<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[210824] trunk/Source</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/210824">210824</a></dd>
<dt>Author</dt> <dd>fpizlo@apple.com</dd>
<dt>Date</dt> <dd>2017-01-17 12:25:36 -0800 (Tue, 17 Jan 2017)</dd>
</dl>
<h3>Log Message</h3>
<pre>Unreviewed, roll out http://trac.webkit.org/changeset/210821
It was causing crashes.
Source/JavaScriptCore:
* API/JSAPIWrapperObject.mm:
(JSAPIWrapperObjectHandleOwner::finalize):
* API/JSCallbackObject.h:
* API/JSCallbackObjectFunctions.h:
(JSC::JSCallbackObject<Parent>::~JSCallbackObject):
(JSC::JSCallbackObject<Parent>::init):
* API/JSObjectRef.cpp:
(JSObjectGetPrivate):
(JSObjectSetPrivate):
(classInfoPrivate): Deleted.
* bytecode/EvalCodeBlock.cpp:
(JSC::EvalCodeBlock::destroy):
* bytecode/FunctionCodeBlock.cpp:
(JSC::FunctionCodeBlock::destroy):
* bytecode/ModuleProgramCodeBlock.cpp:
(JSC::ModuleProgramCodeBlock::destroy):
* bytecode/ProgramCodeBlock.cpp:
(JSC::ProgramCodeBlock::destroy):
* bytecode/UnlinkedEvalCodeBlock.cpp:
(JSC::UnlinkedEvalCodeBlock::destroy):
* bytecode/UnlinkedFunctionCodeBlock.cpp:
(JSC::UnlinkedFunctionCodeBlock::destroy):
* bytecode/UnlinkedFunctionExecutable.cpp:
(JSC::UnlinkedFunctionExecutable::destroy):
* bytecode/UnlinkedModuleProgramCodeBlock.cpp:
(JSC::UnlinkedModuleProgramCodeBlock::destroy):
* bytecode/UnlinkedProgramCodeBlock.cpp:
(JSC::UnlinkedProgramCodeBlock::destroy):
* heap/CodeBlockSet.cpp:
(JSC::CodeBlockSet::lastChanceToFinalize):
(JSC::CodeBlockSet::deleteUnmarkedAndUnreferenced):
* heap/MarkedAllocator.cpp:
(JSC::MarkedAllocator::allocateSlowCaseImpl):
* heap/MarkedBlock.cpp:
(JSC::MarkedBlock::Handle::sweep):
* jit/JITThunks.cpp:
(JSC::JITThunks::finalize):
* runtime/AbstractModuleRecord.cpp:
(JSC::AbstractModuleRecord::destroy):
* runtime/ExecutableBase.cpp:
(JSC::ExecutableBase::clearCode):
* runtime/JSCellInlines.h:
(JSC::JSCell::classInfo):
(JSC::JSCell::callDestructor):
* runtime/JSLock.h:
(JSC::JSLock::exclusiveThread):
(JSC::JSLock::ownerThread): Deleted.
* runtime/JSModuleNamespaceObject.cpp:
(JSC::JSModuleNamespaceObject::destroy):
* runtime/JSModuleRecord.cpp:
(JSC::JSModuleRecord::destroy):
* runtime/JSPropertyNameEnumerator.cpp:
(JSC::JSPropertyNameEnumerator::destroy):
* runtime/JSSegmentedVariableObject.h:
* runtime/SymbolTable.cpp:
(JSC::SymbolTable::destroy):
* runtime/VM.h:
* wasm/js/JSWebAssemblyCallee.cpp:
(JSC::JSWebAssemblyCallee::destroy):
* wasm/js/WebAssemblyModuleRecord.cpp:
(JSC::WebAssemblyModuleRecord::destroy):
* wasm/js/WebAssemblyToJSCallee.cpp:
(JSC::WebAssemblyToJSCallee::WebAssemblyToJSCallee):
(JSC::WebAssemblyToJSCallee::destroy):
Source/WebCore:
* bindings/js/JSCSSValueCustom.cpp:
(WebCore::JSDeprecatedCSSOMValueOwner::finalize):
* bindings/js/JSDOMIterator.h:
(WebCore::IteratorTraits>::destroy):
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateImplementation):</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceJavaScriptCoreAPIJSAPIWrapperObjectmm">trunk/Source/JavaScriptCore/API/JSAPIWrapperObject.mm</a></li>
<li><a href="#trunkSourceJavaScriptCoreAPIJSCallbackObjecth">trunk/Source/JavaScriptCore/API/JSCallbackObject.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreAPIJSCallbackObjectFunctionsh">trunk/Source/JavaScriptCore/API/JSCallbackObjectFunctions.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreAPIJSObjectRefcpp">trunk/Source/JavaScriptCore/API/JSObjectRef.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreChangeLog">trunk/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeEvalCodeBlockcpp">trunk/Source/JavaScriptCore/bytecode/EvalCodeBlock.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeFunctionCodeBlockcpp">trunk/Source/JavaScriptCore/bytecode/FunctionCodeBlock.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeModuleProgramCodeBlockcpp">trunk/Source/JavaScriptCore/bytecode/ModuleProgramCodeBlock.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeProgramCodeBlockcpp">trunk/Source/JavaScriptCore/bytecode/ProgramCodeBlock.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeUnlinkedEvalCodeBlockcpp">trunk/Source/JavaScriptCore/bytecode/UnlinkedEvalCodeBlock.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeUnlinkedFunctionCodeBlockcpp">trunk/Source/JavaScriptCore/bytecode/UnlinkedFunctionCodeBlock.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeUnlinkedFunctionExecutablecpp">trunk/Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeUnlinkedModuleProgramCodeBlockcpp">trunk/Source/JavaScriptCore/bytecode/UnlinkedModuleProgramCodeBlock.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeUnlinkedProgramCodeBlockcpp">trunk/Source/JavaScriptCore/bytecode/UnlinkedProgramCodeBlock.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreheapCodeBlockSetcpp">trunk/Source/JavaScriptCore/heap/CodeBlockSet.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreheapMarkedAllocatorcpp">trunk/Source/JavaScriptCore/heap/MarkedAllocator.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreheapMarkedBlockcpp">trunk/Source/JavaScriptCore/heap/MarkedBlock.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITThunkscpp">trunk/Source/JavaScriptCore/jit/JITThunks.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeAbstractModuleRecordcpp">trunk/Source/JavaScriptCore/runtime/AbstractModuleRecord.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeExecutableBasecpp">trunk/Source/JavaScriptCore/runtime/ExecutableBase.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSCellInlinesh">trunk/Source/JavaScriptCore/runtime/JSCellInlines.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSLockh">trunk/Source/JavaScriptCore/runtime/JSLock.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSModuleNamespaceObjectcpp">trunk/Source/JavaScriptCore/runtime/JSModuleNamespaceObject.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSModuleRecordcpp">trunk/Source/JavaScriptCore/runtime/JSModuleRecord.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSPropertyNameEnumeratorcpp">trunk/Source/JavaScriptCore/runtime/JSPropertyNameEnumerator.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSSegmentedVariableObjecth">trunk/Source/JavaScriptCore/runtime/JSSegmentedVariableObject.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeSymbolTablecpp">trunk/Source/JavaScriptCore/runtime/SymbolTable.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeVMh">trunk/Source/JavaScriptCore/runtime/VM.h</a></li>
