Diff
Modified: releases/WebKitGTK/webkit-1.4/Source/_javascript_Core/ChangeLog (90141 => 90142)
--- releases/WebKitGTK/webkit-1.4/Source/_javascript_Core/ChangeLog 2011-06-30 19:07:23 UTC (rev 90141)
+++ releases/WebKitGTK/webkit-1.4/Source/_javascript_Core/ChangeLog 2011-06-30 19:15:31 UTC (rev 90142)
@@ -1,3 +1,51 @@
+2011-06-30 Geoffrey Garen <[email protected]>
+
+ Reviewed by Oliver Hunt.
+
+ Ensure that all compilation takes place within a dynamic global object scope
+ https://bugs.webkit.org/show_bug.cgi?id=57054
+ <rdar://problem/9083011>
+
+ Otherwise, entry to the global object scope might throw away the code
+ we just compiled, causing a crash.
+
+ * _javascript_Core.exp: Updated for signature change.
+
+ * debugger/Debugger.cpp:
+ (JSC::evaluateInGlobalCallFrame):
+ * debugger/DebuggerCallFrame.cpp:
+ (JSC::DebuggerCallFrame::evaluate): Removed explicit compilation calls
+ here because (a) they took place outside a dynamic global object scope
+ and (b) they were redundant.
+
+ * interpreter/CachedCall.h:
+ (JSC::CachedCall::CachedCall): Updated for signature change.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::execute):
+ (JSC::Interpreter::executeCall):
+ (JSC::Interpreter::executeConstruct): Declare our dynamic global object
+ scope earlier, to ensure that compilation takes place within it.
+
+ * runtime/Completion.cpp:
+ (JSC::evaluate): Removed explicit compilation calls here because (a)
+ they took place outside a dynamic global object scope and (b) they were
+ redundant.
+
+ * runtime/Executable.h:
+ (JSC::EvalExecutable::compile):
+ (JSC::ProgramExecutable::compile):
+ (JSC::FunctionExecutable::compileForCall):
+ (JSC::FunctionExecutable::compileForConstruct): Added an ASSERT to
+ verify our new invariant that all compilation takes place within a
+ dynamic global object scope.
+
+ * runtime/JSGlobalObject.cpp:
+ (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
+ * runtime/JSGlobalObject.h: Changed the signature of DynamicGlobalObjectScope
+ to require a JSGlobalData instead of an ExecState* since it is often
+ easier to provide the former, and the latter was not necessary.
+
2011-06-27 Gustavo Noronha Silva <[email protected]>
Unreviewed build fix. One more filed missing during distcheck, for
Modified: releases/WebKitGTK/webkit-1.4/Source/_javascript_Core/_javascript_Core.exp (90141 => 90142)
--- releases/WebKitGTK/webkit-1.4/Source/_javascript_Core/_javascript_Core.exp 2011-06-30 19:07:23 UTC (rev 90141)
+++ releases/WebKitGTK/webkit-1.4/Source/_javascript_Core/_javascript_Core.exp 2011-06-30 19:15:31 UTC (rev 90142)
@@ -204,7 +204,7 @@
__ZN3JSC23AbstractSamplingCounter4dumpEv
__ZN3JSC23objectProtoFuncToStringEPNS_9ExecStateE
__ZN3JSC23setUpStaticFunctionSlotEPNS_9ExecStateEPKNS_9HashEntryEPNS_8JSObjectERKNS_10IdentifierERNS_12PropertySlotE
-__ZN3JSC24DynamicGlobalObjectScopeC1EPNS_9ExecStateEPNS_14JSGlobalObjectE
+__ZN3JSC24DynamicGlobalObjectScopeC1ERNS_12JSGlobalDataEPNS_14JSGlobalObjectE
__ZN3JSC24JSObjectWithGlobalObjectC2EPNS_14JSGlobalObjectEN3WTF17NonNullPassRefPtrINS_9StructureEEE
__ZN3JSC24createStackOverflowErrorEPNS_9ExecStateE
__ZN3JSC24createStackOverflowErrorEPNS_9ExecStateE
Modified: releases/WebKitGTK/webkit-1.4/Source/_javascript_Core/debugger/Debugger.cpp (90141 => 90142)
--- releases/WebKitGTK/webkit-1.4/Source/_javascript_Core/debugger/Debugger.cpp 2011-06-30 19:07:23 UTC (rev 90141)
+++ releases/WebKitGTK/webkit-1.4/Source/_javascript_Core/debugger/Debugger.cpp 2011-06-30 19:15:31 UTC (rev 90142)
