Changeset 126464 in webkit

Timestamp:

Aug 23, 2012 12:08:54 PM (12 years ago)

Author:

commit-queue@webkit.org

Message:

Serialization of JavaScript values does not appear to respect new HTML5 Structured Clone semantics
​https://bugs.webkit.org/show_bug.cgi?id=65292

Patch by Christophe Dumez <Christophe Dumez> on 2012-08-23
Reviewed by Oliver Hunt.

Source/JavaScriptCore:

Add function to construct a StringObject from a JSValue.
Similar functions already exist for NumberObject and
BooleanObject for example.

Export several symbols so address linking errors in
WebCore.

• JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
• runtime/BooleanObject.h:

(BooleanObject):

• runtime/NumberObject.h:

(NumberObject):
(JSC):

• runtime/StringObject.cpp:

(JSC::constructString):
(JSC):

• runtime/StringObject.h:

(JSC):

Source/WebCore:

JSC now correctly serialize Boolean, Number and String objects as per
the structured clone algorithm specification. This patch reduces the
delta with the V8 implementation of SerializedScriptValue.

No new tests, already tested by fast/dom/Window/window-postmessage-clone.html

• bindings/js/SerializedScriptValue.cpp:

(WebCore):
(WebCore::CloneSerializer::dumpStringObject):
(CloneSerializer):
(WebCore::CloneSerializer::dumpIfTerminal):
(WebCore::CloneDeserializer::readTerminal):

LayoutTests:

Update expected results for fast/dom/Window/window-postmessage-clone.html
now that String, Boolean and Number object are correctly serialized with
JSC.

• fast/dom/Window/window-postmessage-clone-expected.txt:
• platform/gtk/fast/dom/Window/window-postmessage-clone-expected.txt:

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/fast/dom/Window/window-postmessage-clone-expected.txt (modified) (4 diffs)
• LayoutTests/platform/gtk/fast/dom/Window/window-postmessage-clone-expected.txt (modified) (4 diffs)
• Source/JavaScriptCore/ChangeLog (modified) (1 diff)
• Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def (modified) (3 diffs)
• Source/JavaScriptCore/runtime/BooleanObject.h (modified) (2 diffs)
• Source/JavaScriptCore/runtime/NumberObject.h (modified) (2 diffs)
• Source/JavaScriptCore/runtime/StringObject.cpp (modified) (2 diffs)
• Source/JavaScriptCore/runtime/StringObject.h (modified) (1 diff)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/bindings/js/SerializedScriptValue.cpp (modified) (10 diffs)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2012-08-23  Christophe Dumez  <christophe.dumez@intel.com>
+
+        Serialization of JavaScript values does not appear to respect new HTML5 Structured Clone semantics
+        https://bugs.webkit.org/show_bug.cgi?id=65292
+
+        Reviewed by Oliver Hunt.
+
+        Update expected results for fast/dom/Window/window-postmessage-clone.html
+        now that String, Boolean and Number object are correctly serialized with
+        JSC.
+
+        * fast/dom/Window/window-postmessage-clone-expected.txt:
+        * platform/gtk/fast/dom/Window/window-postmessage-clone-expected.txt:
+
 2012-08-23  Kenneth Russell  <kbr@google.com>
 

trunk/LayoutTests/fast/dom/Window/window-postmessage-clone-expected.txt

@@ -1 +1 @@
 Tests that we clone object hierarchies
 
-FAIL: 'postMessage((function(){}))' should throw but didn't
-FAIL: 'postMessage(var x = 0; try { eval("badref"); } catch(e) { x = e; } x)' should throw but didn't
-PASS: 'postMessage(window)' threw TypeError: Type error
+PASS: 'postMessage((function(){}))' threw Error: DATA_CLONE_ERR: DOM Exception 25
+PASS: 'postMessage(var x = 0; try { eval("badref"); } catch(e) { x = e; } x)' threw Error: DATA_CLONE_ERR: DOM Exception 25
+PASS: 'postMessage(window)' threw Error: DATA_CLONE_ERR: DOM Exception 25
 PASS: 'postMessage(({get a() { throw "x" }}))' threw x
 PASS: 'postMessage((function() {return {get a() { throw "accessor-exn"; }};})())' threw accessor-exn
@@ -28 +28 @@
 PASS: eventData is 1,2,3 of type object
 PASS: eventData is ,,1 of type object
-FAIL: eventData is null should be function () {} of type function
-FAIL: eventData is [object Object] should be ReferenceError: Can't find variable: badref of type object
 PASS: eventData is 2009-02-13T23:31:30.000Z of type object
 PASS: eventData is [object Object] of type object
-FAIL: eventData is [object Object] should be true of type object
-FAIL: eventData is [object Object] should be false of type object
-FAIL: eventData is [object Object] should be gnirts of type object
-FAIL: eventData is [object Object] should be 42 of type object
+PASS: eventData is true of type object
+PASS: eventData is false of type object
+PASS: eventData is gnirts of type object
+PASS: eventData is 42 of type object
 PASS: eventData is === to eventData.self
 PASS: eventData is === to eventData[0]
@@ -91 +89 @@
 PASS: window.acalled === true
 FAIL: window.bcalled === undefined
-FAIL: Boolean values correct (0)
-FAIL: Boolean values correct (3)
+PASS: Boolean values correct (0)
+PASS: Boolean values correct (3)
 PASS: Boolean values correct (1,2)
 PASS: Boolean values correct (4,5)
@@ -99 +97 @@
 PASS: References to Booleans correct (0,2)
 PASS: References to Booleans correct (3,5)
-FAIL: Number values correct (0)
+PASS: Number values correct (0)
 PASS: Number values correct (0,2)
 PASS: References to numbers correct (0,1)
 PASS: References to numbers correct (0,2)
-FAIL: String values correct (0)
+PASS: String values correct (0)
 PASS: String values correct (0,2)
 PASS: References to strings correct (0,1)
 PASS: References to strings correct (0,2)
-FAIL: String object properties not serialized
-FAIL: Number object properties not serialized
-FAIL: Boolean object properties not serialized
+PASS: String object properties not serialized
+PASS: Number object properties not serialized
+PASS: Boolean object properties not serialized
 PASS: Date values correct (0)
 PASS: Date values correct (1)

trunk/LayoutTests/platform/gtk/fast/dom/Window/window-postmessage-clone-expected.txt

@@ -1 @@
-CONSOLE MESSAGE: line 86: TypeError: No default value
-CONSOLE MESSAGE: line 86: TypeError: No default value
 Tests that we clone object hierarchies
 
