[webkit-changes] [165244] trunk/Source/JavaScriptCore

[mhahnenberg]

Title: [165244] trunk/Source/_javascript_Core

Revision

165244

Author

mhahnenb...@apple.com

Date

2014-03-06 19:29:55 -0800 (Thu, 06 Mar 2014)

Log Message

JSGlobalContextRelease incorrectly handles saving/restoring IdentifierTable
https://bugs.webkit.org/show_bug.cgi?id=129858

Reviewed by Mark Lam.

It was correct (but really ugly) prior to the combining of APIEntryShim and JSLock,
but now it ends up overwriting the IdentifierTable that JSLock just restored.

* API/JSContextRef.cpp:
(JSGlobalContextRelease):

Modified Paths

• trunk/Source/_javascript_Core/API/JSContextRef.cpp
• trunk/Source/_javascript_Core/ChangeLog

Diff

Modified: trunk/Source/_javascript_Core/API/JSContextRef.cpp (165243 => 165244)

--- trunk/Source/_javascript_Core/API/JSContextRef.cpp	2014-03-07 02:42:02 UTC (rev 165243)
+++ trunk/Source/_javascript_Core/API/JSContextRef.cpp	2014-03-07 03:29:55 UTC (rev 165244)
@@ -155,21 +155,14 @@
 
 void JSGlobalContextRelease(JSGlobalContextRef ctx)
 {
-    IdentifierTable* savedIdentifierTable;
     ExecState* exec = toJS(ctx);
-    {
-        JSLockHolder locker(exec);
+    JSLockHolder locker(exec);
 
-        VM& vm = exec->vm();
-        savedIdentifierTable = wtfThreadData().setCurrentIdentifierTable(vm.identifierTable);
-
-        bool protectCountIsZero = Heap::heap(exec->vmEntryGlobalObject())->unprotect(exec->vmEntryGlobalObject());
-        if (protectCountIsZero)
-            vm.heap.reportAbandonedObjectGraph();
-        vm.deref();
-    }
-
-    wtfThreadData().setCurrentIdentifierTable(savedIdentifierTable);
+    VM& vm = exec->vm();
+    bool protectCountIsZero = Heap::heap(exec->vmEntryGlobalObject())->unprotect(exec->vmEntryGlobalObject());
+    if (protectCountIsZero)
+        vm.heap.reportAbandonedObjectGraph();
+    vm.deref();
 }
 
 JSObjectRef JSContextGetGlobalObject(JSContextRef ctx)

Modified: trunk/Source/_javascript_Core/ChangeLog (165243 => 165244)

--- trunk/Source/_javascript_Core/ChangeLog	2014-03-07 02:42:02 UTC (rev 165243)
+++ trunk/Source/_javascript_Core/ChangeLog	2014-03-07 03:29:55 UTC (rev 165244)
@@ -1,3 +1,16 @@
+2014-03-06  Mark Hahnenberg  <mhahnenb...@apple.com>
+
+        JSGlobalContextRelease incorrectly handles saving/restoring IdentifierTable
+        https://bugs.webkit.org/show_bug.cgi?id=129858
+
+        Reviewed by Mark Lam.
+
+        It was correct (but really ugly) prior to the combining of APIEntryShim and JSLock, 
+        but now it ends up overwriting the IdentifierTable that JSLock just restored.
+
+        * API/JSContextRef.cpp:
+        (JSGlobalContextRelease):
+
 2014-03-06  Oliver Hunt  <oli...@apple.com>
 
         Fix FTL build.

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes