[webkit-changes] [164077] trunk/Source/JavaScriptCore

[mark . lam]

Title: [164077] trunk/Source/_javascript_Core

Revision

164077

Author

mark....@apple.com

Date

2014-02-13 17:06:53 -0800 (Thu, 13 Feb 2014)

Log Message

The JSContainerConvertor and ObjcContainerConvertor need to protect JSValueRefs.
<https://webkit.org/b/128764>

Reviewed by Mark Hahnenberg.

Added a vector of Strong<Unknown> references in the 2 containers, and append
the newly created JSValues to those vectors. This will keep all those JS objects
alive for the duration of the conversion.

* API/JSValue.mm:
(JSContainerConvertor::add):
(ObjcContainerConvertor::add):

Modified Paths

• trunk/Source/_javascript_Core/API/JSValue.mm
• trunk/Source/_javascript_Core/ChangeLog

Diff

Modified: trunk/Source/_javascript_Core/API/JSValue.mm (164076 => 164077)

--- trunk/Source/_javascript_Core/API/JSValue.mm	2014-02-14 00:35:24 UTC (rev 164076)
+++ trunk/Source/_javascript_Core/API/JSValue.mm	2014-02-14 01:06:53 UTC (rev 164077)
@@ -37,6 +37,7 @@
 #import "ObjcRuntimeExtras.h"
 #import "JSCInlines.h"
 #import "JSCJSValue.h"
+#import "Strong.h"
 #import <wtf/HashMap.h>
 #import <wtf/HashSet.h>
 #import <wtf/ObjcRuntimeExtras.h>
@@ -595,6 +596,7 @@
     JSGlobalContextRef m_context;
     HashMap<JSValueRef, id> m_objectMap;
     Vector<Task> m_worklist;
+    Vector<JSC::Strong<JSC::Unknown>> m_jsValues;
 };
 
 inline id JSContainerConvertor::convert(JSValueRef value)
@@ -611,6 +613,8 @@
 
 void JSContainerConvertor::add(Task task)
 {
+    JSC::ExecState* exec = toJS(m_context);
+    m_jsValues.append(JSC::Strong<JSC::Unknown>(exec->vm(), toJS(exec, task.js)));
     m_objectMap.add(task.js, task.objc);
     if (task.type != ContainerNone)
         m_worklist.append(task);
@@ -817,6 +821,7 @@
     JSContext *m_context;
     HashMap<id, JSValueRef> m_objectMap;
     Vector<Task> m_worklist;
+    Vector<JSC::Strong<JSC::Unknown>> m_jsValues;
 };
 
 JSValueRef ObjcContainerConvertor::convert(id object)
@@ -834,6 +839,8 @@
 
 void ObjcContainerConvertor::add(ObjcContainerConvertor::Task task)
 {
+    JSC::ExecState* exec = toJS(m_context.JSGlobalContextRef);
+    m_jsValues.append(JSC::Strong<JSC::Unknown>(exec->vm(), toJS(exec, task.js)));
     m_objectMap.add(task.objc, task.js);
     if (task.type != ContainerNone)
         m_worklist.append(task);

Modified: trunk/Source/_javascript_Core/ChangeLog (164076 => 164077)

--- trunk/Source/_javascript_Core/ChangeLog	2014-02-14 00:35:24 UTC (rev 164076)
+++ trunk/Source/_javascript_Core/ChangeLog	2014-02-14 01:06:53 UTC (rev 164077)
@@ -1,3 +1,18 @@
+2014-02-13  Mark Lam  <mark....@apple.com>
+
+        The JSContainerConvertor and ObjcContainerConvertor need to protect JSValueRefs.
+        <https://webkit.org/b/128764>
+
+        Reviewed by Mark Hahnenberg.
+
+        Added a vector of Strong<Unknown> references in the 2 containers, and append
+        the newly created JSValues to those vectors. This will keep all those JS objects
+        alive for the duration of the conversion.
+
+        * API/JSValue.mm:
+        (JSContainerConvertor::add):
+        (ObjcContainerConvertor::add):
+
 2014-02-13  Matthew Mirman  <mmir...@apple.com>
 
         Added GetMyArgumentsLength to FTL

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes