Changeset 64479 in webkit


Ignore:
Timestamp:
Aug 2, 2010 11:28:07 AM (14 years ago)
Author:
andersca@apple.com
Message:

Cache JSNPObjects and fix bugs in the object map
https://bugs.webkit.org/show_bug.cgi?id=43368

Reviewed by Sam Weinig.

WebKit2:

  • WebProcess/Plugins/JSNPObject.cpp:

(WebKit::JSNPObject::JSNPObject):
Assert that we're not trying to wrap an NPJSObject.

(WebKit::JSNPObject::~JSNPObject):
Tell the object map that we're gone.

(WebKit::JSNPObject::invalidate):
Release the NPObject and null out the pointer.

  • WebProcess/Plugins/NPJSObject.cpp:

(WebKit::NPJSObject::create):
Assert that we're not trying to wrap a JSNPObject.

  • WebProcess/Plugins/NPRuntimeObjectMap.cpp:

(WebKit::NPRuntimeObjectMap::getOrCreateNPObject):
If we're passed a JSNPObject, just extract its NPObject.

(WebKit::NPRuntimeObjectMap::getOrCreateJSObject):
If we're passed an NPJSObject, just extract its JSObject. Otherwise, check if we already have
a JSObject for this NPObject and return it.

(WebKit::NPRuntimeObjectMap::jsNPObjectDestroyed):
Remove the object from the map.

(WebKit::NPRuntimeObjectMap::convertNPVariantToJSValue):
getOrCreateJSObject now checks for wrapped objects.

(WebKit::NPRuntimeObjectMap::convertJSValueToNPVariant):
getOrCreateNPObject now checks for wrapped objects.

(WebKit::NPRuntimeObjectMap::invalidate):
Invalidate JSNPObjects as well.

WebKitTools:

Test that we correctly throw exceptions when trying to do things to a JSObject that used to
wrap an NPObject that came from a plug-in that is now destroyed.

  • DumpRenderTree/DumpRenderTree.xcodeproj/project.pbxproj:
  • DumpRenderTree/TestNetscapePlugIn/PluginTest.h:

(PluginTest::Object::getProperty):
(PluginTest::Object::NP_GetProperty):
(PluginTest::Object::npClass):

  • DumpRenderTree/TestNetscapePlugIn/Tests/NPRuntimeObjectFromDestroyedPlugin.cpp: Added.

(NPRuntimeObjectFromDestroyedPlugin::NPRuntimeObjectFromDestroyedPlugin):
(NPRuntimeObjectFromDestroyedPlugin::ScriptableObject::hasProperty):
(NPRuntimeObjectFromDestroyedPlugin::ScriptableObject::getProperty):
(NPRuntimeObjectFromDestroyedPlugin::NPP_GetValue):

  • DumpRenderTree/TestNetscapePlugIn/win/TestNetscapePlugin.vcproj:
  • DumpRenderTree/qt/TestNetscapePlugin/TestNetscapePlugin.pro:
  • GNUmakefile.am:

LayoutTests:

  • plugins/npruntime/object-from-destroyed-plugin-expected.txt: Added.
  • plugins/npruntime/object-from-destroyed-plugin.html: Added.
Location:
trunk
Files:
3 added
13 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r64478 r64479  
     12010-08-02  Anders Carlsson  <andersca@apple.com>
     2
     3        Reviewed by Sam Weinig.
     4
     5        Cache JSNPObjects and fix bugs in the object map
     6        https://bugs.webkit.org/show_bug.cgi?id=43368
     7
     8        * plugins/npruntime/object-from-destroyed-plugin-expected.txt: Added.
     9        * plugins/npruntime/object-from-destroyed-plugin.html: Added.
     10
    1112010-08-02  Chris Fleizach  <cfleizach@apple.com>
    212
  • trunk/WebKit2/ChangeLog

