5 files changed, 51 insertions, 11 deletions
diff --git a/Source/JavaScriptCore/heap/ConservativeRoots.cpp b/Source/JavaScriptCore/heap/ConservativeRoots.cpp
index 6b9cbef45..7fe22dfff 100644
--- a/Source/JavaScriptCore/heap/ConservativeRoots.cpp
+++ b/Source/JavaScriptCore/heap/ConservativeRoots.cpp
@@ -66,10 +66,8 @@ template<typename MarkHook>
 inline void ConservativeRoots::genericAddPointer(void* p, TinyBloomFilter filter, MarkHook& markHook)
 {
     markHook.mark(p);
-    
-    CopiedBlock* block;
-    if (m_copiedSpace->contains(p, block))
-        m_copiedSpace->pin(block);
+
+    m_copiedSpace->pinIfNecessary(p);
     
     MarkedBlock* candidate = MarkedBlock::blockFor(p);
     if (filter.ruleOut(reinterpret_cast<Bits>(candidate))) {
diff --git a/Source/JavaScriptCore/heap/CopiedSpace.h b/Source/JavaScriptCore/heap/CopiedSpace.h
index de682a4c1..be3a331e8 100644
--- a/Source/JavaScriptCore/heap/CopiedSpace.h
+++ b/Source/JavaScriptCore/heap/CopiedSpace.h
@@ -68,6 +68,8 @@ public:
 
     bool contains(CopiedBlock*);
     bool contains(void*, CopiedBlock*&);
+    
+    void pinIfNecessary(void* pointer);
 
     size_t size();
     size_t capacity();
diff --git a/Source/JavaScriptCore/heap/CopiedSpaceInlineMethods.h b/Source/JavaScriptCore/heap/CopiedSpaceInlineMethods.h
index f702e1dd9..e2af41ad8 100644
--- a/Source/JavaScriptCore/heap/CopiedSpaceInlineMethods.h
+++ b/Source/JavaScriptCore/heap/CopiedSpaceInlineMethods.h
@@ -57,6 +57,42 @@ inline void CopiedSpace::pin(CopiedBlock* block)
     block->m_isPinned = true;
 }
 
+inline void CopiedSpace::pinIfNecessary(void* opaquePointer)
+{
+    // Pointers into the copied space come in the following varieties:
+    // 1)  Pointers to the start of a span of memory. This is the most
+    //     natural though not necessarily the most common.
+    // 2)  Pointers to one value-sized (8 byte) word past the end of
+    //     a span of memory. This currently occurs with semi-butterflies
+    //     and should be fixed soon, once the other half of the
+    //     butterfly lands.
+    // 3)  Pointers to the innards arising from loop induction variable
+    //     optimizations (either manual ones or automatic, by the
+    //     compiler).
+    // 4)  Pointers to the end of a span of memory in arising from
+    //     induction variable optimizations combined with the
+    //     GC-to-compiler contract laid out in the C spec: a pointer to
+    //     the end of a span of memory must be considered to be a
+    //     pointer to that memory.
+    
+    EncodedJSValue* pointer = reinterpret_cast<EncodedJSValue*>(opaquePointer);
+    CopiedBlock* block;
+
+    // Handle (1) and (3).
+    if (contains(pointer, block))
+        pin(block);
+    
+    // Handle (4). We don't have to explicitly check and pin the block under this
+    // pointer because it cannot possibly point to something that cases (1) and
+    // (3) above or case (2) below wouldn't already catch.
+    pointer--;
+    
+    // Handle (2)
+    pointer--;
+    if (contains(pointer, block))
+        pin(block);
+}
+
 inline void CopiedSpace::startedCopying()
 {
     DoublyLinkedList<HeapBlock>* temp = m_fromSpace;
diff --git a/Source/JavaScriptCore/heap/MachineStackMarker.cpp b/Source/JavaScriptCore/heap/MachineStackMarker.cpp
index 8e0c57b6a..7eb57479b 100644
--- a/Source/JavaScriptCore/heap/MachineStackMarker.cpp
+++ b/Source/JavaScriptCore/heap/MachineStackMarker.cpp
@@ -141,8 +141,10 @@ MachineThreads::MachineThreads(Heap* heap)
 
 MachineThreads::~MachineThreads()
 {
-    if (m_threadSpecific)
-        ThreadSpecificKeyDelete(m_threadSpecific);
+    if (m_threadSpecific) {
+        int error = pthread_key_delete(m_threadSpecific);
+        ASSERT_UNUSED(error, !error);
+    }
 
     MutexLocker registeredThreadsLock(m_registeredThreadsMutex);
     for (Thread* t = m_registeredThreads; t;) {
@@ -179,17 +181,19 @@ void MachineThreads::makeUsableFromMultipleThreads()
     if (m_threadSpecific)
         return;
 
-    ThreadSpecificKeyCreate(&m_threadSpecific, removeThread);
+    int error = pthread_key_create(&m_threadSpecific, removeThread);
+    if (error)
+        CRASH();
 }
 
 void MachineThreads::addCurrentThread()
 {
     ASSERT(!m_heap->globalData()->exclusiveThread || m_heap->globalData()->exclusiveThread == currentThread());
 
-    if (!m_threadSpecific || ThreadSpecificGet(m_threadSpecific))
+    if (!m_threadSpecific || pthread_getspecific(m_threadSpecific))
         return;
 
-    ThreadSpecificSet(m_threadSpecific, this);
+    pthread_setspecific(m_threadSpecific, this);
     Thread* thread = new Thread(getCurrentPlatformThread(), wtfThreadData().stack().origin());
 
     MutexLocker lock(m_registeredThreadsMutex);
diff --git a/Source/JavaScriptCore/heap/MachineStackMarker.h b/Source/JavaScriptCore/heap/MachineStackMarker.h
index 3d4aa22d4..5c7705fcf 100644
--- a/Source/JavaScriptCore/heap/MachineStackMarker.h
+++ b/Source/JavaScriptCore/heap/MachineStackMarker.h
@@ -22,8 +22,8 @@
 #ifndef MachineThreads_h
 #define MachineThreads_h
 
+#include <pthread.h>
 #include <wtf/Noncopyable.h>
-#include <wtf/ThreadSpecific.h>
 #include <wtf/ThreadingPrimitives.h>
 
 namespace JSC {
@@ -55,7 +55,7 @@ namespace JSC {
         Heap* m_heap;
         Mutex m_registeredThreadsMutex;
         Thread* m_registeredThreads;
-        WTF::ThreadSpecificKey m_threadSpecific;
+        pthread_key_t m_threadSpecific;
     };
 
 } // namespace JSC