Re: [webkit-dev] JSC binding code question
On Sep 28, 2010, at 10:48 PM, Kinuko Yasuda wrote:
Hi Webkit folks,
I'm writing a JSC binding code (custom binding code for now) for a
method that can take JSON-format parameters, and I want to know what
would be the right/recommended way.
I mean, I want to write a binding code that can executes javascript code like:
directoryEntry.getFile(lockfile.txt, {create: true, exclusive: true});
Where the getFile() method is defined as:
interface DirectoryEntry : Entry {
void getFile(in DOMString path, in Flags flags, /* ... */);
};
interface Flags {
attribute boolean create;
attribute boolean exclusive;
};
(They are from the File API: Directories and System's draft [1])
And what I have written for this is like following:
if (!exec-argument(1).isNull() !exec-argument(1).isUndefined()
exec-argument(1).isObject()
!exec-argument(1).inherits(JSFlags::s_info)) {
JSObject* object = exec-argument(1).getObject();
flags = Flags::create();
JSValue jsCreate = object-get(exec, Identifier(exec, create));
flags-setCreate(jsCreate.toBoolean(exec));
JSValue jsExclusive = object-get(exec, Identifier(exec, exclusive));
flags-setExclusive(jsExclusive.toBoolean(exec));
}
Basically the code calls JSObject::get() to get values for the given
property names.
This looked straightforward, but I was told that the get(exec)
re-enters Javascript and could do any arbitrary thing.
This much is true. In principle, any property can be a getter, so get() could
re-enter into arbitrary JS code.
This means that during the get() even the parameter object or the
calling object (imp) may get deallocated.
This part, I think not. As long as they are referenced by currently executing
code (either by JS or by the machine stack via a local variable) they won't get
deallocated.
That being said, others may have suggestions for better ways to code this.
Perhaps Geoff or Oliver have suggestions.
So here I have two questions:
1) How can I write a safe binding code that reads JSON-format
parameters? Is there some recommended way or any good idea?
2) I saw several other code doing the same/similar thing as I do
(calling JSObject::get()) to get arbitrary parameter values.
Are they safe? Is there a guarantee that the code executed during
get() doesn't deallocate some objects?
Nothing that has a live reference to it will get collected, and there's no such
thing as explicit deallocation in JS.
Any help/suggestions/comments would be highly appreciated.
Thanks!
Kinuko
[1] http://dev.w3.org/2009/dap/file-system/file-dir-sys.html
[2]
http://trac.webkit.org/browser/trunk/WebCore/bindings/js/JSDirectoryEntryCustom.cpp
___
webkit-dev mailing list
webkit-dev@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
___
webkit-dev mailing list
webkit-dev@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
Re: [webkit-dev] JSC binding code question
On Tue, Sep 28, 2010 at 11:02 PM, Maciej Stachowiak m...@apple.com wrote:
And what I have written for this is like following:
if (!exec-argument(1).isNull() !exec-argument(1).isUndefined()
exec-argument(1).isObject()
!exec-argument(1).inherits(JSFlags::s_info)) {
JSObject* object = exec-argument(1).getObject();
flags = Flags::create();
JSValue jsCreate = object-get(exec, Identifier(exec, create));
flags-setCreate(jsCreate.toBoolean(exec));
JSValue jsExclusive = object-get(exec, Identifier(exec,
exclusive));
flags-setExclusive(jsExclusive.toBoolean(exec));
}
Basically the code calls JSObject::get() to get values for the given
property names.
This looked straightforward, but I was told that the get(exec)
re-enters Javascript and could do any arbitrary thing.
This much is true. In principle, any property can be a getter, so get() could
re-enter into arbitrary JS code.
This means that during the get() even the parameter object or the
calling object (imp) may get deallocated.
This part, I think not. As long as they are referenced by currently executing
code (either by JS or by the machine stack via a local variable) they won't
get deallocated.
Ah... that sounds right. They must be referenced by the executing code/context.
That being said, others may have suggestions for better ways to code this.
Perhaps Geoff or Oliver have suggestions.
I'll try digging this a bit more (for myself) and will upload a patch
like that, but if anyone has suggestions for better ways I'd be very
glad to change/improve it.
So here I have two questions:
1) How can I write a safe binding code that reads JSON-format
parameters? Is there some recommended way or any good idea?
2) I saw several other code doing the same/similar thing as I do
(calling JSObject::get()) to get arbitrary parameter values.
Are they safe? Is there a guarantee that the code executed during
get() doesn't deallocate some objects?
Nothing that has a live reference to it will get collected, and there's no
such thing as explicit deallocation in JS.
Makes sense, all the objects must be deallocated in that way.
Thanks very much!
Kinuko
___
webkit-dev mailing list
webkit-dev@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
Re: [webkit-dev] JSC binding code question
On Tue, Sep 28, 2010 at 11:02 PM, Maciej Stachowiak m...@apple.com wrote:
On Sep 28, 2010, at 10:48 PM, Kinuko Yasuda wrote:
Hi Webkit folks,
I'm writing a JSC binding code (custom binding code for now) for a
method that can take JSON-format parameters, and I want to know what
would be the right/recommended way.
I mean, I want to write a binding code that can executes javascript code
like:
directoryEntry.getFile(lockfile.txt, {create: true, exclusive: true});
Where the getFile() method is defined as:
interface DirectoryEntry : Entry {
void getFile(in DOMString path, in Flags flags, /* ... */);
};
interface Flags {
attribute boolean create;
attribute boolean exclusive;
};
(They are from the File API: Directories and System's draft [1])
And what I have written for this is like following:
if (!exec-argument(1).isNull() !exec-argument(1).isUndefined()
exec-argument(1).isObject()
!exec-argument(1).inherits(JSFlags::s_info)) {
JSObject* object = exec-argument(1).getObject();
flags = Flags::create();
JSValue jsCreate = object-get(exec, Identifier(exec, create));
flags-setCreate(jsCreate.toBoolean(exec));
JSValue jsExclusive = object-get(exec, Identifier(exec,
exclusive));
flags-setExclusive(jsExclusive.toBoolean(exec));
}
Basically the code calls JSObject::get() to get values for the given
property names.