@@ -126,9 +126,6 @@
globalData.exception = JSValue();
return exception;
}
- JSObject* error = eval->compile(globalCallFrame, globalCallFrame->scopeChain());
- if (error)
- return error;
JSValue result = globalData.interpreter->execute(eval, globalCallFrame, globalObject, globalCallFrame->scopeChain());
if (globalData.exception) {
Modified: releases/WebKitGTK/webkit-1.4/Source/_javascript_Core/debugger/DebuggerCallFrame.cpp (90141 => 90142)
--- releases/WebKitGTK/webkit-1.4/Source/_javascript_Core/debugger/DebuggerCallFrame.cpp 2011-06-30 19:07:23 UTC (rev 90141)
+++ releases/WebKitGTK/webkit-1.4/Source/_javascript_Core/debugger/DebuggerCallFrame.cpp 2011-06-30 19:15:31 UTC (rev 90142)
@@ -95,10 +95,6 @@
globalData.exception = JSValue();
}
- JSObject* error = eval->compile(m_callFrame, m_callFrame->scopeChain());
- if (error)
- return error;
-
JSValue result = globalData.interpreter->execute(eval, m_callFrame, thisObject(), m_callFrame->scopeChain());
if (globalData.exception) {
exception = globalData.exception;
Modified: releases/WebKitGTK/webkit-1.4/Source/_javascript_Core/interpreter/CachedCall.h (90141 => 90142)
--- releases/WebKitGTK/webkit-1.4/Source/_javascript_Core/interpreter/CachedCall.h 2011-06-30 19:07:23 UTC (rev 90141)
+++ releases/WebKitGTK/webkit-1.4/Source/_javascript_Core/interpreter/CachedCall.h 2011-06-30 19:15:31 UTC (rev 90142)
@@ -38,7 +38,7 @@
CachedCall(CallFrame* callFrame, JSFunction* function, int argCount)
: m_valid(false)
, m_interpreter(callFrame->interpreter())
- , m_globalObjectScope(callFrame, function->scope()->globalObject.get())
+ , m_globalObjectScope(callFrame->globalData(), function->scope()->globalObject.get())
{
ASSERT(!function->isHostFunction());
m_closure = m_interpreter->prepareForRepeatCall(function->jsExecutable(), callFrame, function, argCount, function->scope());
Modified: releases/WebKitGTK/webkit-1.4/Source/_javascript_Core/interpreter/Interpreter.cpp (90141 => 90142)
--- releases/WebKitGTK/webkit-1.4/Source/_javascript_Core/interpreter/Interpreter.cpp 2011-06-30 19:07:23 UTC (rev 90141)
+++ releases/WebKitGTK/webkit-1.4/Source/_javascript_Core/interpreter/Interpreter.cpp 2011-06-30 19:15:31 UTC (rev 90142)
@@ -738,6 +738,8 @@
if (m_reentryDepth >= MaxSmallThreadReentryDepth && m_reentryDepth >= callFrame->globalData().maxReentryDepth)
return checkedReturn(throwStackOverflowError(callFrame));
+ DynamicGlobalObjectScope globalObjectScope(*scopeChain->globalData, scopeChain->globalObject.get());
+
JSObject* error = program->compile(callFrame, scopeChain);
if (error)
return checkedReturn(throwError(callFrame, error));
@@ -757,8 +759,6 @@
newCallFrame->init(codeBlock, 0, scopeChain, CallFrame::noCaller(), codeBlock->m_numParameters, 0);
newCallFrame->uncheckedR(newCallFrame->hostThisRegister()) = JSValue(thisObj);
- DynamicGlobalObjectScope globalObjectScope(callFrame, scopeChain->globalObject.get());
-
Profiler** profiler = Profiler::enabledProfilerReference();
if (*profiler)
(*profiler)->willExecute(callFrame, program->sourceURL(), program->lineNo());
@@ -813,6 +813,8 @@
if (callType == CallTypeJS) {
ScopeChainNode* callDataScopeChain = callData.js.scopeChain;
+ DynamicGlobalObjectScope globalObjectScope(*callDataScopeChain->globalData, callDataScopeChain->globalObject.get());
+
JSObject* compileError = callData.js.functionExecutable->compileForCall(callFrame, callDataScopeChain);
if (UNLIKELY(!!compileError)) {
