} else
- static_cast<JSDestructibleObject*>(this)->classInfo()->methodTable.destroy(this);
+ jsCast<JSDestructibleObject*>(this)->classInfo()->methodTable.destroy(this);
zap();
}
Modified: trunk/Source/_javascript_Core/runtime/JSLock.h (210823 => 210824)
--- trunk/Source/_javascript_Core/runtime/JSLock.h 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/_javascript_Core/runtime/JSLock.h 2017-01-17 20:25:36 UTC (rev 210824)
@@ -99,7 +99,6 @@
ASSERT(m_hasExclusiveThread);
return m_ownerThreadID;
}
- std::thread::id ownerThread() const { return m_ownerThreadID; }
JS_EXPORT_PRIVATE void setExclusiveThread(std::thread::id);
JS_EXPORT_PRIVATE bool currentThreadIsHoldingLock();
Modified: trunk/Source/_javascript_Core/runtime/JSModuleNamespaceObject.cpp (210823 => 210824)
--- trunk/Source/_javascript_Core/runtime/JSModuleNamespaceObject.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/_javascript_Core/runtime/JSModuleNamespaceObject.cpp 2017-01-17 20:25:36 UTC (rev 210824)
@@ -83,7 +83,7 @@
void JSModuleNamespaceObject::destroy(JSCell* cell)
{
- JSModuleNamespaceObject* thisObject = static_cast<JSModuleNamespaceObject*>(cell);
+ JSModuleNamespaceObject* thisObject = jsCast<JSModuleNamespaceObject*>(cell);
thisObject->JSModuleNamespaceObject::~JSModuleNamespaceObject();
}
Modified: trunk/Source/_javascript_Core/runtime/JSModuleRecord.cpp (210823 => 210824)
--- trunk/Source/_javascript_Core/runtime/JSModuleRecord.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/_javascript_Core/runtime/JSModuleRecord.cpp 2017-01-17 20:25:36 UTC (rev 210824)
@@ -59,7 +59,7 @@
void JSModuleRecord::destroy(JSCell* cell)
{
- JSModuleRecord* thisObject = static_cast<JSModuleRecord*>(cell);
+ JSModuleRecord* thisObject = jsCast<JSModuleRecord*>(cell);
thisObject->JSModuleRecord::~JSModuleRecord();
}
Modified: trunk/Source/_javascript_Core/runtime/JSPropertyNameEnumerator.cpp (210823 => 210824)
--- trunk/Source/_javascript_Core/runtime/JSPropertyNameEnumerator.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/_javascript_Core/runtime/JSPropertyNameEnumerator.cpp 2017-01-17 20:25:36 UTC (rev 210824)
@@ -83,7 +83,7 @@
void JSPropertyNameEnumerator::destroy(JSCell* cell)
{
- static_cast<JSPropertyNameEnumerator*>(cell)->JSPropertyNameEnumerator::~JSPropertyNameEnumerator();
+ jsCast<JSPropertyNameEnumerator*>(cell)->JSPropertyNameEnumerator::~JSPropertyNameEnumerator();
}
void JSPropertyNameEnumerator::visitChildren(JSCell* cell, SlotVisitor& visitor)
Modified: trunk/Source/_javascript_Core/runtime/JSSegmentedVariableObject.h (210823 => 210824)
--- trunk/Source/_javascript_Core/runtime/JSSegmentedVariableObject.h 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/_javascript_Core/runtime/JSSegmentedVariableObject.h 2017-01-17 20:25:36 UTC (rev 210824)
@@ -47,8 +47,6 @@
// JSSegmentedVariableObject has its own GC tracing functionality, since it knows the
// exact dimensions of the variables array at all times.
-// Except for JSGlobalObject, subclasses of this don't call the destructor and leak memory.
