[webkit-changes] [108091] branches/chromium/1025/Source

Fri, 17 Feb 2012 10:17:41 -0800

Title: [108091] branches/chromium/1025/Source
Revision
108091
Author
[email protected]
Date
2012-02-17 10:17:34 -0800 (Fri, 17 Feb 2012)

Log Message

Merge 107170 - DOM mutations should not be delivered on worker threads
https://bugs.webkit.org/show_bug.cgi?id=77898

Reviewed by Dmitry Titov.

Source/WebCore:

In V8RecursionScope, only call WebKitMutationObserver::deliverAllMutations
if in a Document context.

This is accomplished through a change to V8Proxy::instrumentedCallFunction
(which now takes a Frame* instead of a Page*), requiring an update to all
callers of that function (accounting for the majority of files changed
in this patch).

Added ASSERT(isMainThread()) in a deliverAllMutations to confirm that
it's no longer called on worker threads, and in enqueueMutationRecord,
where the same global store of active observers is accessed.

See also http://crbug.com/112586, where the problem was initially
reported.

* bindings/v8/ScriptFunctionCall.cpp:
(WebCore::ScriptCallback::call):
* bindings/v8/V8NodeFilterCondition.cpp:
(WebCore::V8NodeFilterCondition::acceptNode):
* bindings/v8/V8Proxy.cpp:
(WebCore::V8Proxy::runScript):
(WebCore::V8Proxy::callFunction):
(WebCore::V8Proxy::instrumentedCallFunction):
* bindings/v8/V8Proxy.h:
(WebCore):
(V8Proxy):
* bindings/v8/V8RecursionScope.cpp:
(WebCore::V8RecursionScope::didLeaveScriptContext):
* bindings/v8/V8RecursionScope.h:
(WebCore):
(WebCore::V8RecursionScope::V8RecursionScope):
(V8RecursionScope):
(WebCore::V8RecursionScope::~V8RecursionScope):
* bindings/v8/V8WindowErrorHandler.cpp:
(WebCore::V8WindowErrorHandler::callListenerFunction):
* bindings/v8/custom/V8CustomVoidCallback.cpp:
(WebCore::invokeCallback):
* bindings/v8/custom/V8CustomXPathNSResolver.cpp:
(WebCore::V8CustomXPathNSResolver::lookupNamespaceURI):
* dom/WebKitMutationObserver.cpp:
(WebCore::WebKitMutationObserver::enqueueMutationRecord):
(WebCore::WebKitMutationObserver::deliverAllMutations):

Source/WebKit/chromium:

* src/WebDevToolsFrontendImpl.cpp:
(WebKit::WebDevToolsFrontendImpl::dispatchOnInspectorFrontend):


[email protected]
Review URL: https://chromiumcodereview.appspot.com/9355009

Modified Paths

Diff

Modified: branches/chromium/1025/Source/WebCore/bindings/v8/ScriptFunctionCall.cpp (108090 => 108091)


--- branches/chromium/1025/Source/WebCore/bindings/v8/ScriptFunctionCall.cpp	2012-02-17 18:09:49 UTC (rev 108090)
+++ branches/chromium/1025/Source/WebCore/bindings/v8/ScriptFunctionCall.cpp	2012-02-17 18:17:34 UTC (rev 108091)
@@ -197,7 +197,7 @@
     for (size_t i = 0; i < m_arguments.size(); ++i)
         args[i] = m_arguments[i].v8Value();
 
-    v8::Handle<v8::Value> result = V8Proxy::instrumentedCallFunction(0 /* page */, function, object, m_arguments.size(), args.get());
+    v8::Handle<v8::Value> result = V8Proxy::instrumentedCallFunction(0 /* frame */, function, object, m_arguments.size(), args.get());
 
     if (exceptionCatcher.HasCaught()) {
         hadException = true;

Modified: branches/chromium/1025/Source/WebCore/bindings/v8/V8NodeFilterCondition.cpp (108090 => 108091)


--- branches/chromium/1025/Source/WebCore/bindings/v8/V8NodeFilterCondition.cpp	2012-02-17 18:09:49 UTC (rev 108090)
+++ branches/chromium/1025/Source/WebCore/bindings/v8/V8NodeFilterCondition.cpp	2012-02-17 18:17:34 UTC (rev 108091)
@@ -83,7 +83,7 @@
     OwnArrayPtr<v8::Handle<v8::Value> > args = adoptArrayPtr(new v8::Handle<v8::Value>[1]);
     args[0] = toV8(node);
 
