REGRESSION: JavascriptCore crash during OS Installation (due to
authorggaren@apple.com <ggaren@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 28 Jan 2014 23:12:19 +0000 (23:12 +0000)
committerggaren@apple.com <ggaren@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 28 Jan 2014 23:12:19 +0000 (23:12 +0000)
commitfc0a5cd9332d7a6886cddd0e90f9f5c18bae550a
tree6bbc6711b843f49138a407ba8b4897351ebcfb21
parente2e776fe5ff6326a9beff61045a110c258afeebd
REGRESSION: JavascriptCore crash during OS Installation (due to
Heap::m_operationInProgress ASSERT vs DelayedReleaseScope)
https://bugs.webkit.org/show_bug.cgi?id=127793

Reviewed by Mark Hahnenberg.

This was a mistaken ASSERT.

* API/tests/testapi.mm:
(-[EvilAllocationObject doEvilThingsWithContext:]): Added a test to verify
that GC from a DelayedReleaseScope doesn't crash.

* heap/DelayedReleaseScope.h:
(JSC::DelayedReleaseScope::~DelayedReleaseScope): Our contract is that
it is valid to do anything while running a DelayedReleaseScope -dealloc
method, so the Heap must be ready for new allocations and collections.

Change the Heap's operationInProgress value to NoOperation while running
-dealloc methods, so that it doesn't ASSERT in the face of new allocations
and collections.

* heap/Heap.h: Made DelayedReleaseScope a friend because exposing a setter
for m_operationInProgress seemed like the worse of the two options for
encapsulation: we don't really want arbitrary clients to set the Heap's
m_operationInProgress.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@162968 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/JavaScriptCore/API/tests/testapi.mm
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/heap/DelayedReleaseScope.h
Source/JavaScriptCore/heap/Heap.h