-
class JSSegmentedVariableObject : public JSSymbolTableObject {
friend class JIT;
friend class LLIntOffsetsExtractor;
Modified: trunk/Source/_javascript_Core/runtime/SymbolTable.cpp (210823 => 210824)
--- trunk/Source/_javascript_Core/runtime/SymbolTable.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/_javascript_Core/runtime/SymbolTable.cpp 2017-01-17 20:25:36 UTC (rev 210824)
@@ -49,7 +49,7 @@
void SymbolTable::destroy(JSCell* cell)
{
- SymbolTable* thisObject = static_cast<SymbolTable*>(cell);
+ SymbolTable* thisObject = jsCast<SymbolTable*>(cell);
thisObject->SymbolTable::~SymbolTable();
}
Modified: trunk/Source/_javascript_Core/runtime/VM.h (210823 => 210824)
--- trunk/Source/_javascript_Core/runtime/VM.h 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/_javascript_Core/runtime/VM.h 2017-01-17 20:25:36 UTC (rev 210824)
@@ -363,9 +363,6 @@
std::once_flag m_wasmSignatureInformationOnceFlag;
std::unique_ptr<Wasm::SignatureInformation> m_wasmSignatureInformation;
#endif
-
- JSCell* currentlyDestructingCallbackObject;
- const ClassInfo* currentlyDestructingCallbackObjectClassInfo;
AtomicStringTable* m_atomicStringTable;
WTF::SymbolRegistry m_symbolRegistry;
Modified: trunk/Source/_javascript_Core/wasm/js/JSWebAssemblyCallee.cpp (210823 => 210824)
--- trunk/Source/_javascript_Core/wasm/js/JSWebAssemblyCallee.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/_javascript_Core/wasm/js/JSWebAssemblyCallee.cpp 2017-01-17 20:25:36 UTC (rev 210824)
@@ -47,7 +47,7 @@
void JSWebAssemblyCallee::destroy(JSCell* cell)
{
- JSWebAssemblyCallee* thisObject = static_cast<JSWebAssemblyCallee*>(cell);
+ JSWebAssemblyCallee* thisObject = jsCast<JSWebAssemblyCallee*>(cell);
thisObject->JSWebAssemblyCallee::~JSWebAssemblyCallee();
}
Modified: trunk/Source/_javascript_Core/wasm/js/WebAssemblyModuleRecord.cpp (210823 => 210824)
--- trunk/Source/_javascript_Core/wasm/js/WebAssemblyModuleRecord.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/_javascript_Core/wasm/js/WebAssemblyModuleRecord.cpp 2017-01-17 20:25:36 UTC (rev 210824)
@@ -64,7 +64,7 @@
void WebAssemblyModuleRecord::destroy(JSCell* cell)
{
- WebAssemblyModuleRecord* thisObject = static_cast<WebAssemblyModuleRecord*>(cell);
+ WebAssemblyModuleRecord* thisObject = jsCast<WebAssemblyModuleRecord*>(cell);
thisObject->WebAssemblyModuleRecord::~WebAssemblyModuleRecord();
}
Modified: trunk/Source/_javascript_Core/wasm/js/WebAssemblyToJSCallee.cpp (210823 => 210824)
--- trunk/Source/_javascript_Core/wasm/js/WebAssemblyToJSCallee.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/_javascript_Core/wasm/js/WebAssemblyToJSCallee.cpp 2017-01-17 20:25:36 UTC (rev 210824)
@@ -48,8 +48,7 @@
WebAssemblyToJSCallee::WebAssemblyToJSCallee(VM& vm, Structure* structure)
: Base(vm, structure)
-{
-}
+{ }
void WebAssemblyToJSCallee::finishCreation(VM& vm)
{
@@ -58,7 +57,7 @@
void WebAssemblyToJSCallee::destroy(JSCell* cell)
{
- WebAssemblyToJSCallee* thisObject = static_cast<WebAssemblyToJSCallee*>(cell);
+ WebAssemblyToJSCallee* thisObject = jsCast<WebAssemblyToJSCallee*>(cell);
thisObject->WebAssemblyToJSCallee::~WebAssemblyToJSCallee();
}
Modified: trunk/Source/WebCore/ChangeLog (210823 => 210824)
--- trunk/Source/WebCore/ChangeLog 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/WebCore/ChangeLog 2017-01-17 20:25:36 UTC (rev 210824)
@@ -1,3 +1,15 @@
+2017-01-17 Filip Pizlo <[email protected]>
+
+ Unreviewed, roll out http://trac.webkit.org/changeset/210821
+ It was causing crashes.
