Diff
Modified: releases/WebKitGTK/webkit-2.12/LayoutTests/ChangeLog (204823 => 204824)
--- releases/WebKitGTK/webkit-2.12/LayoutTests/ChangeLog 2016-08-23 12:30:41 UTC (rev 204823)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/ChangeLog 2016-08-23 12:53:59 UTC (rev 204824)
@@ -1,3 +1,17 @@
+2016-04-04 Chris Dumez <[email protected]>
+
+ Regression(r196145): Crash in getOwnPropertyDescriptor on http://www.history.com/shows/vikings
+ https://bugs.webkit.org/show_bug.cgi?id=156136
+ <rdar://problem/25410767>
+
+ Reviewed by Ryosuke Niwa.
+
+ Add a layout test to confirm that calling Object.getOwnPropertyDescriptor(window, "indexedDB")
+ does not crash and works as expected.
+
+ * storage/indexeddb/indexeddb-getownpropertyDescriptor-expected.txt: Added.
+ * storage/indexeddb/indexeddb-getownpropertyDescriptor.html: Added.
+
2016-08-01 Antti Koivisto <[email protected]>
REGRESSION (r196383): Drop down CSS menus not working on cnet.com, apmex.com
Added: releases/WebKitGTK/webkit-2.12/LayoutTests/storage/indexeddb/indexeddb-getownpropertyDescriptor-expected.txt (0 => 204824)
--- releases/WebKitGTK/webkit-2.12/LayoutTests/storage/indexeddb/indexeddb-getownpropertyDescriptor-expected.txt (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/storage/indexeddb/indexeddb-getownpropertyDescriptor-expected.txt 2016-08-23 12:53:59 UTC (rev 204824)
@@ -0,0 +1,14 @@
+Tests using getOwnPropertyDescriptor() on window.indexedDB
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+desc = Object.getOwnPropertyDescriptor(window, 'indexedDB')
+PASS desc.get is an instance of Function
+PASS desc.set is undefined.
+PASS desc.enumerable is true
+PASS desc.configurable is true
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: releases/WebKitGTK/webkit-2.12/LayoutTests/storage/indexeddb/indexeddb-getownpropertyDescriptor.html (0 => 204824)
--- releases/WebKitGTK/webkit-2.12/LayoutTests/storage/indexeddb/indexeddb-getownpropertyDescriptor.html (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/storage/indexeddb/indexeddb-getownpropertyDescriptor.html 2016-08-23 12:53:59 UTC (rev 204824)
@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<body>
+<script src=""
+<script>
+description("Tests using getOwnPropertyDescriptor() on window.indexedDB");
+
+evalAndLog("desc = Object.getOwnPropertyDescriptor(window, 'indexedDB')");
+shouldBeType("desc.get", "Function");
+shouldBeUndefined("desc.set");
+shouldBeTrue("desc.enumerable");
+shouldBeTrue("desc.configurable");
+</script>
+</body>
Modified: releases/WebKitGTK/webkit-2.12/Source/_javascript_Core/ChangeLog (204823 => 204824)
--- releases/WebKitGTK/webkit-2.12/Source/_javascript_Core/ChangeLog 2016-08-23 12:30:41 UTC (rev 204823)
+++ releases/WebKitGTK/webkit-2.12/Source/_javascript_Core/ChangeLog 2016-08-23 12:53:59 UTC (rev 204824)
@@ -1,3 +1,15 @@
+2016-04-04 Chris Dumez <[email protected]>
+
+ Regression(r196145): Crash in getOwnPropertyDescriptor on http://www.history.com/shows/vikings
+ https://bugs.webkit.org/show_bug.cgi?id=156136
+ <rdar://problem/25410767>
+
+ Reviewed by Ryosuke Niwa.
+
+ Add a few more identifiers for using in the generated bindings.
+
+ * runtime/CommonIdentifiers.h:
+
2016-02-21 Skachkov Oleksandr <[email protected]>
Remove arrowfunction test cases that rely on arguments variable in jsc
Modified: releases/WebKitGTK/webkit-2.12/Source/_javascript_Core/runtime/CommonIdentifiers.h (204823 => 204824)
--- releases/WebKitGTK/webkit-2.12/Source/_javascript_Core/runtime/CommonIdentifiers.h 2016-08-23 12:30:41 UTC (rev 204823)
+++ releases/WebKitGTK/webkit-2.12/Source/_javascript_Core/runtime/CommonIdentifiers.h 2016-08-23 12:53:59 UTC (rev 204824)
@@ -28,18 +28,37 @@
// MarkedArgumentBuffer of property names, passed to a macro so we can do set them up various
// ways without repeating the list.
