Title: [127977] trunk/Source/WebCore
- Revision
- 127977
- Author
- [email protected]
- Date
- 2012-09-09 00:27:40 -0700 (Sun, 09 Sep 2012)
Log Message
[V8] V8DOMWindowShell does not need to be RefCounted
https://bugs.webkit.org/show_bug.cgi?id=96192
Reviewed by Kentaro Hara.
V8DOMWindowShell holds a raw Frame pointer, which would point to
unallocated memory if any object that wasn't owned by the frame took a
reference to a V8DOMWindowShell. Thankfully, the only object that takes
a reference to the V8DOMWindowShell is ScriptController, which is owned
by the Frame.
This patch stops V8DOMWindowShell from being RefCounted so that no
other objects are tempted to take a reference to it in the future.
* bindings/v8/ScriptController.h:
(ScriptController):
* bindings/v8/V8DOMWindowShell.cpp:
(WebCore::V8DOMWindowShell::create):
* bindings/v8/V8DOMWindowShell.h:
(V8DOMWindowShell):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (127976 => 127977)
--- trunk/Source/WebCore/ChangeLog 2012-09-09 06:48:14 UTC (rev 127976)
+++ trunk/Source/WebCore/ChangeLog 2012-09-09 07:27:40 UTC (rev 127977)
@@ -1,3 +1,26 @@
+2012-09-09 Adam Barth <[email protected]>
+
+ [V8] V8DOMWindowShell does not need to be RefCounted
+ https://bugs.webkit.org/show_bug.cgi?id=96192
+
+ Reviewed by Kentaro Hara.
+
+ V8DOMWindowShell holds a raw Frame pointer, which would point to
+ unallocated memory if any object that wasn't owned by the frame took a
+ reference to a V8DOMWindowShell. Thankfully, the only object that takes
+ a reference to the V8DOMWindowShell is ScriptController, which is owned
+ by the Frame.
+
+ This patch stops V8DOMWindowShell from being RefCounted so that no
+ other objects are tempted to take a reference to it in the future.
+
+ * bindings/v8/ScriptController.h:
+ (ScriptController):
+ * bindings/v8/V8DOMWindowShell.cpp:
+ (WebCore::V8DOMWindowShell::create):
+ * bindings/v8/V8DOMWindowShell.h:
+ (V8DOMWindowShell):
+
2012-09-08 Adam Barth <[email protected]>
[V8] unsafeHandleToCurrentWorldContext doesn't need to exist
Modified: trunk/Source/WebCore/bindings/v8/ScriptController.h (127976 => 127977)
--- trunk/Source/WebCore/bindings/v8/ScriptController.h 2012-09-09 06:48:14 UTC (rev 127976)
+++ trunk/Source/WebCore/bindings/v8/ScriptController.h 2012-09-09 07:27:40 UTC (rev 127977)
@@ -223,7 +223,7 @@
const String* m_sourceURL;
// For the moment, we have one of these. Soon we will have one per DOMWrapperWorld.
- RefPtr<V8DOMWindowShell> m_windowShell;
+ OwnPtr<V8DOMWindowShell> m_windowShell;
// The isolated worlds we are tracking for this frame. We hold them alive
// here so that they can be used again by future calls to
Modified: trunk/Source/WebCore/bindings/v8/V8DOMWindowShell.cpp (127976 => 127977)
--- trunk/Source/WebCore/bindings/v8/V8DOMWindowShell.cpp 2012-09-09 06:48:14 UTC (rev 127976)
+++ trunk/Source/WebCore/bindings/v8/V8DOMWindowShell.cpp 2012-09-09 07:27:40 UTC (rev 127977)
@@ -170,9 +170,9 @@
ASSERT(!document->isHTMLDocument() || (V8Document::toNative(v8::Handle<v8::Object>::Cast(wrapper->GetPrototype())) == document));
}
-PassRefPtr<V8DOMWindowShell> V8DOMWindowShell::create(Frame* frame)
+PassOwnPtr<V8DOMWindowShell> V8DOMWindowShell::create(Frame* frame)
{
- return adoptRef(new V8DOMWindowShell(frame));
+ return adoptPtr(new V8DOMWindowShell(frame));
}
V8DOMWindowShell::V8DOMWindowShell(Frame* frame)
Modified: trunk/Source/WebCore/bindings/v8/V8DOMWindowShell.h (127976 => 127977)
--- trunk/Source/WebCore/bindings/v8/V8DOMWindowShell.h 2012-09-09 06:48:14 UTC (rev 127976)
+++ trunk/Source/WebCore/bindings/v8/V8DOMWindowShell.h 2012-09-09 07:27:40 UTC (rev 127977)
@@ -49,9 +49,9 @@
// V8WindowShell represents all the per-global object state for a Frame that
// persist between navigations.
-class V8DOMWindowShell : public RefCounted<V8DOMWindowShell> {
+class V8DOMWindowShell {
public:
- static PassRefPtr<V8DOMWindowShell> create(Frame*);
+ static PassOwnPtr<V8DOMWindowShell> create(Frame*);
v8::Persistent<v8::Context> context() const { return m_context.get(); }
@@ -81,7 +81,7 @@
V8PerContextData* perContextData() { return m_perContextData.get(); }
private:
- V8DOMWindowShell(Frame*);
+ explicit V8DOMWindowShell(Frame*);
void disposeContext();
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes
