Skip to content
Find file Blame History Permalink
  • oliver@apple.com's avatar
    2011-05-13 Oliver Hunt <oliver@apple.com> · d369c8cd
    oliver@apple.com authored 
            Reviewed by Geoffrey Garen.

        Make GC validation more aggressive
        https://bugs.webkit.org/show_bug.cgi?id=60802

        This patch makes the checks performed under GC_VALIDATION
        much more aggressive, and adds the checks to more places
        in order to allow us to catch GC bugs much closer to the
        point of failure.

        * JavaScriptCore.exp:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * debugger/DebuggerActivation.cpp:
        (JSC::DebuggerActivation::visitChildren):
        * heap/MarkedBlock.cpp:
        (JSC::MarkedBlock::MarkedBlock):
        * heap/MarkedSpace.cpp:
        * runtime/Arguments.cpp:
        (JSC::Arguments::visitChildren):
        * runtime/Executable.cpp:
        (JSC::EvalExecutable::visitChildren):
        (JSC::ProgramExecutable::visitChildren):
        (JSC::FunctionExecutable::visitChildren):
        * runtime/Executable.h:
        * runtime/GetterSetter.cpp:
        (JSC::GetterSetter::visitChildren):
        * runtime/GetterSetter.h:
        * runtime/JSAPIValueWrapper.h:
        (JSC::JSAPIValueWrapper::createStructure):
        (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
        * runtime/JSActivation.cpp:
        (JSC::JSActivation::visitChildren):
        * runtime/JSArray.cpp:
        (JSC::JSArray::visitChildren):
        * runtime/JSCell.cpp:
        (JSC::slowValidateCell):
        * runtime/JSCell.h:
        (JSC::JSCell::JSCell::unvalidatedStructure):
        (JSC::JSCell::JSCell::JSCell):
        * runtime/JSFunction.cpp:
        (JSC::JSFunction::visitChildren):
        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::visitChildren):
        (JSC::slowValidateCell):
        * runtime/JSONObject.h:
        * runtime/JSObject.cpp:
        (JSC::JSObject::visitChildren):
        * runtime/JSPropertyNameIterator.cpp:
        (JSC::JSPropertyNameIterator::visitChildren):
        * runtime/JSPropertyNameIterator.h:
        * runtime/JSStaticScopeObject.cpp:
        (JSC::JSStaticScopeObject::visitChildren):
        * runtime/JSString.h:
        (JSC::RopeBuilder::JSString):
        * runtime/JSWrapperObject.cpp:
        (JSC::JSWrapperObject::visitChildren):
        * runtime/NativeErrorConstructor.cpp:
        (JSC::NativeErrorConstructor::visitChildren):
        * runtime/PropertyMapHashTable.h:
        (JSC::PropertyMapEntry::PropertyMapEntry):
        * runtime/RegExpObject.cpp:
        (JSC::RegExpObject::visitChildren):
        * runtime/ScopeChain.cpp:
        (JSC::ScopeChainNode::visitChildren):
        * runtime/ScopeChain.h:
        (JSC::ScopeChainNode::ScopeChainNode):
        * runtime/Structure.cpp:
        (JSC::Structure::Structure):
        (JSC::Structure::addPropertyTransition):
        (JSC::Structure::visitChildren):
        * runtime/Structure.h:
        (JSC::JSCell::classInfo):
        * runtime/StructureChain.cpp:
        (JSC::StructureChain::visitChildren):
        * runtime/StructureChain.h:
        * runtime/WriteBarrier.h:
        (JSC::validateCell):
        (JSC::JSCell):
        (JSC::JSGlobalObject):
        (JSC::WriteBarrierBase::set):
        (JSC::WriteBarrierBase::setMayBeNull):
        (JSC::WriteBarrierBase::setEarlyValue):
        (JSC::WriteBarrierBase::get):
        (JSC::WriteBarrierBase::operator*):
        (JSC::WriteBarrierBase::operator->):
        (JSC::WriteBarrierBase::unvalidatedGet):
        (JSC::WriteBarrier::WriteBarrier):
        * wtf/Assertions.h:
2011-05-13  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoffrey Garen.

        Make GC validation more aggressive
        https://bugs.webkit.org/show_bug.cgi?id=60802

        This makes GC_VALIDATION much more aggressive in webcore,
        adding logic to every visitChildren method to ensure that
        the structure still has correct flags.