#define JSC_COMMON_IDENTIFIERS_EACH_PROPERTY_NAME(macro) \
+ macro(AnimationTimeline) \
macro(Array) \
macro(ArrayBuffer) \
macro(ArrayIterator) \
+ macro(Audio) \
macro(BYTES_PER_ELEMENT) \
macro(Boolean) \
macro(Collator) \
macro(Date) \
macro(DateTimeFormat) \
+ macro(DocumentTimeline) \
macro(Error) \
macro(EvalError) \
macro(Function) \
+ macro(Gamepad) \
+ macro(GamepadButton) \
+ macro(GamepadEvent) \
macro(GeneratorFunction) \
+ macro(HTMLAudioElement) \
+ macro(HTMLSlotElement) \
+ macro(IDBCursor) \
+ macro(IDBCursorWithValue) \
+ macro(IDBDatabase) \
+ macro(IDBFactory) \
+ macro(IDBIndex) \
+ macro(IDBKeyRange) \
+ macro(IDBObjectStore) \
+ macro(IDBOpenDBRequest) \
+ macro(IDBRequest) \
+ macro(IDBTransaction) \
+ macro(IDBVersionChangeEvent) \
macro(Infinity) \
macro(Intl) \
macro(JSON) \
@@ -59,6 +78,7 @@
macro(RegExp) \
macro(Set)\
macro(SetIterator)\
+ macro(ShadowRoot) \
macro(String) \
macro(Symbol) \
macro(SyntaxError) \
@@ -67,6 +87,7 @@
macro(UTC) \
macro(WeakMap)\
macro(WeakSet)\
+ macro(WebSocket) \
macro(__defineGetter__) \
macro(__defineSetter__) \
macro(__lookupGetter__) \
@@ -216,6 +237,14 @@
macro(valueOf) \
macro(values) \
macro(webkit) \
+ macro(webkitIDBCursor) \
+ macro(webkitIDBDatabase) \
+ macro(webkitIDBFactory) \
+ macro(webkitIDBIndex) \
+ macro(webkitIDBKeyRange) \
+ macro(webkitIDBObjectStore) \
+ macro(webkitIDBRequest) \
+ macro(webkitIDBTransaction) \
macro(webkitIndexedDB) \
macro(weekday) \
macro(window) \
Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog (204823 => 204824)
--- releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog 2016-08-23 12:30:41 UTC (rev 204823)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog 2016-08-23 12:53:59 UTC (rev 204824)
@@ -1,3 +1,64 @@
+2016-04-04 Chris Dumez <[email protected]>
+
+ Regression(r196145): Crash in getOwnPropertyDescriptor on http://www.history.com/shows/vikings
+ https://bugs.webkit.org/show_bug.cgi?id=156136
+ <rdar://problem/25410767>
+
+ Reviewed by Ryosuke Niwa.
+
+ The page was crashing when doing the following:
+ Object.getOwnPropertyDescriptor(window, "indexedDB")
+
+ getOwnPropertyDescriptor() expected getDirect() to return a CustomGetterSetter for
+ CustomAccessors but it was not the case for window.indexedDB. The reason was that
+ window.indexedDB was a special property, which is not part of the static table but
+ returned by GetOwnPropertySlot() if IndexedDB feature is enabled. This weirdness
+ was due to our bindings generator not having proper support for [EnabledAtRuntime]
+ properties on Window.
+
+ This patch adds support for [EnabledAtRuntime] properties on Window by omitting
+ these properties from the static property table and then setting them at runtime
+ in JSDOMWindow::finishCreation() if the corresponding feature is enabled.
+ window.indexedDB now looks like a regular property when IndexedDB is enabled
+ and getOwnPropertyDescriptor() works as expected for this property.
+
+ Test: storage/indexeddb/indexeddb-getownpropertyDescriptor.html
+
+ * Modules/indexeddb/DOMWindowIndexedDatabase.cpp:
+ (WebCore::DOMWindowIndexedDatabase::indexedDB):
+ * Modules/indexeddb/DOMWindowIndexedDatabase.h:
+ The generated bindings pass DOMWindow by reference instead of pointer so update
+ the implementation accordingly.
+
+ * Modules/indexeddb/DOMWindowIndexedDatabase.idl:
+ Add 'indexedDB' and 'webkitIndexedDB' properties and mark them as
+ [EnabledAtRuntime]. Now that the bindings generator correctly handles
+ [EnabledAtRuntime] properties on the Window, there is no need to
+ custom-handle them in JSDOMWindowCustom.
