-
barraclough@apple.com authored
GC in the middle of JSObject::allocatePropertyStorage can cause badness https://bugs.webkit.org/show_bug.cgi?id=83839 Reviewed by nobody. This breaks the world, with COLLECT_ON_EVERY_ALLOCATION enabled. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: * jit/JITStubs.cpp: (JSC::DEFINE_STUB_FUNCTION): * runtime/JSObject.cpp: (JSC::JSObject::allocatePropertyStorage): * runtime/JSObject.h: (JSObject): (JSC::JSObject::isUsingInlineStorage): (JSC): (JSC::JSObject::putDirectInternal): (JSC::JSObject::putDirectWithoutTransition): (JSC::JSObject::transitionTo): * runtime/Structure.cpp: (JSC): * runtime/Structure.h: (JSC::Structure::didTransition): git-svn-id: http://svn.webkit.org/repository/webkit/trunk@116494 268f45cc-cd09-0410-ab3c-d52691b4dbfc
a0426fa6