This looked straightforward, but I was told that the get(exec)
re-enters Javascript and could do any arbitrary thing.
This much is true. In principle, any property can be a getter, so get() could
re-enter into arbitrary JS code.
In general, this is a dangerous pattern that we use in our bindings.
Figuring out which objects can be garbage collected when running
arbitrary JavaScript is very tricky.
In the V8 bindings, it's cheap to grab a local handle to a JS
object, which prevents its GC. Is there / should there be a similar
concept in JSC?
Adam
___
webkit-dev mailing list
webkit-dev@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
Re: [webkit-dev] JSC binding code question
On Sep 28, 2010, at 11:31 PM, Adam Barth wrote:
On Tue, Sep 28, 2010 at 11:02 PM, Maciej Stachowiak m...@apple.com wrote:
On Sep 28, 2010, at 10:48 PM, Kinuko Yasuda wrote:
Hi Webkit folks,
I'm writing a JSC binding code (custom binding code for now) for a
method that can take JSON-format parameters, and I want to know what
would be the right/recommended way.
I mean, I want to write a binding code that can executes javascript code
like:
directoryEntry.getFile(lockfile.txt, {create: true, exclusive: true});
Where the getFile() method is defined as:
interface DirectoryEntry : Entry {
void getFile(in DOMString path, in Flags flags, /* ... */);
};
interface Flags {
attribute boolean create;
attribute boolean exclusive;
};
(They are from the File API: Directories and System's draft [1])
And what I have written for this is like following:
if (!exec-argument(1).isNull() !exec-argument(1).isUndefined()
exec-argument(1).isObject()
!exec-argument(1).inherits(JSFlags::s_info)) {
JSObject* object = exec-argument(1).getObject();
flags = Flags::create();
JSValue jsCreate = object-get(exec, Identifier(exec, create));
flags-setCreate(jsCreate.toBoolean(exec));
JSValue jsExclusive = object-get(exec, Identifier(exec,
exclusive));
flags-setExclusive(jsExclusive.toBoolean(exec));
}
Basically the code calls JSObject::get() to get values for the given
property names.
This looked straightforward, but I was told that the get(exec)
re-enters Javascript and could do any arbitrary thing.
This much is true. In principle, any property can be a getter, so get()
could re-enter into arbitrary JS code.
In general, this is a dangerous pattern that we use in our bindings.
Figuring out which objects can be garbage collected when running
arbitrary JavaScript is very tricky.
I don't see anything unsafe in the code snippet cited.
In the V8 bindings, it's cheap to grab a local handle to a JS
object, which prevents its GC. Is there / should there be a similar
concept in JSC?
JSC as it currently exists does not need a similar concept. Currently it has a
partially-conserviative collector which scans the machine stack for potential
references to values. So simply having the value in a local variable will do.
Likewise, you can assume that a JS function's arguments are protected so long
as it is executing, even if the function is implemented in C++.
At some point we may need to change the GC in a way that requires indirection
via handles, but we'll cross that bridge when/if we come to it.
Regards,
Maciej
___
webkit-dev mailing list
webkit-dev@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
[webkit-dev] JSC binding code question
Hi Webkit folks,
I'm writing a JSC binding code (custom binding code for now) for a
method that can take JSON-format parameters, and I want to know what
would be the right/recommended way.
I mean, I want to write a binding code that can executes javascript code like:
directoryEntry.getFile(lockfile.txt, {create: true, exclusive: true});
Where the getFile() method is defined as:
interface DirectoryEntry : Entry {
void getFile(in DOMString path, in Flags flags, /* ... */);
};
interface Flags {
attribute boolean create;
attribute boolean exclusive;
};
(They are from the File API: Directories and System's draft [1])
And what I have written for this is like following:
if (!exec-argument(1).isNull() !exec-argument(1).isUndefined()
exec-argument(1).isObject()
!exec-argument(1).inherits(JSFlags::s_info)) {
JSObject* object = exec-argument(1).getObject();
flags = Flags::create();
JSValue jsCreate = object-get(exec, Identifier(exec, create));
flags-setCreate(jsCreate.toBoolean(exec));
JSValue jsExclusive = object-get(exec, Identifier(exec, exclusive));
flags-setExclusive(jsExclusive.toBoolean(exec));
}
Basically the code calls JSObject::get() to get values for the given
property names.
This looked straightforward, but I was told that the get(exec)
re-enters Javascript and could do any arbitrary thing.
This means that during the get() even the parameter object or the
calling object (imp) may get deallocated.
So here I have two questions:
1) How can I write a safe binding code that reads JSON-format
parameters? Is there some recommended way or any good idea?
2) I saw several other code doing the same/similar thing as I do
(calling JSObject::get()) to get arbitrary parameter values.
Are they safe? Is there a guarantee that the code executed during
get() doesn't deallocate some objects?
Any help/suggestions/comments would be highly appreciated.
Thanks!
Kinuko
[1] http://dev.w3.org/2009/dap/file-system/file-dir-sys.html
[2]
http://trac.webkit.org/browser/trunk/WebCore/bindings/js/JSDirectoryEntryCustom.cpp
___
webkit-dev mailing list
webkit-dev@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
