Diff
Modified: branches/safari-600.1.4.15-branch/Source/_javascript_Core/API/JSWrapperMap.mm (180701 => 180702)
--- branches/safari-600.1.4.15-branch/Source/_javascript_Core/API/JSWrapperMap.mm 2015-02-26 22:24:37 UTC (rev 180701)
+++ branches/safari-600.1.4.15-branch/Source/_javascript_Core/API/JSWrapperMap.mm 2015-02-26 22:25:31 UTC (rev 180702)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013 Apple Inc. All rights reserved.
+ * Copyright (C) 2013-2015 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -363,15 +363,16 @@
JSC::Weak<JSC::JSObject> m_constructor;
}
-- (id)initWithContext:(JSContext *)context forClass:(Class)cls superClassInfo:(JSObjCClassInfo*)superClassInfo;
+- (id)initWithContext:(JSContext *)context forClass:(Class)cls;
- (JSValue *)wrapperForObject:(id)object;
- (JSValue *)constructor;
+- (JSC::JSObject *)prototype;
@end
@implementation JSObjCClassInfo
-- (id)initWithContext:(JSContext *)context forClass:(Class)cls superClassInfo:(JSObjCClassInfo*)superClassInfo
+- (id)initWithContext:(JSContext *)context forClass:(Class)cls
{
self = [super init];
if (!self)
@@ -386,8 +387,6 @@
definition.className = className;
m_classRef = JSClassCreate(&definition);
- [self allocateConstructorAndPrototypeWithSuperClassInfo:superClassInfo];
-
return self;
}
@@ -449,8 +448,12 @@
return constructorWithCustomBrand(context, [NSString stringWithFormat:@"%sConstructor", className], cls);
}
-- (void)allocateConstructorAndPrototypeWithSuperClassInfo:(JSObjCClassInfo*)superClassInfo
+typedef std::pair<JSC::JSObject*, JSC::JSObject*> ConstructorPrototypePair;
+
+- (ConstructorPrototypePair)allocateConstructorAndPrototype
{
+ JSObjCClassInfo* superClassInfo = [m_context.wrapperMap classInfoForClass:class_getSuperclass(m_class)];
+
ASSERT(!m_constructor || !m_prototype);
ASSERT((m_class == [NSObject class]) == !superClassInfo);
if (!superClassInfo) {
@@ -464,11 +467,6 @@
m_prototype = toJS(JSValueToObject(cContext, valueInternalValue(prototype), 0));
}
} else {
- // We need to hold a reference to the superclass prototype here on the stack
- // to that it won't get GC'ed while we do allocations between now and when we
- // set it in this class' prototype below.
- JSC::JSObject* superClassPrototype = superClassInfo->m_prototype.get();
-
const char* className = class_getName(m_class);
// Create or grab the prototype/constructor pair.
@@ -498,17 +496,12 @@
});
// Set [Prototype].
+ JSC::JSObject* superClassPrototype = [superClassInfo prototype];
JSObjectSetPrototype([m_context JSGlobalContextRef], toRef(m_prototype.get()), toRef(superClassPrototype));
}
+ return ConstructorPrototypePair(m_constructor.get(), m_prototype.get());
}
-- (void)reallocateConstructorAndOrPrototype
-{
- [self allocateConstructorAndPrototypeWithSuperClassInfo:[m_context.wrapperMap classInfoForClass:class_getSuperclass(m_class)]];
- // We should not add any code here that can trigger a GC or the prototype and
- // constructor that we just created may be collected before they can be used.
-}
-
- (JSValue *)wrapperForObject:(id)object
{
ASSERT([object isKindOfClass:m_class]);
@@ -523,12 +516,7 @@
}
}
- if (!m_prototype)
- [self reallocateConstructorAndOrPrototype];
- ASSERT(!!m_prototype);
- // We need to hold a reference to the prototype here on the stack to that it won't
- // get GC'ed while we create the wrapper below.
- JSC::JSObject* prototype = m_prototype.get();
+ JSC::JSObject* prototype = [self prototype];
JSObjectRef wrapper = makeWrapper([m_context JSGlobalContextRef], m_classRef, object);
JSObjectSetPrototype([m_context JSGlobalContextRef], wrapper, toRef(prototype));
@@ -537,15 +525,22 @@
- (JSValue *)constructor
{
- if (!m_constructor)
- [self reallocateConstructorAndOrPrototype];
- ASSERT(!!m_constructor);
- // If we need to add any code here in the future that can trigger a GC, we should
- // cache the constructor pointer in a stack local var first so that it is protected
- // from the GC until it gets used below.
- return [JSValue valueWithJSValueRef:toRef(m_constructor.get()) inContext:m_context];
+ JSC::JSObject* constructor = m_constructor.get();
+ if (!constructor)
+ constructor = [self allocateConstructorAndPrototype].first;
+ ASSERT(!!constructor);
+ return [JSValue valueWithJSValueRef:toRef(constructor) inContext:m_context];
}
+- (JSC::JSObject*)prototype
+{
+ JSC::JSObject* prototype = m_prototype.get();
+ if (!prototype)
+ prototype = [self allocateConstructorAndPrototype].second;
+ ASSERT(!!prototype);
+ return prototype;
+}
+
@end
@implementation JSWrapperMap {
@@ -590,7 +585,7 @@
if ('_' == *class_getName(cls))
return m_classMap[cls] = [self classInfoForClass:class_getSuperclass(cls)];
- return m_classMap[cls] = [[[JSObjCClassInfo alloc] initWithContext:m_context forClass:cls superClassInfo:[self classInfoForClass:class_getSuperclass(cls)]] autorelease];
+ return m_classMap[cls] = [[[JSObjCClassInfo alloc] initWithContext:m_context forClass:cls] autorelease];
}
- (JSValue *)jsWrapperForObject:(id)object
Copied: branches/safari-600.1.4.15-branch/Source/_javascript_Core/API/tests/Regress141809.h (from rev 180452, trunk/Source/_javascript_Core/API/tests/Regress141809.h) (0 => 180702)
--- branches/safari-600.1.4.15-branch/Source/_javascript_Core/API/tests/Regress141809.h (rev 0)
+++ branches/safari-600.1.4.15-branch/Source/_javascript_Core/API/tests/Regress141809.h 2015-02-26 22:25:31 UTC (rev 180702)
@@ -0,0 +1,34 @@
+/*
+ * Copyright (C) 2015 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#import <Foundation/Foundation.h>
+#import <_javascript_Core/_javascript_Core.h>
+
+#if JSC_OBJC_API_ENABLED
+
+void runRegress141809();
+
+#endif // JSC_OBJC_API_ENABLED
+
Copied: branches/safari-600.1.4.15-branch/Source/_javascript_Core/API/tests/Regress141809.mm (from rev 180452, trunk/Source/_javascript_Core/API/tests/Regress141809.mm) (0 => 180702)
--- branches/safari-600.1.4.15-branch/Source/_javascript_Core/API/tests/Regress141809.mm (rev 0)
+++ branches/safari-600.1.4.15-branch/Source/_javascript_Core/API/tests/Regress141809.mm 2015-02-26 22:25:31 UTC (rev 180702)
@@ -0,0 +1,134 @@
+/*
+ * Copyright (C) 2015 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#import "config.h"
+#import "Regress141809.h"
+
+#import <objc/objc.h>
+#import <objc/runtime.h>
+
+#if JSC_OBJC_API_ENABLED
+
+extern "C" void checkResult(NSString *description, bool passed);
+extern "C" void JSSynchronousGarbageCollectForDebugging(JSContextRef);
+
+@protocol TestClassAExports <JSExport>
+@end
+
+@interface TestClassA : NSObject<TestClassAExports>
+@end
+
+@implementation TestClassA
+@end
+
+@protocol TestClassBExports <JSExport>
+- (NSString *)name;
+@end
+
+@interface TestClassB : TestClassA <TestClassBExports>
+@end
+
+@implementation TestClassB
+- (NSString *)name
+{
+ return @"B";
+}
+@end
+
+@protocol TestClassCExports <JSExport>
+- (NSString *)name;
+@end
+
+@interface TestClassC : TestClassB <TestClassCExports>
+@end
+
+@implementation TestClassC
+- (NSString *)name
+{
+ return @"C";
+}
+@end
+
+void runRegress141809()
+{
+ // Test that the ObjC API can correctly re-construct the synthesized
+ // prototype and constructor of JS exported ObjC classes.
+ // See <https://webkit.org/b/141809>
+ @autoreleasepool {
+ JSContext *context = [[JSContext alloc] init];
+ context[@"print"] = ^(NSString* str) {
+ NSLog(@"%@", str);
+ };
+
+ [context evaluateScript:@"function dumpPrototypes(obj) { \
+ var objDepth = 0; \
+ var currObj = obj; \
+ var objChain = ''; \
+ do { \
+ var propIndex = 0; \
+ var props = ''; \
+ Object.getOwnPropertyNames(currObj).forEach(function(val, idx, array) { \
+ props += ((propIndex > 0 ? ', ' : '') + val); \
+ propIndex++; \
+ }); \
+ var str = ''; \
+ if (!objDepth) \
+ str += 'obj '; \
+ else { \
+ for (i = 0; i < objDepth; i++) \
+ str += ' '; \
+ str += '--> proto '; \
+ } \
+ str += currObj; \
+ if (props) \
+ str += (' with ' + propIndex + ' props: ' + props); \
+ print(str); \
+ objChain += (str + '\\n'); \
+ objDepth++; \
+ currObj = Object.getPrototypeOf(currObj); \
+ } while (currObj); \
+ return { objDepth: objDepth, objChain: objChain }; \
+ }"];
+ JSValue* dumpPrototypes = context[@"dumpPrototypes"];
+
+ JSValue* resultBeforeGC = nil;
+ @autoreleasepool {
+ TestClassC* obj = [[TestClassC alloc] init];
+ resultBeforeGC = [dumpPrototypes callWithArguments:@[obj]];
+ }
+
+ JSSynchronousGarbageCollectForDebugging([context JSGlobalContextRef]);
+
+ @autoreleasepool {
+ TestClassC* obj = [[TestClassC alloc] init];
+ JSValue* resultAfterGC = [dumpPrototypes callWithArguments:@[obj]];
+ checkResult(@"object and prototype chain depth is 5 deep", [resultAfterGC[@"objDepth"] toInt32] == 5);
+ checkResult(@"object and prototype chain depth before and after GC matches", [resultAfterGC[@"objDepth"] toInt32] == [resultBeforeGC[@"objDepth"] toInt32]);
+ checkResult(@"object and prototype chain before and after GC matches", [[resultAfterGC[@"objChain"] toString] isEqualToString:[resultBeforeGC[@"objChain"] toString]]);
+ }
+ }
+}
+
+#endif // JSC_OBJC_API_ENABLED
Modified: branches/safari-600.1.4.15-branch/Source/_javascript_Core/API/tests/testapi.mm (180701 => 180702)
--- branches/safari-600.1.4.15-branch/Source/_javascript_Core/API/tests/testapi.mm 2015-02-26 22:24:37 UTC (rev 180701)
+++ branches/safari-600.1.4.15-branch/Source/_javascript_Core/API/tests/testapi.mm 2015-02-26 22:25:31 UTC (rev 180702)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013 Apple Inc. All rights reserved.
+ * Copyright (C) 2013-2015 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -28,6 +28,7 @@
#import "CurrentThisInsideBlockGetterTest.h"
#import "DateTests.h"
#import "JSExportTests.h"
+#import "Regress141809.h"
#import <pthread.h>
@@ -1385,6 +1386,7 @@
currentThisInsideBlockGetterTest();
runDateTests();
runJSExportTests();
+ runRegress141809();
}
#else
Modified: branches/safari-600.1.4.15-branch/Source/_javascript_Core/ChangeLog (180701 => 180702)
--- branches/safari-600.1.4.15-branch/Source/_javascript_Core/ChangeLog 2015-02-26 22:24:37 UTC (rev 180701)
+++ branches/safari-600.1.4.15-branch/Source/_javascript_Core/ChangeLog 2015-02-26 22:25:31 UTC (rev 180702)
@@ -1,3 +1,62 @@
+2015-02-26 Lucas Forschler <[email protected]>
+
+ Merge r180452
+
+ 2015-02-20 Mark Lam <[email protected]>
+
+ [JSObjCClassInfo reallocateConstructorAndOrPrototype] should also reallocate super class prototype chain.
