-
oliver@apple.com authored
Reviewed by Geoffrey Garen. Make GC validation more aggressive https://bugs.webkit.org/show_bug.cgi?id=60802 This patch makes the checks performed under GC_VALIDATION much more aggressive, and adds the checks to more places in order to allow us to catch GC bugs much closer to the point of failure. * JavaScriptCore.exp: * JavaScriptCore.xcodeproj/project.pbxproj: * debugger/DebuggerActivation.cpp: (JSC::DebuggerActivation::visitChildren): * heap/MarkedBlock.cpp: (JSC::MarkedBlock::MarkedBlock): * heap/MarkedSpace.cpp: * runtime/Arguments.cpp: (JSC::Arguments::visitChildren): * runtime/Executable.cpp: (JSC::EvalExecutable::visitChildren): (JSC::ProgramExecutable::visitChildren): (JSC::FunctionExecutable::visitChildren): * runtime/Executable.h: * runtime/GetterSetter.cpp: (JSC::GetterSetter::visitChildren): * runtime/GetterSetter.h: * runtime/JSAPIValueWrapper.h: (JSC::JSAPIValueWrapper::createStructure): (JSC::JSAPIValueWrapper::JSAPIValueWrapper): * runtime/JSActivation.cpp: (JSC::JSActivation::visitChildren): * runtime/JSArray.cpp: (JSC::JSArray::visitChildren): * runtime/JSCell.cpp: (JSC::slowValidateCell): * runtime/JSCell.h: (JSC::JSCell::JSCell::unvalidatedStructure): (JSC::JSCell::JSCell::JSCell): * runtime/JSFunction.cpp: (JSC::JSFunction::visitChildren): * runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::visitChildren): (JSC::slowValidateCell): * runtime/JSONObject.h: * runtime/JSObject.cpp: (JSC::JSObject::visitChildren): * runtime/JSPropertyNameIterator.cpp: (JSC::JSPropertyNameIterator::visitChildren): * runtime/JSPropertyNameIterator.h: * runtime/JSStaticScopeObject.cpp: (JSC::JSStaticScopeObject::visitChildren): * runtime/JSString.h: (JSC::RopeBuilder::JSString): * runtime/JSWrapperObject.cpp: (JSC::JSWrapperObject::visitChildren): * runtime/NativeErrorConstructor.cpp: (JSC::NativeErrorConstructor::visitChildren): * runtime/PropertyMapHashTable.h: (JSC::PropertyMapEntry::PropertyMapEntry): * runtime/RegExpObject.cpp: (JSC::RegExpObject::visitChildren): * runtime/ScopeChain.cpp: (JSC::ScopeChainNode::visitChildren): * runtime/ScopeChain.h: (JSC::ScopeChainNode::ScopeChainNode): * runtime/Structure.cpp: (JSC::Structure::Structure): (JSC::Structure::addPropertyTransition): (JSC::Structure::visitChildren): * runtime/Structure.h: (JSC::JSCell::classInfo): * runtime/StructureChain.cpp: (JSC::StructureChain::visitChildren): * runtime/StructureChain.h: * runtime/WriteBarrier.h: (JSC::validateCell): (JSC::JSCell): (JSC::JSGlobalObject): (JSC::WriteBarrierBase::set): (JSC::WriteBarrierBase::setMayBeNull): (JSC::WriteBarrierBase::setEarlyValue): (JSC::WriteBarrierBase::get): (JSC::WriteBarrierBase::operator*): (JSC::WriteBarrierBase::operator->): (JSC::WriteBarrierBase::unvalidatedGet): (JSC::WriteBarrier::WriteBarrier): * wtf/Assertions.h: 2011-05-13 Oliver Hunt <oliver@apple.com> Reviewed by Geoffrey Garen. Make GC validation more aggressive https://bugs.webkit.org/show_bug.cgi?id=60802 This makes GC_VALIDATION much more aggressive in webcore, adding logic to every visitChildren method to ensure that the structure still has correct