+
+ * bindings/js/JSCSSValueCustom.cpp:
+ (WebCore::JSDeprecatedCSSOMValueOwner::finalize):
+ * bindings/js/JSDOMIterator.h:
+ (WebCore::IteratorTraits>::destroy):
+ * bindings/scripts/CodeGeneratorJS.pm:
+ (GenerateImplementation):
+
2017-01-17 Joseph Pecoraro <[email protected]>
Crash when closing tab with debugger paused
Modified: trunk/Source/WebCore/bindings/js/JSCSSValueCustom.cpp (210823 => 210824)
--- trunk/Source/WebCore/bindings/js/JSCSSValueCustom.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/WebCore/bindings/js/JSCSSValueCustom.cpp 2017-01-17 20:25:36 UTC (rev 210824)
@@ -50,7 +50,7 @@
void JSDeprecatedCSSOMValueOwner::finalize(JSC::Handle<JSC::Unknown> handle, void* context)
{
- JSDeprecatedCSSOMValue* jsCSSValue = static_cast<JSDeprecatedCSSOMValue*>(handle.slot()->asCell());
+ JSDeprecatedCSSOMValue* jsCSSValue = jsCast<JSDeprecatedCSSOMValue*>(handle.slot()->asCell());
DOMWrapperWorld& world = *static_cast<DOMWrapperWorld*>(context);
world.m_deprecatedCSSOMValueRoots.remove(&jsCSSValue->wrapped());
uncacheWrapper(world, &jsCSSValue->wrapped(), jsCSSValue);
Modified: trunk/Source/WebCore/bindings/js/JSDOMIterator.h (210823 => 210824)
--- trunk/Source/WebCore/bindings/js/JSDOMIterator.h 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/WebCore/bindings/js/JSDOMIterator.h 2017-01-17 20:25:36 UTC (rev 210824)
@@ -225,7 +225,7 @@
template<typename JSWrapper, typename IteratorTraits>
void JSDOMIterator<JSWrapper, IteratorTraits>::destroy(JSCell* cell)
{
- JSDOMIterator<JSWrapper, IteratorTraits>* thisObject = static_cast<JSDOMIterator<JSWrapper, IteratorTraits>*>(cell);
+ JSDOMIterator<JSWrapper, IteratorTraits>* thisObject = JSC::jsCast<JSDOMIterator<JSWrapper, IteratorTraits>*>(cell);
thisObject->JSDOMIterator<JSWrapper, IteratorTraits>::~JSDOMIterator();
}
Modified: trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm (210823 => 210824)
--- trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm 2017-01-17 20:25:36 UTC (rev 210824)
@@ -4243,7 +4243,7 @@
if (ShouldGenerateWrapperOwnerCode($hasParent, $interface) && !$interface->extendedAttributes->{JSCustomFinalize}) {
push(@implContent, "void JS${interfaceName}Owner::finalize(JSC::Handle<JSC::Unknown> handle, void* context)\n");
push(@implContent, "{\n");
- push(@implContent, " auto* js${interfaceName} = static_cast<JS${interfaceName}*>(handle.slot()->asCell());\n");
+ push(@implContent, " auto* js${interfaceName} = jsCast<JS${interfaceName}*>(handle.slot()->asCell());\n");
push(@implContent, " auto& world = *static_cast<DOMWrapperWorld*>(context);\n");
push(@implContent, " uncacheWrapper(world, &js${interfaceName}->wrapped(), js${interfaceName});\n");
push(@implContent, "}\n\n");
