Changeset 295475 in webkit

Timestamp:

Jun 11, 2022, 3:32:52 PM (3 years ago)

Author:

rniwa@webkit.org

Message:

ValidityState object should be the same on each access (JS object getting GC'd incorrectly)
​https://bugs.webkit.org/show_bug.cgi?id=33733

Reviewed by Darin Adler.

Fixed the bug by making the form associated element an opaque root of ValidityState.

• LayoutTests/fast/forms/ValidityState-gc-expected.txt: Added.
• LayoutTests/fast/forms/ValidityState-gc.html: Added.
• Source/WebCore/html/HTMLFormControlElement.h:
• Source/WebCore/html/HTMLObjectElement.h:
• Source/WebCore/html/ValidityState.h:

(WebCore::ValidityState::element):
(WebCore::ValidityState::opaqueRootConcurrently):

• Source/WebCore/html/ValidityState.idl:

Canonical link: ​https://commits.webkit.org/251480@main

Location:

trunk

Files:

• LayoutTests/fast/forms/ValidityState-gc-expected.txt (added)
• LayoutTests/fast/forms/ValidityState-gc.html (added)
• Source/WebCore/html/HTMLFormControlElement.h (modified) (1 diff)
• Source/WebCore/html/HTMLObjectElement.h (modified) (1 diff)
• Source/WebCore/html/ValidityState.h (modified) (2 diffs)
• Source/WebCore/html/ValidityState.idl (modified) (2 diffs)

trunk/Source/WebCore/html/HTMLFormControlElement.h

@@ -182 +182 @@
     void endDelayingUpdateValidity();
 
+    // These functions can be called concurrently for ValidityState.
     HTMLElement& asHTMLElement() final { return *this; }
     const HTMLFormControlElement& asHTMLElement() const final { return *this; }
+
     FormNamedItem* asFormNamedItem() final { return this; }
     FormAssociatedElement* asFormAssociatedElement() final { return this; }

trunk/Source/WebCore/html/HTMLObjectElement.h

@@ -94 +94 @@
     FormNamedItem* asFormNamedItem() final { return this; }
     FormAssociatedElement* asFormAssociatedElement() final { return this; }
+
+    // These functions can be called concurrently for ValidityState.
     HTMLObjectElement& asHTMLElement() final { return *this; }
     const HTMLObjectElement& asHTMLElement() const final { return *this; }

trunk/Source/WebCore/html/ValidityState.h

@@ -2 +2 @@
  * This file is part of the WebKit project.
  *
- * Copyright (C) 2013 Apple Inc. All rights reserved.
+ * Copyright (C) 2013-2022 Apple Inc. All rights reserved.
  *
  * This library is free software; you can redistribute it and/or
@@ -32 +32 @@
 // as a typedef of FormAssociatedElement, but that would require changes to bindings generation.
 class ValidityState : public FormAssociatedElement {
+public:
+    Element* element() { return &asHTMLElement(); }
+    Node* opaqueRootConcurrently() { return &asHTMLElement(); }
 };
 

trunk/Source/WebCore/html/ValidityState.idl

@@ -3 +3 @@
  *
  * Copyright (C) 2009 Michelangelo De Simone <micdesim@gmail.com>
+ * Copyright (C) 2013-2022 Apple Inc. All rights reserved.
  *
  * This library is free software; you can redistribute it and/or
@@ -23 +24 @@
 [
     SkipVTableValidation,
-    Exposed=Window
+    Exposed=Window,
+    GenerateIsReachable=ImplElementRoot,
+    GenerateAddOpaqueRoot=opaqueRootConcurrently
 ] interface ValidityState {
     readonly attribute boolean         valueMissing;