m_registerFile.shrink(oldEnd);
@@ -828,8 +830,6 @@
newCallFrame->init(newCodeBlock, 0, callDataScopeChain, callFrame->addHostCallFrameFlag(), argCount, function);
- DynamicGlobalObjectScope globalObjectScope(newCallFrame, callDataScopeChain->globalObject.get());
-
Profiler** profiler = Profiler::enabledProfilerReference();
if (*profiler)
(*profiler)->willExecute(callFrame, function);
@@ -860,7 +860,7 @@
newCallFrame = CallFrame::create(newCallFrame->registers() + registerOffset);
newCallFrame->init(0, 0, scopeChain, callFrame->addHostCallFrameFlag(), argCount, function);
- DynamicGlobalObjectScope globalObjectScope(newCallFrame, scopeChain->globalObject.get());
+ DynamicGlobalObjectScope globalObjectScope(*scopeChain->globalData, scopeChain->globalObject.get());
Profiler** profiler = Profiler::enabledProfilerReference();
if (*profiler)
@@ -902,6 +902,8 @@
if (constructType == ConstructTypeJS) {
ScopeChainNode* constructDataScopeChain = constructData.js.scopeChain;
+ DynamicGlobalObjectScope globalObjectScope(*constructDataScopeChain->globalData, constructDataScopeChain->globalObject.get());
+
JSObject* compileError = constructData.js.functionExecutable->compileForConstruct(callFrame, constructDataScopeChain);
if (UNLIKELY(!!compileError)) {
m_registerFile.shrink(oldEnd);
@@ -917,8 +919,6 @@
newCallFrame->init(newCodeBlock, 0, constructDataScopeChain, callFrame->addHostCallFrameFlag(), argCount, constructor);
- DynamicGlobalObjectScope globalObjectScope(newCallFrame, constructDataScopeChain->globalObject.get());
-
Profiler** profiler = Profiler::enabledProfilerReference();
if (*profiler)
(*profiler)->willExecute(callFrame, constructor);
@@ -952,7 +952,7 @@
newCallFrame = CallFrame::create(newCallFrame->registers() + registerOffset);
newCallFrame->init(0, 0, scopeChain, callFrame->addHostCallFrameFlag(), argCount, constructor);
- DynamicGlobalObjectScope globalObjectScope(newCallFrame, scopeChain->globalObject.get());
+ DynamicGlobalObjectScope globalObjectScope(*scopeChain->globalData, scopeChain->globalObject.get());
Profiler** profiler = Profiler::enabledProfilerReference();
if (*profiler)
@@ -1066,11 +1066,11 @@
{
ASSERT(!scopeChain->globalData->exception);
+ DynamicGlobalObjectScope globalObjectScope(*scopeChain->globalData, scopeChain->globalObject.get());
+
if (m_reentryDepth >= MaxSmallThreadReentryDepth && m_reentryDepth >= callFrame->globalData().maxReentryDepth)
return checkedReturn(throwStackOverflowError(callFrame));
- DynamicGlobalObjectScope globalObjectScope(callFrame, scopeChain->globalObject.get());
-
JSObject* compileError = eval->compile(callFrame, scopeChain);
if (UNLIKELY(!!compileError))
return checkedReturn(throwError(callFrame, compileError));
Modified: releases/WebKitGTK/webkit-1.4/Source/_javascript_Core/runtime/Completion.cpp (90141 => 90142)
--- releases/WebKitGTK/webkit-1.4/Source/_javascript_Core/runtime/Completion.cpp 2011-06-30 19:07:23 UTC (rev 90141)
+++ releases/WebKitGTK/webkit-1.4/Source/_javascript_Core/runtime/Completion.cpp 2011-06-30 19:15:31 UTC (rev 90142)
@@ -58,9 +58,6 @@
exec->globalData().exception = JSValue();
return Completion(Throw, exception);
}
- JSObject* error = program->compile(exec, scopeChain);
- if (error)
- return Completion(Throw, error);
JSObject* thisObj = (!thisValue || thisValue.isUndefinedOrNull()) ? exec->dynamicGlobalObject() : thisValue.toObject(exec);
Modified: releases/WebKitGTK/webkit-1.4/Source/_javascript_Core/runtime/Executable.h (90141 => 90142)
