[webkit-changes] [196854] trunk/Source/WebCore

Fri, 19 Feb 2016 20:41:30 -0800

Title: [196854] trunk/Source/WebCore
Revision
196854
Author
[email protected]
Date
2016-02-19 20:41:06 -0800 (Fri, 19 Feb 2016)

Log Message

Land release assertions to help track down a possible HTMLCollection lifetime bug
https://bugs.webkit.org/show_bug.cgi?id=154490

Reviewed by Ryosuke Niwa.

Land release assertions to help track down a possible HTMLCollection
lifetime bug: <rdar://problem/24457478>.

* bindings/js/JSHTMLCollectionCustom.cpp:
(WebCore::JSHTMLCollection::getOwnPropertyNames):
* html/HTMLCollection.cpp:
(WebCore::HTMLCollection::HTMLCollection):
(WebCore::HTMLCollection::~HTMLCollection):
* html/HTMLCollection.h:
(WebCore::HTMLCollection::wasDeletionStarted):
* html/HTMLCollection.idl:

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (196853 => 196854)


--- trunk/Source/WebCore/ChangeLog	2016-02-20 04:17:12 UTC (rev 196853)
+++ trunk/Source/WebCore/ChangeLog	2016-02-20 04:41:06 UTC (rev 196854)
@@ -1,3 +1,22 @@
+2016-02-19  Chris Dumez  <[email protected]>
+
+        Land release assertions to help track down a possible HTMLCollection lifetime bug
+        https://bugs.webkit.org/show_bug.cgi?id=154490
+
+        Reviewed by Ryosuke Niwa.
+
+        Land release assertions to help track down a possible HTMLCollection
+        lifetime bug: <rdar://problem/24457478>.
+
+        * bindings/js/JSHTMLCollectionCustom.cpp:
+        (WebCore::JSHTMLCollection::getOwnPropertyNames):
+        * html/HTMLCollection.cpp:
+        (WebCore::HTMLCollection::HTMLCollection):
+        (WebCore::HTMLCollection::~HTMLCollection):
+        * html/HTMLCollection.h:
+        (WebCore::HTMLCollection::wasDeletionStarted):
+        * html/HTMLCollection.idl:
+
 2016-02-19  Doug Russell  <[email protected]>
 
         Bug 154366 - AX: AXObjectCache::visiblePositionForTextMarkerData() doesn't account for equivalent visibly equivalent positions

Modified: trunk/Source/WebCore/bindings/js/JSHTMLCollectionCustom.cpp (196853 => 196854)


--- trunk/Source/WebCore/bindings/js/JSHTMLCollectionCustom.cpp	2016-02-20 04:17:12 UTC (rev 196853)
+++ trunk/Source/WebCore/bindings/js/JSHTMLCollectionCustom.cpp	2016-02-20 04:41:06 UTC (rev 196854)
@@ -77,4 +77,23 @@
     return CREATE_DOM_WRAPPER(globalObject, HTMLCollection, collection);
 }
 
+// FIXME: These custom bindings are only needed temporarily to add release assertions in order to help
+// track down a possible lifetime issue (rdar://problem/24457478).
+void JSHTMLCollection::getOwnPropertyNames(JSObject* object, ExecState* state, PropertyNameArray& propertyNames, EnumerationMode mode)
+{
+    auto* thisObject = jsDynamicCast<JSHTMLCollection*>(object);
+    RELEASE_ASSERT_WITH_MESSAGE(thisObject, "Bad cast from JSObject to JSHTMLCollection");
+    RELEASE_ASSERT_WITH_MESSAGE(thisObject->wrapped().refCount() > 0, "Wrapped object is dead");
+    RELEASE_ASSERT_WITH_MESSAGE(!thisObject->wrapped().wasDeletionStarted(), "Wrapped object is being destroyed");
+    RELEASE_ASSERT_WITH_MESSAGE(!currentWorld(state).isNormal() || thisObject->wrapped().wrapper(), "Wrapper is dead");
+
+    for (unsigned i = 0, count = thisObject->wrapped().length(); i < count; ++i)
+        propertyNames.add(Identifier::from(state, i));
+    if (mode.includeDontEnumProperties()) {
+        for (auto& propertyName : thisObject->wrapped().supportedPropertyNames())
+            propertyNames.add(Identifier::fromString(state, propertyName));
+    }
+    Base::getOwnPropertyNames(thisObject, state, propertyNames, mode);
+}
+
 } // namespace WebCore

Modified: trunk/Source/WebCore/html/HTMLCollection.cpp (196853 => 196854)


--- trunk/Source/WebCore/html/HTMLCollection.cpp	2016-02-20 04:17:12 UTC (rev 196853)
+++ trunk/Source/WebCore/html/HTMLCollection.cpp	2016-02-20 04:41:06 UTC (rev 196854)
@@ -109,6 +109,7 @@
     , m_collectionType(type)
     , m_invalidationType(invalidationTypeExcludingIdAndNameAttributes(type))
     , m_rootType(rootTypeFromCollectionType(type))
+    , m_wasDeletionStarted(false)
 {
     ASSERT(m_rootType == static_cast<unsigned>(rootTypeFromCollectionType(type)));
     ASSERT(m_invalidationType == static_cast<unsigned>(invalidationTypeExcludingIdAndNameAttributes(type)));
@@ -117,6 +118,8 @@
 
 HTMLCollection::~HTMLCollection()
 {
+    m_wasDeletionStarted = true;
+
     if (hasNamedElementCache())
         document().collectionWillClearIdNameMap(*this);

Modified: trunk/Source/WebCore/html/HTMLCollection.h (196853 => 196854)


--- trunk/Source/WebCore/html/HTMLCollection.h	2016-02-20 04:17:12 UTC (rev 196853)
+++ trunk/Source/WebCore/html/HTMLCollection.h	2016-02-20 04:41:06 UTC (rev 196854)
@@ -85,6 +85,8 @@
 
     bool hasNamedElementCache() const;
 
+    bool wasDeletionStarted() { return m_wasDeletionStarted; }
+
 protected:
     HTMLCollection(ContainerNode& base, CollectionType);
 
@@ -108,6 +110,8 @@
     const unsigned m_collectionType : 5;
     const unsigned m_invalidationType : 4;
     const unsigned m_rootType : 1;
+    // FIXME: This flag is here temporarily to help track down a possible lifetime issue (rdar://problem/24457478).
+    unsigned m_wasDeletionStarted : 1;
 };
 
 inline ContainerNode& HTMLCollection::rootNode() const

Modified: trunk/Source/WebCore/html/HTMLCollection.idl (196853 => 196854)


--- trunk/Source/WebCore/html/HTMLCollection.idl	2016-02-20 04:17:12 UTC (rev 196853)
+++ trunk/Source/WebCore/html/HTMLCollection.idl	2016-02-20 04:41:06 UTC (rev 196854)
@@ -23,6 +23,7 @@
     GenerateIsReachable=ImplOwnerNodeRoot,
     ObjCPolymorphic,
     ReportExtraMemoryCost,
+    CustomEnumerateProperty
 ] interface HTMLCollection {
     readonly attribute unsigned long length;
 

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to