Changeset 84650 in webkit
- Timestamp:
- Apr 22, 2011 11:26:34 AM (13 years ago)
- Location:
- trunk/Source/JavaScriptCore
- Files:
-
- 15 edited
-
API/JSCallbackObjectFunctions.h (modified) (1 diff)
-
ChangeLog (modified) (1 diff)
-
JavaScriptCore.exp (modified) (1 diff)
-
heap/Handle.h (modified) (3 diffs)
-
heap/HandleHeap.cpp (modified) (8 diffs)
-
heap/HandleHeap.h (modified) (3 diffs)
-
heap/HandleStack.cpp (modified) (2 diffs)
-
heap/HandleStack.h (modified) (5 diffs)
-
heap/Heap.cpp (modified) (1 diff)
-
heap/Local.h (modified) (1 diff)
-
heap/Strong.h (modified) (1 diff)
-
heap/Weak.h (modified) (1 diff)
-
runtime/StructureTransitionTable.h (modified) (2 diffs)
-
runtime/WeakGCMap.h (modified) (3 diffs)
-
runtime/WriteBarrier.h (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/JavaScriptCore/API/JSCallbackObjectFunctions.h
r84052 r84650 97 97 HandleHeap::heapFor(slot)->makeWeak(slot, m_callbackObjectData.get(), classRef()); 98 98 HandleHeap::heapFor(slot)->writeBarrier(slot, this); 99 *slot = this;99 slot->fromJSValue(this); 100 100 } 101 101 } -
trunk/Source/JavaScriptCore/ChangeLog
r84621 r84650 1 2011-04-22 Oliver Hunt <oliver@apple.com> 2 3 Reviewed by Geoffrey Garen. 4 5 Make it harder to use HandleSlot incorrectly 6 https://bugs.webkit.org/show_bug.cgi?id=59205 7 8 Just add a little type fudging to make it harder to 9 incorrectly assign through a HandleSlot. 10 11 * API/JSCallbackObjectFunctions.h: 12 (JSC::::init): 13 * JavaScriptCore.exp: 14 * heap/Handle.h: 15 (JSC::HandleBase::operator!): 16 (JSC::HandleBase::operator UnspecifiedBoolType*): 17 (JSC::HandleTypes::getFromSlot): 18 * heap/HandleHeap.cpp: 19 (JSC::HandleHeap::markStrongHandles): 20 (JSC::HandleHeap::markWeakHandles): 21 (JSC::HandleHeap::finalizeWeakHandles): 22 (JSC::HandleHeap::writeBarrier): 23 (JSC::HandleHeap::protectedGlobalObjectCount): 24 (JSC::HandleHeap::isValidWeakNode): 25 * heap/HandleHeap.h: 26 (JSC::HandleHeap::copyWeak): 27 (JSC::HandleHeap::makeWeak): 28 (JSC::HandleHeap::Node::slot): 29 * heap/HandleStack.cpp: 30 (JSC::HandleStack::mark): 31 (JSC::HandleStack::grow): 32 * heap/HandleStack.h: 33 (JSC::HandleStack::zapTo): 34 (JSC::HandleStack::push): 35 * heap/Heap.cpp: 36 (JSC::HandleHeap::protectedObjectTypeCounts): 37 * heap/Local.h: 38 (JSC::::set): 39 * heap/Strong.h: 40 (JSC::Strong::set): 41 * heap/Weak.h: 42 (JSC::Weak::set): 43 * runtime/StructureTransitionTable.h: 44 (JSC::StructureTransitionTable::singleTransition): 45 (JSC::StructureTransitionTable::setSingleTransition): 46 * runtime/WeakGCMap.h: 47 (JSC::WeakGCMap::add): 48 (JSC::WeakGCMap::set): 49 * runtime/WriteBarrier.h: 50 (JSC::OpaqueJSValue::toJSValue): 51 (JSC::OpaqueJSValue::toJSValueRef): 52 (JSC::OpaqueJSValue::fromJSValue): 53 1 54 2011-04-22 Patrick Gansterer <paroga@webkit.org> 2 55 -
trunk/Source/JavaScriptCore/JavaScriptCore.exp
r84556 r84650 98 98 _WTFReportFatalError 99 99 __ZN14OpaqueJSString6createERKN3JSC7UStringE 100 __ZN3JSC10HandleHeap12writeBarrierEPNS_ 7JSValueERKS1_100 __ZN3JSC10HandleHeap12writeBarrierEPNS_13OpaqueJSValueERKNS_7JSValueE 101 101 __ZN3JSC10HandleHeap4growEv 102 102 __ZN3JSC10Identifier11addSlowCaseEPNS_12JSGlobalDataEPN3WTF10StringImplE -