<li><a href="#trunkSourceJavaScriptCorewasmjsJSWebAssemblyCalleecpp">trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyCallee.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorewasmjsWebAssemblyModuleRecordcpp">trunk/Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorewasmjsWebAssemblyToJSCalleecpp">trunk/Source/JavaScriptCore/wasm/js/WebAssemblyToJSCallee.cpp</a></li>
<li><a href="#trunkSourceWebCoreChangeLog">trunk/Source/WebCore/ChangeLog</a></li>
<li><a href="#trunkSourceWebCorebindingsjsJSCSSValueCustomcpp">trunk/Source/WebCore/bindings/js/JSCSSValueCustom.cpp</a></li>
<li><a href="#trunkSourceWebCorebindingsjsJSDOMIteratorh">trunk/Source/WebCore/bindings/js/JSDOMIterator.h</a></li>
<li><a href="#trunkSourceWebCorebindingsscriptsCodeGeneratorJSpm">trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceJavaScriptCoreAPIJSAPIWrapperObjectmm"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/API/JSAPIWrapperObject.mm (210823 => 210824)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/API/JSAPIWrapperObject.mm 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/JavaScriptCore/API/JSAPIWrapperObject.mm 2017-01-17 20:25:36 UTC (rev 210824)
</span><span class="lines">@@ -48,7 +48,7 @@
</span><span class="cx">
</span><span class="cx"> void JSAPIWrapperObjectHandleOwner::finalize(JSC::Handle<JSC::Unknown> handle, void*)
</span><span class="cx"> {
</span><del>- JSC::JSAPIWrapperObject* wrapperObject = static_cast<JSC::JSAPIWrapperObject*>(handle.get().asCell());
</del><ins>+ JSC::JSAPIWrapperObject* wrapperObject = JSC::jsCast<JSC::JSAPIWrapperObject*>(handle.get().asCell());
</ins><span class="cx"> if (!wrapperObject->wrappedObject())
</span><span class="cx"> return;
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreAPIJSCallbackObjecth"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/API/JSCallbackObject.h (210823 => 210824)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/API/JSCallbackObject.h 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/JavaScriptCore/API/JSCallbackObject.h 2017-01-17 20:25:36 UTC (rev 210824)
</span><span class="lines">@@ -232,7 +232,6 @@
</span><span class="cx"> static EncodedJSValue callbackGetter(ExecState*, EncodedJSValue, PropertyName);
</span><span class="cx">
</span><span class="cx"> std::unique_ptr<JSCallbackObjectData> m_callbackObjectData;
</span><del>- const ClassInfo* m_classInfo;
</del><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreAPIJSCallbackObjectFunctionsh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/API/JSCallbackObjectFunctions.h (210823 => 210824)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/API/JSCallbackObjectFunctions.h 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/JavaScriptCore/API/JSCallbackObjectFunctions.h 2017-01-17 20:25:36 UTC (rev 210824)
</span><span class="lines">@@ -74,17 +74,11 @@
</span><span class="cx"> template <class Parent>
</span><span class="cx"> JSCallbackObject<Parent>::~JSCallbackObject()
</span><span class="cx"> {
</span><del>- VM* vm = this->HeapCell::vm();
- vm->currentlyDestructingCallbackObject = this;
- ASSERT(m_classInfo);
- vm->currentlyDestructingCallbackObjectClassInfo = m_classInfo;
</del><span class="cx"> JSObjectRef thisRef = toRef(static_cast<JSObject*>(this));
</span><span class="cx"> for (JSClassRef jsClass = classRef(); jsClass; jsClass = jsClass->parentClass) {
</span><span class="cx"> if (JSObjectFinalizeCallback finalize = jsClass->finalize)
</span><span class="cx"> finalize(thisRef);
</span><span class="cx"> }
</span><del>- vm->currentlyDestructingCallbackObject = nullptr;
- vm->currentlyDestructingCallbackObjectClassInfo = nullptr;
</del><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> template <class Parent>
</span><span class="lines">@@ -123,8 +117,6 @@
</span><span class="cx"> JSObjectInitializeCallback initialize = initRoutines[i];
</span><span class="cx"> initialize(toRef(exec), toRef(this));
</span><span class="cx"> }
</span><del>-
- m_classInfo = this->classInfo();
</del><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> template <class Parent>
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreAPIJSObjectRefcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/API/JSObjectRef.cpp (210823 => 210824)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/API/JSObjectRef.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/JavaScriptCore/API/JSObjectRef.cpp 2017-01-17 20:25:36 UTC (rev 210824)
</span><span class="lines">@@ -380,38 +380,21 @@
</span><span class="cx"> return result;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-// API objects have private properties, which may get accessed during destruction. This
-// helper lets us get the ClassInfo of an API object from a function that may get called
-// during destruction.
