Changeset 211238 in webkit
- Timestamp:
- Jan 26, 2017 4:11:54 PM (7 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 6 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r211236 r211238 1 2017-01-26 Filip Pizlo <fpizlo@apple.com> 2 3 EventTarget should visit the JSEventListeners using visitAdditionalChildren 4 https://bugs.webkit.org/show_bug.cgi?id=167462 5 6 Reviewed by Michael Saboff. 7 8 No new tests because this is already caught by existing testing. This would show up as ASSERTs 9 in debug, and we suspect it might be at fault for null deref crashes. 10 11 Previously, EventTarget would have its event listeners visited by its subclasses' visitChildren 12 methods. Every subclass of EventTarget would call EventTarget's visitJSEventListeners. For 13 example, this means that if JSFoo has seven classes between it and JSEventTarget in the JSCell 14 class hierarchy, then JSFoo::visitChildren would end up calling visitJSEventListeners seven extra 15 times. 16 17 Also, the weird way that visitJSEventListeners was called meant that it was not part of the GC's 18 output constraint processing. This meant that it would not be called when the GC tried to 19 terminate. So, if something about the event listener changes during a GC cycle, the GC would 20 potentially fail to mark one of the references. 21 22 Both problems can be solved by simply moving the call to visitJSEventListeners into 23 visitAdditionalChildren. 24 25 * bindings/js/JSDOMWindowCustom.cpp: 26 (WebCore::JSDOMWindow::visitAdditionalChildren): 27 * bindings/js/JSEventTargetCustom.cpp: 28 (WebCore::JSEventTarget::visitAdditionalChildren): 29 * bindings/scripts/CodeGeneratorJS.pm: 30 (GenerateImplementation): 31 * dom/EventTarget.idl: 32 1 33 2017-01-26 Andy Estes <aestes@apple.com> 2 34 -
trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp
r211033 r211238 1 1 /* 2 * Copyright (C) 2007-201 0, 2016Apple Inc. All rights reserved.2 * Copyright (C) 2007-2017 Apple Inc. All rights reserved. 3 3 * Copyright (C) 2011 Google Inc. All rights reserved. 4 4 * … … 53 53 if (Frame* frame = wrapped().frame()) 54 54 visitor.addOpaqueRoot(frame); 55 56 // Normally JSEventTargetCustom.cpp's JSEventTarget::visitAdditionalChildren() would call this. But 57 // even though DOMWindow is an EventTarget, JSDOMWindow does not subclass JSEventTarget, so we need 58 // to do this here. 59 wrapped().visitJSEventListeners(visitor); 55 60 } 56 61 -
trunk/Source/WebCore/bindings/js/JSEventTargetCustom.cpp
r208124 r211238 1 1 /* 2 * Copyright (C) 2008 , 2016Apple Inc. All Rights Reserved.2 * Copyright (C) 2008-2017 Apple Inc. All Rights Reserved. 3 3 * 4 4 * Redistribution and use in source and binary forms, with or without … … 83 83 } 84 84 85 void JSEventTarget::visitAdditionalChildren(SlotVisitor& visitor) 86 { 87 wrapped().visitJSEventListeners(visitor); 88 } 89 85 90 } // namespace WebCore -
trunk/Source/WebCore/bindings/js/JSWorkerGlobalScopeCustom.cpp
r210037 r211238 43 43 ScriptExecutionContext& context = wrapped(); 44 44 visitor.addOpaqueRoot(&context); 45 46 // Normally JSEventTargetCustom.cpp's JSEventTarget::visitAdditionalChildren() would call this. But 47 // even though WorkerGlobalScope is an EventTarget, JSWorkerGlobalScope does not subclass 48 // JSEventTarget, so we need to do this here. 49 wrapped().visitJSEventListeners(visitor); 45 50 } 46 51 -
trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm
r211024 r211238 4159 4159 push(@implContent, " ASSERT_GC_OBJECT_INHERITS(thisObject, info());\n"); 4160 4160 push(@implContent, " Base::visitChildren(thisObject, visitor);\n"); 4161 if ($codeGenerator->InheritsInterface($interface, "EventTarget")) {4162 push(@implContent, " thisObject->wrapped().visitJSEventListeners(visitor);\n");4163 }4164 4161 push(@implContent, " thisObject->visitAdditionalChildren(visitor);\n") if $interface->extendedAttributes->{JSCustomMarkFunction}; 4165 4162 if ($interface->extendedAttributes->{ReportExtraMemoryCost}) { -
trunk/Source/WebCore/dom/EventTarget.idl
r209424 r211238 1 1 /* 2 * Copyright (C) 2006 , 2007 Apple Inc. All rights reserved.2 * Copyright (C) 2006-2017 Apple Inc. All rights reserved. 3 3 * Copyright (C) 2006 Samuel Weinig <sam.weinig@gmail.com> 4 4 * … … 24 24 IsImmutablePrototypeExoticObjectOnPrototype, 25 25 JSCustomHeader, 26 JSCustomMarkFunction, 26 27 JSCustomToNativeObject, 27 28 ] interface EventTarget {
Note: See TracChangeset
for help on using the changeset viewer.