Changeset 19183 in webkit for trunk/JavaScriptCore

Timestamp:

Jan 26, 2007, 8:50:17 PM (18 years ago)

Author:

ggaren

Message:

JavaScriptCore:

Reviewed by Maciej Stachowiak.

Fixed <rdar://problem/4608404> WebScriptObject's _rootObject lack
of ownership policy causes crashes (e.g., in Dashcode)

The old model for RootObject ownership was either to (1) leak them or (2) assign
them to a single owner -- the WebCore::Frame -- which would destroy them
when it believed that all of its plug-ins had unloaded.

This model was broken because of (1) and also because plug-ins are not the only
RootObject clients. All Bindings clients are RootObjects clients, including
applications, which outlive any particular WebCore::Frame.

The new model for RootObject ownership is to reference-count them, with a
throw-back to the old model: The WebCore::Frame tracks the RootObjects
it creates, and invalidates them when it believes that all of its plug-ins
have unloaded.

We maintain this throw-back to avoid plug-in leaks, particularly from Java.
Java is completely broken when it comes to releasing JavaScript objects.
Comments in our code allege that Java does not always call finalize when
collecting objects. Moreoever, my own testing reveals that, when Java does
notify JavaScript of a finalize, the data it provides is totally bogus.

This setup is far from ideal, but I don't think we can do better without
completely rewriting the bindings code, and possibly part of the Java
plug-in / VM.

Layout tests pass. No additional leaks reported. WebCore/manual-tests/*liveconnect*
and a few LiveConnect demos on the web also run without a hitch.

const RootObject* => RootObject*, since we need to ref/deref

• bindings/NP_jsobject.cpp: (jsDeallocate): deref our RootObjects. Also unprotect or JSObject, instead of just relying on the RootObject to do it for us when it's invalidated. (_isSafeScript): Check RootObject validity. (_NPN_CreateScriptObject): ditto (_NPN_Invoke): ditto (_NPN_Evaluate): ditto (_NPN_GetProperty): ditto (_NPN_SetProperty): ditto (_NPN_RemoveProperty): ditto (_NPN_HasProperty): ditto (_NPN_HasMethod): ditto (_NPN_SetException): ditto

• bindings/runtime_root.cpp: Revived bit-rotted LIAR LIAR LIAR comment.

LOOK: Added support for invalidating RootObjects without deleting them,
which is the main goal of this patch.

Moved protect counting into the RootObject class, to emphasize that
the RootObject protects the JSObject, and unprotects it upon being invalidated.

addNativeReference => RootObject::gcProtect
removeNativeReference => RootObject::gcUnprotect
ProtectCountSet::contains => RootObject::gcIsProtected

I know we'll all be sad to see the word "native" go.

• bindings/runtime_root.h: Added ref-counting support to RootObject, with all the standard accoutrements.

• bindings/c/c_utility.cpp: (KJS::Bindings::convertValueToNPVariant): If we can't find a valid RootObject, return void instead of just leaking.

• bindings/jni/jni_instance.cpp: (JavaInstance::JavaInstance): Don't take a RootObject in our constructor; be like other Instances and require the caller to call setRootObject. This reduces the number of ownership code paths. (JavaInstance::invokeMethod): Check RootObject for validity.
• bindings/jni/jni_instance.h: Removed private no-arg constructor. Having an arg constructor accomplishes the same thing.

• bindings/jni/jni_jsobject.cpp: (JavaJSObject::invoke): No need to call findProtectCountSet, because finalize() checks for RootObject validity. (JavaJSObject::JavaJSObject): check RootObject for validity (JavaJSObject::call): ditto (JavaJSObject::eval): ditto (JavaJSObject::getMember): ditto (JavaJSObject::setMember): ditto (JavaJSObject::removeMember): ditto (JavaJSObject::getSlot): ditto (JavaJSObject::setSlot): ditto (JavaJSObject::toString): ditto (JavaJSObject::finalize): ditto (JavaJSObject::createNative): No need to tell the RootObject to protect the global object, since the RootObject already owns the interpreter.

• bindings/jni/jni_runtime.cpp: (JavaArray::JavaArray): Removed copy construcutor becaue it was unused. Dead code is dangerous code.

