Title: [247221] branches/safari-607-branch/Source/WebCore
- Revision
- 247221
- Author
- [email protected]
- Date
- 2019-07-08 11:55:22 -0700 (Mon, 08 Jul 2019)
Log Message
Cherry-pick r246808. rdar://problem/52505041
Add didBecomePrototype() calls to global context prototypes
https://bugs.webkit.org/show_bug.cgi?id=199202
Reviewed by Mark Lam.
This fixes some crashes related to asserting that all prototypes
have been marked as such in JSC from
https://trac.webkit.org/changeset/246801. It's ok to call
didBecomePrototype here as we setting up the world state right now
so we won't be having a bad time.
We don't automatically call didBecomePrototype() for
setPrototypeWithoutTransition because existing objects may already
have this structure so it seems more reasonable to be explicit
there.
* bindings/js/JSWindowProxy.cpp:
(WebCore::JSWindowProxy::setWindow):
* bindings/js/WorkerScriptController.cpp:
(WebCore::WorkerScriptController::initScript):
* worklets/WorkletScriptController.cpp:
(WebCore::WorkletScriptController::initScriptWithSubclass):
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@246808 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Modified Paths
Diff
Modified: branches/safari-607-branch/Source/WebCore/ChangeLog (247220 => 247221)
--- branches/safari-607-branch/Source/WebCore/ChangeLog 2019-07-08 18:44:15 UTC (rev 247220)
+++ branches/safari-607-branch/Source/WebCore/ChangeLog 2019-07-08 18:55:22 UTC (rev 247221)
@@ -1,3 +1,57 @@
+2019-07-08 Alan Coon <[email protected]>
+
+ Cherry-pick r246808. rdar://problem/52505041
+
+ Add didBecomePrototype() calls to global context prototypes
+ https://bugs.webkit.org/show_bug.cgi?id=199202
+
+ Reviewed by Mark Lam.
+
+ This fixes some crashes related to asserting that all prototypes
+ have been marked as such in JSC from
+ https://trac.webkit.org/changeset/246801. It's ok to call
+ didBecomePrototype here as we setting up the world state right now
+ so we won't be having a bad time.
+
+ We don't automatically call didBecomePrototype() for
+ setPrototypeWithoutTransition because existing objects may already
+ have this structure so it seems more reasonable to be explicit
+ there.
+
+ * bindings/js/JSWindowProxy.cpp:
+ (WebCore::JSWindowProxy::setWindow):
+ * bindings/js/WorkerScriptController.cpp:
+ (WebCore::WorkerScriptController::initScript):
+ * worklets/WorkletScriptController.cpp:
+ (WebCore::WorkletScriptController::initScriptWithSubclass):
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@246808 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2019-06-25 Keith Miller <[email protected]>
+
+ Add didBecomePrototype() calls to global context prototypes
+ https://bugs.webkit.org/show_bug.cgi?id=199202
+
+ Reviewed by Mark Lam.
+
+ This fixes some crashes related to asserting that all prototypes
+ have been marked as such in JSC from
+ https://trac.webkit.org/changeset/246801. It's ok to call
+ didBecomePrototype here as we setting up the world state right now
+ so we won't be having a bad time.
+
+ We don't automatically call didBecomePrototype() for
+ setPrototypeWithoutTransition because existing objects may already
+ have this structure so it seems more reasonable to be explicit
+ there.