-static const ClassInfo* classInfoPrivate(JSObject* jsObject)
-{
- VM* vm = jsObject->vm();
-
- if (vm->currentlyDestructingCallbackObject != jsObject)
- return jsObject->classInfo();
-
- return vm->currentlyDestructingCallbackObjectClassInfo;
-}
-
</del><span class="cx"> void* JSObjectGetPrivate(JSObjectRef object)
</span><span class="cx"> {
</span><span class="cx"> JSObject* jsObject = uncheckedToJS(object);
</span><span class="cx">
</span><del>- const ClassInfo* classInfo = classInfoPrivate(jsObject);
-
</del><span class="cx"> // Get wrapped object if proxied
</span><del>- if (classInfo->isSubClassOf(JSProxy::info())) {
- jsObject = static_cast<JSProxy*>(jsObject)->target();
- classInfo = jsObject->classInfo();
- }
</del><ins>+ if (jsObject->inherits(JSProxy::info()))
+ jsObject = jsCast<JSProxy*>(jsObject)->target();
</ins><span class="cx">
</span><del>- if (classInfo->isSubClassOf(JSCallbackObject<JSGlobalObject>::info()))
- return static_cast<JSCallbackObject<JSGlobalObject>*>(jsObject)->getPrivate();
- if (classInfo->isSubClassOf(JSCallbackObject<JSDestructibleObject>::info()))
- return static_cast<JSCallbackObject<JSDestructibleObject>*>(jsObject)->getPrivate();
</del><ins>+ if (jsObject->inherits(JSCallbackObject<JSGlobalObject>::info()))
+ return jsCast<JSCallbackObject<JSGlobalObject>*>(jsObject)->getPrivate();
+ if (jsObject->inherits(JSCallbackObject<JSDestructibleObject>::info()))
+ return jsCast<JSCallbackObject<JSDestructibleObject>*>(jsObject)->getPrivate();
</ins><span class="cx"> #if JSC_OBJC_API_ENABLED
</span><del>- if (classInfo->isSubClassOf(JSCallbackObject<JSAPIWrapperObject>::info()))
- return static_cast<JSCallbackObject<JSAPIWrapperObject>*>(jsObject)->getPrivate();
</del><ins>+ if (jsObject->inherits(JSCallbackObject<JSAPIWrapperObject>::info()))
+ return jsCast<JSCallbackObject<JSAPIWrapperObject>*>(jsObject)->getPrivate();
</ins><span class="cx"> #endif
</span><span class="cx">
</span><span class="cx"> return 0;
</span><span class="lines">@@ -421,24 +404,20 @@
</span><span class="cx"> {
</span><span class="cx"> JSObject* jsObject = uncheckedToJS(object);
</span><span class="cx">
</span><del>- const ClassInfo* classInfo = classInfoPrivate(jsObject);
-
</del><span class="cx"> // Get wrapped object if proxied
</span><del>- if (classInfo->isSubClassOf(JSProxy::info())) {
</del><ins>+ if (jsObject->inherits(JSProxy::info()))
</ins><span class="cx"> jsObject = jsCast<JSProxy*>(jsObject)->target();
</span><del>- classInfo = jsObject->classInfo();
- }
</del><span class="cx">
</span><del>- if (classInfo->isSubClassOf(JSCallbackObject<JSGlobalObject>::info())) {
</del><ins>+ if (jsObject->inherits(JSCallbackObject<JSGlobalObject>::info())) {
</ins><span class="cx"> jsCast<JSCallbackObject<JSGlobalObject>*>(jsObject)->setPrivate(data);
</span><span class="cx"> return true;
</span><span class="cx"> }
</span><del>- if (classInfo->isSubClassOf(JSCallbackObject<JSDestructibleObject>::info())) {
</del><ins>+ if (jsObject->inherits(JSCallbackObject<JSDestructibleObject>::info())) {
</ins><span class="cx"> jsCast<JSCallbackObject<JSDestructibleObject>*>(jsObject)->setPrivate(data);
</span><span class="cx"> return true;
</span><span class="cx"> }
</span><span class="cx"> #if JSC_OBJC_API_ENABLED
</span><del>- if (classInfo->isSubClassOf(JSCallbackObject<JSAPIWrapperObject>::info())) {
</del><ins>+ if (jsObject->inherits(JSCallbackObject<JSAPIWrapperObject>::info())) {
</ins><span class="cx"> jsCast<JSCallbackObject<JSAPIWrapperObject>*>(jsObject)->setPrivate(data);
</span><span class="cx"> return true;
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ChangeLog (210823 => 210824)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ChangeLog 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/JavaScriptCore/ChangeLog 2017-01-17 20:25:36 UTC (rev 210824)
</span><span class="lines">@@ -1,3 +1,73 @@
</span><ins>+2017-01-17 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed, roll out http://trac.webkit.org/changeset/210821
+ It was causing crashes.
+
+ * API/JSAPIWrapperObject.mm:
+ (JSAPIWrapperObjectHandleOwner::finalize):
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::JSCallbackObject<Parent>::~JSCallbackObject):
+ (JSC::JSCallbackObject<Parent>::init):
+ * API/JSObjectRef.cpp:
+ (JSObjectGetPrivate):
+ (JSObjectSetPrivate):
+ (classInfoPrivate): Deleted.
+ * bytecode/EvalCodeBlock.cpp:
+ (JSC::EvalCodeBlock::destroy):
+ * bytecode/FunctionCodeBlock.cpp:
+ (JSC::FunctionCodeBlock::destroy):
+ * bytecode/ModuleProgramCodeBlock.cpp:
+ (JSC::ModuleProgramCodeBlock::destroy):
+ * bytecode/ProgramCodeBlock.cpp:
+ (JSC::ProgramCodeBlock::destroy):
+ * bytecode/UnlinkedEvalCodeBlock.cpp:
+ (JSC::UnlinkedEvalCodeBlock::destroy):
+ * bytecode/UnlinkedFunctionCodeBlock.cpp:
+ (JSC::UnlinkedFunctionCodeBlock::destroy):
+ * bytecode/UnlinkedFunctionExecutable.cpp:
+ (JSC::UnlinkedFunctionExecutable::destroy):
+ * bytecode/UnlinkedModuleProgramCodeBlock.cpp:
+ (JSC::UnlinkedModuleProgramCodeBlock::destroy):
+ * bytecode/UnlinkedProgramCodeBlock.cpp:
+ (JSC::UnlinkedProgramCodeBlock::destroy):
+ * heap/CodeBlockSet.cpp:
+ (JSC::CodeBlockSet::lastChanceToFinalize):
+ (JSC::CodeBlockSet::deleteUnmarkedAndUnreferenced):
+ * heap/MarkedAllocator.cpp:
+ (JSC::MarkedAllocator::allocateSlowCaseImpl):
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::Handle::sweep):
+ * jit/JITThunks.cpp:
+ (JSC::JITThunks::finalize):
+ * runtime/AbstractModuleRecord.cpp:
+ (JSC::AbstractModuleRecord::destroy):
+ * runtime/ExecutableBase.cpp:
+ (JSC::ExecutableBase::clearCode):
+ * runtime/JSCellInlines.h:
+ (JSC::JSCell::classInfo):
+ (JSC::JSCell::callDestructor):
+ * runtime/JSLock.h:
+ (JSC::JSLock::exclusiveThread):
+ (JSC::JSLock::ownerThread): Deleted.