    r64462 r64479  
     12010-08-02  Anders Carlsson  <andersca@apple.com>
     2
     3        Reviewed by Sam Weinig.
     4
     5        Cache JSNPObjects and fix bugs in the object map
     6        https://bugs.webkit.org/show_bug.cgi?id=43368
     7
     8        * WebProcess/Plugins/JSNPObject.cpp:
     9        (WebKit::JSNPObject::JSNPObject):
     10        Assert that we're not trying to wrap an NPJSObject.
     11
     12        (WebKit::JSNPObject::~JSNPObject):
     13        Tell the object map that we're gone.
     14
     15        (WebKit::JSNPObject::invalidate):
     16        Release the NPObject and null out the pointer.
     17
     18        * WebProcess/Plugins/NPJSObject.cpp:
     19        (WebKit::NPJSObject::create):
     20        Assert that we're not trying to wrap a JSNPObject.
     21
     22        * WebProcess/Plugins/NPRuntimeObjectMap.cpp:
     23        (WebKit::NPRuntimeObjectMap::getOrCreateNPObject):
     24        If we're passed a JSNPObject, just extract its NPObject.
     25
     26        (WebKit::NPRuntimeObjectMap::getOrCreateJSObject):
     27        If we're passed an NPJSObject, just extract its JSObject. Otherwise, check if we already have
     28        a JSObject for this NPObject and return it.
     29
     30        (WebKit::NPRuntimeObjectMap::jsNPObjectDestroyed):
     31        Remove the object from the map.
     32
     33        (WebKit::NPRuntimeObjectMap::convertNPVariantToJSValue):
     34        getOrCreateJSObject now checks for wrapped objects.
     35
     36        (WebKit::NPRuntimeObjectMap::convertJSValueToNPVariant):
     37        getOrCreateNPObject now checks for wrapped objects.
     38
     39        (WebKit::NPRuntimeObjectMap::invalidate):
     40        Invalidate JSNPObjects as well.
     41
    1422010-08-02  Jeremy Orlow  <jorlow@chromium.org>
    243
  • trunk/WebKit2/WebProcess/Plugins/JSNPObject.cpp

    r64449 r64479  
    2727
    2828#include "JSNPMethod.h"
     29#include "NPJSObject.h"
    2930#include "NPRuntimeObjectMap.h"
    3031#include "NPRuntimeUtilities.h"
     
    3637#include <WebCore/PlatformString.h>
    3738
     39using namespace JSC;
    3840using namespace WebCore;
    39 using namespace JSC;
    4041
    4142namespace WebKit {
     
    5354    , m_npObject(npObject)
    5455{
     56    // We should never have an NPJSObject inside a JSNPObject.
     57    ASSERT(!NPJSObject::isNPJSObject(m_npObject));
     58
    5559    retainNPObject(m_npObject);
    5660}
     
    5862JSNPObject::~JSNPObject()
    5963{
    60     // FIXME: Implement.
     64    if (!m_npObject)
     65        return;
     66
     67    m_objectMap->jsNPObjectDestroyed(this);
     68    releaseNPObject(m_npObject);
     69}
     70
     71void JSNPObject::invalidate()
     72{
     73    ASSERT(m_npObject);
     74
     75    releaseNPObject(m_npObject);
     76    m_npObject = 0;
    6177}
    6278
  • trunk/WebKit2/WebProcess/Plugins/JSNPObject.h

    r64447 r64479  
    4343    ~JSNPObject();
    4444
     45    void invalidate();
     46
    4547    JSC::JSValue callMethod(JSC::ExecState*, NPIdentifier methodName);
    4648    JSC::JSValue callObject(JSC::ExecState*);
  • trunk/WebKit2/WebProcess/Plugins/NPJSObject.cpp

    r64444 r64479  
    2626#include "NPJSObject.h"
    2727
     28#include "JSNPObject.h"
    2829#include "NPRuntimeObjectMap.h"
    2930#include "NPRuntimeUtilities.h"
     
    4344NPJSObject* NPJSObject::create(NPRuntimeObjectMap* objectMap, JSObject* jsObject)
    4445{
     46    // We should never have a JSNPObject inside an NPJSObject.
     47    ASSERT(!jsObject->inherits(&JSNPObject::s_info));
     48
    4549    NPJSObject* npJSObject = toNPJSObject(createNPObject(0, npClass()));
    4650    npJSObject->initialize(objectMap, jsObject);
  • trunk/WebKit2/WebProcess/Plugins/NPRuntimeObjectMap.cpp

    r64449 r64479  
    4949NPObject* NPRuntimeObjectMap::getOrCreateNPObject(JSObject* jsObject)
    5050{
     51    // If this is a JSNPObject, we can just get its underlying NPObject.
     52    if (jsObject->classInfo() == &JSNPObject::s_info) {
     53        JSNPObject* jsNPObject = static_cast<JSNPObject*>(jsObject);
     54        NPObject* npObject = jsNPObject->npObject();
     55       
     56        retainNPObject(npObject);
     57        return npObject;
     58    }
     59   
    5160    // First, check if we already know about this object.
    52     if (NPJSObject* npJSObject = m_objects.get(jsObject)) {
     61    if (NPJSObject* npJSObject = m_npJSObjects.get(jsObject)) {
    5362        retainNPObject(npJSObject);
    5463        return npJSObject;
     
