Changeset 100721 in webkit

Timestamp:

Nov 17, 2011 9:41:33 PM (12 years ago)

Author:

adamk@chromium.org

Message:

Move JS recursion counter from V8Proxy to V8BindingPerIsolateData
​https://bugs.webkit.org/show_bug.cgi?id=72645

Reviewed by Adam Barth.

Source/WebCore:

With the JS recursion level stored as a member of V8Proxy, it's tied
to a frame. But this is incorrect, as there's no reason that a JS call
stack need be restricted to a single frame (see my new test case for
an example of code going across frames).

In order to get the correct accounting of JS recursion level, per-Isolate
is the right granularity (per dslomov), which is what this patch accomplishes.

Test: storage/indexeddb/transaction-abort-with-js-recursion-cross-frame.html

• bindings/v8/V8Binding.cpp:

(WebCore::V8BindingPerIsolateData::V8BindingPerIsolateData):

• bindings/v8/V8Binding.h:

(WebCore::V8BindingPerIsolateData::recursionLevel):
(WebCore::V8BindingPerIsolateData::incrementRecursionLevel):
(WebCore::V8BindingPerIsolateData::decrementRecursionLevel):
(WebCore::V8RecursionScope::V8RecursionScope):
(WebCore::V8RecursionScope::~V8RecursionScope):

• bindings/v8/V8Proxy.cpp:

(WebCore::incrementRecursionLevel):
(WebCore::decrementRecursionLevel):
(WebCore::recursionLevel):
(WebCore::V8Proxy::V8Proxy):
(WebCore::V8Proxy::runScript):
(WebCore::V8Proxy::callFunction):
(WebCore::V8Proxy::didLeaveScriptContext):

• bindings/v8/V8Proxy.h:

LayoutTests:

Added tests to exercise new timing of call to V8Proxy::didLeaveScriptContext().

• storage/indexeddb/transaction-abort-with-js-recursion-cross-frame-expected.txt: Added.
• storage/indexeddb/transaction-abort-with-js-recursion-cross-frame.html: Added.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/storage/indexeddb/transaction-abort-with-js-recursion-cross-frame-expected.txt (added)
• LayoutTests/storage/indexeddb/transaction-abort-with-js-recursion-cross-frame.html (added)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/bindings/v8/V8Binding.cpp (modified) (1 diff)
• Source/WebCore/bindings/v8/V8Binding.h (modified) (3 diffs)
• Source/WebCore/bindings/v8/V8Proxy.cpp (modified) (7 diffs)
• Source/WebCore/bindings/v8/V8Proxy.h (modified) (2 diffs)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2011-11-17  Adam Klein  <adamk@chromium.org>
+
+        Move JS recursion counter from V8Proxy to V8BindingPerIsolateData
+        https://bugs.webkit.org/show_bug.cgi?id=72645
+
+        Reviewed by Adam Barth.
+
+        Added tests to exercise new timing of call to V8Proxy::didLeaveScriptContext().
+
+        * storage/indexeddb/transaction-abort-with-js-recursion-cross-frame-expected.txt: Added.
+        * storage/indexeddb/transaction-abort-with-js-recursion-cross-frame.html: Added.
+
 2011-11-17  Peter Kasting  <pkasting@google.com>
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2011-11-17  Adam Klein  <adamk@chromium.org>
+
+        Move JS recursion counter from V8Proxy to V8BindingPerIsolateData
+        https://bugs.webkit.org/show_bug.cgi?id=72645
+
+        Reviewed by Adam Barth.
+
+        With the JS recursion level stored as a member of V8Proxy, it's tied
+        to a frame. But this is incorrect, as there's no reason that a JS call
+        stack need be restricted to a single frame (see my new test case for
+        an example of code going across frames).
+
+        In order to get the correct accounting of JS recursion level, per-Isolate
+        is the right granularity (per dslomov), which is what this patch accomplishes.
+
+        Test: storage/indexeddb/transaction-abort-with-js-recursion-cross-frame.html
+
+        * bindings/v8/V8Binding.cpp:
+        (WebCore::V8BindingPerIsolateData::V8BindingPerIsolateData):
+        * bindings/v8/V8Binding.h:
+        (WebCore::V8BindingPerIsolateData::recursionLevel):
+        (WebCore::V8BindingPerIsolateData::incrementRecursionLevel):
+        (WebCore::V8BindingPerIsolateData::decrementRecursionLevel):
+        (WebCore::V8RecursionScope::V8RecursionScope):
+        (WebCore::V8RecursionScope::~V8RecursionScope):
+        * bindings/v8/V8Proxy.cpp:
+        (WebCore::incrementRecursionLevel):
+        (WebCore::decrementRecursionLevel):
+        (WebCore::recursionLevel):
+        (WebCore::V8Proxy::V8Proxy):
+        (WebCore::V8Proxy::runScript):
+        (WebCore::V8Proxy::callFunction):
+        (WebCore::V8Proxy::didLeaveScriptContext):
+        * bindings/v8/V8Proxy.h:
+
 2011-11-17  Robin Cao  <robin.cao@torchmobile.com.cn>
 