+ * runtime/JSModuleNamespaceObject.cpp:
+ (JSC::JSModuleNamespaceObject::destroy):
+ * runtime/JSModuleRecord.cpp:
+ (JSC::JSModuleRecord::destroy):
+ * runtime/JSPropertyNameEnumerator.cpp:
+ (JSC::JSPropertyNameEnumerator::destroy):
+ * runtime/JSSegmentedVariableObject.h:
+ * runtime/SymbolTable.cpp:
+ (JSC::SymbolTable::destroy):
+ * runtime/VM.h:
+ * wasm/js/JSWebAssemblyCallee.cpp:
+ (JSC::JSWebAssemblyCallee::destroy):
+ * wasm/js/WebAssemblyModuleRecord.cpp:
+ (JSC::WebAssemblyModuleRecord::destroy):
+ * wasm/js/WebAssemblyToJSCallee.cpp:
+ (JSC::WebAssemblyToJSCallee::WebAssemblyToJSCallee):
+ (JSC::WebAssemblyToJSCallee::destroy):
+
</ins><span class="cx"> 2017-01-16 Filip Pizlo <fpizlo@apple.com>
</span><span class="cx">
</span><span class="cx"> JSCell::classInfo() shouldn't have a bunch of mitigations for being called during destruction
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeEvalCodeBlockcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/EvalCodeBlock.cpp (210823 => 210824)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/EvalCodeBlock.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/JavaScriptCore/bytecode/EvalCodeBlock.cpp 2017-01-17 20:25:36 UTC (rev 210824)
</span><span class="lines">@@ -39,7 +39,7 @@
</span><span class="cx">
</span><span class="cx"> void EvalCodeBlock::destroy(JSCell* cell)
</span><span class="cx"> {
</span><del>- static_cast<EvalCodeBlock*>(cell)->~EvalCodeBlock();
</del><ins>+ jsCast<EvalCodeBlock*>(cell)->~EvalCodeBlock();
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeFunctionCodeBlockcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/FunctionCodeBlock.cpp (210823 => 210824)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/FunctionCodeBlock.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/JavaScriptCore/bytecode/FunctionCodeBlock.cpp 2017-01-17 20:25:36 UTC (rev 210824)
</span><span class="lines">@@ -39,7 +39,7 @@
</span><span class="cx">
</span><span class="cx"> void FunctionCodeBlock::destroy(JSCell* cell)
</span><span class="cx"> {
</span><del>- static_cast<FunctionCodeBlock*>(cell)->~FunctionCodeBlock();
</del><ins>+ jsCast<FunctionCodeBlock*>(cell)->~FunctionCodeBlock();
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeModuleProgramCodeBlockcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/ModuleProgramCodeBlock.cpp (210823 => 210824)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/ModuleProgramCodeBlock.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/JavaScriptCore/bytecode/ModuleProgramCodeBlock.cpp 2017-01-17 20:25:36 UTC (rev 210824)
</span><span class="lines">@@ -39,7 +39,7 @@
</span><span class="cx">
</span><span class="cx"> void ModuleProgramCodeBlock::destroy(JSCell* cell)
</span><span class="cx"> {
</span><del>- static_cast<ModuleProgramCodeBlock*>(cell)->~ModuleProgramCodeBlock();
</del><ins>+ jsCast<ModuleProgramCodeBlock*>(cell)->~ModuleProgramCodeBlock();
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeProgramCodeBlockcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/ProgramCodeBlock.cpp (210823 => 210824)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/ProgramCodeBlock.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/JavaScriptCore/bytecode/ProgramCodeBlock.cpp 2017-01-17 20:25:36 UTC (rev 210824)
</span><span class="lines">@@ -39,7 +39,7 @@
</span><span class="cx">
</span><span class="cx"> void ProgramCodeBlock::destroy(JSCell* cell)
</span><span class="cx"> {
</span><del>- static_cast<ProgramCodeBlock*>(cell)->~ProgramCodeBlock();
</del><ins>+ jsCast<ProgramCodeBlock*>(cell)->~ProgramCodeBlock();
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeUnlinkedEvalCodeBlockcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/UnlinkedEvalCodeBlock.cpp (210823 => 210824)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/UnlinkedEvalCodeBlock.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/JavaScriptCore/bytecode/UnlinkedEvalCodeBlock.cpp 2017-01-17 20:25:36 UTC (rev 210824)
</span><span class="lines">@@ -34,7 +34,7 @@
</span><span class="cx">
</span><span class="cx"> void UnlinkedEvalCodeBlock::destroy(JSCell* cell)
</span><span class="cx"> {
</span><del>- static_cast<UnlinkedEvalCodeBlock*>(cell)->~UnlinkedEvalCodeBlock();
</del><ins>+ jsCast<UnlinkedEvalCodeBlock*>(cell)->~UnlinkedEvalCodeBlock();
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeUnlinkedFunctionCodeBlockcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/UnlinkedFunctionCodeBlock.cpp (210823 => 210824)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/UnlinkedFunctionCodeBlock.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/JavaScriptCore/bytecode/UnlinkedFunctionCodeBlock.cpp 2017-01-17 20:25:36 UTC (rev 210824)
</span><span class="lines">@@ -34,7 +34,7 @@
</span><span class="cx">
</span><span class="cx"> void UnlinkedFunctionCodeBlock::destroy(JSCell* cell)
</span><span class="cx"> {
</span><del>- static_cast<UnlinkedFunctionCodeBlock*>(cell)->~UnlinkedFunctionCodeBlock();
</del><ins>+ jsCast<UnlinkedFunctionCodeBlock*>(cell)->~UnlinkedFunctionCodeBlock();
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeUnlinkedFunctionExecutablecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.cpp (210823 => 210824)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.cpp 2017-01-17 20:25:36 UTC (rev 210824)
