Skip to content
Find file Blame History Permalink
  • ggaren@apple.com's avatar
    WebKit should be lazy-finalization-safe (esp. the DOM) v2 · 72da8116
    ggaren@apple.com authored 
    https://bugs.webkit.org/show_bug.cgi?id=87581

Reviewed by Oliver Hunt.

../JavaScriptCore: 

* heap/MarkedBlock.cpp:
(JSC::MarkedBlock::callDestructor):
* heap/WeakBlock.h:
* heap/WeakSetInlines.h:
(JSC::WeakBlock::finalize): Since we don't guarantee destruction order,
it's not valid to access GC pointers like the Structure pointer during
finalization. We NULL out the structure pointer in debug builds to try
to make this programming mistake more obvious.

* API/JSCallbackConstructor.cpp:
(JSC::JSCallbackConstructor::destroy):
* API/JSCallbackObject.cpp:
(JSC::::destroy):
(JSC::JSCallbackObjectData::finalize):
* runtime/Arguments.cpp:
(JSC::Arguments::destroy):
* runtime/DateInstance.cpp:
(JSC::DateInstance::destroy):
* runtime/Error.cpp:
(JSC::StrictModeTypeErrorFunction::destroy):
* runtime/Executable.cpp:
(JSC::ExecutableBase::destroy):
(JSC::NativeExecutable::destroy):
(JSC::ScriptExecutable::destroy):
(JSC::EvalExecutable::destroy):
(JSC::ProgramExecutable::destroy):
(JSC::FunctionExecutable::destroy):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::destroy):
* runtime/JSPropertyNameIterator.cpp:
(JSC::JSPropertyNameIterator::destroy):
* runtime/JSStaticScopeObject.cpp:
(JSC::JSStaticScopeObject::destroy):
* runtime/JSString.cpp:
(JSC::JSString::destroy):
* runtime/JSVariableObject.cpp:
(JSC::JSVariableObject::destroy):
* runtime/NameInstance.cpp:
(JSC::NameInstance::destroy):
* runtime/RegExp.cpp:
(JSC::RegExp::destroy):
* runtime/RegExpConstructor.cpp:
(JSC::RegExpConstructor::destroy):
* runtime/Structure.cpp:
(JSC::Structure::destroy):
* runtime/StructureChain.cpp:
(JSC::StructureChain::destroy): Use static_cast instead of jsCast because
jsCast does Structure-based validation, and our Structure is not guaranteed
to be alive when we get finalized.

../WebCore: 

* bindings/js/JSDOMGlobalObject.cpp:
(WebCore::JSDOMGlobalObject::destroy):
* bindings/js/JSDOMWindowBase.cpp:
(WebCore::JSDOMWindowBase::destroy):
* bindings/js/JSDOMWindowShell.cpp:
(WebCore::JSDOMWindowShell::destroy):
* bindings/js/JSNodeCustom.cpp:
(WebCore::JSNodeOwner::finalize):
* bindings/js/JSWorkerContextBase.cpp:
(WebCore::JSWorkerContextBase::destroy):
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateImplementation):
* bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
(WebCore::JSTestActiveDOMObject::destroy):
(WebCore::JSTestActiveDOMObjectOwner::finalize):
* bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
(WebCore::JSTestCustomNamedGetter::destroy):
(WebCore::JSTestCustomNamedGetterOwner::finalize):
* bindings/scripts/test/JS/JSTestEventConstructor.cpp:
(WebCore::JSTestEventConstructor::destroy):
(WebCore::JSTestEventConstructorOwner::finalize):
* bindings/scripts/test/JS/JSTestEventTarget.cpp:
(WebCore::JSTestEventTarget::destroy):
(WebCore::JSTestEventTargetOwner::finalize):
* bindings/scripts/test/JS/JSTestException.cpp:
(WebCore::JSTestException::destroy):
(WebCore::JSTestExceptionOwner::finalize):
* bindings/scripts/test/JS/JSTestInterface.cpp:
(WebCore::JSTestInterface::destroy):
(WebCore::JSTestInterfaceOwner::finalize):
* bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
(WebCore::JSTestMediaQueryListListener::destroy):
(WebCore::JSTestMediaQueryListListenerOwner::finalize):
* bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
(WebCore::JSTestNamedConstructor::destroy):
(WebCore::JSTestNamedConstructorOwner::finalize):
* bindings/scripts/test/JS/JSTestObj.cpp:
(WebCore::JSTestObj::destroy):
(WebCore::JSTestObjOwner::finalize):
* bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
(WebCore::JSTestSerializedScriptValueInterface::destroy):
(WebCore::JSTestSerializedScriptValueInterfaceOwner::finalize):
* bridge/objc/objc_runtime.mm:
(JSC::Bindings::ObjcFallbackObjectImp::destroy):
* bridge/qt/qt_runtime.cpp:
(JSC::Bindings::QtRuntimeMethod::destroy):
* bridge/qt/qt_runtime_qt4.cpp:
(JSC::Bindings::QtRuntimeMethod::destroy):
* bridge/runtime_array.cpp:
(JSC::RuntimeArray::destroy):
* bridge/runtime_method.cpp:
(JSC::RuntimeMethod::destroy):
* bridge/runtime_object.cpp:
(JSC::Bindings::RuntimeObject::destroy):
* bridge/runtime_root.cpp:
(JSC::Bindings::RootObject::finalize): Use static_cast instead of jsCast because
jsCast does Structure-based validation, and our Structure is not guaranteed
to be alive when we get finalized.

../WebKit2: 

* WebProcess/Plugins/Netscape/JSNPObject.cpp:
(WebKit::JSNPObject::destroy):
(WebKit::JSNPObject::leakNPObject):
* WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:
(WebKit::NPRuntimeObjectMap::finalize): Use static_cast instead of jsCast because
jsCast does Structure-based validation, and our Structure is not guaranteed
to be alive when we get finalized.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@118616 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    72da8116