Commit 4103716d authored by oliver@apple.com's avatar oliver@apple.com

2011-05-13 Oliver Hunt <oliver@apple.com>

        Reviewed by Geoffrey Garen.

        Make GC validation more aggressive
        https://bugs.webkit.org/show_bug.cgi?id=60802

        This patch makes the checks performed under GC_VALIDATION
        much more aggressive, and adds the checks to more places
        in order to allow us to catch GC bugs much closer to the
        point of failure.

        * JavaScriptCore.exp:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * debugger/DebuggerActivation.cpp:
        (JSC::DebuggerActivation::visitChildren):
        * heap/MarkedBlock.cpp:
        (JSC::MarkedBlock::MarkedBlock):
        * heap/MarkedSpace.cpp:
        * runtime/Arguments.cpp:
        (JSC::Arguments::visitChildren):
        * runtime/Executable.cpp:
        (JSC::EvalExecutable::visitChildren):
        (JSC::ProgramExecutable::visitChildren):
        (JSC::FunctionExecutable::visitChildren):
        * runtime/Executable.h:
        * runtime/GetterSetter.cpp:
        (JSC::GetterSetter::visitChildren):
        * runtime/GetterSetter.h:
        * runtime/JSAPIValueWrapper.h:
        (JSC::JSAPIValueWrapper::createStructure):
        (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
        * runtime/JSActivation.cpp:
        (JSC::JSActivation::visitChildren):
        * runtime/JSArray.cpp:
        (JSC::JSArray::visitChildren):
        * runtime/JSCell.cpp:
        (JSC::slowValidateCell):
        * runtime/JSCell.h:
        (JSC::JSCell::JSCell::unvalidatedStructure):
        (JSC::JSCell::JSCell::JSCell):
        * runtime/JSFunction.cpp:
        (JSC::JSFunction::visitChildren):
        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::visitChildren):
        (JSC::slowValidateCell):
        * runtime/JSONObject.h:
        * runtime/JSObject.cpp:
        (JSC::JSObject::visitChildren):
        * runtime/JSPropertyNameIterator.cpp:
        (JSC::JSPropertyNameIterator::visitChildren):
        * runtime/JSPropertyNameIterator.h:
        * runtime/JSStaticScopeObject.cpp:
        (JSC::JSStaticScopeObject::visitChildren):
        * runtime/JSString.h:
        (JSC::RopeBuilder::JSString):
        * runtime/JSWrapperObject.cpp:
        (JSC::JSWrapperObject::visitChildren):
        * runtime/NativeErrorConstructor.cpp:
        (JSC::NativeErrorConstructor::visitChildren):
        * runtime/PropertyMapHashTable.h:
        (JSC::PropertyMapEntry::PropertyMapEntry):
        * runtime/RegExpObject.cpp:
        (JSC::RegExpObject::visitChildren):
        * runtime/ScopeChain.cpp:
        (JSC::ScopeChainNode::visitChildren):
        * runtime/ScopeChain.h:
        (JSC::ScopeChainNode::ScopeChainNode):
        * runtime/Structure.cpp:
        (JSC::Structure::Structure):
        (JSC::Structure::addPropertyTransition):
        (JSC::Structure::visitChildren):
        * runtime/Structure.h:
        (JSC::JSCell::classInfo):
        * runtime/StructureChain.cpp:
        (JSC::StructureChain::visitChildren):
        * runtime/StructureChain.h:
        * runtime/WriteBarrier.h:
        (JSC::validateCell):
        (JSC::JSCell):
        (JSC::JSGlobalObject):
        (JSC::WriteBarrierBase::set):
        (JSC::WriteBarrierBase::setMayBeNull):
        (JSC::WriteBarrierBase::setEarlyValue):
        (JSC::WriteBarrierBase::get):
        (JSC::WriteBarrierBase::operator*):
        (JSC::WriteBarrierBase::operator->):
        (JSC::WriteBarrierBase::unvalidatedGet):
        (JSC::WriteBarrier::WriteBarrier):
        * wtf/Assertions.h:
2011-05-13  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoffrey Garen.

        Make GC validation more aggressive
        https://bugs.webkit.org/show_bug.cgi?id=60802

        This makes GC_VALIDATION much more aggressive in webcore,
        adding logic to every visitChildren method to ensure that
        the structure still has correct flags.

        Additionally every function generated for the dom bindings
        makes use of the new GC_VALIDATION object assertions to further
        ensure that the object appears to be sensible.