</span><span class="lines">@@ -119,7 +119,7 @@
</span><span class="cx">
</span><span class="cx"> void UnlinkedFunctionExecutable::destroy(JSCell* cell)
</span><span class="cx"> {
</span><del>- static_cast<UnlinkedFunctionExecutable*>(cell)->~UnlinkedFunctionExecutable();
</del><ins>+ jsCast<UnlinkedFunctionExecutable*>(cell)->~UnlinkedFunctionExecutable();
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void UnlinkedFunctionExecutable::visitChildren(JSCell* cell, SlotVisitor& visitor)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeUnlinkedModuleProgramCodeBlockcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/UnlinkedModuleProgramCodeBlock.cpp (210823 => 210824)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/UnlinkedModuleProgramCodeBlock.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/JavaScriptCore/bytecode/UnlinkedModuleProgramCodeBlock.cpp 2017-01-17 20:25:36 UTC (rev 210824)
</span><span class="lines">@@ -42,7 +42,7 @@
</span><span class="cx">
</span><span class="cx"> void UnlinkedModuleProgramCodeBlock::destroy(JSCell* cell)
</span><span class="cx"> {
</span><del>- static_cast<UnlinkedModuleProgramCodeBlock*>(cell)->~UnlinkedModuleProgramCodeBlock();
</del><ins>+ jsCast<UnlinkedModuleProgramCodeBlock*>(cell)->~UnlinkedModuleProgramCodeBlock();
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeUnlinkedProgramCodeBlockcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/UnlinkedProgramCodeBlock.cpp (210823 => 210824)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/UnlinkedProgramCodeBlock.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/JavaScriptCore/bytecode/UnlinkedProgramCodeBlock.cpp 2017-01-17 20:25:36 UTC (rev 210824)
</span><span class="lines">@@ -42,7 +42,7 @@
</span><span class="cx">
</span><span class="cx"> void UnlinkedProgramCodeBlock::destroy(JSCell* cell)
</span><span class="cx"> {
</span><del>- static_cast<UnlinkedProgramCodeBlock*>(cell)->~UnlinkedProgramCodeBlock();
</del><ins>+ jsCast<UnlinkedProgramCodeBlock*>(cell)->~UnlinkedProgramCodeBlock();
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreheapCodeBlockSetcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/heap/CodeBlockSet.cpp (210823 => 210824)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/heap/CodeBlockSet.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/JavaScriptCore/heap/CodeBlockSet.cpp 2017-01-17 20:25:36 UTC (rev 210824)
</span><span class="lines">@@ -65,10 +65,10 @@
</span><span class="cx"> {
</span><span class="cx"> LockHolder locker(&m_lock);
</span><span class="cx"> for (CodeBlock* codeBlock : m_newCodeBlocks)
</span><del>- codeBlock->structure()->classInfo()->methodTable.destroy(codeBlock);
</del><ins>+ codeBlock->classInfo()->methodTable.destroy(codeBlock);
</ins><span class="cx">
</span><span class="cx"> for (CodeBlock* codeBlock : m_oldCodeBlocks)
</span><del>- codeBlock->structure()->classInfo()->methodTable.destroy(codeBlock);
</del><ins>+ codeBlock->classInfo()->methodTable.destroy(codeBlock);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void CodeBlockSet::deleteUnmarkedAndUnreferenced(CollectionScope scope)
</span><span class="lines">@@ -83,7 +83,7 @@
</span><span class="cx"> unmarked.append(codeBlock);
</span><span class="cx"> }
</span><span class="cx"> for (CodeBlock* codeBlock : unmarked) {
</span><del>- codeBlock->structure()->classInfo()->methodTable.destroy(codeBlock);
</del><ins>+ codeBlock->classInfo()->methodTable.destroy(codeBlock);
</ins><span class="cx"> set.remove(codeBlock);
</span><span class="cx"> }
</span><span class="cx"> unmarked.resize(0);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreheapMarkedAllocatorcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/heap/MarkedAllocator.cpp (210823 => 210824)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/heap/MarkedAllocator.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/JavaScriptCore/heap/MarkedAllocator.cpp 2017-01-17 20:25:36 UTC (rev 210824)
</span><span class="lines">@@ -211,7 +211,7 @@
</span><span class="cx">
</span><span class="cx"> didConsumeFreeList();
</span><span class="cx">
</span><del>- AllocatingScope helpingHeap(*m_heap);
</del><ins>+ AllocatingScope healpingHeap(*m_heap);
</ins><span class="cx">
</span><span class="cx"> m_heap->collectIfNecessaryOrDefer(deferralContext);
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreheapMarkedBlockcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/heap/MarkedBlock.cpp (210823 => 210824)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/heap/MarkedBlock.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/JavaScriptCore/heap/MarkedBlock.cpp 2017-01-17 20:25:36 UTC (rev 210824)
</span><span class="lines">@@ -26,7 +26,6 @@
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "MarkedBlock.h"
</span><span class="cx">
</span><del>-#include "HelpingGCScope.h"
</del><span class="cx"> #include "JSCell.h"
</span><span class="cx"> #include "JSDestructibleObject.h"
</span><span class="cx"> #include "JSCInlines.h"
</span><span class="lines">@@ -196,9 +195,6 @@
</span><span class="cx">
</span><span class="cx"> FreeList MarkedBlock::Handle::sweep(SweepMode sweepMode)
</span><span class="cx"> {
</span><del>- // FIXME: Maybe HelpingGCScope should just be called SweepScope?
