Changeset 34271 in webkit
- Timestamp:
- May 30, 2008 10:37:03 PM (16 years ago)
- Location:
- trunk/WebCore
- Files:
-
- 10 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/WebCore/ChangeLog
r34267 r34271 1 2008-05-30 Maciej Stachowiak <mjs@apple.com> 2 3 Reviewed by Oliver (earlier version reviewed by Alexey). 4 5 - speculative fix for "REGRESSION(r34143?): Frequent crash while browsing" 6 https://bugs.webkit.org/show_bug.cgi?id=19285 7 8 ("This Time for Sure" Edition) 9 10 I'm pretty sure this fixes it but I have not been able to 11 reproduce and am unsure if my theory of the bug is right. 12 13 I belive the bug was because JSDOMWindowBase accessed 14 JSDOMWindowShell in its destructor to remove itself from a 15 hashtable, but GC destructor order is not guaranteed, so the 16 hashtable may have been freed already. This patch changes things 17 so that a non-GC object (the KJSProxy) does the tracking of live 18 window objects for a frame. JSDOMWindowBase can null check the frame 19 pointer to verify if it is still good. 20 21 In addition, we must create a similar setup between DOMWindow and 22 Frame; since the DOMWindow of a given frame can now change over 23 time, we must ensure that the Frame disconnects every live 24 DOMWindow when destroyed, not just the last. 25 26 * bindings/js/JSDOMWindowBase.cpp: 27 (WebCore::JSDOMWindowBase::~JSDOMWindowBase): 28 * bindings/js/JSDOMWindowShell.cpp: 29 (WebCore::JSDOMWindowShell::JSDOMWindowShell): 30 * bindings/js/JSDOMWindowShell.h: 31 (WebCore::JSDOMWindowShell::setWindow): 32 * bindings/js/kjs_proxy.cpp: 33 (WebCore::KJSProxy::clear): 34 (WebCore::KJSProxy::initScript): 35 (WebCore::KJSProxy::updateDocument): 36 * bindings/js/kjs_proxy.h: 37 (WebCore::KJSProxy::clearFormerWindow): 38 * page/DOMWindow.cpp: 39 (WebCore::DOMWindow::~DOMWindow): 40 * page/Frame.cpp: 41 (WebCore::Frame::~Frame): 42 (WebCore::Frame::setDocument): 43 (WebCore::Frame::clearDOMWindow): 44 (WebCore::Frame::clearFormerDOMWindow): 45 * page/Frame.h: 46 * page/FramePrivate.h: 47 1 48 2008-05-30 Dan Bernstein <mitz@apple.com> 2 49 -
trunk/WebCore/bindings/js/JSDOMWindowBase.cpp
r34261 r34271 203 203 JSDOMWindowBase::~JSDOMWindowBase() 204 204 { 205 d->m_shell->clearFormerWindow(asJSDOMWindow(this)); 205 if (m_impl->frame()) 206 m_impl->frame()->scriptProxy()->clearFormerWindow(asJSDOMWindow(this)); 206 207 207 208 clearAllTimeouts(); -
trunk/WebCore/bindings/js/JSDOMWindowShell.cpp
r34261 r34271 45 45 : Base(jsNull()) 46 46 , m_window(0) 47 , m_liveFormerWindows(new HashSet<JSDOMWindow*>)48 47 { 49 48 m_window = new JSDOMWindow(domWindow, this); … … 146 145 147 146 148 void JSDOMWindowShell::updateDocument()149 {150 m_window->updateDocument();151 HashSet<JSDOMWindow*>::iterator end = m_liveFormerWindows->end();152 for (HashSet<JSDOMWindow*>::iterator it = m_liveFormerWindows->begin(); it != end; ++it)153 (*it)->updateDocument();154 }155 156 147 // ---- 157 148 // Conversion methods -
trunk/WebCore/bindings/js/JSDOMWindowShell.h
r34261 r34271 48 48 { 49 49 ASSERT_ARG(window, window); 50 m_liveFormerWindows->add(m_window);51 50 m_window = window; 52 51 setPrototype(window->prototype()); … … 77 76 void disconnectFrame(); 78 77 void clear(); 79 void updateDocument();80 81 void clearFormerWindow(JSDOMWindow* window) { m_liveFormerWindows->remove(window); }82 78 83 79 private: 84 80 JSDOMWindow* m_window; 85 HashSet<JSDOMWindow*>* m_liveFormerWindows;86 81 }; 87 82 -