    5665
    5766    NPJSObject* npJSObject = NPJSObject::create(this, jsObject);
    58     m_objects.set(jsObject, npJSObject);
     67    m_npJSObjects.set(jsObject, npJSObject);
    5968
    6069    return npJSObject;
     
    6473{
    6574    // Remove the object from the map.
    66     ASSERT(m_objects.contains(npJSObject->jsObject()));
    67     m_objects.remove(npJSObject->jsObject());
     75    ASSERT(m_npJSObjects.contains(npJSObject->jsObject()));
     76    m_npJSObjects.remove(npJSObject->jsObject());
    6877}
    6978
    7079JSObject* NPRuntimeObjectMap::getOrCreateJSObject(JSGlobalObject* globalObject, NPObject* npObject)
    7180{
    72     // FIXME: Check if we already have a wrapper for this NPObject!
    73     return new (globalObject->globalData()) JSNPObject(globalObject, this, npObject);
     81    // If this is an NPJSObject, we can just get the JSObject that it's wrapping.
     82    if (NPJSObject::isNPJSObject(npObject))
     83        return NPJSObject::toNPJSObject(npObject)->jsObject();
     84   
     85    if (JSNPObject* jsNPObject = m_jsNPObjects.get(npObject))
     86        return jsNPObject;
     87
     88    JSNPObject* jsNPObject = new (globalObject->globalData()) JSNPObject(globalObject, this, npObject);
     89    m_jsNPObjects.set(npObject, jsNPObject);
     90
     91    return jsNPObject;
    7492}
    7593
    7694void NPRuntimeObjectMap::jsNPObjectDestroyed(JSNPObject* jsNPObject)
    7795{
    78     // FIXME: Implement.
     96    // Remove the object from the map.
     97    ASSERT(m_jsNPObjects.contains(jsNPObject->npObject()));
     98    m_jsNPObjects.remove(jsNPObject->npObject());
    7999}
    80100
     
    100120        return jsString(exec, String::fromUTF8WithLatin1Fallback(variant.value.stringValue.UTF8Characters,
    101121                                                                 variant.value.stringValue.UTF8Length));
    102     case NPVariantType_Object: {
    103         NPObject* npObject = variant.value.objectValue;
    104 
    105         // Just get the object from the NPJSObject.
    106         if (NPJSObject::isNPJSObject(npObject))
    107             return NPJSObject::toNPJSObject(npObject)->jsObject();
    108 
    109         ASSERT(globalObject);
    110 
    111         return getOrCreateJSObject(globalObject, npObject);
    112     }
     122    case NPVariantType_Object:
     123        return getOrCreateJSObject(globalObject, variant.value.objectValue);
    113124    }
    114125
     
    155166
    156167    if (value.isObject()) {
    157         JSObject* jsObject = asObject(value);
    158 
    159         if (jsObject->classInfo() == &JSNPObject::s_info) {
    160             JSNPObject* jsNPObject = static_cast<JSNPObject*>(jsObject);
    161             NPObject* npObject = jsNPObject->npObject();
    162 
    163             retainNPObject(npObject);
    164             OBJECT_TO_NPVARIANT(npObject, variant);
    165             return;
    166         }
    167 
    168         NPObject* npObject = getOrCreateNPObject(jsObject);
     168        NPObject* npObject = getOrCreateNPObject(asObject(value));
    169169        OBJECT_TO_NPVARIANT(npObject, variant);
    170170        return;
     
    208208{
    209209    Vector<NPJSObject*> npJSObjects;
    210     copyValuesToVector(m_objects, npJSObjects);
     210    copyValuesToVector(m_npJSObjects, npJSObjects);
    211211
    212212    // Deallocate all the object wrappers so we won't leak any JavaScript objects.
     