- HelpingGCScope helpingGCScope(*heap());
-
</del><span class="cx"> m_allocator->setIsUnswept(NoLockingNecessary, this, false);
</span><span class="cx">
</span><span class="cx"> m_weakSet.sweep();
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITThunkscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITThunks.cpp (210823 => 210824)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITThunks.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/JavaScriptCore/jit/JITThunks.cpp 2017-01-17 20:25:36 UTC (rev 210824)
</span><span class="lines">@@ -84,7 +84,7 @@
</span><span class="cx">
</span><span class="cx"> void JITThunks::finalize(Handle<Unknown> handle, void*)
</span><span class="cx"> {
</span><del>- auto* nativeExecutable = static_cast<NativeExecutable*>(handle.get().asCell());
</del><ins>+ auto* nativeExecutable = jsCast<NativeExecutable*>(handle.get().asCell());
</ins><span class="cx"> weakRemove(*m_hostFunctionStubMap, std::make_tuple(nativeExecutable->function(), nativeExecutable->constructor(), nativeExecutable->name()), nativeExecutable);
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeAbstractModuleRecordcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/AbstractModuleRecord.cpp (210823 => 210824)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/AbstractModuleRecord.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/JavaScriptCore/runtime/AbstractModuleRecord.cpp 2017-01-17 20:25:36 UTC (rev 210824)
</span><span class="lines">@@ -46,7 +46,7 @@
</span><span class="cx">
</span><span class="cx"> void AbstractModuleRecord::destroy(JSCell* cell)
</span><span class="cx"> {
</span><del>- AbstractModuleRecord* thisObject = static_cast<AbstractModuleRecord*>(cell);
</del><ins>+ AbstractModuleRecord* thisObject = jsCast<AbstractModuleRecord*>(cell);
</ins><span class="cx"> thisObject->AbstractModuleRecord::~AbstractModuleRecord();
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeExecutableBasecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/ExecutableBase.cpp (210823 => 210824)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/ExecutableBase.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/JavaScriptCore/runtime/ExecutableBase.cpp 2017-01-17 20:25:36 UTC (rev 210824)
</span><span class="lines">@@ -60,29 +60,29 @@
</span><span class="cx"> m_numParametersForCall = NUM_PARAMETERS_NOT_COMPILED;
</span><span class="cx"> m_numParametersForConstruct = NUM_PARAMETERS_NOT_COMPILED;
</span><span class="cx">
</span><del>- if (structure()->classInfo() == FunctionExecutable::info()) {
- FunctionExecutable* executable = static_cast<FunctionExecutable*>(this);
</del><ins>+ if (classInfo() == FunctionExecutable::info()) {
+ FunctionExecutable* executable = jsCast<FunctionExecutable*>(this);
</ins><span class="cx"> executable->m_codeBlockForCall.clear();
</span><span class="cx"> executable->m_codeBlockForConstruct.clear();
</span><span class="cx"> return;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- if (structure()->classInfo() == EvalExecutable::info()) {
- EvalExecutable* executable = static_cast<EvalExecutable*>(this);
</del><ins>+ if (classInfo() == EvalExecutable::info()) {
+ EvalExecutable* executable = jsCast<EvalExecutable*>(this);
</ins><span class="cx"> executable->m_evalCodeBlock.clear();
</span><span class="cx"> executable->m_unlinkedEvalCodeBlock.clear();
</span><span class="cx"> return;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- if (structure()->classInfo() == ProgramExecutable::info()) {
- ProgramExecutable* executable = static_cast<ProgramExecutable*>(this);
</del><ins>+ if (classInfo() == ProgramExecutable::info()) {
+ ProgramExecutable* executable = jsCast<ProgramExecutable*>(this);
</ins><span class="cx"> executable->m_programCodeBlock.clear();
</span><span class="cx"> executable->m_unlinkedProgramCodeBlock.clear();
</span><span class="cx"> return;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- if (structure()->classInfo() == ModuleProgramExecutable::info()) {
- ModuleProgramExecutable* executable = static_cast<ModuleProgramExecutable*>(this);
</del><ins>+ if (classInfo() == ModuleProgramExecutable::info()) {
+ ModuleProgramExecutable* executable = jsCast<ModuleProgramExecutable*>(this);
</ins><span class="cx"> executable->m_moduleProgramCodeBlock.clear();
</span><span class="cx"> executable->m_unlinkedModuleProgramCodeBlock.clear();
</span><span class="cx"> executable->m_moduleEnvironmentSymbolTable.clear();
</span><span class="lines">@@ -89,7 +89,7 @@
</span><span class="cx"> return;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- ASSERT(structure()->classInfo() == NativeExecutable::info());
</del><ins>+ ASSERT(classInfo() == NativeExecutable::info());
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void ExecutableBase::dump(PrintStream& out) const
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSCellInlinesh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSCellInlines.h (210823 => 210824)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSCellInlines.h 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/JavaScriptCore/runtime/JSCellInlines.h 2017-01-17 20:25:36 UTC (rev 210824)
</span><span class="lines">@@ -267,13 +267,17 @@
</span><span class="cx">
</span><span class="cx"> ALWAYS_INLINE const ClassInfo* JSCell::classInfo() const
</span><span class="cx"> {
</span><del>- VM* vm;
- if (isLargeAllocation())
- vm = largeAllocation().vm();
- else
- vm = markedBlock().vm();
- ASSERT(vm->heap.mutatorState() == MutatorState::Running || vm->apiLock().ownerThread() != std::this_thread::get_id());
- return structure(*vm)->classInfo();
</del><ins>+ if (isLargeAllocation()) {
+ LargeAllocation& allocation = largeAllocation();
+ if (allocation.attributes().destruction == NeedsDestruction
+ && !(inlineTypeFlags() & StructureIsImmortal))
+ return static_cast<const JSDestructibleObject*>(this)->classInfo();
+ return structure(*allocation.vm())->classInfo();
+ }
+ MarkedBlock& block = markedBlock();
+ if (block.needsDestruction() && !(inlineTypeFlags() & StructureIsImmortal))
+ return static_cast<const JSDestructibleObject*>(this)->classInfo();
+ return structure(*block.vm())->classInfo();
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> inline bool JSCell::toBoolean(ExecState* exec) const
</span><span class="lines">@@ -303,7 +307,7 @@
</span><span class="cx"> MethodTable::DestroyFunctionPtr destroy = classInfo->methodTable.destroy;
</span><span class="cx"> destroy(this);