-FAIL: 'postMessage((function(){}))' should throw but didn't
-FAIL: 'postMessage(var x = 0; try { eval("badref"); } catch(e) { x = e; } x)' should throw but didn't
-PASS: 'postMessage(window)' threw TypeError: Type error
+PASS: 'postMessage((function(){}))' threw Error: DATA_CLONE_ERR: DOM Exception 25
+PASS: 'postMessage(var x = 0; try { eval("badref"); } catch(e) { x = e; } x)' threw Error: DATA_CLONE_ERR: DOM Exception 25
+PASS: 'postMessage(window)' threw Error: DATA_CLONE_ERR: DOM Exception 25
 PASS: 'postMessage(({get a() { throw "x" }}))' threw x
 PASS: eventData is null of type object
@@ -26 +24 @@
 PASS: eventData is 1,2,3 of type object
 PASS: eventData is ,,1 of type object
-FAIL: eventData is null should be function () {} of type function
-FAIL: eventData is [object Object] should be ReferenceError: Can't find variable: badref of type object
 PASS: eventData is 2009-02-13T23:31:30.000Z of type object
 PASS: eventData is [object Object] of type object
-FAIL: eventData is [object Object] should be true of type object
-FAIL: eventData is [object Object] should be false of type object
-FAIL: eventData is [object Object] should be gnirts of type object
-FAIL: eventData is [object Object] should be 42 of type object
+PASS: eventData is true of type object
+PASS: eventData is false of type object
+PASS: eventData is gnirts of type object
+PASS: eventData is 42 of type object
 PASS: eventData is === to eventData.self
 PASS: eventData is === to eventData[0]
@@ -93 +89 @@
 PASS: window.acalled === true
 FAIL: window.bcalled === undefined
-FAIL: Boolean values correct (0)
-FAIL: Boolean values correct (3)
+PASS: Boolean values correct (0)
+PASS: Boolean values correct (3)
 PASS: Boolean values correct (1,2)
 PASS: Boolean values correct (4,5)
@@ -101 +97 @@
 PASS: References to Booleans correct (0,2)
 PASS: References to Booleans correct (3,5)
-FAIL: Number values correct (0)
+PASS: Number values correct (0)
 PASS: Number values correct (0,2)
 PASS: References to numbers correct (0,1)
 PASS: References to numbers correct (0,2)
-FAIL: String values correct (0)
+PASS: String values correct (0)
 PASS: String values correct (0,2)
 PASS: References to strings correct (0,1)
 PASS: References to strings correct (0,2)
-FAIL: String object properties not serialized
-FAIL: Number object properties not serialized
-FAIL: Boolean object properties not serialized
+PASS: String object properties not serialized
+PASS: Number object properties not serialized
+PASS: Boolean object properties not serialized
 PASS: Date values correct (0)
 PASS: Date values correct (1)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2012-08-23  Christophe Dumez  <christophe.dumez@intel.com>
+
+        Serialization of JavaScript values does not appear to respect new HTML5 Structured Clone semantics
+        https://bugs.webkit.org/show_bug.cgi?id=65292
+
+        Reviewed by Oliver Hunt.
+
+        Add function to construct a StringObject from a JSValue.
+        Similar functions already exist for NumberObject and
+        BooleanObject for example.
+
+        Export several symbols so address linking errors in
+        WebCore.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * runtime/BooleanObject.h:
+        (BooleanObject):
+        * runtime/NumberObject.h:
+        (NumberObject):
+        (JSC):
+        * runtime/StringObject.cpp:
+        (JSC::constructString):
+        (JSC):
+        * runtime/StringObject.h:
+        (JSC):
+
 2012-08-22  Filip Pizlo  <fpizlo@apple.com>
 

trunk/Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def

@@ -2 +2 @@
 
     ??0ArrayBufferView@WTF@@IAE@V?$PassRefPtr@VArrayBuffer@WTF@@@1@I@Z
+    ??0BooleanObject@JSC@@IAE@AAVJSGlobalData@1@PAVStructure@1@@Z
     ??0CString@WTF@@QAE@PBD@Z
     ??0CString@WTF@@QAE@PBDI@Z
@@ -108 +109 @@
     ?constructEmptyObject@JSC@@YAPAVJSObject@1@PAVExecState@1@@Z
     ?constructFunctionSkippingEvalEnabledCheck@JSC@@YAPAVJSObject@1@PAVExecState@1@PAVJSGlobalObject@1@ABVArgList@1@ABVIdentifier@1@ABVUString@1@ABVTextPosition@WTF@@@Z
+    ?constructNumber@JSC@@YAPAVNumberObject@1@PAVExecState@1@PAVJSGlobalObject@1@VJSValue@1@@Z
+    ?constructString@JSC@@YAPAVStringObject@1@PAVExecState@1@PAVJSGlobalObject@1@VJSValue@1@@Z
     ?convertLatin1ToUTF8@Unicode@WTF@@YA?AW4ConversionResult@12@PAPBEPBEPAPADPAD@Z
     ?convertUTF16ToUTF8@Unicode@WTF@@YA?AW4ConversionResult@12@PAPB_WPB_WPAPADPAD_N@Z
@@ -187 +190 @@
     ?finalize@WeakHandleOwner@JSC@@UAEXV?$Handle@W4Unknown@JSC@@@2@PAX@Z
     ?findAllocator@WeakSet@JSC@@AAEPAUFreeCell@WeakBlock@2@XZ
+    ?finishCreation@BooleanObject@JSC@@IAEXAAVJSGlobalData@2@@Z
     ?finishCreation@DateInstance@JSC@@IAEXAAVJSGlobalData@2@N@Z
     ?finishCreation@InternalFunction@JSC@@IAEXAAVJSGlobalData@2@ABVUString@2@@Z

