Changeset 77853 in webkit

Timestamp:

Feb 7, 2011 3:37:23 PM (13 years ago)

Author:

ggaren@apple.com

Message:

2011-02-07 Geoffrey Garen <​ggaren@apple.com>

Reviewed by Darin Adler.

Assertion failure in ~JSGlobalObject when loading apple.com HTML5
transitions demo page
​https://bugs.webkit.org/show_bug.cgi?id=53853

This was a long-standing bookkeeping bug uncovered by some heap refactoring.

• html/HTMLCanvasElement.cpp: (WebCore::HTMLCanvasElement::createImageBuffer):
• html/HTMLImageLoader.cpp: (WebCore::HTMLImageLoader::notifyFinished):
• xml/XMLHttpRequest.cpp: (WebCore::XMLHttpRequest::dropProtection): Take the JSLock before reporting extra cost to the JavaScriptCore heap, since all use of JavaScriptCore is supposed to be guarded by JSLock.

Location:

trunk/Source/WebCore

Files:

• ChangeLog (modified) (1 diff)
• html/HTMLCanvasElement.cpp (modified) (2 diffs)
• html/HTMLImageLoader.cpp (modified) (2 diffs)
• xml/XMLHttpRequest.cpp (modified) (2 diffs)

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2011-02-07  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+
+        Assertion failure in ~JSGlobalObject when loading apple.com HTML5
+        transitions demo page
+        https://bugs.webkit.org/show_bug.cgi?id=53853
+
+        This was a long-standing bookkeeping bug uncovered by some heap refactoring.
+
+        * html/HTMLCanvasElement.cpp:
+        (WebCore::HTMLCanvasElement::createImageBuffer):
+        * html/HTMLImageLoader.cpp:
+        (WebCore::HTMLImageLoader::notifyFinished):
+        * xml/XMLHttpRequest.cpp:
+        (WebCore::XMLHttpRequest::dropProtection): Take the JSLock before
+        reporting extra cost to the JavaScriptCore heap, since all use of
+        JavaScriptCore is supposed to be guarded by JSLock.
+
 2011-02-07  Jian Li  <jianli@chromium.org>
 

trunk/Source/WebCore/html/HTMLCanvasElement.cpp

@@ -49 +49 @@
 #include <stdio.h>
 
+#if USE(JSC)
+#include <runtime/JSLock.h>
+#endif
+
 #if ENABLE(WEBGL)    
 #include "WebGLContextAttributes.h"
@@ -409 +413 @@
 
 #if USE(JSC)
-    if (hasCachedDOMNodeWrapperUnchecked(document(), const_cast<HTMLCanvasElement*>(this)))
+    if (hasCachedDOMNodeWrapperUnchecked(document(), const_cast<HTMLCanvasElement*>(this))) {
+        JSC::JSLock lock(JSC::SilenceAssertionsOnly);
         scriptExecutionContext()->globalData()->heap.reportExtraMemoryCost(m_imageBuffer->dataSize());
+    }
 #endif
 }

trunk/Source/WebCore/html/HTMLImageLoader.cpp

@@ -34 +34 @@
 #if USE(JSC)
 #include "JSDOMWindowBase.h"
+#include <runtime/JSLock.h>
 #endif
 
@@ -77 +78 @@
     if (!loadError) {
         if (!elem->inDocument()) {
+            JSC::JSLock lock(JSC::SilenceAssertionsOnly);
             JSC::JSGlobalData* globalData = JSDOMWindowBase::commonJSGlobalData();
             globalData->heap.reportExtraMemoryCost(cachedImage->encodedSize());

trunk/Source/WebCore/xml/XMLHttpRequest.cpp

@@ -57 +57 @@
 #include "JSDOMBinding.h"
 #include "JSDOMWindow.h"
+#include <runtime/JSLock.h>
 #include <runtime/Protect.h>
 #endif
@@ -793 +794 @@
     // report the extra cost at that point.
     JSC::JSGlobalData* globalData = scriptExecutionContext()->globalData();
-    if (hasCachedDOMObjectWrapper(globalData, this))
+    if (hasCachedDOMObjectWrapper(globalData, this)) {
+        JSC::JSLock lock(JSC::SilenceAssertionsOnly);
         globalData->heap.reportExtraMemoryCost(m_responseBuilder.length() * 2);
+    }
 #endif