[webkit-dev] Javascript collector

[Patrick Hanna]

I am running into a segmentation fault in  
Collector::collectOnMainThreadOnly on the line that reads:

cellBlock(cell)->collectOnMainThreadOnly.set(cellOffset(cell));

I believe that the reason is because the address passed in as 'value'  
is the address of a stack variable. This address comes from  
PluginsFunc::callAsFunction. PluginBase is created on the stack and  
the constructor for DOMObject calls  
Collector::collectOnMainThreadOnly with 'this' as the parameter.

My question is, should Collector::collectOnMainThreadOnly work with  
stack pointers? If it is supposed to work, when does the  
CollectorBlock for the stack object get created? Specificy,  
CollectorBlock::collectOnMainThreadOnly is the structure that I'm  
running in to problems with.

Thanks,

Patrick