+
+ * bindings/js/JSWindowProxy.cpp:
+ (WebCore::JSWindowProxy::setWindow):
+ * bindings/js/WorkerScriptController.cpp:
+ (WebCore::WorkerScriptController::initScript):
+ * worklets/WorkletScriptController.cpp:
+ (WebCore::WorkletScriptController::initScriptWithSubclass):
+
2019-07-02 Alan Coon <[email protected]>
Cherry-pick r247017. rdar://problem/52054321
Modified: branches/safari-607-branch/Source/WebCore/bindings/js/JSWindowProxy.cpp (247220 => 247221)
--- branches/safari-607-branch/Source/WebCore/bindings/js/JSWindowProxy.cpp 2019-07-08 18:44:15 UTC (rev 247220)
+++ branches/safari-607-branch/Source/WebCore/bindings/js/JSWindowProxy.cpp 2019-07-08 18:55:22 UTC (rev 247221)
@@ -111,6 +111,7 @@
auto& propertiesStructure = *JSDOMWindowProperties::createStructure(vm, window, JSEventTarget::prototype(vm, *window));
auto& properties = *JSDOMWindowProperties::create(&propertiesStructure, *window);
+ properties.didBecomePrototype();
prototype->structure(vm)->setPrototypeWithoutTransition(vm, &properties);
setWindow(vm, *window);
Modified: branches/safari-607-branch/Source/WebCore/bindings/js/WorkerScriptController.cpp (247220 => 247221)
--- branches/safari-607-branch/Source/WebCore/bindings/js/WorkerScriptController.cpp 2019-07-08 18:44:15 UTC (rev 247220)
+++ branches/safari-607-branch/Source/WebCore/bindings/js/WorkerScriptController.cpp 2019-07-08 18:55:22 UTC (rev 247221)
@@ -90,7 +90,9 @@
ASSERT(structure->globalObject() == m_workerGlobalScopeWrapper);
ASSERT(m_workerGlobalScopeWrapper->structure(*m_vm)->globalObject() == m_workerGlobalScopeWrapper);
dedicatedContextPrototype->structure(*m_vm)->setGlobalObject(*m_vm, m_workerGlobalScopeWrapper.get());
- dedicatedContextPrototype->structure(*m_vm)->setPrototypeWithoutTransition(*m_vm, JSWorkerGlobalScope::prototype(*m_vm, *m_workerGlobalScopeWrapper.get()));
+ auto* workerGlobalScopePrototype = JSWorkerGlobalScope::prototype(*m_vm, *m_workerGlobalScopeWrapper.get());
+ workerGlobalScopePrototype->didBecomePrototype();
+ dedicatedContextPrototype->structure(*m_vm)->setPrototypeWithoutTransition(*m_vm, workerGlobalScopePrototype);
proxy->setTarget(*m_vm, m_workerGlobalScopeWrapper.get());
proxy->structure(*m_vm)->setGlobalObject(*m_vm, m_workerGlobalScopeWrapper.get());
@@ -107,7 +109,9 @@
ASSERT(structure->globalObject() == m_workerGlobalScopeWrapper);
ASSERT(m_workerGlobalScopeWrapper->structure()->globalObject() == m_workerGlobalScopeWrapper);
contextPrototype->structure(*m_vm)->setGlobalObject(*m_vm, m_workerGlobalScopeWrapper.get());
- contextPrototype->structure(*m_vm)->setPrototypeWithoutTransition(*m_vm, JSWorkerGlobalScope::prototype(*m_vm, *m_workerGlobalScopeWrapper.get()));
+ auto* workerGlobalScopePrototype = JSWorkerGlobalScope::prototype(*m_vm, *m_workerGlobalScopeWrapper.get());
+ workerGlobalScopePrototype->didBecomePrototype();
+ contextPrototype->structure(*m_vm)->setPrototypeWithoutTransition(*m_vm, workerGlobalScopePrototype);
proxy->setTarget(*m_vm, m_workerGlobalScopeWrapper.get());
proxy->structure(*m_vm)->setGlobalObject(*m_vm, m_workerGlobalScopeWrapper.get());
Modified: branches/safari-607-branch/Source/WebCore/worklets/WorkletScriptController.cpp (247220 => 247221)
--- branches/safari-607-branch/Source/WebCore/worklets/WorkletScriptController.cpp 2019-07-08 18:44:15 UTC (rev 247220)
+++ branches/safari-607-branch/Source/WebCore/worklets/WorkletScriptController.cpp 2019-07-08 18:55:22 UTC (rev 247221)
@@ -126,7 +126,9 @@
ASSERT(structure->globalObject() == m_workletGlobalScopeWrapper);
ASSERT(m_workletGlobalScopeWrapper->structure(*m_vm)->globalObject() == m_workletGlobalScopeWrapper);
contextPrototype->structure(*m_vm)->setGlobalObject(*m_vm, m_workletGlobalScopeWrapper.get());
- contextPrototype->structure(*m_vm)->setPrototypeWithoutTransition(*m_vm, JSGlobalScope::prototype(*m_vm, *m_workletGlobalScopeWrapper.get()));
+ auto* globalScopePrototype = JSGlobalScope::prototype(*m_vm, *m_workletGlobalScopeWrapper.get());
+ globalScopePrototype->didBecomePrototype();
+ contextPrototype->structure(*m_vm)->setPrototypeWithoutTransition(*m_vm, globalScopePrototype);
proxy->setTarget(*m_vm, m_workletGlobalScopeWrapper.get());
proxy->structure(*m_vm)->setGlobalObject(*m_vm, m_workletGlobalScopeWrapper.get());
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