</span><span class="cx"> } else
</span><del>- static_cast<JSDestructibleObject*>(this)->classInfo()->methodTable.destroy(this);
</del><ins>+ jsCast<JSDestructibleObject*>(this)->classInfo()->methodTable.destroy(this);
</ins><span class="cx"> zap();
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSLockh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSLock.h (210823 => 210824)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSLock.h 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/JavaScriptCore/runtime/JSLock.h 2017-01-17 20:25:36 UTC (rev 210824)
</span><span class="lines">@@ -99,7 +99,6 @@
</span><span class="cx"> ASSERT(m_hasExclusiveThread);
</span><span class="cx"> return m_ownerThreadID;
</span><span class="cx"> }
</span><del>- std::thread::id ownerThread() const { return m_ownerThreadID; }
</del><span class="cx"> JS_EXPORT_PRIVATE void setExclusiveThread(std::thread::id);
</span><span class="cx"> JS_EXPORT_PRIVATE bool currentThreadIsHoldingLock();
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSModuleNamespaceObjectcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSModuleNamespaceObject.cpp (210823 => 210824)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSModuleNamespaceObject.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/JavaScriptCore/runtime/JSModuleNamespaceObject.cpp 2017-01-17 20:25:36 UTC (rev 210824)
</span><span class="lines">@@ -83,7 +83,7 @@
</span><span class="cx">
</span><span class="cx"> void JSModuleNamespaceObject::destroy(JSCell* cell)
</span><span class="cx"> {
</span><del>- JSModuleNamespaceObject* thisObject = static_cast<JSModuleNamespaceObject*>(cell);
</del><ins>+ JSModuleNamespaceObject* thisObject = jsCast<JSModuleNamespaceObject*>(cell);
</ins><span class="cx"> thisObject->JSModuleNamespaceObject::~JSModuleNamespaceObject();
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSModuleRecordcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSModuleRecord.cpp (210823 => 210824)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSModuleRecord.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/JavaScriptCore/runtime/JSModuleRecord.cpp 2017-01-17 20:25:36 UTC (rev 210824)
</span><span class="lines">@@ -59,7 +59,7 @@
</span><span class="cx">
</span><span class="cx"> void JSModuleRecord::destroy(JSCell* cell)
</span><span class="cx"> {
</span><del>- JSModuleRecord* thisObject = static_cast<JSModuleRecord*>(cell);
</del><ins>+ JSModuleRecord* thisObject = jsCast<JSModuleRecord*>(cell);
</ins><span class="cx"> thisObject->JSModuleRecord::~JSModuleRecord();
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSPropertyNameEnumeratorcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSPropertyNameEnumerator.cpp (210823 => 210824)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSPropertyNameEnumerator.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/JavaScriptCore/runtime/JSPropertyNameEnumerator.cpp 2017-01-17 20:25:36 UTC (rev 210824)
</span><span class="lines">@@ -83,7 +83,7 @@
</span><span class="cx">
</span><span class="cx"> void JSPropertyNameEnumerator::destroy(JSCell* cell)
</span><span class="cx"> {
</span><del>- static_cast<JSPropertyNameEnumerator*>(cell)->JSPropertyNameEnumerator::~JSPropertyNameEnumerator();
</del><ins>+ jsCast<JSPropertyNameEnumerator*>(cell)->JSPropertyNameEnumerator::~JSPropertyNameEnumerator();
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void JSPropertyNameEnumerator::visitChildren(JSCell* cell, SlotVisitor& visitor)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSSegmentedVariableObjecth"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSSegmentedVariableObject.h (210823 => 210824)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSSegmentedVariableObject.h 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/JavaScriptCore/runtime/JSSegmentedVariableObject.h 2017-01-17 20:25:36 UTC (rev 210824)
</span><span class="lines">@@ -47,8 +47,6 @@
</span><span class="cx"> // JSSegmentedVariableObject has its own GC tracing functionality, since it knows the
</span><span class="cx"> // exact dimensions of the variables array at all times.
</span><span class="cx">
</span><del>-// Except for JSGlobalObject, subclasses of this don't call the destructor and leak memory.
-
</del><span class="cx"> class JSSegmentedVariableObject : public JSSymbolTableObject {
</span><span class="cx"> friend class JIT;
</span><span class="cx"> friend class LLIntOffsetsExtractor;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeSymbolTablecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/SymbolTable.cpp (210823 => 210824)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/SymbolTable.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/JavaScriptCore/runtime/SymbolTable.cpp 2017-01-17 20:25:36 UTC (rev 210824)
</span><span class="lines">@@ -49,7 +49,7 @@
</span><span class="cx">
</span><span class="cx"> void SymbolTable::destroy(JSCell* cell)
</span><span class="cx"> {
</span><del>- SymbolTable* thisObject = static_cast<SymbolTable*>(cell);
</del><ins>+ SymbolTable* thisObject = jsCast<SymbolTable*>(cell);
</ins><span class="cx"> thisObject->SymbolTable::~SymbolTable();
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeVMh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/VM.h (210823 => 210824)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/VM.h 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/JavaScriptCore/runtime/VM.h 2017-01-17 20:25:36 UTC (rev 210824)
</span><span class="lines">@@ -363,9 +363,6 @@
</span><span class="cx"> std::once_flag m_wasmSignatureInformationOnceFlag;
</span><span class="cx"> std::unique_ptr<Wasm::SignatureInformation> m_wasmSignatureInformation;
</span><span class="cx"> #endif
</span><del>-
- JSCell* currentlyDestructingCallbackObject;
- const ClassInfo* currentlyDestructingCallbackObjectClassInfo;
</del><span class="cx">
</span><span class="cx"> AtomicStringTable* m_atomicStringTable;
</span><span class="cx"> WTF::SymbolRegistry m_symbolRegistry;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorewasmjsJSWebAssemblyCalleecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyCallee.cpp (210823 => 210824)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyCallee.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyCallee.cpp 2017-01-17 20:25:36 UTC (rev 210824)
</span><span class="lines">@@ -47,7 +47,7 @@
</span><span class="cx">
</span><span class="cx"> void JSWebAssemblyCallee::destroy(JSCell* cell)