+ <https://webkit.org/b/141809>
+
+ Reviewed by Geoffrey Garen.
+
+ A ObjC class that implement the JSExport protocol will have a JS prototype
+ chain and constructor automatically synthesized for its JS wrapper object.
+ However, if there are no more instances of that ObjC class reachable by a
+ JS GC root scan, then its synthesized prototype chain and constructors may
+ be released by the GC. If a new instance of that ObjC class is subsequently
+ instantiated, then [JSObjCClassInfo reallocateConstructorAndOrPrototype]
+ should re-construct the prototype chain and constructor (if they were
+ previously released). However, the current implementation only
+ re-constructs the immediate prototype, but not every other prototype
+ object upstream in the prototype chain.
+
+ To fix this, we do the following:
+ 1. We no longer allocate the JSObjCClassInfo's prototype and constructor
+ eagerly. Hence, -initWithContext:forClass: will no longer call
+ -allocateConstructorAndPrototypeWithSuperClassInfo:.
+ 2. Instead, we'll always access the prototype and constructor thru
+ accessor methods. The accessor methods will call
+ -allocateConstructorAndPrototype: if needed.
+ 3. -allocateConstructorAndPrototype: will fetch the needed superClassInfo
+ from the JSWrapperMap itself. This makes it so that we no longer
+ need to pass the superClassInfo all over.
+ 4. -allocateConstructorAndPrototype: will get the super class prototype
+ by invoking -prototype: on the superClassInfo, thereby allowing the
+ super class to allocate its prototype and constructor if needed and
+ fixing the issue in this bug.
+
+ 5. Also removed the GC warning comments, and ensured that needed JS
+ objects are kept alive by having a local var pointing to it from the
+ stack (which makes a GC root).
+
+ * API/JSWrapperMap.mm:
+ (-[JSObjCClassInfo initWithContext:forClass:]):
+ (-[JSObjCClassInfo allocateConstructorAndPrototype]):
+ (-[JSObjCClassInfo wrapperForObject:]):
+ (-[JSObjCClassInfo constructor]):
+ (-[JSObjCClassInfo prototype]):
+ (-[JSWrapperMap classInfoForClass:]):
+ (-[JSObjCClassInfo initWithContext:forClass:superClassInfo:]): Deleted.
+ (-[JSObjCClassInfo allocateConstructorAndPrototypeWithSuperClassInfo:]): Deleted.
+ (-[JSObjCClassInfo reallocateConstructorAndOrPrototype]): Deleted.
+ * API/tests/Regress141809.h: Added.
+ * API/tests/Regress141809.mm: Added.
+ (-[TestClassB name]):
+ (-[TestClassC name]):
+ (runRegress141809):
+ * API/tests/testapi.mm:
+ * _javascript_Core.xcodeproj/project.pbxproj:
+
2015-02-25 Babak Shafiei <[email protected]>
Merge patch for r180247 and r180249.