• bindings/objc/objc_runtime.mm: Added WebUndefined protocol. Previous use of WebScriptObject was bogus, because WebUndefined is not a subclass of WebScriptObject. (convertValueToObjcObject): If we can't find a valid RootObject, return nil instead of just leaking.

• bindings/objc/objc_utility.mm: (KJS::Bindings::convertValueToObjcValue): If we can't find a valid RootObject, return nil instead of just leaking.

LayoutTests:

Reviewed by Maciej Stachowiak.

Added test for <rdar://problem/4608404> WebScriptObject's _rootObject lack
of ownership policy causes crashes (e.g., in Dashcode)

No test for Java or NPP versions of this bug because there's no reliable way to
make Java and NPP objects outlive their RootObjects (although Java objects
sometimes do).

• plugins/root-object-premature-delete-crash-expected.txt: Added.
• plugins/root-object-premature-delete-crash.html: Added.

WebCore:

Reviewed by Maciej Stachowiak.

Fixed <rdar://problem/4608404> WebScriptObject's _executionContext lack
of ownership policy causes crashes (e.g., in Dashcode)

Added RootObject ref-counting goodness.

• page/mac/FrameMac.h:
• page/mac/FrameMac.mm: (WebCore::FrameMac::cleanupPluginObjects): Invalidate our RootObjects instead of detroying them. Track _bindingRootObject separately from the rest of our RootObjects, since it has its own variable.

• page/mac/WebCoreFrameBridge.mm: (createRootObject): Use the Frame's new, more encapsulated function to create a RootObject.

• bindings/objc/WebScriptObject.mm: Nixed rootObject setters, since they were unused and they complicated reference-counting.

WebKitTools:

Reviewed by Maciej Stachowiak.

Added support for test for <rdar://problem/4608404> WebScriptObject's
_rootObject lack of ownership policy causes crashes (e.g., in Dashcode)

• DumpRenderTree/DumpRenderTree.m: (+[LayoutTestController isSelectorExcludedFromWebScript:]): (+[LayoutTestController webScriptNameForSelector:]): (-[LayoutTestController storeWebScriptObject:]): (-[LayoutTestController accessStoredWebScriptObject]): (-[LayoutTestController dealloc]):

Location:

trunk/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• JavaScriptCore.exp (modified) (3 diffs)
• bindings/NP_jsobject.cpp (modified) (11 diffs)
• bindings/NP_jsobject.h (modified) (2 diffs)
• bindings/c/c_instance.cpp (modified) (1 diff)
• bindings/c/c_utility.cpp (modified) (3 diffs)
• bindings/jni/jni_instance.cpp (modified) (3 diffs)
• bindings/jni/jni_instance.h (modified) (2 diffs)
• bindings/jni/jni_jsobject.cpp (modified) (15 diffs)
• bindings/jni/jni_jsobject.h (modified) (1 diff)
• bindings/jni/jni_runtime.cpp (modified) (5 diffs)
• bindings/jni/jni_runtime.h (modified) (2 diffs)
• bindings/objc/WebScriptObject.h (modified) (2 diffs)
• bindings/objc/objc_runtime.mm (modified) (2 diffs)
• bindings/objc/objc_utility.mm (modified) (2 diffs)
• bindings/runtime.cpp (modified) (6 diffs)
• bindings/runtime.h (modified) (2 diffs)
• bindings/runtime_root.cpp (modified) (3 diffs)
• bindings/runtime_root.h (modified) (3 diffs)