+
+ * bindings/js/JSDOMWindowCustom.cpp:
+ Drop custom handling for 'indexedDB' and 'webkitIndexedDB' properties
+ in getOwnPropertySlot(). The generated bindings code now makes sure to
+ only set those properties on the Window if IndexedDB is enabled so we
+ can let the regular code path look up those properties.
+
+ * bindings/scripts/CodeGeneratorJS.pm:
+ (GetJSCAttributesForAttribute):
+ (GenerateHeader):
+ (GeneratePropertiesHashTable):
+ (GenerateImplementation):
+ Add support for [EnabledAtRuntime] properties on DOMWindow. For such
+ properties, we do the following:
+ 1. Omit them from the static property table
+ 2. In JSDOMWindow::finishCreation(), dynamically add those properties
+ at runtime if the corresponding feature is enabled.
+
+ Note that this works for constructors as well.
+
+ * inspector/InspectorIndexedDBAgent.cpp:
+ (WebCore::assertIDBFactory):
+ Pass Window by reference instead of pointer.
+
2016-06-16 Ting-Wei Lan <[email protected]>
Include cstdlib before using std::atexit
Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/Modules/indexeddb/DOMWindowIndexedDatabase.cpp (204823 => 204824)
--- releases/WebKitGTK/webkit-2.12/Source/WebCore/Modules/indexeddb/DOMWindowIndexedDatabase.cpp 2016-08-23 12:30:41 UTC (rev 204823)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/Modules/indexeddb/DOMWindowIndexedDatabase.cpp 2016-08-23 12:53:59 UTC (rev 204824)
@@ -93,9 +93,9 @@
DOMWindowProperty::willDetachGlobalObjectFromFrame();
}
-IDBFactory* DOMWindowIndexedDatabase::indexedDB(DOMWindow* window)
+IDBFactory* DOMWindowIndexedDatabase::indexedDB(DOMWindow& window)
{
- return from(window)->indexedDB();
+ return from(&window)->indexedDB();
}
IDBFactory* DOMWindowIndexedDatabase::indexedDB()
Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/Modules/indexeddb/DOMWindowIndexedDatabase.h (204823 => 204824)
--- releases/WebKitGTK/webkit-2.12/Source/WebCore/Modules/indexeddb/DOMWindowIndexedDatabase.h 2016-08-23 12:30:41 UTC (rev 204823)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/Modules/indexeddb/DOMWindowIndexedDatabase.h 2016-08-23 12:53:59 UTC (rev 204824)
@@ -44,7 +44,7 @@
static DOMWindowIndexedDatabase* from(DOMWindow*);
- static IDBFactory* indexedDB(DOMWindow*);
+ static IDBFactory* indexedDB(DOMWindow&);
virtual void disconnectFrameForDocumentSuspension() override;
virtual void reconnectFrameFromDocumentSuspension(Frame*) override;
Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/Modules/indexeddb/DOMWindowIndexedDatabase.idl (204823 => 204824)
--- releases/WebKitGTK/webkit-2.12/Source/WebCore/Modules/indexeddb/DOMWindowIndexedDatabase.idl 2016-08-23 12:30:41 UTC (rev 204823)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/Modules/indexeddb/DOMWindowIndexedDatabase.idl 2016-08-23 12:53:59 UTC (rev 204824)
@@ -27,6 +27,7 @@
[
Conditional=INDEXED_DATABASE,
] partial interface DOMWindow {
- // This space is intentionally left blank.
+ [EnabledAtRuntime=IndexedDB] readonly attribute IDBFactory indexedDB;
+ [EnabledAtRuntime=IndexedDB, ImplementedAs=indexedDB] readonly attribute IDBFactory webkitIndexedDB;
};
Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp (204823 => 204824)
--- releases/WebKitGTK/webkit-2.12/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp 2016-08-23 12:30:41 UTC (rev 204823)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp 2016-08-23 12:53:59 UTC (rev 204824)
@@ -76,21 +76,6 @@
}
#endif
-#if ENABLE(INDEXED_DATABASE)
-static EncodedJSValue jsDOMWindowIndexedDB(ExecState* exec, EncodedJSValue thisValue, PropertyName)
-{
- UNUSED_PARAM(exec);
- auto* castedThis = toJSDOMWindow(JSValue::decode(thisValue));
- if (!RuntimeEnabledFeatures::sharedFeatures().indexedDBEnabled())
- return JSValue::encode(jsUndefined());
- if (!castedThis || !BindingSecurity::shouldAllowAccessToDOMWindow(exec, castedThis->wrapped()))
- return JSValue::encode(jsUndefined());
- auto& impl = castedThis->wrapped();
- JSValue result = toJS(exec, castedThis->globalObject(), WTF::getPtr(DOMWindowIndexedDatabase::indexedDB(&impl)));
- return JSValue::encode(result);
-}
-#endif
-
static bool jsDOMWindowGetOwnPropertySlotRestrictedAccess(JSDOMWindow* thisObject, Frame* frame, ExecState* exec, PropertyName propertyName, PropertySlot& slot, String& errorMessage)
{
// Allow access to toString() cross-domain, but always Object.prototype.toString.
