[SCM] WebKit Debian packaging branch, webkit-1.1, updated. upstream/1.1.21-584-g1e41756

levin at chromium.org levin at chromium.org
Fri Feb 26 22:15:21 UTC 2010 

The following commit has been merged in the webkit-1.1 branch:
commit 71dc3a82e53aafbd5114043351de401f43fc21c2
Author: levin at chromium.org <levin at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Tue Feb 9 05:19:00 2010 +0000

    REGRESSION (before r54472): Various tests in fast/workers are crashing on the buildbot.
    https://bugs.webkit.org/show_bug.cgi?id=34728
    
    Reviewed by Gavin Barraclough.
    
    The core part of the fix is to change WebCoreJSClientData::m_normalWorld
    from DOMWrapperWorld to RefPtr<DOMWrapperWorld> so that the DOMWrapperWorld
    is really ref counted.
    
    No new tests because current tests sufficiently cover this as evidenced as
    the buildbot crashes.
    
    * bindings/js/JSDOMBinding.cpp:
    (WebCore::DOMWrapperWorld::~DOMWrapperWorld): Made this robust to m_globalData
    being 0.
    * bindings/js/JSDOMBinding.h:
    (WebCore::DOMWrapperWorld::create): Made this class follow the standard
    create pattern for RefCounted classes.
    (WebCore::DOMWrapperWorld::detachFromGlobalData): Since this class can
    now outlive JSGlobalData, this method tells it to stop using its JSGlobalData.
    (WebCore::WebCoreJSClientData::WebCoreJSClientData): Adjusted due to
    m_normalWorld being a RefPtr.
    (WebCore::WebCoreJSClientData::~WebCoreJSClientData): Ditto (and added
    asserts for the FIXME).
    (WebCore::WebCoreJSClientData::normalWorld): Ditto.
    * bindings/js/ScriptController.cpp:
    (WebCore::IsolatedWorld::create): Made the constructor protected.
    (WebCore::IsolatedWorld::IsolatedWorld): Made the constructor protected, so
    that code would have to use the create method.
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@54525 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 3b236e4..13d0be4 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,35 @@
+2010-02-08  David Levin  <levin at chromium.org>
+
+        Reviewed by Gavin Barraclough.
+
+        REGRESSION (before r54472): Various tests in fast/workers are crashing on the buildbot.
+        https://bugs.webkit.org/show_bug.cgi?id=34728
+
+        The core part of the fix is to change WebCoreJSClientData::m_normalWorld
+        from DOMWrapperWorld to RefPtr<DOMWrapperWorld> so that the DOMWrapperWorld
+        is really ref counted.
+
+        No new tests because current tests sufficiently cover this as evidenced as
+        the buildbot crashes.
+
+        * bindings/js/JSDOMBinding.cpp:
+        (WebCore::DOMWrapperWorld::~DOMWrapperWorld): Made this robust to m_globalData
+        being 0.
+        * bindings/js/JSDOMBinding.h:
+        (WebCore::DOMWrapperWorld::create): Made this class follow the standard
+        create pattern for RefCounted classes.
+        (WebCore::DOMWrapperWorld::detachFromGlobalData): Since this class can
+        now outlive JSGlobalData, this method tells it to stop using its JSGlobalData.
+        (WebCore::WebCoreJSClientData::WebCoreJSClientData): Adjusted due to
+        m_normalWorld being a RefPtr.
+        (WebCore::WebCoreJSClientData::~WebCoreJSClientData): Ditto (and added
+        asserts for the FIXME).
+        (WebCore::WebCoreJSClientData::normalWorld): Ditto.
+        * bindings/js/ScriptController.cpp:
+        (WebCore::IsolatedWorld::create): Made the constructor protected.
+        (WebCore::IsolatedWorld::IsolatedWorld): Made the constructor protected, so
+        that code would have to use the create method.
+
 2010-02-08  Kinuko Yasuda  <kinuko at chromium.org>
 
         Reviewed by David Levin.
diff --git a/WebCore/bindings/js/JSDOMBinding.cpp b/WebCore/bindings/js/JSDOMBinding.cpp
index abba405..d718cba 100644
--- a/WebCore/bindings/js/JSDOMBinding.cpp
+++ b/WebCore/bindings/js/JSDOMBinding.cpp
@@ -151,9 +151,11 @@ DOMWrapperWorld::DOMWrapperWorld(JSC::JSGlobalData* globalData, bool isNormal)
 
