Changeset 148303 in webkit


Ignore:
Timestamp:
Apr 12, 2013 2:39:09 PM (11 years ago)
Author:
oliver@apple.com
Message:

make the codegenerator actually emit polymorphism check in the "no vtable" path
https://bugs.webkit.org/show_bug.cgi?id=114533

Reviewed by David Kilzer.

Make the "no vtable" check correct so that we actually plant a polymorphism
check. Update a few interfaces to have the correct validation attributes.

  • Modules/webdatabase/SQLTransaction.idl:
  • bindings/scripts/CodeGeneratorJS.pm:

(GenerateImplementation):

  • bindings/scripts/test/JS/JSTestInterface.cpp:

(WebCore::toJS):

  • bindings/scripts/test/TestInterface.idl:
  • html/track/TextTrackCue.idl:
  • svg/SVGAnimatedAngle.idl:
  • svg/SVGAnimatedBoolean.idl:
  • svg/SVGAnimatedEnumeration.idl:
  • svg/SVGAnimatedInteger.idl:
  • svg/SVGAnimatedLength.idl:
  • svg/SVGAnimatedLengthList.idl:
  • svg/SVGAnimatedNumber.idl:
  • svg/SVGAnimatedNumberList.idl:
  • svg/SVGAnimatedPreserveAspectRatio.idl:
  • svg/SVGAnimatedRect.idl:
  • svg/SVGAnimatedString.idl:
  • svg/SVGAnimatedTransformList.idl:
Location:
trunk/Source/WebCore
Files:
18 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebCore/ChangeLog

    r148301 r148303  
     12013-04-12  Oliver Hunt  <oliver@apple.com>
     2
     3        make the codegenerator actually emit polymorphism check in the "no vtable" path
     4        https://bugs.webkit.org/show_bug.cgi?id=114533
     5
     6        Reviewed by David Kilzer.
     7
     8        Make the "no vtable" check correct so that we actually plant a polymorphism
     9        check.  Update a few interfaces to have the correct validation attributes.       
     10
     11        * Modules/webdatabase/SQLTransaction.idl:
     12        * bindings/scripts/CodeGeneratorJS.pm:
     13        (GenerateImplementation):
     14        * bindings/scripts/test/JS/JSTestInterface.cpp:
     15        (WebCore::toJS):
     16        * bindings/scripts/test/TestInterface.idl:
     17        * html/track/TextTrackCue.idl:
     18        * svg/SVGAnimatedAngle.idl:
     19        * svg/SVGAnimatedBoolean.idl:
     20        * svg/SVGAnimatedEnumeration.idl:
     21        * svg/SVGAnimatedInteger.idl:
     22        * svg/SVGAnimatedLength.idl:
     23        * svg/SVGAnimatedLengthList.idl:
     24        * svg/SVGAnimatedNumber.idl:
     25        * svg/SVGAnimatedNumberList.idl:
     26        * svg/SVGAnimatedPreserveAspectRatio.idl:
     27        * svg/SVGAnimatedRect.idl:
     28        * svg/SVGAnimatedString.idl:
     29        * svg/SVGAnimatedTransformList.idl:
     30
    1312013-04-12  Oliver Hunt  <oliver@apple.com>
    232

  • trunk/Source/WebCore/Modules/webdatabase/SQLTransaction.idl

    r141034 r148303  
    3131    OmitConstructor,
    3232    JSNoStaticTables,
    33     ImplementationLacksVTable
     33    SkipVTableValidation
    3434] interface SQLTransaction {
    3535    [Custom] void executeSql(in DOMString sqlStatement,

  • trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm

    r148301 r148303  
    27482748#endif
    27492749END
    2750         push(@implContent, <<END) if $interface->extendedAttributes->{"ImplementationLacksVTable"} && $vtableNameGnu;
     2750        push(@implContent, <<END) if $interface->extendedAttributes->{"ImplementationLacksVTable"};
    27512751#if COMPILER(CLANG)
    27522752    // If you hit this failure the interface definition has the ImplementationLacksVTable

  • trunk/Source/WebCore/bindings/scripts/test/JS/JSTestInterface.cpp

    r148301 r148303  
    500500}
    501501
    502 #if ENABLE(BINDING_INTEGRITY)
    503 #if PLATFORM(WIN)
    504 #pragma warning(disable: 4483)
    505 extern "C" { extern void (*const __identifier("??_7TestInterface@WebCore@@6B@")[])(); }
    506 #else
    507 extern "C" { extern void* _ZTVN7WebCore13TestInterfaceE[]; }
    508 #endif
    509 #endif
    510502JSC::JSValue toJS(JSC::ExecState* exec, JSDOMGlobalObject* globalObject, TestInterface* impl)
    511503{
     
    513505        return jsNull();
    514506    if (JSValue result = getExistingWrapper<JSTestInterface>(exec, impl)) return result;
    515 
    516 #if ENABLE(BINDING_INTEGRITY)
    517     void* actualVTablePointer = *(reinterpret_cast<void**>(impl));
    518 #if PLATFORM(WIN)
    519     void* expectedVTablePointer = reinterpret_cast<void*>(__identifier("??_7TestInterface@WebCore@@6B@"));
    520 #else
    521     void* expectedVTablePointer = &_ZTVN7WebCore13TestInterfaceE[2];
    522507#if COMPILER(CLANG)
    523     // If this fails TestInterface does not have a vtable, so you need to add the
    524     // ImplementationLacksVTable attribute to the interface definition
    525     COMPILE_ASSERT(__is_polymorphic(TestInterface), TestInterface_is_not_polymorphic);
    526 #endif
    527 #endif
    528     // If you hit this assertion you either have a use after free bug, or
    529     // TestInterface has subclasses. If TestInterface has subclasses that get passed
    530     // to toJS() we currently require TestInterface you to opt out of binding hardening
    531     // by adding the SkipVTableValidation attribute to the interface IDL definition
    532     RELEASE_ASSERT(actualVTablePointer == expectedVTablePointer);
     508    // If you hit this failure the interface definition has the ImplementationLacksVTable
     509    // attribute. You should remove that attribute. If the class has subclasses
     510    // that may be passed through this toJS() function you should use the SkipVTableValidation
     511    // attribute to TestInterface.
     512    COMPILE_ASSERT(!__is_polymorphic(TestInterface), TestInterface_is_polymorphic_but_idl_claims_not_to_be);
    533513#endif
    534514    return createNewWrapper<JSTestInterface>(exec, globalObject, impl);

