JavaScriptCore:
authorggaren@apple.com <ggaren@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 22 Jan 2008 06:18:10 +0000 (06:18 +0000)
committerggaren@apple.com <ggaren@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 22 Jan 2008 06:18:10 +0000 (06:18 +0000)
commit8a5111ff013e598f85c3e2882d331af3a65497db
tree7359a6849b7578472b77fc30a803358cbb984c81
parente68f798a5826a984c866b2b01b7336cbd671f711
JavaScriptCore:

        Reviewed by Maciej Stachowiak.

        Fixed http://bugs.webkit.org/show_bug.cgi?id=16909
        REGRESSION: Amazon.com crash (ActivationImp)

        (and a bunch of other crashes)

        Plus, a .7% SunSpider speedup to boot.

        Replaced the buggy currentExec and savedExec mechanisms with an
        explicit ExecState stack.

        * kjs/collector.cpp:
        (KJS::Collector::collect): Explicitly mark the ExecState stack.

        (KJS::Collector::reportOutOfMemoryToAllExecStates): Slight change in
        behavior: We no longer throw an exception in any global ExecStates,
        since global ExecStates are more like pseudo-ExecStates, and aren't
        used for script execution. (It's unclear what would happen if you left
        an exception waiting around in a global ExecState, but it probably
        wouldn't be good.)

WebCore:

        Reviewed by Maciej Stachowiak.

        Adapted WebCore to the fix for http://bugs.webkit.org/show_bug.cgi?id=16909
        REGRESSION: Amazon.com crash (ActivationImp)

        * bindings/js/kjs_proxy.cpp:
        (WebCore::KJSProxy::~KJSProxy): No convenient way to make this assertion
        anymore. (It wasn't firing for anyone, anyway, so it's no big loss.)

        * bindings/objc/WebScriptObject.mm:
        (+[WebScriptObject throwException:]): Use the ExecState stack, instead
        of currentExec.
        (-[WebScriptObject setException:]): ditto. Also, a slight change in
        behavior: If no ExecStates are active, we no longer throw an exception
        in the global ExecState. The JavaScriptCore ChangeLog explains why.
        This also matches the behavior of +throwException.

LayoutTests:

        Layout test for http://bugs.webkit.org/show_bug.cgi?id=16909
        REGRESSION: Amazon.com crash (ActivationImp)

        * fast/js/exec-state-marking-expected.txt: Added.
        * fast/js/exec-state-marking.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@29710 268f45cc-cd09-0410-ab3c-d52691b4dbfc
14 files changed:
JavaScriptCore/ChangeLog
JavaScriptCore/JavaScriptCore.exp
JavaScriptCore/kjs/ExecState.cpp
JavaScriptCore/kjs/ExecState.h
JavaScriptCore/kjs/JSGlobalObject.cpp
JavaScriptCore/kjs/JSGlobalObject.h
JavaScriptCore/kjs/collector.cpp
LayoutTests/ChangeLog
LayoutTests/fast/js/exec-state-marking-expected.txt [new file with mode: 0644]
LayoutTests/fast/js/exec-state-marking.html [new file with mode: 0644]
WebCore/ChangeLog
WebCore/WebCore.xcodeproj/project.pbxproj
WebCore/bindings/js/kjs_proxy.cpp
WebCore/bindings/objc/WebScriptObject.mm