        * bindings/js/JSAttrCustom.cpp:
        (WebCore::JSAttr::visitChildren):
        * bindings/js/JSAudioContextCustom.cpp:
        (WebCore::JSAudioContext::visitChildren):
        * bindings/js/JSCSSRuleCustom.cpp:
        (WebCore::JSCSSRule::visitChildren):
        * bindings/js/JSCSSStyleDeclarationCustom.cpp:
        (WebCore::JSCSSStyleDeclaration::visitChildren):
        * bindings/js/JSCanvasRenderingContextCustom.cpp:
        (WebCore::JSCanvasRenderingContext::visitChildren):
        * bindings/js/JSDOMGlobalObject.cpp:
        (WebCore::JSDOMGlobalObject::visitChildren):
        (WebCore::JSDOMGlobalObject::setInjectedScript):
        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::visitChildren):
        * bindings/js/JSDOMWindowShell.cpp:
        (WebCore::JSDOMWindowShell::visitChildren):
        * bindings/js/JSEventListener.cpp:
        (WebCore::JSEventListener::JSEventListener):
        * bindings/js/JSEventListener.h:
        (WebCore::JSEventListener::jsFunction):
        * bindings/js/JSJavaScriptAudioNodeCustom.cpp:
        (WebCore::JSJavaScriptAudioNode::visitChildren):
        * bindings/js/JSMessageChannelCustom.cpp:
        (WebCore::JSMessageChannel::visitChildren):
        * bindings/js/JSMessagePortCustom.cpp:
        (WebCore::JSMessagePort::visitChildren):
        * bindings/js/JSNamedNodeMapCustom.cpp:
        (WebCore::JSNamedNodeMap::visitChildren):
        * bindings/js/JSNodeCustom.cpp:
        (WebCore::JSNode::visitChildren):
        * bindings/js/JSNodeFilterCustom.cpp:
        (WebCore::JSNodeFilter::visitChildren):
        * bindings/js/JSNodeIteratorCustom.cpp:
        (WebCore::JSNodeIterator::visitChildren):
        * bindings/js/JSSVGElementInstanceCustom.cpp:
        (WebCore::JSSVGElementInstance::visitChildren):
        * bindings/js/JSSharedWorkerCustom.cpp:
        (WebCore::JSSharedWorker::visitChildren):
        * bindings/js/JSStyleSheetCustom.cpp:
        (WebCore::JSStyleSheet::visitChildren):
        * bindings/js/JSTreeWalkerCustom.cpp:
        (WebCore::JSTreeWalker::visitChildren):
        * bindings/js/JSWebGLRenderingContextCustom.cpp:
        (WebCore::JSWebGLRenderingContext::visitChildren):
        * bindings/js/JSWorkerContextCustom.cpp:
        (WebCore::JSWorkerContext::visitChildren):
        * bindings/js/JSXMLHttpRequestCustom.cpp:
        (WebCore::JSXMLHttpRequest::visitChildren):
        * bindings/js/JSXPathResultCustom.cpp:
        (WebCore::JSXPathResult::visitChildren):
        * bindings/scripts/CodeGeneratorJS.pm:
2011-05-13  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoffrey Garen.

        Make GC validation more aggressive
        https://bugs.webkit.org/show_bug.cgi?id=60802

        Add GC_VALIDATION calls to all the JSNPObject methods.

        * WebProcess/Plugins/Netscape/JSNPObject.cpp:
        (WebKit::JSNPObject::invalidate):
        (WebKit::JSNPObject::callMethod):
        (WebKit::JSNPObject::callObject):
        (WebKit::JSNPObject::callConstructor):
        (WebKit::JSNPObject::getCallData):
        (WebKit::JSNPObject::getConstructData):
        (WebKit::JSNPObject::getOwnPropertySlot):
        (WebKit::JSNPObject::getOwnPropertyDescriptor):
        (WebKit::JSNPObject::put):
        (WebKit::JSNPObject::getOwnPropertyNames):
        (WebKit::JSNPObject::propertyGetter):
        (WebKit::JSNPObject::methodGetter):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@86499 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent aa00ad0c
2011-05-13 Oliver Hunt <oliver@apple.com>
Reviewed by Geoffrey Garen.
Make GC validation more aggressive
https://bugs.webkit.org/show_bug.cgi?id=60802
This patch makes the checks performed under GC_VALIDATION
much more aggressive, and adds the checks to more places
in order to allow us to catch GC bugs much closer to the
point of failure.
