-
ggaren@apple.com authored
Reviewed by Oliver Hunt. When JSArray is allocated for the vptr stealing hack, it's not allocated in the heap, so the JSArray constructor can't safely call Heap::heap(). Since this was subtle enough to confuse smart people, I've changed JSArray to have an explicit vptr stealing constructor. * JavaScriptCore.xcodeproj/project.pbxproj: * runtime/JSArray.cpp: (JSC::JSArray::JSArray): * runtime/JSArray.h: (JSC::JSArray::): * runtime/JSGlobalData.cpp: (JSC::JSGlobalData::storeVPtrs): git-svn-id: http://svn.webkit.org/repository/webkit/trunk@64602 268f45cc-cd09-0410-ab3c-d52691b4dbfc
652ada99