Changeset 246808 in webkit


Ignore:
Timestamp:
Jun 25, 2019 2:19:21 PM (5 years ago)
Author:
keith_miller@apple.com
Message:

Add didBecomePrototype() calls to global context prototypes
https://bugs.webkit.org/show_bug.cgi?id=199202

Reviewed by Mark Lam.

This fixes some crashes related to asserting that all prototypes
have been marked as such in JSC from
https://trac.webkit.org/changeset/246801. It's ok to call
didBecomePrototype here as we setting up the world state right now
so we won't be having a bad time.

We don't automatically call didBecomePrototype() for
setPrototypeWithoutTransition because existing objects may already
have this structure so it seems more reasonable to be explicit
there.

  • bindings/js/JSWindowProxy.cpp:

(WebCore::JSWindowProxy::setWindow):

  • bindings/js/WorkerScriptController.cpp:

(WebCore::WorkerScriptController::initScript):

  • worklets/WorkletScriptController.cpp:

(WebCore::WorkletScriptController::initScriptWithSubclass):

Location:
trunk/Source/WebCore
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebCore/ChangeLog

    r246798 r246808  
     12019-06-25  Keith Miller  <keith_miller@apple.com>
     2
     3        Add didBecomePrototype() calls to global context prototypes
     4        https://bugs.webkit.org/show_bug.cgi?id=199202
     5
     6        Reviewed by Mark Lam.
     7
     8        This fixes some crashes related to asserting that all prototypes
     9        have been marked as such in JSC from
     10        https://trac.webkit.org/changeset/246801. It's ok to call
     11        didBecomePrototype here as we setting up the world state right now
     12        so we won't be having a bad time.
     13
     14        We don't automatically call didBecomePrototype() for
     15        setPrototypeWithoutTransition because existing objects may already
     16        have this structure so it seems more reasonable to be explicit
     17        there.
     18
     19        * bindings/js/JSWindowProxy.cpp:
     20        (WebCore::JSWindowProxy::setWindow):
     21        * bindings/js/WorkerScriptController.cpp:
     22        (WebCore::WorkerScriptController::initScript):
     23        * worklets/WorkletScriptController.cpp:
     24        (WebCore::WorkletScriptController::initScriptWithSubclass):
     25
    1262019-06-25  Joseph Pecoraro  <pecoraro@apple.com>
    227

  • trunk/Source/WebCore/bindings/js/JSWindowProxy.cpp

    r246780 r246808  
    112112    auto& propertiesStructure = *JSDOMWindowProperties::createStructure(vm, window, JSEventTarget::prototype(vm, *window));
    113113    auto& properties = *JSDOMWindowProperties::create(&propertiesStructure, *window);
     114    properties.didBecomePrototype();
    114115    prototype->structure(vm)->setPrototypeWithoutTransition(vm, &properties);
    115116

  • trunk/Source/WebCore/bindings/js/WorkerScriptController.cpp

    r237981 r246808  
    9191        ASSERT(m_workerGlobalScopeWrapper->structure(*m_vm)->globalObject() == m_workerGlobalScopeWrapper);
    9292        dedicatedContextPrototype->structure(*m_vm)->setGlobalObject(*m_vm, m_workerGlobalScopeWrapper.get());
    93         dedicatedContextPrototype->structure(*m_vm)->setPrototypeWithoutTransition(*m_vm, JSWorkerGlobalScope::prototype(*m_vm, *m_workerGlobalScopeWrapper.get()));
     93        auto* workerGlobalScopePrototype = JSWorkerGlobalScope::prototype(*m_vm, *m_workerGlobalScopeWrapper.get());
     94        workerGlobalScopePrototype->didBecomePrototype();
     95        dedicatedContextPrototype->structure(*m_vm)->setPrototypeWithoutTransition(*m_vm, workerGlobalScopePrototype);
    9496
    9597        proxy->setTarget(*m_vm, m_workerGlobalScopeWrapper.get());
     
    108110        ASSERT(m_workerGlobalScopeWrapper->structure()->globalObject() == m_workerGlobalScopeWrapper);
    109111        contextPrototype->structure(*m_vm)->setGlobalObject(*m_vm, m_workerGlobalScopeWrapper.get());
    110         contextPrototype->structure(*m_vm)->setPrototypeWithoutTransition(*m_vm, JSWorkerGlobalScope::prototype(*m_vm, *m_workerGlobalScopeWrapper.get()));
     112        auto* workerGlobalScopePrototype = JSWorkerGlobalScope::prototype(*m_vm, *m_workerGlobalScopeWrapper.get());
     113        workerGlobalScopePrototype->didBecomePrototype();
     114        contextPrototype->structure(*m_vm)->setPrototypeWithoutTransition(*m_vm, workerGlobalScopePrototype);
    111115
    112116        proxy->setTarget(*m_vm, m_workerGlobalScopeWrapper.get());

  • trunk/Source/WebCore/worklets/WorkletScriptController.cpp

    r238686 r246808  
    127127    ASSERT(m_workletGlobalScopeWrapper->structure(*m_vm)->globalObject() == m_workletGlobalScopeWrapper);
    128128    contextPrototype->structure(*m_vm)->setGlobalObject(*m_vm, m_workletGlobalScopeWrapper.get());
    129     contextPrototype->structure(*m_vm)->setPrototypeWithoutTransition(*m_vm, JSGlobalScope::prototype(*m_vm, *m_workletGlobalScopeWrapper.get()));
     129    auto* globalScopePrototype = JSGlobalScope::prototype(*m_vm, *m_workletGlobalScopeWrapper.get());
     130    globalScopePrototype->didBecomePrototype();
     131    contextPrototype->structure(*m_vm)->setPrototypeWithoutTransition(*m_vm, globalScopePrototype);
    130132
    131133    proxy->setTarget(*m_vm, m_workletGlobalScopeWrapper.get());
Note: See TracChangeset for help on using the changeset viewer.