Modified: branches/safari-600.1.4.15-branch/Source/_javascript_Core/_javascript_Core.xcodeproj/project.pbxproj (180701 => 180702)
--- branches/safari-600.1.4.15-branch/Source/_javascript_Core/_javascript_Core.xcodeproj/project.pbxproj 2015-02-26 22:24:37 UTC (rev 180701)
+++ branches/safari-600.1.4.15-branch/Source/_javascript_Core/_javascript_Core.xcodeproj/project.pbxproj 2015-02-26 22:25:31 UTC (rev 180702)
@@ -1718,6 +1718,7 @@
FE5932A8183C5A2600A1ECCC /* VMEntryScope.h in Headers */ = {isa = PBXBuildFile; fileRef = FE5932A6183C5A2600A1ECCC /* VMEntryScope.h */; settings = {ATTRIBUTES = (Private, ); }; };
FEA08620182B7A0400F6D851 /* Breakpoint.h in Headers */ = {isa = PBXBuildFile; fileRef = FEA0861E182B7A0400F6D851 /* Breakpoint.h */; settings = {ATTRIBUTES = (Private, ); }; };
FEA08621182B7A0400F6D851 /* DebuggerPrimitives.h in Headers */ = {isa = PBXBuildFile; fileRef = FEA0861F182B7A0400F6D851 /* DebuggerPrimitives.h */; settings = {ATTRIBUTES = (Private, ); }; };
+ FEB51F6C1A97B688001F921C /* Regress141809.mm in Sources */ = {isa = PBXBuildFile; fileRef = FEB51F6B1A97B688001F921C /* Regress141809.mm */; };
FEB58C14187B8B160098EF0B /* ErrorHandlingScope.cpp in Sources */ = {isa = PBXBuildFile; fileRef = FEB58C12187B8B160098EF0B /* ErrorHandlingScope.cpp */; };
FEB58C15187B8B160098EF0B /* ErrorHandlingScope.h in Headers */ = {isa = PBXBuildFile; fileRef = FEB58C13187B8B160098EF0B /* ErrorHandlingScope.h */; settings = {ATTRIBUTES = (Private, ); }; };
FED287B215EC9A5700DA8161 /* LLIntOpcode.h in Headers */ = {isa = PBXBuildFile; fileRef = FED287B115EC9A5700DA8161 /* LLIntOpcode.h */; settings = {ATTRIBUTES = (Private, ); }; };
@@ -3350,6 +3351,8 @@
FE5932A6183C5A2600A1ECCC /* VMEntryScope.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = VMEntryScope.h; sourceTree = "<group>"; };
FEA0861E182B7A0400F6D851 /* Breakpoint.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Breakpoint.h; sourceTree = "<group>"; };
FEA0861F182B7A0400F6D851 /* DebuggerPrimitives.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DebuggerPrimitives.h; sourceTree = "<group>"; };
+ FEB51F6A1A97B688001F921C /* Regress141809.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = Regress141809.h; path = API/tests/Regress141809.h; sourceTree = "<group>"; };
+ FEB51F6B1A97B688001F921C /* Regress141809.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; name = Regress141809.mm; path = API/tests/Regress141809.mm; sourceTree = "<group>"; };
FEB58C12187B8B160098EF0B /* ErrorHandlingScope.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ErrorHandlingScope.cpp; sourceTree = "<group>"; };
FEB58C13187B8B160098EF0B /* ErrorHandlingScope.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ErrorHandlingScope.h; sourceTree = "<group>"; };
FED287B115EC9A5700DA8161 /* LLIntOpcode.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = LLIntOpcode.h; path = llint/LLIntOpcode.h; sourceTree = "<group>"; };
@@ -3712,6 +3715,8 @@
C288B2DD18A54D3E007BE40B /* DateTests.mm */,
C2181FC018A948FB0025A235 /* JSExportTests.h */,
C2181FC118A948FB0025A235 /* JSExportTests.mm */,
+ FEB51F6A1A97B688001F921C /* Regress141809.h */,
+ FEB51F6B1A97B688001F921C /* Regress141809.mm */,
144005170A531CB50005F061 /* minidom */,
14BD5A2D0A3E91F600BAF59C /* testapi.c */,
14D857740A4696C80032146C /* testapi.js */,
@@ -6808,6 +6813,7 @@
buildActionMask = 2147483647;
files = (
C29ECB031804D0ED00D2CBB4 /* CurrentThisInsideBlockGetterTest.mm in Sources */,
+ FEB51F6C1A97B688001F921C /* Regress141809.mm in Sources */,
C20328201981979D0088B499 /* CustomGlobalObjectClassTest.c in Sources */,
C288B2DE18A54D3E007BE40B /* DateTests.mm in Sources */,
C2181FC218A948FB0025A235 /* JSExportTests.mm in Sources */,