trunk/Source/JavaScriptCore/heap/Handle.h
r84052 r84650 54 54 55 55 public: 56 bool operator!() const { return !m_slot || ! *m_slot; }56 bool operator!() const { return !m_slot || !m_slot->toJSValue(); } 57 57 58 58 // This conversion operator allows implicit conversion to bool but not to other integer types. 59 59 typedef JSValue (HandleBase::*UnspecifiedBoolType); 60 operator UnspecifiedBoolType*() const { return (m_slot && *m_slot) ? reinterpret_cast<UnspecifiedBoolType*>(1) : 0; }60 operator UnspecifiedBoolType*() const { return (m_slot && m_slot->toJSValue()) ? reinterpret_cast<UnspecifiedBoolType*>(1) : 0; } 61 61 62 62 protected: … … 80 80 template <typename T> struct HandleTypes { 81 81 typedef T* ExternalType; 82 static ExternalType getFromSlot(HandleSlot slot) { return (slot && *slot) ? reinterpret_cast<ExternalType>(slot->asCell()) : 0; }82 static ExternalType getFromSlot(HandleSlot slot) { return (slot && slot->toJSValue()) ? reinterpret_cast<ExternalType>(slot->toJSValue().asCell()) : 0; } 83 83 static JSValue toJSValue(T* cell) { return reinterpret_cast<JSCell*>(cell); } 84 84 template <typename U> static void validateUpcast() { T* temp; temp = (U*)0; } … … 87 87 template <> struct HandleTypes<Unknown> { 88 88 typedef JSValue ExternalType; 89 static ExternalType getFromSlot(HandleSlot slot) { return slot ? *slot: JSValue(); }89 static ExternalType getFromSlot(HandleSlot slot) { return slot ? slot->toJSValue() : JSValue(); } 90 90 static JSValue toJSValue(const JSValue& v) { return v; } 91 91 template <typename U> static void validateUpcast() {} -
trunk/Source/JavaScriptCore/heap/HandleHeap.cpp
r84556 r84650 65 65 Node* end = m_strongList.end(); 66 66 for (Node* node = m_strongList.begin(); node != end; node = node->next()) 67 heapRootMarker.mark(node->slot() );67 heapRootMarker.mark(node->slot()->toJSValueRef()); 68 68 } 69 69 … … 75 75 for (Node* node = m_weakList.begin(); node != end; node = node->next()) { 76 76 ASSERT(isValidWeakNode(node)); 77 JSCell* cell = node->slot()-> asCell();77 JSCell* cell = node->slot()->toJSValue().asCell(); 78 78 if (Heap::isMarked(cell)) 79 79 continue; … … 86 86 continue; 87 87 88 heapRootVisitor.mark(node->slot() );88 heapRootVisitor.mark(node->slot()->toJSValueRef()); 89 89 } 90 90 } … … 97 97 98 98 ASSERT(isValidWeakNode(node)); 99 JSCell* cell = node->slot()-> asCell();99 JSCell* cell = node->slot()->toJSValue().asCell(); 100 100 if (Heap::isMarked(cell)) 101 101 continue; … … 107 107 } 108 108 109 *node->slot() = JSValue();109 node->slot()->fromJSValue(JSValue()); 110 110 SentinelLinkedList<Node>::remove(node); 111 111 m_immediateList.push(node); … … 119 119 ASSERT(!m_nextToFinalize); // Forbid assignment to handles during the finalization phase, since it would violate many GC invariants. 