Changeset 76893 in webkit


Ignore:
Timestamp:
Jan 27, 2011 6:18:02 PM (13 years ago)
Author:
msaboff@apple.com
Message:

2011-01-27 Michael Saboff <msaboff@apple.com>

Potentially Unsafe HashSet of RuntimeObject* in RootObject definition
https://bugs.webkit.org/show_bug.cgi?id=53271

Added new isValid() methods to check if a contained object in
a WeakGCMap is valid when using an unchecked iterator.

  • runtime/WeakGCMap.h: (JSC::WeakGCMap::isValid):

2011-01-27 Michael Saboff <msaboff@apple.com>

Reviewed by Darin Adler.

Potentially Unsafe HashSet of RuntimeObject* in RootObject definition
https://bugs.webkit.org/show_bug.cgi?id=53271

Precautionary change.
Changed RootObject to use WeakGCMap instead of HashSet.
Found will looking for another issue, but can't produce a test case
that is problematic. THerefore there aren't any new tests.

  • bridge/runtime_root.cpp: (JSC::Bindings::RootObject::invalidate): (JSC::Bindings::RootObject::addRuntimeObject): (JSC::Bindings::RootObject::removeRuntimeObject):
  • bridge/runtime_root.h:
Location:
trunk/Source
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/JavaScriptCore/ChangeLog

    r76745 r76893  
     12011-01-27  Michael Saboff  <msaboff@apple.com>
     2
     3        Potentially Unsafe HashSet of RuntimeObject* in RootObject definition
     4        https://bugs.webkit.org/show_bug.cgi?id=53271
     5
     6        Added new isValid() methods to check if a contained object in
     7        a WeakGCMap is valid when using an unchecked iterator.
     8
     9        * runtime/WeakGCMap.h:
     10        (JSC::WeakGCMap::isValid):
     11
    1122011-01-26  Sam Weinig  <sam@webkit.org>
    213
  • trunk/Source/JavaScriptCore/runtime/WeakGCMap.h

    r76248 r76893  
    7070    const_iterator uncheckedEnd() const { return m_map.end(); }
    7171
     72    bool isValid(iterator it) const { return Heap::isCellMarked(it->second); }
     73    bool isValid(const_iterator it) const { return Heap::isCellMarked(it->second); }
     74
    7275private:
    7376    HashMap<KeyType, MappedType> m_map;
  • trunk/Source/WebCore/ChangeLog

    r76892 r76893  
     12011-01-27  Michael Saboff  <msaboff@apple.com>
     2
     3        Reviewed by Darin Adler.
     4
     5        Potentially Unsafe HashSet of RuntimeObject* in RootObject definition
     6        https://bugs.webkit.org/show_bug.cgi?id=53271
     7
     8        Precautionary change.
     9        Changed RootObject to use WeakGCMap instead of HashSet.
     10        Found will looking for another issue, but can't produce a test case
     11        that is problematic.  THerefore there aren't any new tests.
     12
     13        * bridge/runtime_root.cpp:
     14        (JSC::Bindings::RootObject::invalidate):
     15        (JSC::Bindings::RootObject::addRuntimeObject):
     16        (JSC::Bindings::RootObject::removeRuntimeObject):
     17        * bridge/runtime_root.h:
     18
    1192011-01-27  Kenneth Russell  <kbr@google.com>
    220
  • trunk/Source/WebCore/bridge/runtime_root.cpp

    r71354 r76893  
    102102
    103103    {
    104         HashSet<RuntimeObject*>::iterator end = m_runtimeObjects.end();
    105         for (HashSet<RuntimeObject*>::iterator it = m_runtimeObjects.begin(); it != end; ++it)
    106             (*it)->invalidate();
    107        
     104        WeakGCMap<RuntimeObject*, RuntimeObject*>::iterator end = m_runtimeObjects.uncheckedEnd();
     105        for (WeakGCMap<RuntimeObject*, RuntimeObject*>::iterator it = m_runtimeObjects.uncheckedBegin(); it != end; ++it) {
     106            if (m_runtimeObjects.isValid(it))
     107                it->second->invalidate();
     108        }
     109
    108110        m_runtimeObjects.clear();
    109111    }
    110    
     112
    111113    m_isValid = false;
    112114
     
    177179{
    178180    ASSERT(m_isValid);
    179     ASSERT(!m_runtimeObjects.contains(object));
    180    
    181     m_runtimeObjects.add(object);
    182 }       
    183    
     181    ASSERT(!m_runtimeObjects.get(object));
     182
     183    m_runtimeObjects.set(object, object);
     184}
     185
    184186void RootObject::removeRuntimeObject(RuntimeObject* object)
    185187{
    186188    ASSERT(m_isValid);
    187     ASSERT(m_runtimeObjects.contains(object));
    188    
    189     m_runtimeObjects.remove(object);
     189    ASSERT(m_runtimeObjects.get(object));
     190
     191    m_runtimeObjects.take(object);
    190192}
    191193
  • trunk/Source/WebCore/bridge/runtime_root.h

    r71354 r76893  
    3232#include <runtime/Protect.h>
    3333
     34#include <runtime/WeakGCMap.h>
    3435#include <wtf/Forward.h>
    35 #include <wtf/HashSet.h>
    3636#include <wtf/Noncopyable.h>
    3737#include <wtf/PassRefPtr.h>
     
    9090
    9191    ProtectCountSet m_protectCountSet;
    92     HashSet<RuntimeObject*> m_runtimeObjects;   
     92    WeakGCMap<RuntimeObject*, RuntimeObject*> m_runtimeObjects; // Really need a WeakGCSet, but this will do.
    9393
    9494    HashSet<InvalidationCallback*> m_invalidationCallbacks;
Note: See TracChangeset for help on using the changeset viewer.