--- releases/WebKitGTK/webkit-1.4/Source/_javascript_Core/runtime/Executable.h 2011-06-30 19:07:23 UTC (rev 90141)
+++ releases/WebKitGTK/webkit-1.4/Source/_javascript_Core/runtime/Executable.h 2011-06-30 19:15:31 UTC (rev 90142)
@@ -216,6 +216,7 @@
JSObject* compile(ExecState* exec, ScopeChainNode* scopeChainNode)
{
+ ASSERT(exec->globalData().dynamicGlobalObject);
JSObject* error = 0;
if (!m_evalCodeBlock)
error = compileInternal(exec, scopeChainNode);
@@ -260,6 +261,7 @@
JSObject* compile(ExecState* exec, ScopeChainNode* scopeChainNode)
{
+ ASSERT(exec->globalData().dynamicGlobalObject);
JSObject* error = 0;
if (!m_programCodeBlock)
error = compileInternal(exec, scopeChainNode);
@@ -325,6 +327,7 @@
JSObject* compileForCall(ExecState* exec, ScopeChainNode* scopeChainNode)
{
+ ASSERT(exec->globalData().dynamicGlobalObject);
JSObject* error = 0;
if (!m_codeBlockForCall)
error = compileForCallInternal(exec, scopeChainNode);
@@ -345,6 +348,7 @@
JSObject* compileForConstruct(ExecState* exec, ScopeChainNode* scopeChainNode)
{
+ ASSERT(exec->globalData().dynamicGlobalObject);
JSObject* error = 0;
if (!m_codeBlockForConstruct)
error = compileForConstructInternal(exec, scopeChainNode);
Modified: releases/WebKitGTK/webkit-1.4/Source/_javascript_Core/runtime/JSGlobalObject.cpp (90141 => 90142)
--- releases/WebKitGTK/webkit-1.4/Source/_javascript_Core/runtime/JSGlobalObject.cpp 2011-06-30 19:07:23 UTC (rev 90141)
+++ releases/WebKitGTK/webkit-1.4/Source/_javascript_Core/runtime/JSGlobalObject.cpp 2011-06-30 19:15:31 UTC (rev 90142)
@@ -439,21 +439,21 @@
return globalData->heap.allocate(size);
}
-DynamicGlobalObjectScope::DynamicGlobalObjectScope(CallFrame* callFrame, JSGlobalObject* dynamicGlobalObject)
- : m_dynamicGlobalObjectSlot(callFrame->globalData().dynamicGlobalObject)
+DynamicGlobalObjectScope::DynamicGlobalObjectScope(JSGlobalData& globalData, JSGlobalObject* dynamicGlobalObject)
+ : m_dynamicGlobalObjectSlot(globalData.dynamicGlobalObject)
, m_savedDynamicGlobalObject(m_dynamicGlobalObjectSlot)
{
if (!m_dynamicGlobalObjectSlot) {
#if ENABLE(ASSEMBLER)
if (ExecutableAllocator::underMemoryPressure())
- callFrame->globalData().recompileAllJSFunctions();
+ globalData.recompileAllJSFunctions();
#endif
m_dynamicGlobalObjectSlot = dynamicGlobalObject;
// Reset the date cache between JS invocations to force the VM
// to observe time zone changes.
- callFrame->globalData().resetDateCache();
+ globalData.resetDateCache();
}
}
Modified: releases/WebKitGTK/webkit-1.4/Source/_javascript_Core/runtime/JSGlobalObject.h (90141 => 90142)
--- releases/WebKitGTK/webkit-1.4/Source/_javascript_Core/runtime/JSGlobalObject.h 2011-06-30 19:07:23 UTC (rev 90141)
+++ releases/WebKitGTK/webkit-1.4/Source/_javascript_Core/runtime/JSGlobalObject.h 2011-06-30 19:15:31 UTC (rev 90142)
@@ -434,7 +434,7 @@
class DynamicGlobalObjectScope {
WTF_MAKE_NONCOPYABLE(DynamicGlobalObjectScope);
public:
- DynamicGlobalObjectScope(CallFrame* callFrame, JSGlobalObject* dynamicGlobalObject);
+ DynamicGlobalObjectScope(JSGlobalData&, JSGlobalObject*);
~DynamicGlobalObjectScope()
{
Modified: releases/WebKitGTK/webkit-1.4/Source/WebCore/ChangeLog (90141 => 90142)
--- releases/WebKitGTK/webkit-1.4/Source/WebCore/ChangeLog 2011-06-30 19:07:23 UTC (rev 90141)
+++ releases/WebKitGTK/webkit-1.4/Source/WebCore/ChangeLog 2011-06-30 19:15:31 UTC (rev 90142)
@@ -1,3 +1,15 @@
+2011-06-30 Geoffrey Garen <[email protected]>
+
+ Reviewed by Oliver Hunt.