* JavaScriptCore.exp:
* JavaScriptCore.xcodeproj/project.pbxproj:
* debugger/DebuggerActivation.cpp:
(JSC::DebuggerActivation::visitChildren):
* heap/MarkedBlock.cpp:
(JSC::MarkedBlock::MarkedBlock):
* heap/MarkedSpace.cpp:
* runtime/Arguments.cpp:
(JSC::Arguments::visitChildren):
* runtime/Executable.cpp:
(JSC::EvalExecutable::visitChildren):
(JSC::ProgramExecutable::visitChildren):
(JSC::FunctionExecutable::visitChildren):
* runtime/Executable.h:
* runtime/GetterSetter.cpp:
(JSC::GetterSetter::visitChildren):
* runtime/GetterSetter.h:
* runtime/JSAPIValueWrapper.h:
(JSC::JSAPIValueWrapper::createStructure):
(JSC::JSAPIValueWrapper::JSAPIValueWrapper):
* runtime/JSActivation.cpp:
(JSC::JSActivation::visitChildren):
* runtime/JSArray.cpp:
(JSC::JSArray::visitChildren):
* runtime/JSCell.cpp:
(JSC::slowValidateCell):
* runtime/JSCell.h:
(JSC::JSCell::JSCell::unvalidatedStructure):
(JSC::JSCell::JSCell::JSCell):
* runtime/JSFunction.cpp:
(JSC::JSFunction::visitChildren):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::visitChildren):
(JSC::slowValidateCell):
* runtime/JSONObject.h:
* runtime/JSObject.cpp:
(JSC::JSObject::visitChildren):
* runtime/JSPropertyNameIterator.cpp:
(JSC::JSPropertyNameIterator::visitChildren):
* runtime/JSPropertyNameIterator.h:
* runtime/JSStaticScopeObject.cpp:
(JSC::JSStaticScopeObject::visitChildren):
* runtime/JSString.h:
(JSC::RopeBuilder::JSString):
* runtime/JSWrapperObject.cpp:
(JSC::JSWrapperObject::visitChildren):
* runtime/NativeErrorConstructor.cpp:
(JSC::NativeErrorConstructor::visitChildren):
* runtime/PropertyMapHashTable.h:
(JSC::PropertyMapEntry::PropertyMapEntry):
* runtime/RegExpObject.cpp:
(JSC::RegExpObject::visitChildren):
* runtime/ScopeChain.cpp:
(JSC::ScopeChainNode::visitChildren):
* runtime/ScopeChain.h:
(JSC::ScopeChainNode::ScopeChainNode):
* runtime/Structure.cpp:
(JSC::Structure::Structure):
(JSC::Structure::addPropertyTransition):
(JSC::Structure::visitChildren):
* runtime/Structure.h:
(JSC::JSCell::classInfo):
* runtime/StructureChain.cpp:
(JSC::StructureChain::visitChildren):
* runtime/StructureChain.h:
* runtime/WriteBarrier.h:
(JSC::validateCell):
(JSC::JSCell):
(JSC::JSGlobalObject):
(JSC::WriteBarrierBase::set):
(JSC::WriteBarrierBase::setMayBeNull):
(JSC::WriteBarrierBase::setEarlyValue):
(JSC::WriteBarrierBase::get):
(JSC::WriteBarrierBase::operator*):
(JSC::WriteBarrierBase::operator->):
(JSC::WriteBarrierBase::unvalidatedGet):
(JSC::WriteBarrier::WriteBarrier):
* wtf/Assertions.h:
2011-05-13 Oliver Hunt <oliver@apple.com>
Reviewed by Geoffrey Garen.
Make GC validation more aggressive
https://bugs.webkit.org/show_bug.cgi?id=60802
This patch makes the checks performed under GC_VALIDATION
much more aggressive, and adds the checks to more places
in order to allow us to catch GC bugs much closer to the
point of failure.