-    v8::Handle<v8::Value> result = V8Proxy::instrumentedCallFunction(0 /* page */, callback, object, 1, args.get());
+    v8::Handle<v8::Value> result = V8Proxy::instrumentedCallFunction(0 /* frame */, callback, object, 1, args.get());
 
     if (exceptionCatcher.HasCaught()) {
         state->setException(exceptionCatcher.Exception());

Modified: branches/chromium/1025/Source/WebCore/bindings/v8/V8Proxy.cpp (108090 => 108091)


--- branches/chromium/1025/Source/WebCore/bindings/v8/V8Proxy.cpp	2012-02-17 18:09:49 UTC (rev 108090)
+++ branches/chromium/1025/Source/WebCore/bindings/v8/V8Proxy.cpp	2012-02-17 18:17:34 UTC (rev 108091)
@@ -378,7 +378,7 @@
     v8::TryCatch tryCatch;
     tryCatch.SetVerbose(true);
     {
-        V8RecursionScope recursionScope;
+        V8RecursionScope recursionScope(frame()->document());
         result = script->Run();
     }
 
@@ -404,10 +404,10 @@
 {
     // Keep Frame (and therefore ScriptController and V8Proxy) alive.
     RefPtr<Frame> protect(frame());
-    return V8Proxy::instrumentedCallFunction(m_frame->page(), function, receiver, argc, args);
+    return V8Proxy::instrumentedCallFunction(frame(), function, receiver, argc, args);
 }
 
-v8::Local<v8::Value> V8Proxy::instrumentedCallFunction(Page* page, v8::Handle<v8::Function> function, v8::Handle<v8::Object> receiver, int argc, v8::Handle<v8::Value> args[])
+v8::Local<v8::Value> V8Proxy::instrumentedCallFunction(Frame* frame, v8::Handle<v8::Function> function, v8::Handle<v8::Object> receiver, int argc, v8::Handle<v8::Value> args[])
 {
     V8GCController::checkMemoryUsage();
 
@@ -415,7 +415,7 @@
         return handleMaxRecursionDepthExceeded();
 
     InspectorInstrumentationCookie cookie;
-    if (InspectorInstrumentation::hasFrontends()) {
+    if (InspectorInstrumentation::hasFrontends() && frame) {
         String resourceName("undefined");
         int lineNumber = 1;
         v8::ScriptOrigin origin = function->GetScriptOrigin();
@@ -423,12 +423,12 @@
             resourceName = toWebCoreString(origin.ResourceName());
             lineNumber = function->GetScriptLineNumber() + 1;
         }
-        cookie = InspectorInstrumentation::willCallFunction(page, resourceName, lineNumber);
+        cookie = InspectorInstrumentation::willCallFunction(frame->page(), resourceName, lineNumber);
     }
 
     v8::Local<v8::Value> result;
     {
-        V8RecursionScope recursionScope;
+        V8RecursionScope recursionScope(frame ? frame->document() : 0);
         result = function->Call(receiver, argc, args);
     }

Modified: branches/chromium/1025/Source/WebCore/bindings/v8/V8Proxy.h (108090 => 108091)


--- branches/chromium/1025/Source/WebCore/bindings/v8/V8Proxy.h	2012-02-17 18:09:49 UTC (rev 108090)
+++ branches/chromium/1025/Source/WebCore/bindings/v8/V8Proxy.h	2012-02-17 18:17:34 UTC (rev 108091)
@@ -57,7 +57,6 @@
     class DOMWindow;
     class Frame;
     class Node;
-    class Page;
     class ScriptExecutionContext;
     class ScriptSourceCode;
     class SecurityOrigin;
@@ -162,7 +161,7 @@
         v8::Local<v8::Value> callFunction(v8::Handle<v8::Function>, v8::Handle<v8::Object>, int argc, v8::Handle<v8::Value> argv[]);
 
         // call the function with the given receiver and arguments and report times to DevTools.
-        static v8::Local<v8::Value> instrumentedCallFunction(Page*, v8::Handle<v8::Function>, v8::Handle<v8::Object> receiver, int argc, v8::Handle<v8::Value> args[]);
+        static v8::Local<v8::Value> instrumentedCallFunction(Frame*, v8::Handle<v8::Function>, v8::Handle<v8::Object> receiver, int argc, v8::Handle<v8::Value> args[]);
 
