-
mhahnenberg@apple.com authored
https://bugs.webkit.org/show_bug.cgi?id=123821 Reviewed by Darin Adler. Currently with the JSC Obj-C API, JS wrappers for client Obj-C objects retain their associated Obj-C object. When they are swept, they release their Obj-C objects which can trigger a call to that object's -dealloc method. These -dealloc methods can then call back into the same VM, which is not allowed during sweeping or VM shutdown. We can handle this case by creating our own pool of Obj-C objects to be released when it is safe to do so. This is accomplished by using DelayedReleaseScope, an RAII-style object that will retain all objects that are unsafe to release until the end of the DelayedReleaseScope. * API/APIShims.h: (JSC::APICallbackShim::APICallbackShim): (JSC::APICallbackShim::vmForDropAllLocks): (JSC::APICallbackShim::execForDropAllLocks): * API/JSAPIWrapperObject.mm: (JSAPIWrapperObjectHandleOwner::finalize): * API/ObjCCallbackFunction.mm: (JSC::ObjCCallbackFunctionImpl::destroy): (JSC::ObjCCallbackFunction::destroy): * API/tests/testapi.mm: (-[TinyDOMNode initWithVirtualMachine:]): (-[TinyDOMNode dealloc]): (-[TinyDOMNode appendChild:]): (-[TinyDOMNode removeChildAtIndex:]): (-[EvilAllocationObject initWithContext:]): (-[EvilAllocationObject dealloc]): (-[EvilAllocationObject doEvilThingsWithContext:]): * JavaScriptCore.xcodeproj/project.pbxproj: * heap/DelayedReleaseScope.h: Added. (JSC::DelayedReleaseScope::DelayedReleaseScope): (JSC::DelayedReleaseScope::~DelayedReleaseScope): (JSC::DelayedReleaseScope::releaseSoon): (JSC::MarkedSpace::releaseSoon): * heap/Heap.cpp: (JSC::Heap::collectAllGarbage): * heap/Heap.h: (JSC::Heap::releaseSoon): * heap/MarkedAllocator.cpp: (JSC::MarkedAllocator::allocateSlowCase): * heap/MarkedSpace.cpp: (JSC::MarkedSpace::MarkedSpace): (JSC::MarkedSpace::lastChanceToFinalize): (JSC::MarkedSpace::sweep): * heap/MarkedSpace.h: git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159351 268f45cc-cd09-0410-ab3c-d52691b4dbfc
ac6f1fd4mhahnenberg@apple.com authoredhttps://bugs.webkit.org/show_bug.cgi?id=123821 Reviewed by Darin Adler. Currently with the JSC Obj-C API, JS wrappers for client Obj-C objects retain their associated Obj-C object. When they are swept, they release their Obj-C objects which can trigger a call to that object's -dealloc method. These -dealloc methods can then call back into the same VM, which is not allowed during sweeping or VM shutdown. We can handle this case by creating our own pool of Obj-C objects to be released when it is safe to do so. This is accomplished by using DelayedReleaseScope, an RAII-style object that will retain all objects that are unsafe to release until the end of the DelayedReleaseScope. * API/APIShims.h: (JSC::APICallbackShim::APICallbackShim): (JSC::APICallbackShim::vmForDropAllLocks): (JSC::APICallbackShim::execForDropAllLocks): * API/JSAPIWrapperObject.mm: (JSAPIWrapperObjectHandleOwner::finalize): * API/ObjCCallbackFunction.mm: (JSC::ObjCCallbackFunctionImpl::destroy): (JSC::ObjCCallbackFunction::destroy): * API/tests/testapi.mm: (-[TinyDOMNode initWithVirtualMachine:]): (-[TinyDOMNode dealloc]): (-[TinyDOMNode appendChild:]): (-[TinyDOMNode removeChildAtIndex:]): (-[EvilAllocationObject initWithContext:]): (-[EvilAllocationObject dealloc]): (-[EvilAllocationObject doEvilThingsWithContext:]): * JavaScriptCore.xcodeproj/project.pbxproj: * heap/DelayedReleaseScope.h: Added. (JSC::DelayedReleaseScope::DelayedReleaseScope): (JSC::DelayedReleaseScope::~DelayedReleaseScope): (JSC::DelayedReleaseScope::releaseSoon): (JSC::MarkedSpace::releaseSoon): * heap/Heap.cpp: (JSC::Heap::collectAllGarbage): * heap/Heap.h: (JSC::Heap::releaseSoon): * heap/MarkedAllocator.cpp: (JSC::MarkedAllocator::allocateSlowCase): * heap/MarkedSpace.cpp: (JSC::MarkedSpace::MarkedSpace): (JSC::MarkedSpace::lastChanceToFinalize): (JSC::MarkedSpace::sweep): * heap/MarkedSpace.h: git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159351 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Loading