trunk/Source/JavaScriptCore/runtime/BooleanObject.h

@@ -28 +28 @@
     class BooleanObject : public JSWrapperObject {
     protected:
-        BooleanObject(JSGlobalData&, Structure*);
-        void finishCreation(JSGlobalData&);
+        JS_EXPORT_PRIVATE BooleanObject(JSGlobalData&, Structure*);
+        JS_EXPORT_PRIVATE void finishCreation(JSGlobalData&);
 
     public:
@@ -41 +41 @@
         }
         
-        static const ClassInfo s_info;
+        static JS_EXPORTDATA const ClassInfo s_info;
         
         static Structure* createStructure(JSGlobalData& globalData, JSGlobalObject* globalObject, JSValue prototype)

trunk/Source/JavaScriptCore/runtime/NumberObject.h

@@ -41 +41 @@
         }
 
-        static const ClassInfo s_info;
+        static JS_EXPORTDATA const ClassInfo s_info;
 
         static Structure* createStructure(JSGlobalData& globalData, JSGlobalObject* globalObject, JSValue prototype)
@@ -49 +49 @@
     };
 
-    NumberObject* constructNumber(ExecState*, JSGlobalObject*, JSValue);
+    JS_EXPORT_PRIVATE NumberObject* constructNumber(ExecState*, JSGlobalObject*, JSValue);
 
 } // namespace JSC

trunk/Source/JavaScriptCore/runtime/StringObject.cpp

@@ -23 +23 @@
 
 #include "Error.h"
+#include "JSGlobalObject.h"
 #include "PropertyNameArray.h"
 
@@ -144 +145 @@
 }
 
+StringObject* constructString(ExecState* exec, JSGlobalObject* globalObject, JSValue string)
+{
+    StringObject* object = StringObject::create(exec, globalObject->stringObjectStructure());
+    object->setInternalValue(exec->globalData(), string);
+    return object;
+}
+
 } // namespace JSC

trunk/Source/JavaScriptCore/runtime/StringObject.h

@@ -79 +79 @@
     }
 
+    JS_EXPORT_PRIVATE StringObject* constructString(ExecState*, JSGlobalObject*, JSValue);
+
 } // namespace JSC
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2012-08-23  Christophe Dumez  <christophe.dumez@intel.com>
+
+        Serialization of JavaScript values does not appear to respect new HTML5 Structured Clone semantics
+        https://bugs.webkit.org/show_bug.cgi?id=65292
+
+        Reviewed by Oliver Hunt.
+
+        JSC now correctly serialize Boolean, Number and String objects as per
+        the structured clone algorithm specification. This patch reduces the
+        delta with the V8 implementation of SerializedScriptValue.
+
+        No new tests, already tested by fast/dom/Window/window-postmessage-clone.html
+
+        * bindings/js/SerializedScriptValue.cpp:
+        (WebCore):
+        (WebCore::CloneSerializer::dumpStringObject):
+        (CloneSerializer):
+        (WebCore::CloneSerializer::dumpIfTerminal):
+        (WebCore::CloneDeserializer::readTerminal):
+
 2012-08-23  Joshua Bell  <jsbell@chromium.org>
 

trunk/Source/WebCore/bindings/js/SerializedScriptValue.cpp

@@ -57 +57 @@
 #include <JavaScriptCore/APICast.h>
 #include <JavaScriptCore/APIShims.h>
+#include <runtime/BooleanObject.h>
 #include <runtime/DateInstance.h>
 #include <runtime/Error.h>
@@ -109 +110 @@
     ArrayBufferViewTag = 22,
     ArrayBufferTransferTag = 23,
+    TrueObjectTag = 24,
+    FalseObjectTag = 25,
+    StringObjectTag = 26,
+    EmptyStringObjectTag = 27,
+    NumberObjectTag = 28,
     ErrorTag = 255
 };
@@ -153 +159 @@
  * Initial version was 1.
  * Version 2. added the ObjectReferenceTag and support for serialization of cyclic graphs.
+ * Version 3. added the FalseObjectTag, TrueObjectTag, NumberObjectTag, StringObjectTag
+ * and EmptyStringObjectTag for serialization of Boolean, Number and String objects.
  */
-static const unsigned int CurrentVersion = 2;
+static const unsigned int CurrentVersion = 3;
 static const unsigned int TerminatorTag = 0xFFFFFFFF;
 static const unsigned int StringPoolTag = 0xFFFFFFFE;
@@ -183 +191 @@
  *    | FalseTag
  *    | TrueTag
+ *    | FalseObjectTag
+ *    | TrueObjectTag
  *    | DoubleTag <value:double>
+ *    | NumberObjectTag <value:double>
  *    | DateTag <value:double>
  *    | String
  *    | EmptyStringTag
+ *    | EmptyStringObjectTag
  *    | File
  *    | FileList
@@ -200 +212 @@
  *      EmptyStringTag
  *      StringTag StringData
+ *
+ * StringObject:
+ *      EmptyStringObjectTag
+ *      StringObjectTag StringData
  *
  * StringData :-
@@ -518 +534 @@
     }
 
