-
ap@webkit.org authored
https://bugs.webkit.org/show_bug.cgi?id=21609 Make MessagePorts protect their peers across heaps JavaScriptCore: * JavaScriptCore.exp: * kjs/JSGlobalObject.cpp: (JSC::JSGlobalObject::markCrossHeapDependentObjects): * kjs/JSGlobalObject.h: * kjs/collector.cpp: (JSC::Heap::collect): Before GC sweep phase, a function supplied by global object is now called for all global objects in the heap, making it possible to implement cross-heap dependencies. WebCore: * dom/MessagePort.cpp: (WebCore::MessagePort::MessagePort): * dom/MessagePort.h: (WebCore::MessagePort::setJSWrapperIsKnownToBeInaccessible): (WebCore::MessagePort::jsWrapperIsKnownToBeInaccessible): Track objects whose JS wrappers are no longer reachable in MessagePort. Unfortunately, this means that the implementation object knows about JS bindings - but it is not possible to access JS wrappers from another heap/thread. * bindings/js/JSDOMBinding.cpp: (WebCore::markCrossHeapDependentObjectsForDocument): * bindings/js/JSDOMBinding.h: * bindings/js/JSDOMWindowBase.cpp: (WebCore::JSDOMWindowBase::markCrossHeapDependentObjects): * bindings/js/JSDOMWindowBase.h: Implement cross-heap dependency tracking for entangled MessagePorts. If a wrapper object hasn't been marked normally, it is marked as inaccessible. It is then marked manually, as long as its entangled port is accessible itself. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@37631 268f45cc-cd09-0410-ab3c-d52691b4dbfc
a89bd1e2