         // Call the function as constructor with the given arguments.
         v8::Local<v8::Value> newInstance(v8::Handle<v8::Function>, int argc, v8::Handle<v8::Value> argv[]);

Modified: branches/chromium/1025/Source/WebCore/bindings/v8/V8RecursionScope.cpp (108090 => 108091)


--- branches/chromium/1025/Source/WebCore/bindings/v8/V8RecursionScope.cpp	2012-02-17 18:09:49 UTC (rev 108090)
+++ branches/chromium/1025/Source/WebCore/bindings/v8/V8RecursionScope.cpp	2012-02-17 18:17:34 UTC (rev 108091)
@@ -32,11 +32,12 @@
 #include "V8RecursionScope.h"
 
 #include "IDBPendingTransactionMonitor.h"
+#include "ScriptExecutionContext.h"
 #include "WebKitMutationObserver.h"
 
 namespace WebCore {
 
-void V8RecursionScope::didLeaveScriptContext()
+void V8RecursionScope::didLeaveScriptContext(ScriptExecutionContext* context)
 {
     // FIXME: Instrument any work that takes place when script exits to c++ (e.g. Mutation Observers).
 
@@ -48,7 +49,8 @@
 #endif
 
 #if ENABLE(MUTATION_OBSERVERS)
-    WebKitMutationObserver::deliverAllMutations();
+    if (context && context->isDocument())
+        WebKitMutationObserver::deliverAllMutations();
 #endif
 }

Modified: branches/chromium/1025/Source/WebCore/bindings/v8/V8RecursionScope.h (108090 => 108091)


--- branches/chromium/1025/Source/WebCore/bindings/v8/V8RecursionScope.h	2012-02-17 18:09:49 UTC (rev 108090)
+++ branches/chromium/1025/Source/WebCore/bindings/v8/V8RecursionScope.h	2012-02-17 18:17:34 UTC (rev 108091)
@@ -35,20 +35,29 @@
 
 namespace WebCore {
 
+class ScriptExecutionContext;
+
 class V8RecursionScope {
     WTF_MAKE_NONCOPYABLE(V8RecursionScope);
 public:
-    V8RecursionScope() { V8BindingPerIsolateData::current()->incrementRecursionLevel(); }
+    explicit V8RecursionScope(ScriptExecutionContext* context)
+        : m_context(context)
+    {
+        V8BindingPerIsolateData::current()->incrementRecursionLevel();
+    }
+
     ~V8RecursionScope()
     {
         if (!V8BindingPerIsolateData::current()->decrementRecursionLevel())
-            didLeaveScriptContext();
+            didLeaveScriptContext(m_context);
     }
 
     static int recursionLevel() { return V8BindingPerIsolateData::current()->recursionLevel(); }
 
 private:
-    static void didLeaveScriptContext();
+    static void didLeaveScriptContext(ScriptExecutionContext*);
+
+    ScriptExecutionContext* m_context;
 };
 
 } // namespace WebCore

Modified: branches/chromium/1025/Source/WebCore/bindings/v8/V8WindowErrorHandler.cpp (108090 => 108091)


--- branches/chromium/1025/Source/WebCore/bindings/v8/V8WindowErrorHandler.cpp	2012-02-17 18:09:49 UTC (rev 108090)
+++ branches/chromium/1025/Source/WebCore/bindings/v8/V8WindowErrorHandler.cpp	2012-02-17 18:17:34 UTC (rev 108091)
@@ -58,7 +58,7 @@
         v8::Handle<v8::Value> parameters[3] = { v8String(errorEvent->message()), v8String(errorEvent->filename()), v8::Integer::New(errorEvent->lineno()) };
         v8::TryCatch tryCatch;
         tryCatch.SetVerbose(true);
-        returnValue = V8Proxy::instrumentedCallFunction(0 /* page */, callFunction, thisValue, 3, parameters);
+        returnValue = V8Proxy::instrumentedCallFunction(0 /* frame */, callFunction, thisValue, 3, parameters);
     }
     return returnValue;
 }

Modified: branches/chromium/1025/Source/WebCore/bindings/v8/custom/V8CustomVoidCallback.cpp (108090 => 108091)