120 120 121 if (!value == ! *slot && slot->isCell() == value.isCell())121 if (!value == !slot->toJSValue() && slot->toJSValue().isCell() == value.isCell()) 122 122 return; 123 123 … … 142 142 Node* end = m_strongList.end(); 143 143 for (Node* node = m_strongList.begin(); node != end; node = node->next()) { 144 JSValue value = *node->slot();144 JSValue value = node->slot()->toJSValue(); 145 145 if (value.isObject() && asObject(value.asCell())->isGlobalObject()) 146 146 count++; … … 155 155 return false; 156 156 157 JSValue value = *node->slot();157 JSValue value = node->slot()->toJSValue(); 158 158 if (!value || !value.isCell()) 159 159 return false; -
trunk/Source/JavaScriptCore/heap/HandleHeap.h
r84556 r84650 174 174 Node* node = toNode(allocate()); 175 175 node->makeWeak(toNode(other)->weakOwner(), toNode(other)->weakOwnerContext()); 176 writeBarrier(node->slot(), *other);177 *node->slot() = *other;176 writeBarrier(node->slot(), other->toJSValue()); 177 node->slot()->fromJSValue(other->toJSValue()); 178 178 return toHandle(node); 179 179 } … … 185 185 186 186 SentinelLinkedList<Node>::remove(node); 187 if (! *handle || !handle->isCell()) {187 if (!handle->toJSValue() || !handle->toJSValue().isCell()) { 188 188 m_immediateList.push(node); 189 189 return; … … 216 216 inline HandleSlot HandleHeap::Node::slot() 217 217 { 218 return &m_value;218 return reinterpret_cast<HandleSlot>(&m_value); 219 219 } 220 220 -
trunk/Source/JavaScriptCore/heap/HandleStack.cpp
r84556 r84650 42 42 void HandleStack::mark(HeapRootVisitor& heapRootMarker) 43 43 { 44 const Vector< HandleSlot>& blocks = m_blockStack.blocks();44 const Vector<JSValue*>& blocks = m_blockStack.blocks(); 45 45 size_t blockLength = m_blockStack.blockLength; 46 46 47 47 int end = blocks.size() - 1; 48 48 for (int i = 0; i < end; ++i) { 49 HandleSlotblock = blocks[i];49 JSValue* block = blocks[i]; 50 50 heapRootMarker.mark(block, blockLength); 51 51 } 52 HandleSlotblock = blocks[end];52 JSValue* block = blocks[end]; 53 53 heapRootMarker.mark(block, m_frame.m_next - block); 54 54 } … … 56 56 void HandleStack::grow() 57 57 { 58 HandleSlotblock = m_blockStack.grow();58 JSValue* block = m_blockStack.grow(); 59 59 m_frame.m_next = block; 60 60 m_frame.m_end = block + m_blockStack.blockLength; -
trunk/Source/JavaScriptCore/heap/HandleStack.h
r84556 r84650 42 42 class Frame { 43 43 public: 44 HandleSlotm_next;45 HandleSlotm_end;44 JSValue* m_next; 45 JSValue* m_end; 46 46 }; 47 47 … … 83 83 UNUSED_PARAM(lastFrame); 84 84 #else 85 const Vector< HandleSlot>& blocks = m_blockStack.blocks();85 const Vector<JSValue*>& blocks = m_blockStack.blocks(); 86 86 87 87 if (lastFrame.m_end != m_frame.m_end) { // Zapping to a frame in a different block. … … 92 92 } 93 93 94 for ( HandleSlotit = blocks[i] + m_blockStack.blockLength - 1; it != lastFrame.m_next - 1; --it)94 for (JSValue* it = blocks[i] + m_blockStack.blockLength - 1; it != lastFrame.m_next - 1; --it) 95 95 *it = JSValue(); 96 96 … … 98 98 } 99 99 100 for ( HandleSlotit = m_frame.m_next - 1; it != lastFrame.m_next - 1; --it)100 for (JSValue* it = m_frame.m_next - 1; it != lastFrame.m_next - 1; --it) 101 101 *it = JSValue(); 102 102 #endif … … 122 122 if (m_frame.m_next == m_frame.m_end) 123 123 grow(); 124 return m_frame.m_next++;124 return reinterpret_cast<HandleSlot>(m_frame.m_next++); 125 125 } 126 126 -