* JavaScriptCore.exp:
* JavaScriptCore.xcodeproj/project.pbxproj:
* debugger/DebuggerActivation.cpp:
(JSC::DebuggerActivation::visitChildren):
* heap/MarkedBlock.cpp:
(JSC::MarkedBlock::MarkedBlock):
* heap/MarkedSpace.cpp:
* runtime/Arguments.cpp:
(JSC::Arguments::visitChildren):
* runtime/Executable.cpp:
(JSC::EvalExecutable::visitChildren):
(JSC::ProgramExecutable::visitChildren):
(JSC::FunctionExecutable::visitChildren):
* runtime/Executable.h:
* runtime/GetterSetter.cpp:
(JSC::GetterSetter::visitChildren):
* runtime/GetterSetter.h:
* runtime/JSAPIValueWrapper.h:
(JSC::JSAPIValueWrapper::createStructure):
(JSC::JSAPIValueWrapper::JSAPIValueWrapper):
* runtime/JSActivation.cpp:
(JSC::JSActivation::visitChildren):
* runtime/JSArray.cpp:
(JSC::JSArray::visitChildren):
* runtime/JSCell.cpp:
(JSC::slowValidateCell):
* runtime/JSCell.h:
(JSC::JSCell::JSCell::unvalidatedStructure):
(JSC::JSCell::JSCell::JSCell):
* runtime/JSFunction.cpp:
(JSC::JSFunction::visitChildren):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::visitChildren):
(JSC::slowValidateCell):
* runtime/JSONObject.h:
* runtime/JSObject.cpp:
(JSC::JSObject::visitChildren):
* runtime/JSPropertyNameIterator.cpp:
(JSC::JSPropertyNameIterator::visitChildren):
* runtime/JSPropertyNameIterator.h:
* runtime/JSStaticScopeObject.cpp:
(JSC::JSStaticScopeObject::visitChildren):
* runtime/JSString.h:
(JSC::RopeBuilder::JSString):
* runtime/JSWrapperObject.cpp:
(JSC::JSWrapperObject::visitChildren):
* runtime/NativeErrorConstructor.cpp:
(JSC::NativeErrorConstructor::visitChildren):
* runtime/PropertyMapHashTable.h:
(JSC::PropertyMapEntry::PropertyMapEntry):
* runtime/RegExpObject.cpp:
(JSC::RegExpObject::visitChildren):
* runtime/ScopeChain.cpp:
(JSC::ScopeChainNode::visitChildren):
* runtime/ScopeChain.h:
(JSC::ScopeChainNode::ScopeChainNode):
* runtime/Structure.cpp:
(JSC::Structure::Structure):
(JSC::Structure::addPropertyTransition):
(JSC::Structure::visitChildren):
* runtime/Structure.h:
(JSC::JSCell::classInfo):
* runtime/StructureChain.cpp:
(JSC::StructureChain::visitChildren):
* runtime/StructureChain.h:
* runtime/WriteBarrier.h:
(JSC::validateCell):
(JSC::JSCell):
(JSC::JSGlobalObject):
(JSC::WriteBarrierBase::set):
(JSC::WriteBarrierBase::setMayBeNull):
(JSC::WriteBarrierBase::setEarlyValue):
(JSC::WriteBarrierBase::get):
(JSC::WriteBarrierBase::operator*):
(JSC::WriteBarrierBase::operator->):
(JSC::WriteBarrierBase::unvalidatedGet):
(JSC::WriteBarrier::WriteBarrier):
* wtf/Assertions.h:
2011-05-14 Csaba Osztrogonác <ossy@webkit.org>
Unreviewed, rolling out r86469 and r86471, because they made hundreds tests crash on Qt.
......
......@@ -167,6 +167,7 @@ __ZN3JSC14JSGlobalObjectnwEmPNS_12JSGlobalDataE
__ZN3JSC14MachineThreads16addCurrentThreadEv
__ZN3JSC14SamplingThread4stopEv
__ZN3JSC14SamplingThread5startEj
__ZN3JSC14ScopeChainNode6s_infoE
__ZN3JSC14TimeoutChecker10didTimeOutEPNS_9ExecStateE
__ZN3JSC14TimeoutChecker5resetEv
__ZN3JSC14throwTypeErrorEPNS_9ExecStateE
......@@ -183,6 +184,8 @@ __ZN3JSC16JSVariableObject14deletePropertyEPNS_9ExecStateERKNS_10IdentifierE
__ZN3JSC16JSVariableObject14symbolTableGetERKNS_10IdentifierERNS_18PropertyDescriptorE
__ZN3JSC16JSVariableObject19getOwnPropertyNamesEPNS_9ExecStateERNS_17PropertyNameArrayENS_15EnumerationModeE
__ZN3JSC16createRangeErrorEPNS_9ExecStateERKNS_7UStringE
__ZN3JSC16slowValidateCellEPNS_14JSGlobalObjectE
__ZN3JSC16slowValidateCellEPNS_6JSCellE
__ZN3JSC16throwSyntaxErrorEPNS_9ExecStateE
__ZN3JSC17BytecodeGenerator21setDumpsGeneratedCodeEb
__ZN3JSC17PropertyNameArray3addEPN3WTF10StringImplE
......
......@@ -317,6 +317,8 @@ EXPORTS
?signal@ThreadCondition@WTF@@QAEXXZ
?size@Heap@JSC@@QBEIXZ
?slowAppend@MarkedArgumentBuffer@JSC@@AAEXVJSValue@2@@Z
?slowValidateCell@JSC@@YAXPAVJSCell@1@@Z
?slowValidateCell@JSC@@YAXPAVJSGlobalObject@1@@Z
?startProfiling@Profiler@JSC@@QAEXPAVExecState@2@ABVUString@2@@Z
?startSampling@JSGlobalData@JSC@@QAEXXZ
?stopProfiling@Profiler@JSC@@QAE?AV?$PassRefPtr@VProfile@JSC@@@WTF@@PAVExecState@2@ABVUString@2@@Z
......