 DOMWrapperWorld::~DOMWrapperWorld()
 {
-    JSGlobalData::ClientData* clientData = m_globalData->clientData;
-    ASSERT(clientData);
-    static_cast<WebCoreJSClientData*>(clientData)->forgetWorld(this);
+    if (m_globalData) {
+        JSGlobalData::ClientData* clientData = m_globalData->clientData;
+        ASSERT(clientData);
+        static_cast<WebCoreJSClientData*>(clientData)->forgetWorld(this);
+    }
 
     for (HashSet<Document*>::iterator iter = documentsWithWrappers.begin(); iter != documentsWithWrappers.end(); ++iter)
         forgetWorldOfDOMNodesForDocument(*iter, this);
diff --git a/WebCore/bindings/js/JSDOMBinding.h b/WebCore/bindings/js/JSDOMBinding.h
index 5456c75..930f9cc 100644
--- a/WebCore/bindings/js/JSDOMBinding.h
+++ b/WebCore/bindings/js/JSDOMBinding.h
@@ -138,9 +138,13 @@ namespace WebCore {
 
     class DOMWrapperWorld : public RefCounted<DOMWrapperWorld> {
     public:
-        DOMWrapperWorld(JSC::JSGlobalData*, bool isNormal);
+        static PassRefPtr<DOMWrapperWorld> create(JSC::JSGlobalData* globalData, bool isNormal)
+        {
+            return adoptRef(new DOMWrapperWorld(globalData, isNormal));
+        }
         ~DOMWrapperWorld();
 
+        void detachFromGlobalData() { m_globalData = 0; }
         void rememberDocument(Document* document) { documentsWithWrappers.add(document); }
         void forgetDocument(Document* document) { documentsWithWrappers.remove(document); }
 
@@ -150,6 +154,9 @@ namespace WebCore {
 
         bool isNormal() const { return m_isNormal; }
 
+    protected:
+        DOMWrapperWorld(JSC::JSGlobalData*, bool isNormal);
+
     private:
         JSC::JSGlobalData* m_globalData;
         HashSet<Document*> documentsWithWrappers;
@@ -185,13 +192,19 @@ namespace WebCore {
 
     public:
         WebCoreJSClientData(JSC::JSGlobalData* globalData)
-            : m_normalWorld(globalData, true)
+            : m_normalWorld(DOMWrapperWorld::create(globalData, true))
+        {
+            m_worldSet.add(m_normalWorld.get());
+        }
+
+        virtual ~WebCoreJSClientData()
         {
-            m_worldSet.add(&m_normalWorld);
+            ASSERT(m_worldSet.contains(m_normalWorld.get()));
+            ASSERT(m_worldSet.size() == 1);
+            m_normalWorld->detachFromGlobalData();
         }
-        // FIXME: add a destructor to assert m_worldSet only contains m_normalWorld?
 
-        DOMWrapperWorld* normalWorld() { return &m_normalWorld; }
+        DOMWrapperWorld* normalWorld() { return m_normalWorld.get(); }
 
         void getAllWorlds(Vector<DOMWrapperWorld*>& worlds)
         {
@@ -212,7 +225,7 @@ namespace WebCore {
         DOMObjectHashTableMap hashTableMap;
     private:
         HashSet<DOMWrapperWorld*> m_worldSet;
-        DOMWrapperWorld m_normalWorld;
+        RefPtr<DOMWrapperWorld> m_normalWorld;
     };
 
     DOMObject* getCachedDOMObjectWrapper(JSC::ExecState*, void* objectHandle);
diff --git a/WebCore/bindings/js/ScriptController.cpp b/WebCore/bindings/js/ScriptController.cpp
index bd36689..171d4dd 100644
--- a/WebCore/bindings/js/ScriptController.cpp
+++ b/WebCore/bindings/js/ScriptController.cpp
@@ -155,6 +155,9 @@ ScriptValue ScriptController::evaluate(const ScriptSourceCode& sourceCode)
 // An DOMWrapperWorld other than the thread's normal world.
 class IsolatedWorld : public DOMWrapperWorld {
 public:
+    static PassRefPtr<IsolatedWorld> create(JSGlobalData* globalData) { return adoptRef(new IsolatedWorld(globalData)); }
+
+protected:
     IsolatedWorld(JSGlobalData* globalData)
         : DOMWrapperWorld(globalData, false)
     {
@@ -162,8 +165,6 @@ public:
         ASSERT(clientData);
         static_cast<WebCoreJSClientData*>(clientData)->rememberWorld(this);
     }
-
-    static PassRefPtr<IsolatedWorld> create(JSGlobalData* globalData) { return adoptRef(new IsolatedWorld(globalData)); }
 };
 
 PassRefPtr<DOMWrapperWorld> ScriptController::createWorld()

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list