trunk/JavaScriptCore/ChangeLog

@@ +1 @@
+2007-01-25  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Fixed <rdar://problem/4608404> WebScriptObject's _rootObject lack 
+        of ownership policy causes crashes (e.g., in Dashcode)
+        
+        The old model for RootObject ownership was either to (1) leak them or (2) assign
+        them to a single owner -- the WebCore::Frame -- which would destroy them 
+        when it believed that all of its plug-ins had unloaded.
+        
+        This model was broken because of (1) and also because plug-ins are not the only 
+        RootObject clients. All Bindings clients are RootObjects clients, including 
+        applications, which outlive any particular WebCore::Frame.
+        
+        The new model for RootObject ownership is to reference-count them, with a
+        throw-back to the old model: The WebCore::Frame tracks the RootObjects
+        it creates, and invalidates them when it believes that all of its plug-ins 
+        have unloaded.
+        
+        We maintain this throw-back to avoid plug-in leaks, particularly from Java.
+        Java is completely broken when it comes to releasing JavaScript objects. 
+        Comments in our code allege that Java does not always call finalize when 
+        collecting objects. Moreoever, my own testing reveals that, when Java does 
+        notify JavaScript of a finalize, the data it provides is totally bogus.
+        
+        This setup is far from ideal, but I don't think we can do better without
+        completely rewriting the bindings code, and possibly part of the Java
+        plug-in / VM.
+        
+        Layout tests pass. No additional leaks reported. WebCore/manual-tests/*liveconnect*
+        and a few LiveConnect demos on the web also run without a hitch.
+        
+        const RootObject* => RootObject*, since we need to ref/deref
+        
+        * bindings/NP_jsobject.cpp:
+        (jsDeallocate): deref our RootObjects. Also unprotect or JSObject, instead
+        of just relying on the RootObject to do it for us when it's invalidated.
+        (_isSafeScript): Check RootObject validity.
+        (_NPN_CreateScriptObject): ditto
+        (_NPN_Invoke): ditto
+        (_NPN_Evaluate): ditto
+        (_NPN_GetProperty): ditto
+        (_NPN_SetProperty): ditto
+        (_NPN_RemoveProperty): ditto
+        (_NPN_HasProperty): ditto
+        (_NPN_HasMethod): ditto
+        (_NPN_SetException): ditto
+
+        * bindings/runtime_root.cpp: 
+        Revived bit-rotted LIAR LIAR LIAR comment.
+        
+        LOOK: Added support for invalidating RootObjects without deleting them, 
+        which is the main goal of this patch. 
+
+        Moved protect counting into the RootObject class, to emphasize that 
+        the RootObject protects the JSObject, and unprotects it upon being invalidated.
+            addNativeReference => RootObject::gcProtect
+            removeNativeReference => RootObject::gcUnprotect
+            ProtectCountSet::contains => RootObject::gcIsProtected
+            
+        I know we'll all be sad to see the word "native" go.
+        
+        * bindings/runtime_root.h: Added ref-counting support to RootObject, with
+        all the standard accoutrements.
+
+        * bindings/c/c_utility.cpp:
+        (KJS::Bindings::convertValueToNPVariant): If we can't find a valid RootObject,
+        return void instead of just leaking.
+
+        * bindings/jni/jni_instance.cpp:
+        (JavaInstance::JavaInstance): Don't take a RootObject in our constructor;
+        be like other Instances and require the caller to call setRootObject. This
+        reduces the number of ownership code paths.
+        (JavaInstance::invokeMethod): Check RootObject for validity.
+        * bindings/jni/jni_instance.h: Removed private no-arg constructor. Having
+        an arg constructor accomplishes the same thing.
+
+        * bindings/jni/jni_jsobject.cpp:
+        (JavaJSObject::invoke): No need to call findProtectCountSet, because finalize()
+        checks for RootObject validity.
+        (JavaJSObject::JavaJSObject): check RootObject for validity
+        (JavaJSObject::call): ditto
+        (JavaJSObject::eval): ditto
+        (JavaJSObject::getMember): ditto
+        (JavaJSObject::setMember): ditto
+        (JavaJSObject::removeMember): ditto
+        (JavaJSObject::getSlot): ditto
+        (JavaJSObject::setSlot): ditto
+        (JavaJSObject::toString): ditto
+        (JavaJSObject::finalize): ditto
+        (JavaJSObject::createNative): No need to tell the RootObject to protect 
+        the global object, since the RootObject already owns the interpreter.
+
+        * bindings/jni/jni_runtime.cpp:
+        (JavaArray::JavaArray): Removed copy construcutor becaue it was unused.
+        Dead code is dangerous code.
+
+        * bindings/objc/objc_runtime.mm: Added WebUndefined protocol. Previous use
+        of WebScriptObject was bogus, because WebUndefined is not a subclass of
+        WebScriptObject.
+        (convertValueToObjcObject): If we can't find a valid RootObject,
+        return nil instead of just leaking.
+
+        * bindings/objc/objc_utility.mm:
+        (KJS::Bindings::convertValueToObjcValue): If we can't find a valid RootObject,
+        return nil instead of just leaking.
+
 2007-01-27  Andrew Wellington  <[email protected]>
 

