2011-05-16 Oliver Hunt <oliver@apple.com>
authoroliver@apple.com <oliver@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 16 May 2011 18:54:40 +0000 (18:54 +0000)
committeroliver@apple.com <oliver@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 16 May 2011 18:54:40 +0000 (18:54 +0000)
commiteb2a7c93a48fbc4eb9295271ad0c2c98a4c0a898
tree660c528a4bae63c9f3855793a71030d98d12e751
parent442f4e7926f3f40396d364ca7cab469120128f03
2011-05-16  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoffrey Garen.

        JSWeakObjectMap finalisation may occur while gc is in inconsistent state
        https://bugs.webkit.org/show_bug.cgi?id=60908
        <rdar://problem/9409491>

        We need to ensure that we have called all the weak map finalizers while
        the global object (and hence global context) is still in a consistent
        state.  The best way to achieve this is to simply use a weak handle and
        finalizer on the global object.

        * JavaScriptCore.exp:
        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::WeakMapFinalizer::finalize):
        * runtime/JSGlobalObject.h:
        (JSC::JSGlobalObject::registerWeakMap):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@86594 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/runtime/JSGlobalObject.cpp
Source/JavaScriptCore/runtime/JSGlobalObject.h