@@ -263,16 +248,6 @@
if (getStaticPropertySlot<JSDOMWindow, Base>(exec, *JSDOMWindow::info()->staticPropHashTable, thisObject, propertyName, slot))
return true;
-#if ENABLE(INDEXED_DATABASE)
- // FIXME: With generated JS bindings built on static property tables there is no way to
- // completely remove a generated property at runtime. So to completely disable IndexedDB
- // at runtime we have to not generate these accessors and have to handle them specially here.
- // Once https://webkit.org/b/145669 is resolved, they can once again be auto generated.
- if (RuntimeEnabledFeatures::sharedFeatures().indexedDBEnabled() && (propertyName == exec->propertyNames().indexedDB || propertyName == exec->propertyNames().webkitIndexedDB)) {
- slot.setCustom(thisObject, DontDelete | ReadOnly | CustomAccessor, jsDOMWindowIndexedDB);
- return true;
- }
-#endif
#if ENABLE(USER_MESSAGE_HANDLERS)
if (propertyName == exec->propertyNames().webkit && thisObject->wrapped().shouldHaveWebKitNamespaceForWorld(thisObject->world())) {
slot.setCacheableCustom(thisObject, DontDelete | ReadOnly, jsDOMWindowWebKit);
Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm (204823 => 204824)
--- releases/WebKitGTK/webkit-2.12/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm 2016-08-23 12:30:41 UTC (rev 204823)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm 2016-08-23 12:53:59 UTC (rev 204824)
@@ -730,6 +730,23 @@
return 0;
}
+sub GetJSCAttributesForAttribute
+{
+ my $interface = shift;
+ my $attribute = shift;
+
+ my @specials = ();
+ push(@specials, "DontDelete") if IsUnforgeable($interface, $attribute);
+
+ # As per Web IDL specification, constructor properties on the ECMAScript global object should not be enumerable.
+ my $is_global_constructor = $attribute->signature->type =~ /Constructor$/;
+ push(@specials, "DontEnum") if ($attribute->signature->extendedAttributes->{"NotEnumerable"} || $is_global_constructor);
+ push(@specials, "ReadOnly") if IsReadonly($attribute);
+ push(@specials, "CustomAccessor") unless $is_global_constructor or IsJSBuiltin($interface, $attribute);
+ push(@specials, "Accessor | Builtin") if IsJSBuiltin($interface, $attribute);
+ return (@specials > 0) ? join(" | ", @specials) : "0";
+}
+
sub GetIndexedGetterFunction
{
my $interface = shift;
@@ -1225,6 +1242,7 @@
# Constructor
if ($interfaceName eq "DOMWindow") {
push(@headerContent, " $className(JSC::VM&, JSC::Structure*, Ref<$implType>&&, JSDOMWindowShell*);\n");
+ push(@headerContent, " void finishCreation(JSC::VM&, JSDOMWindowShell*);\n");
} elsif ($codeGenerator->InheritsInterface($interface, "WorkerGlobalScope")) {
push(@headerContent, " $className(JSC::VM&, JSC::Structure*, Ref<$implType>&&);\n");
} elsif (!NeedsImplementationClass($interface)) {
@@ -1387,19 +1405,17 @@
foreach my $attribute (@{$interface->attributes}) {
next if ($attribute->isStatic);
next if AttributeShouldBeOnInstance($interface, $attribute) != $isInstance;
+
+ # DOMWindow adds RuntimeEnabled attributes after creation so do not add them to the static table.
+ if ($interfaceName eq "DOMWindow" && $attribute->signature->extendedAttributes->{"EnabledAtRuntime"}) {
+ $propertyCount -= 1;
+ next;
+ }
+
my $name = $attribute->signature->name;
push(@$hashKeys, $name);
- my @specials = ();
- push(@specials, "DontDelete") if IsUnforgeable($interface, $attribute);
-
- # As per Web IDL specification, constructor properties on the ECMAScript global object should not be enumerable.