......@@ -2700,6 +2700,7 @@
isa = PBXProject;
attributes = {
BuildIndependentTargetsInParallel = YES;
LastUpgradeCheck = 0420;
};
buildConfigurationList = 149C277108902AFE008A9EFC /* Build configuration list for PBXProject "JavaScriptCore" */;
compatibilityVersion = "Xcode 3.1";
......
......@@ -40,6 +40,9 @@ DebuggerActivation::DebuggerActivation(JSGlobalData& globalData, JSObject* activ
void DebuggerActivation::visitChildren(SlotVisitor& visitor)
{
ASSERT_GC_OBJECT_INHERITS(this, &s_info);
COMPILE_ASSERT(StructureFlags & OverridesVisitChildren, OverridesVisitChildrenWithoutSettingFlag);
ASSERT(structure()->typeInfo().overridesVisitChildren());
JSObject::visitChildren(visitor);
if (m_activation)
......
......@@ -60,7 +60,7 @@ MarkedBlock::MarkedBlock(const PageAllocationAligned& allocation, JSGlobalData*
Structure* dummyMarkableCellStructure = globalData->dummyMarkableCellStructure.get();
for (size_t i = firstAtom(); i < m_endAtom; i += m_atomsPerCell)
new (&atoms()[i]) JSCell(*globalData, dummyMarkableCellStructure);
new (&atoms()[i]) JSCell(*globalData, dummyMarkableCellStructure, JSCell::CreatingEarlyCell);
}
void MarkedBlock::sweep()
......
......@@ -21,6 +21,7 @@
#include "config.h"
#include "MarkedSpace.h"
#include "JSGlobalObject.h"
#include "JSCell.h"
#include "JSGlobalData.h"
#include "JSLock.h"
......
......@@ -45,6 +45,9 @@ Arguments::~Arguments()
void Arguments::visitChildren(SlotVisitor& visitor)
{
ASSERT_GC_OBJECT_INHERITS(this, &s_info);
COMPILE_ASSERT(StructureFlags & OverridesVisitChildren, OverridesVisitChildrenWithoutSettingFlag);
ASSERT(structure()->typeInfo().overridesVisitChildren());
JSObject::visitChildren(visitor);
if (d->registerArray)
......
......@@ -145,6 +145,9 @@ JSObject* EvalExecutable::compileInternal(ExecState* exec, ScopeChainNode* scope
void EvalExecutable::visitChildren(SlotVisitor& visitor)
{
ASSERT_GC_OBJECT_INHERITS(this, &s_info);
COMPILE_ASSERT(StructureFlags & OverridesVisitChildren, OverridesVisitChildrenWithoutSettingFlag);
ASSERT(structure()->typeInfo().overridesVisitChildren());
ScriptExecutable::visitChildren(visitor);
if (m_evalCodeBlock)
m_evalCodeBlock->visitAggregate(visitor);
......@@ -237,6 +240,9 @@ static bool tryDFGCompile(JSGlobalData* globalData, CodeBlock* codeBlock, JITCod
void ProgramExecutable::visitChildren(SlotVisitor& visitor)
{
ASSERT_GC_OBJECT_INHERITS(this, &s_info);
COMPILE_ASSERT(StructureFlags & OverridesVisitChildren, OverridesVisitChildrenWithoutSettingFlag);
ASSERT(structure()->typeInfo().overridesVisitChildren());
ScriptExecutable::visitChildren(visitor);
if (m_programCodeBlock)
m_programCodeBlock->visitAggregate(visitor);
......@@ -349,6 +355,9 @@ JSObject* FunctionExecutable::compileForConstructInternal(ExecState* exec, Scope
void FunctionExecutable::visitChildren(SlotVisitor& visitor)
{
ASSERT_GC_OBJECT_INHERITS(this, &s_info);
COMPILE_ASSERT(StructureFlags & OverridesVisitChildren, OverridesVisitChildrenWithoutSettingFlag);
ASSERT(structure()->typeInfo().overridesVisitChildren());
ScriptExecutable::visitChildren(visitor);
if (m_codeBlockForCall)
m_codeBlockForCall->visitAggregate(visitor);
......
