-
ggaren authored
Reviewed by Maciej, Eric. - WebCore half of fix for <rdar://problem/4176077> CrashTracer: 6569 crashes in DashboardClient at com.apple.JavaScriptCore: KJS::Bindings::ObjcFallbackObjectImp::type() WebCore and JavaScriptCore weren't sharing Instance objects very nicely. I made them use RefPtrs, and sent them to bed without dessert. * bindings/jni/jni_instance.cpp: Made _instance a RefPtr (JavaInstance::~JavaInstance): (JObjectWrapper::JObjectWrapper): * bindings/jni/jni_instance.h: (KJS::Bindings::JObjectWrapper::ref): (KJS::Bindings::JObjectWrapper::deref): * bindings/jni/jni_runtime.cpp: Made _array a RefPtr (JavaArray::~JavaArray): (JavaArray::JavaArray): * bindings/jni/jni_runtime.h: (KJS::Bindings::JavaArray::operator=): * bindings/objc/objc_runtime.h: - Prohibited copying because that would muss the ref count. - Prohibited construction without instance because an instance wrapper without an instance is almost certainly a bug. * bindings/objc/objc_runtime.mm: (ObjcFallbackObjectImp::ObjcFallbackObjectImp): * bindings/runtime.cpp: (KJS::Bindings::Instance::Instance): (KJS::Bindings::Instance::createBindingForLanguageInstance): (KJS::Bindings::Instance::createRuntimeObject): * bindings/runtime.h: (KJS::Bindings::Instance::ref): (KJS::Bindings::Instance::deref): * bindings/runtime_object.cpp: (RuntimeObjectImp::RuntimeObjectImp): (RuntimeObjectImp::fallbackObjectGetter): (RuntimeObjectImp::fieldGetter): (RuntimeObjectImp::methodGetter): (RuntimeObjectImp::getOwnPropertySlot): (RuntimeObjectImp::put): (RuntimeObjectImp::canPut): * bindings/runtime_object.h: - Removed ownsInstance data member because RefPtr takes care of instance lifetime now. - Prohibited copying because that would muss the ref count. - Prohibited construction without instance because an instance wrapper without an instance is almost certainly a bug. (KJS::RuntimeObjectImp::getInternalInstance): LayoutTests: Reviewed by Eric. - Layout test for <rdar://problem/4176077> CrashTracer: 6569 crashes in DashboardClient at com.apple.JavaScriptCore: KJS::Bindings::ObjcFallbackObjectImp::type() * plugins: Added. * plugins/undefined-property-crash-expected.txt: Added. * plugins/undefined-property-crash.html: Added. WebCore: Reviewed by Maciej, Eric. - WebCore half of fix for <rdar://problem/4176077> CrashTracer: 6569 crashes in DashboardClient at com.apple.JavaScriptCore: KJS::Bindings::ObjcFallbackObjectImp::type() WebCore and JavaScriptCore weren't sharing Instance objects very nicely. I made them use RefPtrs, and sent them to bed without dessert. * khtml/html/html_objectimpl.cpp: (WebCore::HTMLAppletElementImpl::HTMLAppletElementImpl): Made appletInstance a RefPtr (WebCore::HTMLAppletElementImpl::getAppletInstance): (WebCore::HTMLAppletElementImpl::detach): (WebCore::HTMLEmbedElementImpl::HTMLEmbedElementImpl): Made embedInstance a RefPtr (WebCore::HTMLEmbedElementImpl::getEmbedInstance): (WebCore::HTMLEmbedElementImpl::detach): (WebCore::HTMLObjectElementImpl::HTMLObjectElementImpl): Made objectInstance a RefPtr (WebCore::HTMLObjectElementImpl::getObjectInstance): (WebCore::HTMLObjectElementImpl::detach): * bindings/js/JSDOMCore.cpp: * khtml/ecma/kjs_dom.cpp: (KJS::getRuntimeObject): * khtml/html/html_objectimpl.h: WebKitTools: Reviewed by Eric. * DumpRenderTree/DumpRenderTree.m: (-[LayoutTestController invokeUndefinedMethodFromWebScript:withArguments:]): Added a dummy method for the sake of LayoutTests/plugins/ undefined-property-crash.html. (It tests a crash due to fallback object use. WebCore won't create a fallback object if the method is not defined.) git-svn-id: http://svn.webkit.org/repository/webkit/trunk@12840 268f45cc-cd09-0410-ab3c-d52691b4dbfccd217c5d