flags. Additionally every function generated for the dom bindings makes use of the new GC_VALIDATION object assertions to further ensure that the object appears to be sensible. * bindings/js/JSAttrCustom.cpp: (WebCore::JSAttr::visitChildren): * bindings/js/JSAudioContextCustom.cpp: (WebCore::JSAudioContext::visitChildren): * bindings/js/JSCSSRuleCustom.cpp: (WebCore::JSCSSRule::visitChildren): * bindings/js/JSCSSStyleDeclarationCustom.cpp: (WebCore::JSCSSStyleDeclaration::visitChildren): * bindings/js/JSCanvasRenderingContextCustom.cpp: (WebCore::JSCanvasRenderingContext::visitChildren): * bindings/js/JSDOMGlobalObject.cpp: (WebCore::JSDOMGlobalObject::visitChildren): (WebCore::JSDOMGlobalObject::setInjectedScript): * bindings/js/JSDOMWindowCustom.cpp: (WebCore::JSDOMWindow::visitChildren): * bindings/js/JSDOMWindowShell.cpp: (WebCore::JSDOMWindowShell::visitChildren): * bindings/js/JSEventListener.cpp: (WebCore::JSEventListener::JSEventListener): * bindings/js/JSEventListener.h: (WebCore::JSEventListener::jsFunction): * bindings/js/JSJavaScriptAudioNodeCustom.cpp: (WebCore::JSJavaScriptAudioNode::visitChildren): * bindings/js/JSMessageChannelCustom.cpp: (WebCore::JSMessageChannel::visitChildren): * bindings/js/JSMessagePortCustom.cpp: (WebCore::JSMessagePort::visitChildren): * bindings/js/JSNamedNodeMapCustom.cpp: (WebCore::JSNamedNodeMap::visitChildren): * bindings/js/JSNodeCustom.cpp: (WebCore::JSNode::visitChildren): * bindings/js/JSNodeFilterCustom.cpp: (WebCore::JSNodeFilter::visitChildren): * bindings/js/JSNodeIteratorCustom.cpp: (WebCore::JSNodeIterator::visitChildren): * bindings/js/JSSVGElementInstanceCustom.cpp: (WebCore::JSSVGElementInstance::visitChildren): * bindings/js/JSSharedWorkerCustom.cpp: (WebCore::JSSharedWorker::visitChildren): * bindings/js/JSStyleSheetCustom.cpp: (WebCore::JSStyleSheet::visitChildren): * bindings/js/JSTreeWalkerCustom.cpp: (WebCore::JSTreeWalker::visitChildren): * bindings/js/JSWebGLRenderingContextCustom.cpp: (WebCore::JSWebGLRenderingContext::visitChildren): * bindings/js/JSWorkerContextCustom.cpp: (WebCore::JSWorkerContext::visitChildren): * bindings/js/JSXMLHttpRequestCustom.cpp: (WebCore::JSXMLHttpRequest::visitChildren): * bindings/js/JSXPathResultCustom.cpp: (WebCore::JSXPathResult::visitChildren): * bindings/scripts/CodeGeneratorJS.pm: 2011-05-13 Oliver Hunt <oliver@apple.com> Reviewed by Geoffrey Garen. Make GC validation more aggressive https://bugs.webkit.org/show_bug.cgi?id=60802 Add GC_VALIDATION calls to all the JSNPObject methods. * WebProcess/Plugins/Netscape/JSNPObject.cpp: (WebKit::JSNPObject::invalidate): (WebKit::JSNPObject::callMethod): (WebKit::JSNPObject::callObject): (WebKit::JSNPObject::callConstructor): (WebKit::JSNPObject::getCallData): (WebKit::JSNPObject::getConstructData): (WebKit::JSNPObject::getOwnPropertySlot): (WebKit::JSNPObject::getOwnPropertyDescriptor): (WebKit::JSNPObject::put): (WebKit::JSNPObject::getOwnPropertyNames): (WebKit::JSNPObject::propertyGetter): (WebKit::JSNPObject::methodGetter): git-svn-id: http://svn.webkit.org/repository/webkit/trunk@86469 268f45cc-cd09-0410-ab3c-d52691b4dbfc
d369c8cd