......@@ -66,10 +66,11 @@ namespace JSC {
}
static Structure* createStructure(JSGlobalData& globalData, JSValue proto) { return Structure::create(globalData, proto, TypeInfo(CompoundType, StructureFlags), AnonymousSlotCount, &s_info); }
static const ClassInfo s_info;
protected:
static const unsigned StructureFlags = 0;
static const ClassInfo s_info;
int m_numParametersForCall;
int m_numParametersForConstruct;
......@@ -117,7 +118,9 @@ namespace JSC {
NativeFunction function() { return m_function; }
static Structure* createStructure(JSGlobalData& globalData, JSValue proto) { return Structure::create(globalData, proto, TypeInfo(LeafType, StructureFlags), AnonymousSlotCount, &s_info); }
static const ClassInfo s_info;
private:
#if ENABLE(JIT)
NativeExecutable(JSGlobalData& globalData, JITCode callThunk, NativeFunction function, JITCode constructThunk, NativeFunction constructor)
......@@ -143,7 +146,6 @@ namespace JSC {
// Probably should be a NativeConstructor, but this will currently require rewriting the JIT
// trampoline. It may be easier to make NativeFunction be passed 'this' as a part of the ArgList.
NativeFunction m_constructor;
static const ClassInfo s_info;
};
class ScriptExecutable : public ExecutableBase {
......@@ -236,10 +238,10 @@ namespace JSC {
{
return Structure::create(globalData, proto, TypeInfo(CompoundType, StructureFlags), AnonymousSlotCount, &s_info);
}
static const ClassInfo s_info;
private:
static const unsigned StructureFlags = OverridesVisitChildren | ScriptExecutable::StructureFlags;
static const ClassInfo s_info;
EvalExecutable(ExecState*, const SourceCode&, bool);
JSObject* compileInternal(ExecState*, ScopeChainNode*);
......@@ -286,10 +288,11 @@ namespace JSC {
{
return Structure::create(globalData, proto, TypeInfo(CompoundType, StructureFlags), AnonymousSlotCount, &s_info);
}
static const ClassInfo s_info;
private:
static const unsigned StructureFlags = OverridesVisitChildren | ScriptExecutable::StructureFlags;
static const ClassInfo s_info;
ProgramExecutable(ExecState*, const SourceCode&);
JSObject* compileInternal(ExecState*, ScopeChainNode*);
......@@ -382,6 +385,8 @@ namespace JSC {
{
return Structure::create(globalData, proto, TypeInfo(CompoundType, StructureFlags), AnonymousSlotCount, &s_info);
}
static const ClassInfo s_info;
private:
FunctionExecutable(JSGlobalData*, const Identifier& name, const SourceCode&, bool forceUsesArguments, FunctionParameters*, bool, int firstLine, int lastLine);
......@@ -391,7 +396,6 @@ namespace JSC {
JSObject* compileForConstructInternal(ExecState*, ScopeChainNode*);
static const unsigned StructureFlags = OverridesVisitChildren | ScriptExecutable::StructureFlags;
static const ClassInfo s_info;
unsigned m_numCapturedVariables : 31;
bool m_forceUsesArguments : 1;
......
......@@ -32,6 +32,8 @@ const ClassInfo GetterSetter::s_info = { "GetterSetter", 0, 0, 0 };
void GetterSetter::visitChildren(SlotVisitor& visitor)
{
ASSERT_GC_OBJECT_INHERITS(this, &s_info);
ASSERT(structure()->typeInfo().overridesVisitChildren());
JSCell::visitChildren(visitor);
if (m_getter)
......
......@@ -52,9 +52,11 @@ namespace JSC {
{
return Structure::create(globalData, prototype, TypeInfo(GetterSetterType, OverridesVisitChildren), AnonymousSlotCount, &s_info);
}
static const ClassInfo s_info;
private:
virtual bool isGetterSetter() const;
static const ClassInfo s_info;
WriteBarrier<JSObject> m_getter;
WriteBarrier<JSObject> m_setter;
......
......@@ -40,8 +40,9 @@ namespace JSC {
{
return Structure::create(globalData, prototype, TypeInfo(CompoundType, OverridesVisitChildren | OverridesGetPropertyNames), AnonymousSlotCount, &s_info);
}
static const ClassInfo s_info;
private:
JSAPIValueWrapper(ExecState* exec, JSValue value)
: JSCell(exec->globalData(), exec->globalData().apiWrapperStructure.get())
......@@ -49,7 +50,6 @@ namespace JSC {
m_value.set(exec->globalData(), this, value);
ASSERT(!value.isCell());
}
static const ClassInfo s_info;
WriteBarrier<Unknown> m_value;
};
......
......@@ -60,6 +60,9 @@ JSActivation::~JSActivation()
void JSActivation::visitChildren(SlotVisitor& visitor)
{
ASSERT_GC_OBJECT_INHERITS(this, &s_info);
COMPILE_ASSERT(StructureFlags & OverridesVisitChildren, OverridesVisitChildrenWithoutSettingFlag);
ASSERT(structure()->typeInfo().overridesVisitChildren());
Base::visitChildren(visitor);
// No need to mark our registers if they're still in the RegisterFile.
......
