RESOLVED FIXED 66845
ErrorInstance::create sometimes has two heap object constructions in flight at once 
https://bugs.webkit.org/show_bug.cgi?id=66845
Summary ErrorInstance::create sometimes has two heap object constructions in flight a...
Filip Pizlo
Reported 2011-08-24 02:20:09 PDT
Under the newly refactored heap object creation scheme, only one heap object can have its C++ constructor in flight at a time. This ensures that a GC cannot be fired while some object has yet to have its initial state (i.e. vtable) set. However, the ErrorInstance::create(ExecState*, Structure*, JSValue) constructor violates this constraint by calling toString() in the argument list to a placement new call.
Attachments
the patch (1.49 KB, patch)
2011-08-24 02:24 PDT, Filip Pizlo 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Filip Pizlo
Comment 1 2011-08-24 02:24:47 PDT
Created attachment 104974 [details] the patch
Filip Pizlo
Comment 2 2011-08-24 03:37:08 PDT
Comment on attachment 104974 [details] the patch Tests pass, ready to commit if others concur. Interestingly, this failure is already covered by our run-javascriptcore-tests, but not in LayoutTests. Should we port the relevant test into LayoutTests, or maybe we should have run-webkit-tests trigger run-javascriptcore-tests automatically?
Darin Adler
Comment 3 2011-08-24 09:43:43 PDT
(In reply to comment #2) > maybe we should have run-webkit-tests trigger run-javascriptcore-tests automatically? This is the right long term direction. But ideally we want this to run tests and show failures the same way run-webkit-tests does, not an entirely different way. The internal machinery doesn’t have to be identical, but the format of results should be.
WebKit Review Bot
Comment 4 2011-08-24 10:44:49 PDT
Comment on attachment 104974 [details] the patch Clearing flags on attachment: 104974 Committed r93710: <http://trac.webkit.org/changeset/93710>
WebKit Review Bot
Comment 5 2011-08-24 10:44:53 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.