trunk/Source/WebCore/bindings/v8/V8Binding.cpp

@@ -53 +53 @@
     : m_domDataStore(0)
     , m_constructorMode(ConstructorMode::CreateNewObject)
+    , m_recursionLevel(0)
 {
 }

trunk/Source/WebCore/bindings/v8/V8Binding.h

@@ -39 +39 @@
 #include "V8GCController.h"
 #include "V8HiddenPropertyName.h"
+#include <wtf/Noncopyable.h>
 #include <wtf/text/AtomicString.h>
 
@@ -144 +145 @@
         void setDOMDataStore(DOMDataStore* store) { m_domDataStore = store; }
 
+        int recursionLevel() const { return m_recursionLevel; }
+        void incrementRecursionLevel() { ++m_recursionLevel; }
+        void decrementRecursionLevel() { --m_recursionLevel; }
+
 #ifndef NDEBUG
         GlobalHandleMap& globalHandleMap() { return m_globalHandleMap; }
@@ -167 +172 @@
         friend class ConstructorMode;
 
+        int m_recursionLevel;
+
 #ifndef NDEBUG
         GlobalHandleMap m_globalHandleMap;
 #endif
+    };
+
+    class V8RecursionScope {
+        WTF_MAKE_NONCOPYABLE(V8RecursionScope);
+    public:
+        V8RecursionScope() { V8BindingPerIsolateData::current()->incrementRecursionLevel(); }
+        ~V8RecursionScope() { V8BindingPerIsolateData::current()->decrementRecursionLevel(); }
     };
 

trunk/Source/WebCore/bindings/v8/V8Proxy.cpp

@@ -176 +176 @@
 }
 
+static int recursionLevel()
+{
+    return V8BindingPerIsolateData::current()->recursionLevel();
+}
+
 static v8::Local<v8::Value> handleMaxRecursionDepthExceeded()
 {
@@ -186 +191 @@
     , m_windowShell(V8DOMWindowShell::create(frame))
     , m_inlineCode(false)
-    , m_recursion(0)
 {
 }
@@ -391 +395 @@
 
     V8GCController::checkMemoryUsage();
-    if (m_recursion >= kMaxRecursionDepth)
+    if (recursionLevel() >= kMaxRecursionDepth)
         return handleMaxRecursionDepthExceeded();
 
@@ -410 +414 @@
     tryCatch.SetVerbose(true);
     {
-        m_recursion++;
+        V8RecursionScope recursionScope;
         result = script->Run();
-        m_recursion--;
-    }
-
-    // Release the storage mutex if applicable.
+    }
+
     didLeaveScriptContext();
 
@@ -443 +445 @@
     V8GCController::checkMemoryUsage();
 
-    if (m_recursion >= kMaxRecursionDepth)
+    if (recursionLevel() >= kMaxRecursionDepth)
         return handleMaxRecursionDepthExceeded();
 
@@ -451 +453 @@
     v8::Local<v8::Value> result;
     {
-        m_recursion++;
+        V8RecursionScope recursionScope;
         result = V8Proxy::instrumentedCallFunction(m_frame->page(), function, receiver, argc, args);
-        m_recursion--;
-    }
-
-    // Release the storage mutex if applicable.
+    }
+
     didLeaveScriptContext();
 
@@ -577 +577 @@
 void V8Proxy::didLeaveScriptContext()
 {
-    if (m_recursion)
+    if (recursionLevel())
         return;
 

trunk/Source/WebCore/bindings/v8/V8Proxy.h

@@ -272 +272 @@
 
     private:
-        void didLeaveScriptContext();
+        static void didLeaveScriptContext();
 
         void resetIsolatedWorlds();
@@ -303 +303 @@
         // Only valid during execution.
         bool m_inlineCode;
-
-        // Track the recursion depth to be able to avoid too deep recursion. The V8
-        // engine allows much more recursion than KJS does so we need to guard against
-        // excessive recursion in the binding layer.
-        int m_recursion;
 
         // All of the extensions registered with the context.