......@@ -859,6 +859,9 @@ void JSArray::unshiftCount(ExecState* exec, int count)
void JSArray::visitChildren(SlotVisitor& visitor)
{
ASSERT_GC_OBJECT_INHERITS(this, &s_info);
COMPILE_ASSERT(StructureFlags & OverridesVisitChildren, OverridesVisitChildrenWithoutSettingFlag);
ASSERT(structure()->typeInfo().overridesVisitChildren());
visitChildrenDirect(visitor);
}
......
......@@ -221,4 +221,9 @@ bool isZombie(const JSCell* cell)
#endif
}
void slowValidateCell(JSCell* cell)
{
ASSERT_GC_OBJECT_LOOKS_VALID(cell);
}
} // namespace JSC
......@@ -71,6 +71,7 @@ namespace JSC {
friend class ScopeChainNode;
friend class Structure;
friend class StructureChain;
enum CreatingEarlyCellTag { CreatingEarlyCell };
protected:
enum VPtrStealingHackType { VPtrStealingHack };
......@@ -78,6 +79,7 @@ namespace JSC {
private:
explicit JSCell(VPtrStealingHackType) { }
JSCell(JSGlobalData&, Structure*);
JSCell(JSGlobalData&, Structure*, CreatingEarlyCellTag);
virtual ~JSCell();
static const ClassInfo s_dummyCellInfo;
......@@ -148,6 +150,10 @@ namespace JSC {
return OBJECT_OFFSETOF(JSCell, m_structure);
}
#if ENABLE(GC_VALIDATION)
Structure* unvalidatedStructure() { return m_structure.unvalidatedGet(); }
#endif
protected:
static const unsigned AnonymousSlotCount = 0;
......@@ -162,6 +168,15 @@ namespace JSC {
inline JSCell::JSCell(JSGlobalData& globalData, Structure* structure)
: m_structure(globalData, this, structure)
{
ASSERT(m_structure);
}
inline JSCell::JSCell(JSGlobalData& globalData, Structure* structure, CreatingEarlyCellTag)
{
#if ENABLE(GC_VALIDATION)
if (structure)
#endif
m_structure.setEarlyValue(globalData, this, structure);
// Very first set of allocations won't have a real structure.
ASSERT(m_structure || !globalData.dummyMarkableCellStructure);
}
......
......@@ -135,6 +135,9 @@ const UString JSFunction::calculatedDisplayName(ExecState* exec)
void JSFunction::visitChildren(SlotVisitor& visitor)
{
ASSERT_GC_OBJECT_INHERITS(this, &s_info);
COMPILE_ASSERT(StructureFlags & OverridesVisitChildren, OverridesVisitChildrenWithoutSettingFlag);
ASSERT(structure()->typeInfo().overridesVisitChildren());
Base::visitChildren(visitor);
visitor.append(&m_scopeChain);
......
......@@ -310,6 +310,9 @@ void JSGlobalObject::resetPrototype(JSGlobalData& globalData, JSValue prototype)
void JSGlobalObject::visitChildren(SlotVisitor& visitor)
{
ASSERT_GC_OBJECT_INHERITS(this, &s_info);
COMPILE_ASSERT(StructureFlags & OverridesVisitChildren, OverridesVisitChildrenWithoutSettingFlag);
ASSERT(structure()->typeInfo().overridesVisitChildren());
JSVariableObject::visitChildren(visitor);
visitIfNeeded(visitor, &m_globalScopeChain);
......@@ -459,4 +462,11 @@ DynamicGlobalObjectScope::DynamicGlobalObjectScope(JSGlobalData& globalData, JSG
}
}
void slowValidateCell(JSGlobalObject* globalObject)
{
if (!globalObject->isGlobalObject())
CRASH();
ASSERT_GC_OBJECT_INHERITS(globalObject, &JSGlobalObject::s_info);
}
} // namespace JSC
......@@ -40,6 +40,8 @@ namespace JSC {
{
return Structure::create(globalData, prototype, TypeInfo(ObjectType, StructureFlags), AnonymousSlotCount, &s_info);
}
static const ClassInfo s_info;
protected:
static const unsigned StructureFlags = OverridesGetOwnPropertySlot | JSObject::StructureFlags;
......@@ -48,7 +50,6 @@ namespace JSC {
virtual bool getOwnPropertySlot(ExecState*, const Identifier&, PropertySlot&);
virtual bool getOwnPropertyDescriptor(ExecState*, const Identifier&, PropertyDescriptor&);
static const ClassInfo s_info;
};
UString JSONStringify(ExecState* exec, JSValue value, unsigned indent);
......