trunk/JavaScriptCore/JavaScriptCore.exp

@@ -101 +101 @@
 __NPN_SetProperty
 __NPN_UTF8FromIdentifier
-__Z23_NPN_CreateScriptObjectP4_NPPPN3KJS8JSObjectEPKNS1_8Bindings10RootObjectES7_
+__Z23_NPN_CreateScriptObjectP4_NPPPN3KJS8JSObjectEN3WTF10PassRefPtrINS1_8Bindings10RootObjectEEES8_
 __Z25_NPN_CreateNoScriptObjectv
 __ZN3KJS10Identifier3addEPKNS_5UCharEi
@@ -180 +180 @@
 __ZN3KJS7UStringC1ERKS0_S2_
 __ZN3KJS7UStringaSEPKc
+__ZN3KJS8Bindings10RootObject10invalidateEv
+__ZN3KJS8Bindings10RootObject11gcUnprotectEPNS_8JSObjectE
 __ZN3KJS8Bindings10RootObject17_createRootObjectE
-__ZN3KJS8Bindings10RootObject19setCreateRootObjectEPFPS1_PvE
-__ZN3KJS8Bindings10RootObject7destroyEv
+__ZN3KJS8Bindings10RootObject19setCreateRootObjectEPFN3WTF10PassRefPtrIS1_EEPvE
+__ZN3KJS8Bindings10RootObject6createEPKvN3WTF10PassRefPtrINS_11InterpreterEEE
+__ZN3KJS8Bindings10RootObject9gcProtectEPNS_8JSObjectE
+__ZN3KJS8Bindings10RootObjectD1Ev
 __ZN3KJS8Bindings10throwErrorEPNS_9ExecStateENS_9ErrorTypeEP8NSString
-__ZN3KJS8Bindings18addNativeReferenceEPKNS0_10RootObjectEPNS_8JSObjectE
-__ZN3KJS8Bindings21removeNativeReferenceEPNS_8JSObjectE
 __ZN3KJS8Bindings23convertObjcValueToValueEPNS_9ExecStateEPvNS0_13ObjcValueTypeE
 __ZN3KJS8Bindings23convertValueToObjcValueEPNS_9ExecStateEPNS_7JSValueENS0_13ObjcValueTypeE
 __ZN3KJS8Bindings8Instance18didExecuteFunctionEv
 __ZN3KJS8Bindings8Instance21setDidExecuteFunctionEPFvPNS_9ExecStateEPNS_8JSObjectEE
-__ZN3KJS8Bindings8Instance32createBindingForLanguageInstanceENS1_15BindingLanguageEPvPKNS0_10RootObjectE
+__ZN3KJS8Bindings8Instance32createBindingForLanguageInstanceENS1_15BindingLanguageEPvN3WTF10PassRefPtrINS0_10RootObjectEEE
 __ZN3KJS8Debugger12sourceUnusedEPNS_9ExecStateEi
 __ZN3KJS8Debugger6attachEPNS_11InterpreterE
@@ -255 +257 @@
 __ZNK3KJS7UString6is8BitEv
 __ZNK3KJS7UString8toUInt32EPb
+__ZNK3KJS8Bindings10RootObject11interpreterEv
 __ZNK3KJS8JSObject11hasPropertyEPNS_9ExecStateERKNS_10IdentifierE
 __ZNK3KJS8JSObject12defaultValueEPNS_9ExecStateENS_6JSTypeE

