Skip to content
  • barraclough@apple.com's avatar
    ROLLING OUT r114255 · a0426fa6
    barraclough@apple.com authored
            
    GC in the middle of JSObject::allocatePropertyStorage can cause badness
    https://bugs.webkit.org/show_bug.cgi?id=83839
    
    Reviewed by nobody.
    
    This breaks the world, with COLLECT_ON_EVERY_ALLOCATION enabled.
    
    * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
    * jit/JITStubs.cpp:
    (JSC::DEFINE_STUB_FUNCTION):
    * runtime/JSObject.cpp:
    (JSC::JSObject::allocatePropertyStorage):
    * runtime/JSObject.h:
    (JSObject):
    (JSC::JSObject::isUsingInlineStorage):
    (JSC):
    (JSC::JSObject::putDirectInternal):
    (JSC::JSObject::putDirectWithoutTransition):
    (JSC::JSObject::transitionTo):
    * runtime/Structure.cpp:
    (JSC):
    * runtime/Structure.h:
    (JSC::Structure::didTransition):
    
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@116494 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    a0426fa6