Changeset 141348 in webkit


Ignore:
Timestamp:
Jan 30, 2013 5:08:25 PM (11 years ago)
Author:
oliver@apple.com
Message:

Make JSEventListener more robust in the event of the compiled handler being released.
https://bugs.webkit.org/show_bug.cgi?id=108390

Reviewed by Michael Saboff.

It shouldn't be possible for a handler to be collected for any object that
might still trigger an event. Nonetheless it does still happen, and the
only point of failure that currently exists is compiling the handler.

This patch is mostly just assertions, but also removes a bunch of field
clearing that was previously being performed. Given we do seem to periodically
end up needing to recompile a handler this appears to be necessary. That
said there does not appear to be a memory hit from this as the event handlers
that make us use JSLazyEventListener are not frequently compiled, and the bulk
of the functions that are compiled end up causing us to keep the strings around
anyway.

  • bindings/js/JSLazyEventListener.cpp:

(WebCore::JSLazyEventListener::JSLazyEventListener):
(WebCore::JSLazyEventListener::initializeJSFunction):

Location:
trunk/Source/WebCore
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebCore/ChangeLog

    r141346 r141348  
     12013-01-30  Oliver Hunt  <oliver@apple.com>
     2
     3        Make JSEventListener more robust in the event of the compiled handler being released.
     4        https://bugs.webkit.org/show_bug.cgi?id=108390
     5
     6        Reviewed by Michael Saboff.
     7
     8        It shouldn't be possible for a handler to be collected for any object that
     9        might still trigger an event.  Nonetheless it does still happen, and the
     10        only point of failure that currently exists is compiling the handler.
     11
     12        This patch is mostly just assertions, but also removes a bunch of field
     13        clearing that was previously being performed.  Given we do seem to periodically
     14        end up needing to recompile a handler this appears to be necessary.  That
     15        said there does not appear to be a memory hit from this as the event handlers
     16        that make us use JSLazyEventListener are not frequently compiled, and the bulk
     17        of the functions that are compiled end up causing us to keep the strings around
     18        anyway.
     19
     20        * bindings/js/JSLazyEventListener.cpp:
     21        (WebCore::JSLazyEventListener::JSLazyEventListener):
     22        (WebCore::JSLazyEventListener::initializeJSFunction):
     23
    1242013-01-30  Kentaro Hara  <haraken@chromium.org>
    225

  • trunk/Source/WebCore/bindings/js/JSLazyEventListener.cpp

    r127191 r141348  
    5757        m_position = TextPosition::minimumPosition();
    5858
     59    ASSERT(m_eventParameterName == "evt" || m_eventParameterName == "event");
     60
    5961#ifndef NDEBUG
    6062    eventListenerCounter.increment();
     
    7476    ASSERT(executionContext->isDocument());
    7577    if (!executionContext)
     78        return 0;
     79
     80    ASSERT(!m_code.isNull());
     81    ASSERT(!m_eventParameterName.isNull());
     82    if (m_code.isNull() || m_eventParameterName.isNull())
    7683        return 0;
    7784
     
    118125        listenerAsFunction->setScope(exec->globalData(), jsCast<JSNode*>(wrapper())->pushEventHandlerScope(exec, listenerAsFunction->scope()));
    119126    }
    120 
    121     // Since we only parse once, there's no need to keep data used for parsing around anymore.
    122     m_functionName = String();
    123     m_code = String();
    124     m_eventParameterName = String();
    125     m_sourceURL = String();
    126127    return jsFunction;
    127128}
Note: See TracChangeset for help on using the changeset viewer.