[JSC] Weak should only accept cell pointees.
[WebKit-https.git] / Source / JavaScriptCore / heap / WeakSetInlines.h
index f239224..94cb012 100644 (file)
 
 namespace JSC {
 
-inline WeakImpl* WeakSet::allocate(JSValue jsValue, WeakHandleOwner* weakHandleOwner, void* context)
+inline WeakImpl* WeakSet::allocate(JSCell& cell, WeakHandleOwner* weakHandleOwner, void* context)
 {
-    WeakSet& weakSet = MarkedBlock::blockFor(jsValue.asCell())->weakSet();
+    WeakSet& weakSet = MarkedBlock::blockFor(&cell)->weakSet();
     WeakBlock::FreeCell* allocator = weakSet.m_allocator;
     if (UNLIKELY(!allocator))
         allocator = weakSet.findAllocator();
     weakSet.m_allocator = allocator->next;
 
     WeakImpl* weakImpl = WeakBlock::asWeakImpl(allocator);
-    return new (NotNull, weakImpl) WeakImpl(jsValue, weakHandleOwner, context);
+    return new (NotNull, weakImpl) WeakImpl(cell, weakHandleOwner, context);
 }
 
 inline void WeakBlock::finalize(WeakImpl* weakImpl)
@@ -49,7 +49,7 @@ inline void WeakBlock::finalize(WeakImpl* weakImpl)
     WeakHandleOwner* weakHandleOwner = weakImpl->weakHandleOwner();
     if (!weakHandleOwner)
         return;
-    weakHandleOwner->finalize(Handle<Unknown>::wrapSlot(&const_cast<JSValue&>(weakImpl->jsValue())), weakImpl->context());
+    weakHandleOwner->finalize(weakImpl->m_cell, weakImpl->context());
 }
 
 } // namespace JSC