    214214        deallocateNPObject(npJSObjects[i]);
    215215   
    216     // We shouldn't have any objects left now.
    217     ASSERT(m_objects.isEmpty());
     216    // We shouldn't have any NPJSObjects left now.
     217    ASSERT(m_npJSObjects.isEmpty());
     218
     219    Vector<JSNPObject*> jsNPObjects;
     220    copyValuesToVector(m_jsNPObjects, jsNPObjects);
     221
     222    // Invalidate all the JSObjects that wrap NPObjects.
     223    for (size_t i = 0; i < jsNPObjects.size(); ++i)
     224        jsNPObjects[i]->invalidate();
     225
     226    m_jsNPObjects.clear();
    218227}
    219228
  • trunk/WebKit2/WebProcess/Plugins/NPRuntimeObjectMap.h

    r64449 r64479  
    8080    PluginView* m_pluginView;
    8181
    82     HashMap<JSC::JSObject*, NPJSObject*> m_objects;
     82    HashMap<JSC::JSObject*, NPJSObject*> m_npJSObjects;
     83    HashMap<NPObject*, JSNPObject*> m_jsNPObjects;
    8384};
    8485
  • trunk/WebKitTools/ChangeLog

    r64470 r64479  
     12010-08-02  Anders Carlsson  <andersca@apple.com>
     2
     3        Reviewed by Sam Weinig.
     4
     5        Cache JSNPObjects and fix bugs in the object map
     6        https://bugs.webkit.org/show_bug.cgi?id=43368
     7
     8        Test that we correctly throw exceptions when trying to do things to a JSObject that used to
     9        wrap an NPObject that came from a plug-in that is now destroyed.
     10
     11        * DumpRenderTree/DumpRenderTree.xcodeproj/project.pbxproj:
     12        * DumpRenderTree/TestNetscapePlugIn/PluginTest.h:
     13        (PluginTest::Object::getProperty):
     14        (PluginTest::Object::NP_GetProperty):
     15        (PluginTest::Object::npClass):
     16        * DumpRenderTree/TestNetscapePlugIn/Tests/NPRuntimeObjectFromDestroyedPlugin.cpp: Added.
     17        (NPRuntimeObjectFromDestroyedPlugin::NPRuntimeObjectFromDestroyedPlugin):
     18        (NPRuntimeObjectFromDestroyedPlugin::ScriptableObject::hasProperty):
     19        (NPRuntimeObjectFromDestroyedPlugin::ScriptableObject::getProperty):
     20        (NPRuntimeObjectFromDestroyedPlugin::NPP_GetValue):
     21        * DumpRenderTree/TestNetscapePlugIn/win/TestNetscapePlugin.vcproj:
     22        * DumpRenderTree/qt/TestNetscapePlugin/TestNetscapePlugin.pro:
     23        * GNUmakefile.am:
     24
    1252010-08-02  Martin Robinson  <mrobinson@igalia.com>
    226
  • trunk/WebKitTools/DumpRenderTree/DumpRenderTree.xcodeproj/project.pbxproj

    r64444 r64479  
    3636                1A215A8211F2609C008AD0F5 /* PluginTest.h in Headers */ = {isa = PBXBuildFile; fileRef = 1A215A8011F2609C008AD0F5 /* PluginTest.h */; };
    3737                1A215BE711F27658008AD0F5 /* DocumentOpenInDestroyStream.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 1A215A7511F26072008AD0F5 /* DocumentOpenInDestroyStream.cpp */; };
     38                1A24BAA9120734EE00FBB059 /* NPRuntimeObjectFromDestroyedPlugin.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 1A24BAA8120734EE00FBB059 /* NPRuntimeObjectFromDestroyedPlugin.cpp */; };
    3839                1A8F02E80BB9B4EC008CFA34 /* TestObject.h in Headers */ = {isa = PBXBuildFile; fileRef = 1A8F024C0BB9B056008CFA34 /* TestObject.h */; };
    3940                1AC6C8490D07638600CD3161 /* main.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 1AC6C77F0D07589B00CD3161 /* main.cpp */; };
     
    194195                1A215A7F11F2609C008AD0F5 /* PluginTest.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = PluginTest.cpp; sourceTree = "<group>"; };
    195196                1A215A8011F2609C008AD0F5 /* PluginTest.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PluginTest.h; sourceTree = "<group>"; };
     197                1A24BAA8120734EE00FBB059 /* NPRuntimeObjectFromDestroyedPlugin.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = NPRuntimeObjectFromDestroyedPlugin.cpp; sourceTree = "<group>"; };
    196198                1A8F024C0BB9B056008CFA34 /* TestObject.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TestObject.h; sourceTree = "<group>"; };
    197199                1AC6C77F0D07589B00CD3161 /* main.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = main.cpp; sourceTree = "<group>"; };
     