trunk/WebCore/bindings/js/kjs_proxy.cpp
r34261 r34271 113 113 JSLock lock; 114 114 m_windowShell->window()->clear(); 115 m_liveFormerWindows.add(m_windowShell->window()); 115 116 m_windowShell->setWindow(new JSDOMWindow(m_frame->domWindow(), m_windowShell)); 116 117 if (Page* page = m_frame->page()) { … … 156 157 157 158 m_windowShell = new JSDOMWindowShell(m_frame->domWindow()); 158 m_windowShell->updateDocument();159 updateDocument(); 159 160 160 161 if (Page* page = m_frame->page()) { … … 211 212 } 212 213 214 void KJSProxy::updateDocument() 215 { 216 JSLock lock; 217 if (m_windowShell) 218 m_windowShell->window()->updateDocument(); 219 HashSet<JSDOMWindow*>::iterator end = m_liveFormerWindows.end(); 220 for (HashSet<JSDOMWindow*>::iterator it = m_liveFormerWindows.begin(); it != end; ++it) 221 (*it)->updateDocument(); 222 } 223 224 213 225 } // namespace WebCore -
trunk/WebCore/bindings/js/kjs_proxy.h
r34261 r34271 78 78 bool isPaused() const { return m_paused; } 79 79 80 void clearFormerWindow(JSDOMWindow* window) { m_liveFormerWindows.remove(window); } 81 void updateDocument(); 82 80 83 private: 81 84 void initScriptIfNeeded() … … 87 90 88 91 KJS::ProtectedPtr<JSDOMWindowShell> m_windowShell; 92 HashSet<JSDOMWindow*> m_liveFormerWindows; 89 93 Frame* m_frame; 90 94 int m_handlerLineno; -
trunk/WebCore/page/DOMWindow.cpp
r34179 r34271 147 147 DOMWindow::~DOMWindow() 148 148 { 149 if (m_frame) 150 m_frame->clearFormerDOMWindow(this); 149 151 } 150 152 -
trunk/WebCore/page/Frame.cpp
r34261 r34271 182 182 if (d->m_domWindow) 183 183 d->m_domWindow->disconnectFrame(); 184 185 HashSet<DOMWindow*>::iterator end = d->m_liveFormerWindows.end(); 186 for (HashSet<DOMWindow*>::iterator it = d->m_liveFormerWindows.begin(); it != end; ++it) 187 (*it)->disconnectFrame(); 184 188 185 189 if (d->m_view) { … … 261 265 262 266 // Update the cached 'document' property, which is now stale. 263 if (d->m_doc && d->m_jscript.haveWindowShell()) { 264 JSLock lock; 265 d->m_jscript.windowShell()->updateDocument(); 266 } 267 d->m_jscript.updateDocument(); 267 268 } 268 269 … … 1129 1130 void Frame::clearDOMWindow() 1130 1131 { 1131 if (d->m_domWindow) 1132 if (d->m_domWindow) { 1133 d->m_liveFormerWindows.add(d->m_domWindow.get()); 1132 1134 d->m_domWindow->clear(); 1135 } 1133 1136 d->m_domWindow = 0; 1134 1137 } … … 1709 1712 1710 1713 return d->m_domWindow.get(); 1714 } 1715 1716 void Frame::clearFormerDOMWindow(DOMWindow* window) 1717 { 1718 d->m_liveFormerWindows.remove(window); 1711 1719 } 1712 1720 -
trunk/WebCore/page/Frame.h
r32700 r34271 97 97 98 98 DOMWindow* domWindow() const; 99 void clearFormerDOMWindow(DOMWindow*); 99 100 Editor* editor() const; 100 101 EventHandler* eventHandler() const; -
trunk/WebCore/page/FramePrivate.h
r32422 r34271 75 75 FrameLoader m_loader; 76 76 RefPtr<DOMWindow> m_domWindow; 77 HashSet<DOMWindow*> m_liveFormerWindows; 77 78 78 79 HTMLFrameOwnerElement* m_ownerElement;
Note: See TracChangeset
for help on using the changeset viewer.