- my $is_global_constructor = $attribute->signature->type =~ /Constructor$/;
- push(@specials, "DontEnum") if ($attribute->signature->extendedAttributes->{"NotEnumerable"} || $is_global_constructor);
- push(@specials, "ReadOnly") if IsReadonly($attribute);
- push(@specials, "CustomAccessor") unless $is_global_constructor or IsJSBuiltin($interface, $attribute);
- push(@specials, "Accessor | Builtin") if IsJSBuiltin($interface, $attribute);
- my $special = (@specials > 0) ? join(" | ", @specials) : "0";
+ my $special = GetJSCAttributesForAttribute($interface, $attribute);
push(@$hashSpecials, $special);
my $getter = GetAttributeGetterName($interfaceName, $className, $interface, $attribute);
@@ -2157,6 +2173,29 @@
push(@implContent, " : $parentClassName(vm, structure, WTFMove(impl), shell)\n");
push(@implContent, "{\n");
push(@implContent, "}\n\n");
+
+ push(@implContent, "void ${className}::finishCreation(VM& vm, JSDOMWindowShell* shell)\n");
+ push(@implContent, "{\n");
+ push(@implContent, " Base::finishCreation(vm, shell);\n\n");
+ # Support for RuntimeEnabled attributes on DOMWindow.
+ foreach my $attribute (@{$interface->attributes}) {
+ next unless $attribute->signature->extendedAttributes->{"EnabledAtRuntime"};
+
+ AddToImplIncludes("RuntimeEnabledFeatures.h");
+ my $conditionalString = $codeGenerator->GenerateConditionalString($attribute->signature);
+ push(@implContent, "#if ${conditionalString}\n") if $conditionalString;
+ my $enable_function = GetRuntimeEnableFunctionName($attribute->signature);
+ my $attributeName = $attribute->signature->name;
+ push(@implContent, " if (${enable_function}()) {\n");
+ my $getter = GetAttributeGetterName($interfaceName, $className, $interface, $attribute);
+ my $setter = IsReadonly($attribute) ? "nullptr" : GetAttributeSetterName($interfaceName, $className, $interface, $attribute);
+ push(@implContent, " auto* customGetterSetter = CustomGetterSetter::create(vm, $getter, $setter);\n");
+ my $jscAttributes = GetJSCAttributesForAttribute($interface, $attribute);
+ push(@implContent, " putDirectCustomAccessor(vm, vm.propertyNames->$attributeName, customGetterSetter, attributesForStructure($jscAttributes));\n");
+ push(@implContent, " }\n");
+ push(@implContent, "#endif\n") if $conditionalString;
+ }
+ push(@implContent, "}\n\n");
} elsif ($codeGenerator->InheritsInterface($interface, "WorkerGlobalScope")) {
AddIncludesForTypeInImpl($interfaceName);
push(@implContent, "${className}::$className(VM& vm, Structure* structure, Ref<$implType>&& impl)\n");
@@ -2340,12 +2379,7 @@
# Global constructors can be disabled at runtime.
if ($attribute->signature->type =~ /Constructor$/) {
- if ($attribute->signature->extendedAttributes->{"EnabledAtRuntime"}) {
- AddToImplIncludes("RuntimeEnabledFeatures.h");
- my $enable_function = GetRuntimeEnableFunctionName($attribute->signature);
- push(@implContent, " if (!${enable_function}())\n");
- push(@implContent, " return JSValue::encode(jsUndefined());\n");
- } elsif ($attribute->signature->extendedAttributes->{"EnabledBySetting"}) {
+ if ($attribute->signature->extendedAttributes->{"EnabledBySetting"}) {
AddToImplIncludes("Frame.h");
AddToImplIncludes("Settings.h");
my $enable_function = ToMethodName($attribute->signature->extendedAttributes->{"EnabledBySetting"}) . "Enabled";
Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/inspector/InspectorIndexedDBAgent.cpp (204823 => 204824)
--- releases/WebKitGTK/webkit-2.12/Source/WebCore/inspector/InspectorIndexedDBAgent.cpp 2016-08-23 12:30:41 UTC (rev 204823)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/inspector/InspectorIndexedDBAgent.cpp 2016-08-23 12:53:59 UTC (rev 204824)
@@ -494,7 +494,7 @@
return nullptr;
}
- IDBFactory* idbFactory = DOMWindowIndexedDatabase::indexedDB(domWindow);
+ IDBFactory* idbFactory = DOMWindowIndexedDatabase::indexedDB(*domWindow);
if (!idbFactory)
errorString = ASCIILiteral("No IndexedDB factory for given frame found");