  • trunk/Source/WebCore/bindings/scripts/test/TestInterface.idl

    r140303 r148303  
    3636    Constructor(in DOMString str1, in [Optional=DefaultIsUndefined] DOMString str2),
    3737    ConstructorRaisesException,
    38     ConstructorConditional=TEST_INTERFACE
     38    ConstructorConditional=TEST_INTERFACE,
     39    ImplementationLacksVTable
    3940] interface TestInterface {
    4041};

  • trunk/Source/WebCore/html/track/TextTrackCue.idl

    r147355 r148303  
    3333    JSCustomMarkFunction,
    3434    JSCustomIsReachable,
    35     ImplementationLacksVTable
     35    SkipVTableValidation
    3636] interface TextTrackCue {
    3737    readonly attribute TextTrack track;

  • trunk/Source/WebCore/svg/SVGAnimatedAngle.idl

    r141034 r148303  
    2626[
    2727    Conditional=SVG,
    28     ImplementationLacksVTable
     28    SkipVTableValidation
    2929] interface SVGAnimatedAngle {
    3030    readonly attribute SVGAngle baseVal;

  • trunk/Source/WebCore/svg/SVGAnimatedBoolean.idl

    r141034 r148303  
    2626[
    2727    Conditional=SVG,
    28     ImplementationLacksVTable
     28    SkipVTableValidation
    2929] interface SVGAnimatedBoolean {
    3030    [StrictTypeChecking] attribute boolean baseVal

  • trunk/Source/WebCore/svg/SVGAnimatedEnumeration.idl

    r141034 r148303  
    2626[
    2727    Conditional=SVG,
    28     ImplementationLacksVTable
     28    SkipVTableValidation
    2929] interface SVGAnimatedEnumeration {
    3030    [StrictTypeChecking] attribute unsigned short baseVal

  • trunk/Source/WebCore/svg/SVGAnimatedInteger.idl

    r141034 r148303  
    2626[
    2727    Conditional=SVG,
    28     ImplementationLacksVTable
     28    SkipVTableValidation
    2929] interface SVGAnimatedInteger {
    3030    [StrictTypeChecking] attribute long baseVal

  • trunk/Source/WebCore/svg/SVGAnimatedLength.idl

    r141034 r148303  
    2626[
    2727    Conditional=SVG,
    28     ImplementationLacksVTable
     28    SkipVTableValidation
    2929] interface SVGAnimatedLength {
    3030    readonly attribute SVGLength baseVal;

  • trunk/Source/WebCore/svg/SVGAnimatedLengthList.idl

    r141034 r148303  
    2626[
    2727    Conditional=SVG,
    28     ImplementationLacksVTable
     28    SkipVTableValidation
    2929] interface SVGAnimatedLengthList {
    3030    readonly attribute SVGLengthList baseVal;

  • trunk/Source/WebCore/svg/SVGAnimatedNumber.idl

    r141034 r148303  
    2727[
    2828    Conditional=SVG,
    29     ImplementationLacksVTable
     29    SkipVTableValidation
    3030] interface SVGAnimatedNumber {
    3131    [StrictTypeChecking] attribute float baseVal

  • trunk/Source/WebCore/svg/SVGAnimatedNumberList.idl

    r141034 r148303  
    2626[
    2727    Conditional=SVG,
    28     ImplementationLacksVTable
     28    SkipVTableValidation
    2929] interface SVGAnimatedNumberList {
    3030    readonly attribute SVGNumberList baseVal;

  • trunk/Source/WebCore/svg/SVGAnimatedPreserveAspectRatio.idl

    r141034 r148303  
    2626[
    2727    Conditional=SVG,
    28     ImplementationLacksVTable
     28    SkipVTableValidation
    2929] interface SVGAnimatedPreserveAspectRatio {
    3030    readonly attribute SVGPreserveAspectRatio baseVal;

  • trunk/Source/WebCore/svg/SVGAnimatedRect.idl

    r141034 r148303  
    2626[
    2727    Conditional=SVG,
    28     ImplementationLacksVTable
     28    SkipVTableValidation
    2929] interface SVGAnimatedRect {
    3030    readonly attribute SVGRect baseVal;

  • trunk/Source/WebCore/svg/SVGAnimatedString.idl

    r141034 r148303  
    2626[
    2727    Conditional=SVG,
    28     ImplementationLacksVTable
     28    SkipVTableValidation
    2929] interface SVGAnimatedString {
    3030    attribute DOMString baseVal

  • trunk/Source/WebCore/svg/SVGAnimatedTransformList.idl

    r141034 r148303  
    2626[
    2727    Conditional=SVG,
    28     ImplementationLacksVTable
     28    SkipVTableValidation
    2929] interface SVGAnimatedTransformList {
    3030    readonly attribute SVGTransformList baseVal;
Note: See TracChangeset for help on using the changeset viewer.