• fpizlo@apple.com's avatar
    Assertion failure in JSC::SlotVisitor::copyLater when marking JSDataView · cd07b473
    fpizlo@apple.com authored
    https://bugs.webkit.org/show_bug.cgi?id=120099
    
    Source/JavaScriptCore: 
    
    Reviewed by Mark Hahnenberg.
            
    JSDataView should not store the ArrayBuffer* in the butterfly indexing header, since
    JSDataView may have ordinary JS indexed properties.
    
    * runtime/ClassInfo.h:
    * runtime/JSArrayBufferView.cpp:
    (JSC::JSArrayBufferView::ConstructionContext::ConstructionContext):
    (JSC::JSArrayBufferView::finishCreation):
    * runtime/JSArrayBufferView.h:
    (JSC::hasArrayBuffer):
    * runtime/JSArrayBufferViewInlines.h:
    (JSC::JSArrayBufferView::buffer):
    (JSC::JSArrayBufferView::neuter):
    (JSC::JSArrayBufferView::byteOffset):
    * runtime/JSCell.cpp:
    (JSC::JSCell::slowDownAndWasteMemory):
    * runtime/JSCell.h:
    * runtime/JSDataView.cpp:
    (JSC::JSDataView::JSDataView):
    (JSC::JSDataView::create):
    (JSC::JSDataView::slowDownAndWasteMemory):
    * runtime/JSDataView.h:
    (JSC::JSDataView::buffer):
    * runtime/JSGenericTypedArrayView.h:
    * runtime/JSGenericTypedArrayViewInlines.h:
    (JSC::::visitChildren):
    (JSC::::slowDownAndWasteMemory):
    
    LayoutTests: 
    
    Reviewed by Mark Hahnenberg.
    
    * fast/js/regress/ArrayBuffer-DataView-alloc-large-long-lived-expected.txt: Added.
    * fast/js/regress/ArrayBuffer-DataView-alloc-large-long-lived.html: Added.
    * fast/js/regress/ArrayBuffer-DataView-alloc-long-lived-expected.txt: Added.
    * fast/js/regress/ArrayBuffer-DataView-alloc-long-lived.html: Added.
    * fast/js/regress/DataView-custom-properties-expected.txt: Added.
    * fast/js/regress/DataView-custom-properties.html: Added.
    * fast/js/regress/script-tests/ArrayBuffer-DataView-alloc-large-long-lived.js: Added.
    * fast/js/regress/script-tests/ArrayBuffer-DataView-alloc-long-lived.js: Added.
    * fast/js/regress/script-tests/DataView-custom-properties.js: Added.
    * platform/mac/TestExpectations: 
    
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154408 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    cd07b473
JSDataView.cpp 3.89 KB