--- branches/chromium/1025/Source/WebCore/bindings/v8/custom/V8CustomVoidCallback.cpp	2012-02-17 18:09:49 UTC (rev 108090)
+++ branches/chromium/1025/Source/WebCore/bindings/v8/custom/V8CustomVoidCallback.cpp	2012-02-17 18:17:34 UTC (rev 108091)
@@ -83,8 +83,8 @@
 
     v8::Handle<v8::Object> thisObject = v8::Context::GetCurrent()->Global();
 
-    Page* page = scriptExecutionContext && scriptExecutionContext->isDocument() ? static_cast<Document*>(scriptExecutionContext)->page() : 0;
-    v8::Handle<v8::Value> result = V8Proxy::instrumentedCallFunction(page, callbackFunction, thisObject, argc, argv);
+    Frame* frame = scriptExecutionContext && scriptExecutionContext->isDocument() ? static_cast<Document*>(scriptExecutionContext)->frame() : 0;
+    v8::Handle<v8::Value> result = V8Proxy::instrumentedCallFunction(frame, callbackFunction, thisObject, argc, argv);
 
     callbackReturnValue = !result.IsEmpty() && result->BooleanValue();
     return exceptionCatcher.HasCaught();

Modified: branches/chromium/1025/Source/WebCore/bindings/v8/custom/V8CustomXPathNSResolver.cpp (108090 => 108091)


--- branches/chromium/1025/Source/WebCore/bindings/v8/custom/V8CustomXPathNSResolver.cpp	2012-02-17 18:09:49 UTC (rev 108090)
+++ branches/chromium/1025/Source/WebCore/bindings/v8/custom/V8CustomXPathNSResolver.cpp	2012-02-17 18:17:34 UTC (rev 108091)
@@ -79,7 +79,7 @@
     v8::Handle<v8::Value> argv[argc] = { v8String(prefix) };
     v8::Handle<v8::Function> function = lookupNamespaceURIFunc.IsEmpty() ? v8::Handle<v8::Function>::Cast(m_resolver) : lookupNamespaceURIFunc;
 
-    v8::Handle<v8::Value> retval = V8Proxy::instrumentedCallFunction(0 /* page */, function, m_resolver, argc, argv);
+    v8::Handle<v8::Value> retval = V8Proxy::instrumentedCallFunction(0 /* frame */, function, m_resolver, argc, argv);
 
     // Eat exceptions from namespace resolver and return an empty string. This will most likely cause NAMESPACE_ERR.
     if (try_catch.HasCaught())

Modified: branches/chromium/1025/Source/WebCore/dom/WebKitMutationObserver.cpp (108090 => 108091)


--- branches/chromium/1025/Source/WebCore/dom/WebKitMutationObserver.cpp	2012-02-17 18:09:49 UTC (rev 108090)
+++ branches/chromium/1025/Source/WebCore/dom/WebKitMutationObserver.cpp	2012-02-17 18:17:34 UTC (rev 108091)
@@ -41,6 +41,7 @@
 #include "MutationRecord.h"
 #include "Node.h"
 #include <wtf/ListHashSet.h>
+#include <wtf/MainThread.h>
 
 namespace WebCore {
 
@@ -115,6 +116,7 @@
 
 void WebKitMutationObserver::enqueueMutationRecord(PassRefPtr<MutationRecord> mutation)
 {
+    ASSERT(isMainThread());
     m_records.append(mutation);
     activeMutationObservers().add(this);
 }
@@ -132,6 +134,7 @@
 
 void WebKitMutationObserver::deliverAllMutations()
 {
+    ASSERT(isMainThread());
     static bool deliveryInProgress = false;
     if (deliveryInProgress)
         return;

Modified: branches/chromium/1025/Source/WebKit/chromium/src/WebDevToolsFrontendImpl.cpp (108090 => 108091)


--- branches/chromium/1025/Source/WebKit/chromium/src/WebDevToolsFrontendImpl.cpp	2012-02-17 18:09:49 UTC (rev 108090)
+++ branches/chromium/1025/Source/WebKit/chromium/src/WebDevToolsFrontendImpl.cpp	2012-02-17 18:17:34 UTC (rev 108091)
@@ -123,7 +123,7 @@
     args.append(ToV8String(message));
     v8::TryCatch tryCatch;
     tryCatch.SetVerbose(true);
-    V8Proxy::instrumentedCallFunction(frame->frame()->page(), function, inspectorBackend, args.size(), args.data());
+    V8Proxy::instrumentedCallFunction(frame->frame(), function, inspectorBackend, args.size(), args.data());
 }
 
 } // namespace WebKit

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes

Reply via email to