......@@ -70,6 +70,7 @@ static inline void getClassPropertyNames(ExecState* exec, const ClassInfo* class
void JSObject::visitChildren(SlotVisitor& visitor)
{
ASSERT_GC_OBJECT_INHERITS(this, &s_info);
#ifndef NDEBUG
bool wasCheckingForDefaultMarkViolation = visitor.m_isCheckingForDefaultMarkViolation;
visitor.m_isCheckingForDefaultMarkViolation = false;
......
......@@ -97,6 +97,8 @@ JSValue JSPropertyNameIterator::get(ExecState* exec, JSObject* base, size_t i)
void JSPropertyNameIterator::visitChildren(SlotVisitor& visitor)
{
ASSERT_GC_OBJECT_INHERITS(this, &s_info);
ASSERT(structure()->typeInfo().overridesVisitChildren());
visitor.appendValues(m_jsStrings.get(), m_jsStringsSize, MayContainNullValues);
if (m_cachedPrototypeChain)
visitor.append(&m_cachedPrototypeChain);
......
......@@ -75,9 +75,10 @@ namespace JSC {
void setCachedPrototypeChain(JSGlobalData& globalData, StructureChain* cachedPrototypeChain) { m_cachedPrototypeChain.set(globalData, this, cachedPrototypeChain); }
StructureChain* cachedPrototypeChain() { return m_cachedPrototypeChain.get(); }
static const ClassInfo s_info;
private:
static const ClassInfo s_info;
JSPropertyNameIterator(ExecState*, PropertyNameArrayData* propertyNameArrayData, size_t numCacheableSlot);
WriteBarrier<Structure> m_cachedStructure;
......
......@@ -34,6 +34,9 @@ ASSERT_CLASS_FITS_IN_CELL(JSStaticScopeObject);
void JSStaticScopeObject::visitChildren(SlotVisitor& visitor)
{
ASSERT_GC_OBJECT_INHERITS(this, &s_info);
COMPILE_ASSERT(StructureFlags & OverridesVisitChildren, OverridesVisitChildrenWithoutSettingFlag);
ASSERT(structure()->typeInfo().overridesVisitChildren());
JSVariableObject::visitChildren(visitor);
visitor.append(&m_registerStore);
}
......
......@@ -330,6 +330,8 @@ namespace JSC {
{
return Structure::create(globalData, proto, TypeInfo(StringType, OverridesGetOwnPropertySlot | NeedsThisConversion), AnonymousSlotCount, &s_info);
}
static const ClassInfo s_info;
private:
JSString(VPtrStealingHackType)
......@@ -337,7 +339,6 @@ namespace JSC {
, m_fiberCount(0)
{
}
static const ClassInfo s_info;
void resolveRope(ExecState*) const;
void resolveRopeSlowCase(ExecState*, UChar*) const;
......
......@@ -28,6 +28,9 @@ ASSERT_CLASS_FITS_IN_CELL(JSWrapperObject);
void JSWrapperObject::visitChildren(SlotVisitor& visitor)
{
ASSERT_GC_OBJECT_INHERITS(this, &s_info);
COMPILE_ASSERT(StructureFlags & OverridesVisitChildren, OverridesVisitChildrenWithoutSettingFlag);
ASSERT(structure()->typeInfo().overridesVisitChildren());
JSObject::visitChildren(visitor);
if (m_internalValue)
visitor.append(&m_internalValue);
......
......@@ -48,6 +48,9 @@ NativeErrorConstructor::NativeErrorConstructor(ExecState* exec, JSGlobalObject*
void NativeErrorConstructor::visitChildren(SlotVisitor& visitor)
{
ASSERT_GC_OBJECT_INHERITS(this, &s_info);
COMPILE_ASSERT(StructureFlags & OverridesVisitChildren, OverridesVisitChildrenWithoutSettingFlag);
ASSERT(structure()->typeInfo().overridesVisitChildren());
InternalFunction::visitChildren(visitor);
if (m_errorStructure)
visitor.append(&m_errorStructure);
......
......@@ -80,7 +80,7 @@ struct PropertyMapEntry {
: key(key)
, offset(offset)
, attributes(attributes)
, specificValue(globalData, owner, specificValue)
, specificValue(globalData, owner, specificValue, WriteBarrier<JSCell>::MayBeNull)
{
}
};
......
......@@ -74,6 +74,9 @@ RegExpObject::~RegExpObject()
void RegExpObject::visitChildren(SlotVisitor& visitor)
{
ASSERT_GC_OBJECT_INHERITS(this, &s_info);
COMPILE_ASSERT(StructureFlags & OverridesVisitChildren, OverridesVisitChildrenWithoutSettingFlag);
ASSERT(structure()->typeInfo().overridesVisitChildren());
Base::visitChildren(visitor);
if (UNLIKELY(