+
+ Ensure that all compilation takes place within a dynamic global object scope
+ https://bugs.webkit.org/show_bug.cgi?id=57054
+
+ * bindings/js/JSErrorHandler.cpp:
+ (WebCore::JSErrorHandler::handleEvent):
+ * bindings/js/JSEventListener.cpp:
+ (WebCore::JSEventListener::handleEvent): Updated for signature change.
+
2011-06-19 Martin Robinson <[email protected]>
Reviewed by Xan Lopez.
Modified: releases/WebKitGTK/webkit-1.4/Source/WebCore/bindings/js/JSErrorHandler.cpp (90141 => 90142)
--- releases/WebKitGTK/webkit-1.4/Source/WebCore/bindings/js/JSErrorHandler.cpp 2011-06-30 19:07:23 UTC (rev 90141)
+++ releases/WebKitGTK/webkit-1.4/Source/WebCore/bindings/js/JSErrorHandler.cpp 2011-06-30 19:15:31 UTC (rev 90142)
@@ -88,7 +88,7 @@
args.append(jsNumber(errorEvent->lineno()));
JSGlobalData& globalData = globalObject->globalData();
- DynamicGlobalObjectScope globalObjectScope(exec, globalData.dynamicGlobalObject ? globalData.dynamicGlobalObject : globalObject);
+ DynamicGlobalObjectScope globalObjectScope(globalData, globalData.dynamicGlobalObject ? globalData.dynamicGlobalObject : globalObject);
JSValue thisValue = globalObject->toThisObject(exec);
Modified: releases/WebKitGTK/webkit-1.4/Source/WebCore/bindings/js/JSEventListener.cpp (90141 => 90142)
--- releases/WebKitGTK/webkit-1.4/Source/WebCore/bindings/js/JSEventListener.cpp 2011-06-30 19:07:23 UTC (rev 90141)
+++ releases/WebKitGTK/webkit-1.4/Source/WebCore/bindings/js/JSEventListener.cpp 2011-06-30 19:15:31 UTC (rev 90142)
@@ -108,7 +108,7 @@
globalObject->setCurrentEvent(event);
JSGlobalData& globalData = globalObject->globalData();
- DynamicGlobalObjectScope globalObjectScope(exec, globalData.dynamicGlobalObject ? globalData.dynamicGlobalObject : globalObject);
+ DynamicGlobalObjectScope globalObjectScope(globalData, globalData.dynamicGlobalObject ? globalData.dynamicGlobalObject : globalObject);
globalData.timeoutChecker.start();
JSValue retval;
Modified: releases/WebKitGTK/webkit-1.4/Source/WebKit/mac/ChangeLog (90141 => 90142)
--- releases/WebKitGTK/webkit-1.4/Source/WebKit/mac/ChangeLog 2011-06-30 19:07:23 UTC (rev 90141)
+++ releases/WebKitGTK/webkit-1.4/Source/WebKit/mac/ChangeLog 2011-06-30 19:15:31 UTC (rev 90142)
@@ -1,3 +1,13 @@
+2011-06-30 Geoffrey Garen <[email protected]>
+
+ Reviewed by Oliver Hunt.
+
+ Ensure that all compilation takes place within a dynamic global object scope
+ https://bugs.webkit.org/show_bug.cgi?id=57054
+
+ * WebView/WebScriptDebugDelegate.mm:
+ (-[WebScriptCallFrame evaluateWebScript:]): Updated for signature change.
+
2011-03-17 Brady Eidson <[email protected]>
Reviewed by Sam Weinig.
Modified: releases/WebKitGTK/webkit-1.4/Source/WebKit/mac/WebView/WebScriptDebugDelegate.mm (90141 => 90142)
--- releases/WebKitGTK/webkit-1.4/Source/WebKit/mac/WebView/WebScriptDebugDelegate.mm 2011-06-30 19:07:23 UTC (rev 90141)
+++ releases/WebKitGTK/webkit-1.4/Source/WebKit/mac/WebView/WebScriptDebugDelegate.mm 2011-06-30 19:15:31 UTC (rev 90142)
@@ -239,7 +239,7 @@
if (self == _private->debugger->globalCallFrame() && !globalObject->globalData().dynamicGlobalObject) {
JSGlobalObject* globalObject = _private->debugger->globalObject();
- DynamicGlobalObjectScope globalObjectScope(globalObject->globalExec(), globalObject);
+ DynamicGlobalObjectScope globalObjectScope(globalObject->globalData(), globalObject);
JSValue exception;
JSValue result = evaluateInGlobalCallFrame(stringToUString(script), exception, globalObject);
