Changeset 76969 in webkit
- Timestamp:
- Jan 28, 2011 12:21:07 PM (13 years ago)
- Location:
- trunk/Source
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/JavaScriptCore/ChangeLog
r76967 r76969 1 2011-01-28 Michael Saboff <msaboff@apple.com> 2 3 Potentially Unsafe HashSet of RuntimeObject* in RootObject definition 4 https://bugs.webkit.org/show_bug.cgi?id=53271 5 6 Reapplying this this change. No change from prior patch in 7 JavaScriptCore. 8 9 Added new isValid() methods to check if a contained object in 10 a WeakGCMap is valid when using an unchecked iterator. 11 12 * runtime/WeakGCMap.h: 13 (JSC::WeakGCMap::isValid): 14 1 15 2011-01-27 Adam Roben <aroben@apple.com> 2 16 -
trunk/Source/JavaScriptCore/runtime/WeakGCMap.h
r76925 r76969 70 70 const_iterator uncheckedEnd() const { return m_map.end(); } 71 71 72 bool isValid(iterator it) const { return Heap::isCellMarked(it->second); } 73 bool isValid(const_iterator it) const { return Heap::isCellMarked(it->second); } 74 72 75 private: 73 76 HashMap<KeyType, MappedType> m_map; -
trunk/Source/WebCore/ChangeLog
r76968 r76969 1 2011-01-28 Michael Saboff <msaboff@apple.com> 2 3 Reviewed by Geoffrey Garen. 4 5 Potentially Unsafe HashSet of RuntimeObject* in RootObject definition 6 https://bugs.webkit.org/show_bug.cgi?id=53271 7 8 Reapplying this patch with the change that the second ASSERT in 9 RootObject::removeRuntimeObject was changed to use 10 .uncheckedGet() instead of the failing .get(). The object in question 11 could be in the process of being GC'ed. The get() call will not return 12 such an object while the uncheckedGet() call will return the (unsafe) 13 object. This is the behavior we want. 14 15 Precautionary change. 16 Changed RootObject to use WeakGCMap instead of HashSet. 17 Found will looking for another issue, but can't produce a test case 18 that is problematic. THerefore there aren't any new tests. 19 20 * bridge/runtime_root.cpp: 21 (JSC::Bindings::RootObject::invalidate): 22 (JSC::Bindings::RootObject::addRuntimeObject): 23 (JSC::Bindings::RootObject::removeRuntimeObject): 24 * bridge/runtime_root.h: 25 1 26 2011-01-28 Adam Roben <aroben@apple.com> 2 27 -
trunk/Source/WebCore/bridge/runtime_root.cpp
r76925 r76969 102 102 103 103 { 104 HashSet<RuntimeObject*>::iterator end = m_runtimeObjects.end(); 105 for (HashSet<RuntimeObject*>::iterator it = m_runtimeObjects.begin(); it != end; ++it) 106 (*it)->invalidate(); 107 104 WeakGCMap<RuntimeObject*, RuntimeObject*>::iterator end = m_runtimeObjects.uncheckedEnd(); 105 for (WeakGCMap<RuntimeObject*, RuntimeObject*>::iterator it = m_runtimeObjects.uncheckedBegin(); it != end; ++it) { 106 if (m_runtimeObjects.isValid(it)) 107 it->second->invalidate(); 108 } 109 108 110 m_runtimeObjects.clear(); 109 111 } 110 112 111 113 m_isValid = false; 112 114 … … 177 179 { 178 180 ASSERT(m_isValid); 179 ASSERT(!m_runtimeObjects. contains(object));180 181 m_runtimeObjects. add(object);182 } 183 181 ASSERT(!m_runtimeObjects.get(object)); 182 183 m_runtimeObjects.set(object, object); 184 } 185 184 186 void RootObject::removeRuntimeObject(RuntimeObject* object) 185 187 { 186 188 ASSERT(m_isValid); 187 ASSERT(m_runtimeObjects. contains(object));188 189 m_runtimeObjects. remove(object);189 ASSERT(m_runtimeObjects.uncheckedGet(object)); 190 191 m_runtimeObjects.take(object); 190 192 } 191 193 -
trunk/Source/WebCore/bridge/runtime_root.h
r76925 r76969 32 32 #include <runtime/Protect.h> 33 33 34 #include <runtime/WeakGCMap.h> 34 35 #include <wtf/Forward.h> 35 #include <wtf/HashSet.h>36 36 #include <wtf/Noncopyable.h> 37 37 #include <wtf/PassRefPtr.h> … … 90 90 91 91 ProtectCountSet m_protectCountSet; 92 HashSet<RuntimeObject*> m_runtimeObjects;92 WeakGCMap<RuntimeObject*, RuntimeObject*> m_runtimeObjects; // Really need a WeakGCSet, but this will do. 93 93 94 94 HashSet<InvalidationCallback*> m_invalidationCallbacks;
Note: See TracChangeset
for help on using the changeset viewer.