+    void dumpStringObject(UString str)
+    {
+        if (str.isEmpty())
+            write(EmptyStringObjectTag);
+        else {
+            write(StringObjectTag);
+            write(str);
+        }
+    }
+
     bool dumpArrayBufferView(JSObject* obj, SerializationReturnCode& code)
     {
@@ -586 +612 @@
         if (value.isObject()) {
             JSObject* obj = asObject(value);
+            if (obj->inherits(&BooleanObject::s_info)) {
+                if (!startObjectInternal(obj)) // handle duplicates
+                    return true;
+                write(asBooleanObject(value)->internalValue().toBoolean() ? TrueObjectTag : FalseObjectTag);
+                return true;
+            }
+            if (obj->inherits(&StringObject::s_info)) {
+                if (!startObjectInternal(obj)) // handle duplicates
+                    return true;
+                UString str = asString(asStringObject(value)->internalValue())->value(m_exec);
+                dumpStringObject(str);
+                return true;
+            }
+            if (obj->inherits(&NumberObject::s_info)) {
+                if (!startObjectInternal(obj)) // handle duplicates
+                    return true;
+                write(NumberObjectTag);
+                NumberObject* obj = static_cast<NumberObject*>(asObject(value));
+                write(obj->internalValue().asNumber());
+                return true;
+            }
             if (obj->inherits(&JSFile::s_info)) {
                 write(FileTag);
@@ -1399 +1446 @@
         case TrueTag:
             return jsBoolean(true);
+        case FalseObjectTag: {
+            BooleanObject* obj = BooleanObject::create(m_exec->globalData(), m_globalObject->booleanObjectStructure());
+            obj->setInternalValue(m_exec->globalData(), jsBoolean(false));
+            m_gcBuffer.append(obj);
+            return obj;
+        }
+        case TrueObjectTag: {
+            BooleanObject* obj = BooleanObject::create(m_exec->globalData(), m_globalObject->booleanObjectStructure());
+            obj->setInternalValue(m_exec->globalData(), jsBoolean(true));
+             m_gcBuffer.append(obj);
+            return obj;
+        }
         case DoubleTag: {
             double d;
@@ -1404 +1463 @@
                 return JSValue();
             return jsNumber(d);
+        }
+        case NumberObjectTag: {
+            double d;
+            if (!read(d))
+                return JSValue();
+            NumberObject* obj = constructNumber(m_exec, m_globalObject, jsNumber(d));
+            m_gcBuffer.append(obj);
+            return obj;
         }
         case DateTag: {
@@ -1480 +1547 @@
         case EmptyStringTag:
             return jsEmptyString(&m_exec->globalData());
+        case StringObjectTag: {
+            CachedStringRef cachedString;
+            if (!readStringData(cachedString))
+                return JSValue();
+            StringObject* obj = constructString(m_exec, m_globalObject, cachedString->jsString(m_exec));
+            m_gcBuffer.append(obj);
+            return obj;
+        }
+        case EmptyStringObjectTag: {
+            StringObject* obj = constructString(m_exec, m_globalObject, jsEmptyString(&m_exec->globalData()));
+            m_gcBuffer.append(obj);
+            return obj;
+        }
         case RegExpTag: {
             CachedStringRef pattern;