        Additionally every function generated for the dom bindings
        makes use of the new GC_VALIDATION object assertions to further
        ensure that the object appears to be sensible.

        * bindings/js/JSAttrCustom.cpp:
        (WebCore::JSAttr::visitChildren):
        * bindings/js/JSAudioContextCustom.cpp:
        (WebCore::JSAudioContext::visitChildren):
        * bindings/js/JSCSSRuleCustom.cpp:
        (WebCore::JSCSSRule::visitChildren):
        * bindings/js/JSCSSStyleDeclarationCustom.cpp:
        (WebCore::JSCSSStyleDeclaration::visitChildren):
        * bindings/js/JSCanvasRenderingContextCustom.cpp:
        (WebCore::JSCanvasRenderingContext::visitChildren):
        * bindings/js/JSDOMGlobalObject.cpp:
        (WebCore::JSDOMGlobalObject::visitChildren):
        (WebCore::JSDOMGlobalObject::setInjectedScript):
        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::visitChildren):
        * bindings/js/JSDOMWindowShell.cpp:
        (WebCore::JSDOMWindowShell::visitChildren):
        * bindings/js/JSEventListener.cpp:
        (WebCore::JSEventListener::JSEventListener):
        * bindings/js/JSEventListener.h:
        (WebCore::JSEventListener::jsFunction):
        * bindings/js/JSJavaScriptAudioNodeCustom.cpp:
        (WebCore::JSJavaScriptAudioNode::visitChildren):
        * bindings/js/JSMessageChannelCustom.cpp:
        (WebCore::JSMessageChannel::visitChildren):
        * bindings/js/JSMessagePortCustom.cpp:
        (WebCore::JSMessagePort::visitChildren):
        * bindings/js/JSNamedNodeMapCustom.cpp:
        (WebCore::JSNamedNodeMap::visitChildren):
        * bindings/js/JSNodeCustom.cpp:
        (WebCore::JSNode::visitChildren):
        * bindings/js/JSNodeFilterCustom.cpp:
        (WebCore::JSNodeFilter::visitChildren):
        * bindings/js/JSNodeIteratorCustom.cpp:
        (WebCore::JSNodeIterator::visitChildren):
        * bindings/js/JSSVGElementInstanceCustom.cpp:
        (WebCore::JSSVGElementInstance::visitChildren):
        * bindings/js/JSSharedWorkerCustom.cpp:
        (WebCore::JSSharedWorker::visitChildren):
        * bindings/js/JSStyleSheetCustom.cpp:
        (WebCore::JSStyleSheet::visitChildren):
        * bindings/js/JSTreeWalkerCustom.cpp:
        (WebCore::JSTreeWalker::visitChildren):
        * bindings/js/JSWebGLRenderingContextCustom.cpp:
        (WebCore::JSWebGLRenderingContext::visitChildren):
        * bindings/js/JSWorkerContextCustom.cpp:
        (WebCore::JSWorkerContext::visitChildren):
        * bindings/js/JSXMLHttpRequestCustom.cpp:
        (WebCore::JSXMLHttpRequest::visitChildren):
        * bindings/js/JSXPathResultCustom.cpp:
        (WebCore::JSXPathResult::visitChildren):
        * bindings/scripts/CodeGeneratorJS.pm:
2011-05-13  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoffrey Garen.

        Make GC validation more aggressive
        https://bugs.webkit.org/show_bug.cgi?id=60802

        Add GC_VALIDATION calls to all the JSNPObject methods.

        * WebProcess/Plugins/Netscape/JSNPObject.cpp:
        (WebKit::JSNPObject::invalidate):
        (WebKit::JSNPObject::callMethod):
        (WebKit::JSNPObject::callObject):
        (WebKit::JSNPObject::callConstructor):
        (WebKit::JSNPObject::getCallData):
        (WebKit::JSNPObject::getConstructData):
        (WebKit::JSNPObject::getOwnPropertySlot):
        (WebKit::JSNPObject::getOwnPropertyDescriptor):
        (WebKit::JSNPObject::put):
        (WebKit::JSNPObject::getOwnPropertyNames):
        (WebKit::JSNPObject::propertyGetter):
        (WebKit::JSNPObject::methodGetter):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@86469 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    d369c8cd