8 files changed, 86 insertions, 9 deletions

diff --git a/JavaScriptGlue/ChangeLog b/JavaScriptGlue/ChangeLog
index 502a764..87f87f0 100644
--- a/JavaScriptGlue/ChangeLog
+++ b/JavaScriptGlue/ChangeLog
@@ -1,3 +1,64 @@
+2009-09-28  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Removed virtual destructor from JSGlobalObjectData to eliminate pointer
+        fix-ups when accessing JSGlobalObject::d.
+        
+        Replaced with an explicit destructor function pointer.
+
+        * JSRun.cpp:
+        (JSGlueGlobalObject::destroyData):
+        * JSRun.h:
+        (JSGlueGlobalObject::Data::Data):
+
+2009-09-12  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        [ES5] Implement Object.keys
+        https://bugs.webkit.org/show_bug.cgi?id=29170
+
+        Switch over to getOwnPropertyNames instead of getPropertyNames.
+
+        * UserObjectImp.cpp:
+        (UserObjectImp::getOwnPropertyNames):
+        * UserObjectImp.h:
+
+2009-09-02  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        * JSValueWrapper.cpp:
+        (JSValueWrapper::JSObjectMark): Removed a check of the mark
+        bit. It's OK to do more work in this case, and there is no
+        longer a public function to access the mark bit.
+
+2009-08-14  Darin Adler  <darin@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Rename the confusing isObject(<class>) to inherits(<class>).
+        It still works on non-objects, returning false.
+
+        * JSUtils.cpp:
+        (KJSValueToJSObject):
+        (KJSValueToCFTypeInternal):
+        Changed from isObject to inherits.
+
+2009-08-13  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Devirtualise marking
+        https://bugs.webkit.org/show_bug.cgi?id=28294
+
+        Continue to jump through hoops to deal with the exposed marking routines
+        in JavaScriptGlue.
+
+        * JSValueWrapper.cpp:
+        (JSValueWrapper::JSObjectMark):
+
 2009-08-07  Oliver Hunt  <oliver@apple.com>
 
         Reviewed by Sam Weinig.
diff --git a/JavaScriptGlue/Configurations/Version.xcconfig b/JavaScriptGlue/Configurations/Version.xcconfig
index d07d57f..66d574b 100644
--- a/JavaScriptGlue/Configurations/Version.xcconfig
+++ b/JavaScriptGlue/Configurations/Version.xcconfig
@@ -22,7 +22,7 @@
 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
 
 MAJOR_VERSION = 532;
-MINOR_VERSION = 0;
+MINOR_VERSION = 2;
 TINY_VERSION = 0;
 FULL_VERSION = $(MAJOR_VERSION).$(MINOR_VERSION);
 
diff --git a/JavaScriptGlue/JSRun.cpp b/JavaScriptGlue/JSRun.cpp
index 23d9c9c..03fc431 100644
--- a/JavaScriptGlue/JSRun.cpp
+++ b/JavaScriptGlue/JSRun.cpp
@@ -40,6 +40,11 @@ JSGlueGlobalObject::JSGlueGlobalObject(PassRefPtr<Structure> structure, JSFlags
     d()->userObjectStructure = UserObjectImp::createStructure(jsNull());
 }
 
+void JSGlueGlobalObject::destroyData(void* data)
+{
+    delete static_cast<Data*>(data);
+}
+
 JSRun::JSRun(CFStringRef source, JSFlags inFlags)
     :   JSBase(kJSRunTypeID),
         fSource(CFStringToUString(source)),
diff --git a/JavaScriptGlue/JSRun.h b/JavaScriptGlue/JSRun.h
index 44b42cc..15d495b 100644
--- a/JavaScriptGlue/JSRun.h
+++ b/JavaScriptGlue/JSRun.h
@@ -41,10 +41,17 @@ class JSGlueGlobalObject : public JSGlobalObject {
 
     private:
         struct Data : JSGlobalObjectData {
+            Data()
+                : JSGlobalObjectData(destroyData)
+            {
+            }
+            
             RefPtr<Structure> userObjectStructure;
             JSFlags flags;
         };
 
+        static void destroyData(void*);
+
         Data* d() const { return static_cast<Data*>(JSGlobalObject::d()); }
 };
 
diff --git a/JavaScriptGlue/JSUtils.cpp b/JavaScriptGlue/JSUtils.cpp
index e6078fe..862ae2e 100644
--- a/JavaScriptGlue/JSUtils.cpp
+++ b/JavaScriptGlue/JSUtils.cpp
@@ -104,7 +104,7 @@ JSUserObject* KJSValueToJSObject(JSValue inValue, ExecState *exec)
 {
     JSUserObject* result = 0;
 