trunk/Source/JavaScriptCore/heap/Heap.cpp
r84556 r84650 364 364 Node* end = m_strongList.end(); 365 365 for (Node* node = m_strongList.begin(); node != end; node = node->next()) { 366 JSValue value = *node->slot();366 JSValue value = node->slot()->toJSValue(); 367 367 if (value && value.isCell()) 368 368 typeCounter(value.asCell()); -
trunk/Source/JavaScriptCore/heap/Local.h
r83773 r84650 96 96 ASSERT(slot()); 97 97 ASSERT(!HandleTypes<T>::toJSValue(externalType) || !HandleTypes<T>::toJSValue(externalType).isCell() || Heap::isMarked(HandleTypes<T>::toJSValue(externalType).asCell())); 98 *slot() = externalType;98 slot()->fromJSValue(externalType); 99 99 } 100 100 -
trunk/Source/JavaScriptCore/heap/Strong.h
r84052 r84650 141 141 JSValue value = HandleTypes<T>::toJSValue(externalType); 142 142 HandleHeap::heapFor(slot())->writeBarrier(slot(), value); 143 *slot() = value;143 slot()->fromJSValue(value); 144 144 } 145 145 }; -
trunk/Source/JavaScriptCore/heap/Weak.h
r83773 r84650 132 132 ASSERT(!value || !value.isCell() || Heap::isMarked(value.asCell())); 133 133 HandleHeap::heapFor(slot())->writeBarrier(slot(), value); 134 *slot() = value;134 slot()->fromJSValue(value); 135 135 } 136 136 }; -
trunk/Source/JavaScriptCore/runtime/StructureTransitionTable.h
r84052 r84650 140 140 ASSERT(isUsingSingleSlot()); 141 141 if (HandleSlot slot = this->slot()) { 142 if ( *slot)143 return reinterpret_cast<Structure*>(slot-> asCell());142 if (slot->toJSValue()) 143 return reinterpret_cast<Structure*>(slot->toJSValue().asCell()); 144 144 } 145 145 return 0; … … 163 163 } 164 164 HandleHeap::heapFor(slot)->writeBarrier(slot, reinterpret_cast<JSCell*>(structure)); 165 *slot = reinterpret_cast<JSCell*>(structure);165 slot->fromJSValue(reinterpret_cast<JSCell*>(structure)); 166 166 } 167 167 -
trunk/Source/JavaScriptCore/runtime/WeakGCMap.h
r84052 r84650 130 130 HandleHeap::heapFor(slot)->makeWeak(slot, this, FinalizerCallback::finalizerContextFor(key)); 131 131 HandleHeap::heapFor(slot)->writeBarrier(slot, value); 132 *slot = value;132 slot->fromJSValue(value); 133 133 } 134 134 return iter; … … 140 140 ASSERT(slot); 141 141 HandleHeap::heapFor(slot)->writeBarrier(slot, value); 142 *slot = value;142 slot->fromJSValue(value); 143 143 } 144 144 … … 153 153 } 154 154 HandleHeap::heapFor(slot)->writeBarrier(slot, value); 155 *slot = value;155 slot->fromJSValue(value); 156 156 } 157 157 -
trunk/Source/JavaScriptCore/runtime/WriteBarrier.h
r84289 r84650 42 42 43 43 typedef enum { } Unknown; 44 typedef JSValue* HandleSlot; 44 class OpaqueJSValue : private JSValue { 45 public: 46 JSValue& toJSValue() { return *this; } 47 JSValue* toJSValueRef() { return this; } 48 void fromJSValue(const JSValue& value) { *this = static_cast<const OpaqueJSValue&>(value); } 49 }; 50 typedef OpaqueJSValue* HandleSlot; 45 51 46 52 template <typename T> struct JSValueChecker {
Note: See TracChangeset
for help on using the changeset viewer.
