JavaScriptCore:
authorggaren <ggaren@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 1 Nov 2007 20:50:28 +0000 (20:50 +0000)
committerggaren <ggaren@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 1 Nov 2007 20:50:28 +0000 (20:50 +0000)
commit80dcc0b4012f02f0321643d8fea03decfa15deca
treebb79a3affeef8a9bc7081884d9fe36a5b999b18a
parent4075bd9c2b5d7b07f416f49d73388a21835a7cac
JavaScriptCore:

        Reviewed by Maciej Stachowiak.

        Fixed http://bugs.webkit.org/show_bug.cgi?id=15785
        REGRESSION(r27344): Crash on load at finance.yahoo.com

        Reverted a small portion of my last check-in. (The speedup and the List
        removal are still there, though.)

        ActivationImp needs to hold a pointer to its function, and mark that
        pointer (rather than accessing its function through its ExecState, and
        counting on the active scope to mark its function) because a closure
        can cause an ActivationImp to outlive its ExecState along with any
        active scope.

        * kjs/ExecState.cpp:
        (KJS::ExecState::ExecState):
        * kjs/function.cpp:
        (KJS::FunctionImp::~FunctionImp):
        (KJS::ActivationImp::ActivationImp):
        * kjs/function.h:
        (KJS::ActivationImp::ActivationImpPrivate::ActivationImpPrivate):

        Also made HashTable a little more crash-happy in debug builds, so
        problems like this will show up earlier:

        * wtf/HashTable.h:
        (WTF::HashTable::~HashTable):

LayoutTests:

        Reviewed by Maciej Stachowiak.

        Layout test for http://bugs.webkit.org/show_bug.cgi?id=15785
        REGRESSION(r27344): Crash on load at finance.yahoo.com

        * fast/js/activation-object-function-lifetime-expected.txt: Added.
        * fast/js/activation-object-function-lifetime.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@27359 268f45cc-cd09-0410-ab3c-d52691b4dbfc
JavaScriptCore/ChangeLog
JavaScriptCore/kjs/function.cpp
JavaScriptCore/kjs/function.h
JavaScriptCore/wtf/HashTable.h
LayoutTests/ChangeLog
LayoutTests/fast/js/activation-object-function-lifetime-expected.txt [new file with mode: 0644]
LayoutTests/fast/js/activation-object-function-lifetime.html [new file with mode: 0644]