</span><span class="cx"> {
</span><del>- JSWebAssemblyCallee* thisObject = static_cast<JSWebAssemblyCallee*>(cell);
</del><ins>+ JSWebAssemblyCallee* thisObject = jsCast<JSWebAssemblyCallee*>(cell);
</ins><span class="cx"> thisObject->JSWebAssemblyCallee::~JSWebAssemblyCallee();
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorewasmjsWebAssemblyModuleRecordcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp (210823 => 210824)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp 2017-01-17 20:25:36 UTC (rev 210824)
</span><span class="lines">@@ -64,7 +64,7 @@
</span><span class="cx">
</span><span class="cx"> void WebAssemblyModuleRecord::destroy(JSCell* cell)
</span><span class="cx"> {
</span><del>- WebAssemblyModuleRecord* thisObject = static_cast<WebAssemblyModuleRecord*>(cell);
</del><ins>+ WebAssemblyModuleRecord* thisObject = jsCast<WebAssemblyModuleRecord*>(cell);
</ins><span class="cx"> thisObject->WebAssemblyModuleRecord::~WebAssemblyModuleRecord();
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorewasmjsWebAssemblyToJSCalleecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/wasm/js/WebAssemblyToJSCallee.cpp (210823 => 210824)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/wasm/js/WebAssemblyToJSCallee.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/JavaScriptCore/wasm/js/WebAssemblyToJSCallee.cpp 2017-01-17 20:25:36 UTC (rev 210824)
</span><span class="lines">@@ -48,8 +48,7 @@
</span><span class="cx">
</span><span class="cx"> WebAssemblyToJSCallee::WebAssemblyToJSCallee(VM& vm, Structure* structure)
</span><span class="cx"> : Base(vm, structure)
</span><del>-{
-}
</del><ins>+{ }
</ins><span class="cx">
</span><span class="cx"> void WebAssemblyToJSCallee::finishCreation(VM& vm)
</span><span class="cx"> {
</span><span class="lines">@@ -58,7 +57,7 @@
</span><span class="cx">
</span><span class="cx"> void WebAssemblyToJSCallee::destroy(JSCell* cell)
</span><span class="cx"> {
</span><del>- WebAssemblyToJSCallee* thisObject = static_cast<WebAssemblyToJSCallee*>(cell);
</del><ins>+ WebAssemblyToJSCallee* thisObject = jsCast<WebAssemblyToJSCallee*>(cell);
</ins><span class="cx"> thisObject->WebAssemblyToJSCallee::~WebAssemblyToJSCallee();
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/ChangeLog (210823 => 210824)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/ChangeLog 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/WebCore/ChangeLog 2017-01-17 20:25:36 UTC (rev 210824)
</span><span class="lines">@@ -1,3 +1,15 @@
</span><ins>+2017-01-17 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed, roll out http://trac.webkit.org/changeset/210821
+ It was causing crashes.
+
+ * bindings/js/JSCSSValueCustom.cpp:
+ (WebCore::JSDeprecatedCSSOMValueOwner::finalize):
+ * bindings/js/JSDOMIterator.h:
+ (WebCore::IteratorTraits>::destroy):
+ * bindings/scripts/CodeGeneratorJS.pm:
+ (GenerateImplementation):
+
</ins><span class="cx"> 2017-01-17 Joseph Pecoraro <pecoraro@apple.com>
</span><span class="cx">
</span><span class="cx"> Crash when closing tab with debugger paused
</span></span></pre></div>
<a id="trunkSourceWebCorebindingsjsJSCSSValueCustomcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/bindings/js/JSCSSValueCustom.cpp (210823 => 210824)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/bindings/js/JSCSSValueCustom.cpp 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/WebCore/bindings/js/JSCSSValueCustom.cpp 2017-01-17 20:25:36 UTC (rev 210824)
</span><span class="lines">@@ -50,7 +50,7 @@
</span><span class="cx">
</span><span class="cx"> void JSDeprecatedCSSOMValueOwner::finalize(JSC::Handle<JSC::Unknown> handle, void* context)
</span><span class="cx"> {
</span><del>- JSDeprecatedCSSOMValue* jsCSSValue = static_cast<JSDeprecatedCSSOMValue*>(handle.slot()->asCell());
</del><ins>+ JSDeprecatedCSSOMValue* jsCSSValue = jsCast<JSDeprecatedCSSOMValue*>(handle.slot()->asCell());
</ins><span class="cx"> DOMWrapperWorld& world = *static_cast<DOMWrapperWorld*>(context);
</span><span class="cx"> world.m_deprecatedCSSOMValueRoots.remove(&jsCSSValue->wrapped());
</span><span class="cx"> uncacheWrapper(world, &jsCSSValue->wrapped(), jsCSSValue);
</span></span></pre></div>
<a id="trunkSourceWebCorebindingsjsJSDOMIteratorh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/bindings/js/JSDOMIterator.h (210823 => 210824)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/bindings/js/JSDOMIterator.h 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/WebCore/bindings/js/JSDOMIterator.h 2017-01-17 20:25:36 UTC (rev 210824)
</span><span class="lines">@@ -225,7 +225,7 @@
</span><span class="cx"> template<typename JSWrapper, typename IteratorTraits>
</span><span class="cx"> void JSDOMIterator<JSWrapper, IteratorTraits>::destroy(JSCell* cell)
</span><span class="cx"> {
</span><del>- JSDOMIterator<JSWrapper, IteratorTraits>* thisObject = static_cast<JSDOMIterator<JSWrapper, IteratorTraits>*>(cell);
</del><ins>+ JSDOMIterator<JSWrapper, IteratorTraits>* thisObject = JSC::jsCast<JSDOMIterator<JSWrapper, IteratorTraits>*>(cell);
</ins><span class="cx"> thisObject->JSDOMIterator<JSWrapper, IteratorTraits>::~JSDOMIterator();
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceWebCorebindingsscriptsCodeGeneratorJSpm"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm (210823 => 210824)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm 2017-01-17 20:04:38 UTC (rev 210823)
+++ trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm 2017-01-17 20:25:36 UTC (rev 210824)
</span><span class="lines">@@ -4243,7 +4243,7 @@
</span><span class="cx"> if (ShouldGenerateWrapperOwnerCode($hasParent, $interface) && !$interface->extendedAttributes->{JSCustomFinalize}) {
</span><span class="cx"> push(@implContent, "void JS${interfaceName}Owner::finalize(JSC::Handle<JSC::Unknown> handle, void* context)\n");
</span><span class="cx"> push(@implContent, "{\n");
</span><del>- push(@implContent, " auto* js${interfaceName} = static_cast<JS${interfaceName}*>(handle.slot()->asCell());\n");
</del><ins>+ push(@implContent, " auto* js${interfaceName} = jsCast<JS${interfaceName}*>(handle.slot()->asCell());\n");
</ins><span class="cx"> push(@implContent, " auto& world = *static_cast<DOMWrapperWorld*>(context);\n");
</span><span class="cx"> push(@implContent, " uncacheWrapper(world, &js${interfaceName}->wrapped(), js${interfaceName});\n");
</span><span class="cx"> push(@implContent, "}\n\n");
</span></span></pre>
</div>
</div>
</body>
</html>