We should only append ParserArenaDeletable pointers to ParserArena::m_deletableObjects.
authormark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 26 Jan 2018 21:14:17 +0000 (21:14 +0000)
committermark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 26 Jan 2018 21:14:17 +0000 (21:14 +0000)
commite88b2e36ab04781de004cd8af34937a7fd077d9c
tree985dbfa39c7d9ad8d43b7a24e0511b75a48b9e94
parent83b8c85483eed0d2d61d6297d75ae73dc20c5ce9
We should only append ParserArenaDeletable pointers to ParserArena::m_deletableObjects.
https://bugs.webkit.org/show_bug.cgi?id=182180
<rdar://problem/36460697>

Reviewed by Michael Saboff.

Some parser Node subclasses extend ParserArenaDeletable via multiple inheritance,
but not as the Node's first base class.  ParserArena::m_deletableObjects is
expecting pointers to objects of the shape of ParserArenaDeletable.  We ensure
this by allocating the Node subclass, and casting it to ParserArenaDeletable to
get the correct pointer to append to ParserArena::m_deletableObjects.

To simplify things, we introduce a JSC_MAKE_PARSER_ARENA_DELETABLE_ALLOCATED
(analogous to WTF_MAKE_FAST_ALLOCATED) for use in Node subclasses that extends
ParserArenaDeletable.

* parser/NodeConstructors.h:
(JSC::ParserArenaDeletable::operator new):
* parser/Nodes.h:
* parser/ParserArena.h:
(JSC::ParserArena::allocateDeletable):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227692 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/parser/NodeConstructors.h
Source/JavaScriptCore/parser/Nodes.h
Source/JavaScriptCore/parser/ParserArena.h