-    if (inValue.isObject(&UserObjectImp::info)) {
+    if (inValue.inherits(&UserObjectImp::info)) {
         UserObjectImp* userObjectImp = static_cast<UserObjectImp *>(asObject(inValue));
         result = userObjectImp->GetJSUserObject();
         if (result)
@@ -237,8 +237,8 @@ CFTypeRef KJSValueToCFTypeInternal(JSValue inValue, ExecState *exec, ObjectImpLi
 
         if (inValue.isObject())
             {
-                            if (inValue.isObject(&UserObjectImp::info)) {
-                                UserObjectImp* userObjectImp = static_cast<UserObjectImp *>(asObject(inValue));
+                if (inValue.inherits(&UserObjectImp::info)) {
+                    UserObjectImp* userObjectImp = static_cast<UserObjectImp *>(asObject(inValue));
                     JSUserObject* ptr = userObjectImp->GetJSUserObject();
                     if (ptr)
                     {
diff --git a/JavaScriptGlue/JSValueWrapper.cpp b/JavaScriptGlue/JSValueWrapper.cpp
index d649d4a..24b6f28 100644
--- a/JavaScriptGlue/JSValueWrapper.cpp
+++ b/JavaScriptGlue/JSValueWrapper.cpp
@@ -29,6 +29,7 @@
 #include "config.h"
 #include "JSValueWrapper.h"
 #include "JSRun.h"
+#include <JavaScriptCore/JSArray.h>
 #include <JavaScriptCore/PropertyNameArray.h>
 #include <pthread.h>
 
@@ -194,10 +195,13 @@ CFTypeRef JSValueWrapper::JSObjectCopyCFValue(void *data)
 void JSValueWrapper::JSObjectMark(void *data)
 {
     JSValueWrapper* ptr = (JSValueWrapper*)data;
-    if (ptr && !ptr->fValue.get().marked())
+    if (ptr)
     {
         // This results in recursive marking but will be otherwise safe and correct.
-        MarkStack markStack;
+        // We claim the array vptr is 0 because we don't have access to it here, and
+        // claiming 0 is functionally harmless -- it merely means that we can't
+        // devirtualise marking of arrays when recursing from this point.
+        MarkStack markStack(0);
         markStack.append(ptr->fValue.get());
         markStack.drain();
     }
diff --git a/JavaScriptGlue/UserObjectImp.cpp b/JavaScriptGlue/UserObjectImp.cpp
index 4e64ab1..125e349 100644
--- a/JavaScriptGlue/UserObjectImp.cpp
+++ b/JavaScriptGlue/UserObjectImp.cpp
@@ -94,7 +94,7 @@ JSValue UserObjectImp::callAsFunction(ExecState *exec, JSObject *thisObj, const
 }
 
 
-void UserObjectImp::getPropertyNames(ExecState *exec, PropertyNameArray& propertyNames)
+void UserObjectImp::getOwnPropertyNames(ExecState *exec, PropertyNameArray& propertyNames)
 {
     JSUserObject* ptr = GetJSUserObject();
     if (ptr) {
@@ -109,7 +109,7 @@ void UserObjectImp::getPropertyNames(ExecState *exec, PropertyNameArray& propert
             CFRelease(cfPropertyNames);
         }
     }
-    JSObject::getPropertyNames(exec, propertyNames);
+    JSObject::getOwnPropertyNames(exec, propertyNames);
 }
 
 JSValue UserObjectImp::userObjectGetter(ExecState*, const Identifier& propertyName, const PropertySlot& slot)
diff --git a/JavaScriptGlue/UserObjectImp.h b/JavaScriptGlue/UserObjectImp.h
index 9791658..98c9276 100644
--- a/JavaScriptGlue/UserObjectImp.h
+++ b/JavaScriptGlue/UserObjectImp.h
@@ -44,7 +44,7 @@ public:
 
     virtual CallType getCallData(CallData&);
 
-    virtual void getPropertyNames(ExecState*, PropertyNameArray&);
+    virtual void getOwnPropertyNames(ExecState*, PropertyNameArray&);
 
     virtual JSValue callAsFunction(ExecState *exec, JSObject *thisObj, const ArgList &args);
     virtual bool getOwnPropertySlot(ExecState *, const Identifier&, PropertySlot&);