    439441                        children = (
    440442                                1A215A7511F26072008AD0F5 /* DocumentOpenInDestroyStream.cpp */,
     443                                1A24BAA8120734EE00FBB059 /* NPRuntimeObjectFromDestroyedPlugin.cpp */,
    441444                                1AC77DCE120605B6005C19EF /* NPRuntimeRemoveProperty.cpp */,
    442445                                1AD9D2FD12028409001A70D1 /* PluginScriptableNPObjectInvokeDefault.cpp */,
     
    713716                                1AD9D2FE12028409001A70D1 /* PluginScriptableNPObjectInvokeDefault.cpp in Sources */,
    714717                                1AC77DCF120605B6005C19EF /* NPRuntimeRemoveProperty.cpp in Sources */,
     718                                1A24BAA9120734EE00FBB059 /* NPRuntimeObjectFromDestroyedPlugin.cpp in Sources */,
    715719                        );
    716720                        runOnlyForDeploymentPostprocessing = 0;
  • trunk/WebKitTools/DumpRenderTree/TestNetscapePlugIn/PluginTest.h

    r64444 r64479  
    4848DEFINE_HAS_MEMBER_CHECK(invokeDefault, bool, (const NPVariant*, uint32_t, NPVariant* result));
    4949DEFINE_HAS_MEMBER_CHECK(hasProperty, bool, (NPIdentifier propertyName));
     50DEFINE_HAS_MEMBER_CHECK(getProperty, bool, (NPIdentifier propertyName, NPVariant* result));
    5051
    5152class PluginTest {
     
    122123        }
    123124
     125        bool getProperty(NPIdentifier propertyName, NPVariant* result)
     126        {
     127            assert(false);
     128            return false;
     129        }
     130
    124131    protected:
    125132        Object()
     
    164171            return static_cast<T*>(npObject)->hasProperty(propertyName);
    165172        }
    166        
     173
     174        static bool NP_GetProperty(NPObject* npObject, NPIdentifier propertyName, NPVariant* result)
     175        {
     176            return static_cast<T*>(npObject)->getProperty(propertyName, result);
     177        }
     178
    167179        static NPClass* npClass()
    168180        {
     
    176188                has_member_invokeDefault<T>::value ? NP_InvokeDefault : 0,
    177189                has_member_hasProperty<T>::value ? NP_HasProperty : 0,
    178                 0, // NPClass::getProperty
     190                has_member_getProperty<T>::value ? NP_GetProperty : 0,
    179191                0, // NPClass::setProperty
    180192                0, // NPClass::removeProperty
  • trunk/WebKitTools/DumpRenderTree/TestNetscapePlugIn/win/TestNetscapePlugin.vcproj

    r64444 r64479  
    464464                >
    465465          </File>
     466          <File
     467                  RelativePath="..\Tests\NPRuntimeObjectFromDestroyedPlugin.cpp"
     468                >
     469          </File>
    466470                  <File
    467471                  RelativePath="..\Tests\NPRuntimeRemoveProperty.cpp"
  • trunk/WebKitTools/DumpRenderTree/qt/TestNetscapePlugin/TestNetscapePlugin.pro

    r64444 r64479  
    3030          TestObject.cpp \
    3131          Tests/DocumentOpenInDestroyStream.cpp \
     32          Tests/NPRuntimeObjectFromDestroyedPlugin.cpp \
    3233          Tests/NPRuntimeRemoveProperty.cpp \
    3334          Tests/PluginScriptableNPObjectInvokeDefault.cpp
  • trunk/WebKitTools/GNUmakefile.am

    r64444 r64479  
    160160        WebKitTools/DumpRenderTree/unix/TestNetscapePlugin/TestNetscapePlugin.cpp \
    161161        WebKitTools/DumpRenderTree/TestNetscapePlugIn/Tests/DocumentOpenInDestroyStream.cpp \
     162        WebKitTools/DumpRenderTree/TestNetscapePlugIn/Tests/NPRuntimeObjectFromDestroyedPlugin.cpp \
    162163        WebKitTools/DumpRenderTree/TestNetscapePlugIn/Tests/NPRuntimeRemoveProperty.cpp \
    163164        WebKitTools/DumpRenderTree/TestNetscapePlugIn/Tests/PluginScriptableNPObjectInvokeDefault.cpp \
Note: See TracChangeset for help on using the changeset viewer.