ROLLING OUT r114255
authorbarraclough@apple.com <barraclough@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 9 May 2012 04:45:22 +0000 (04:45 +0000)
committerbarraclough@apple.com <barraclough@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 9 May 2012 04:45:22 +0000 (04:45 +0000)
commitc99a58953ab3874397d18dfa34aa0a28b4f8b659
treedd6b325e58abe18a331400c016b936d42881f9bf
parente520d8e6522bb7670b74635eb627e3a202ab8082
ROLLING OUT r114255

GC in the middle of JSObject::allocatePropertyStorage can cause badness
https://bugs.webkit.org/show_bug.cgi?id=83839

Reviewed by nobody.

This breaks the world, with COLLECT_ON_EVERY_ALLOCATION enabled.

* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/JSObject.cpp:
(JSC::JSObject::allocatePropertyStorage):
* runtime/JSObject.h:
(JSObject):
(JSC::JSObject::isUsingInlineStorage):
(JSC):
(JSC::JSObject::putDirectInternal):
(JSC::JSObject::putDirectWithoutTransition):
(JSC::JSObject::transitionTo):
* runtime/Structure.cpp:
(JSC):
* runtime/Structure.h:
(JSC::Structure::didTransition):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@116494 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def
Source/JavaScriptCore/jit/JITStubs.cpp
Source/JavaScriptCore/runtime/JSObject.cpp
Source/JavaScriptCore/runtime/JSObject.h
Source/JavaScriptCore/runtime/Structure.cpp
Source/JavaScriptCore/runtime/Structure.h