trunk/JavaScriptCore/bindings/NP_jsobject.cpp

@@ -49 +49 @@
 }
 
-static void jsDeallocate(NPObject* obj)
-{
+static void jsDeallocate(NPObject* npObj)
+{
+    JavaScriptObject* obj = (JavaScriptObject*)npObj;
+
+    if (obj->rootObject && obj->rootObject->isValid())
+        obj->rootObject->gcUnprotect(obj->imp);
+
+    if (obj->rootObject)
+        obj->rootObject->deref();
+
+    if (obj->originRootObject)
+        obj->originRootObject->deref();
+
     free(obj);
 }
@@ -62 +73 @@
 static bool _isSafeScript(JavaScriptObject* obj)
 {
-    if (obj->originRootObject) {
-        Interpreter* originInterpreter = obj->originRootObject->interpreter();
-        if (originInterpreter)
-            return originInterpreter->isSafeScript(obj->rootObject->interpreter());
-    }
-    return true;
-}
-
-NPObject* _NPN_CreateScriptObject (NPP npp, JSObject* imp, const RootObject* originRootObject, const RootObject* rootObject)
+    if (!obj->originRootObject || !obj->rootObject)
+        return true;
+    
+    if (!obj->originRootObject->isValid() || !obj->rootObject->isValid())
+        return false;
+        
+    return obj->originRootObject->interpreter()->isSafeScript(obj->rootObject->interpreter());
+}
+
+NPObject* _NPN_CreateScriptObject(NPP npp, JSObject* imp, PassRefPtr<RootObject> originRootObject, PassRefPtr<RootObject> rootObject)
 {
     JavaScriptObject* obj = (JavaScriptObject*)_NPN_CreateObject(npp, NPScriptObjectClass);
 
+    obj->originRootObject = originRootObject.releaseRef();
+    obj->rootObject = rootObject.releaseRef();
+
+    if (obj->rootObject)
+        obj->rootObject->gcProtect(imp);
     obj->imp = imp;
-    obj->originRootObject = originRootObject;    
-    obj->rootObject = rootObject;    
-
-    addNativeReference(rootObject, imp);
-
-    return (NPObject *)obj;
+
+    return (NPObject*)obj;
 }
 
@@ -120 +133 @@
 
         // Lookup the function object.
-        ExecState* exec = obj->rootObject->interpreter()->globalExec();
+        RootObject* rootObject = obj->rootObject;
+        if (!rootObject || !rootObject->isValid())
+            return false;
+
+        ExecState* exec = rootObject->interpreter()->globalExec();
         JSLock lock;
         JSValue* func = obj->imp->get(exec, identifierFromNPIdentifier(i->value.string));
@@ -157 +174 @@
             return false;
 
-        ExecState* exec = obj->rootObject->interpreter()->globalExec();
+        RootObject* rootObject = obj->rootObject;
+        if (!rootObject || !rootObject->isValid())
+            return false;
+
+        ExecState* exec = rootObject->interpreter()->globalExec();
         
         JSLock lock;
@@ -163 +184 @@
         unsigned int UTF16Length;
         convertNPStringToUTF16(s, &scriptString, &UTF16Length); // requires free() of returned memory
-        Completion completion = obj->rootObject->interpreter()->evaluate(UString(), 0, UString((const UChar*)scriptString,UTF16Length));
+        Completion completion = rootObject->interpreter()->evaluate(UString(), 0, UString((const UChar*)scriptString,UTF16Length));
         ComplType type = completion.complType();
         
@@ -192 +213 @@
             return false;
 
-        ExecState* exec = obj->rootObject->interpreter()->globalExec();
+        RootObject* rootObject = obj->rootObject;
+        if (!rootObject || !rootObject->isValid())
+            return false;
+
+        ExecState* exec = rootObject->interpreter()->globalExec();
         PrivateIdentifier* i = (PrivateIdentifier*)propertyName;
         
@@ -231 +256 @@
             return false;
 
-        ExecState* exec = obj->rootObject->interpreter()->globalExec();
+        RootObject* rootObject = obj->rootObject;
+        if (!rootObject || !rootObject->isValid())
+            return false;
+
+        ExecState* exec = rootObject->interpreter()->globalExec();
         JSLock lock;
         PrivateIdentifier* i = (PrivateIdentifier*)propertyName;
@@ -254 +283 @@
             return false;
 
-        ExecState* exec = obj->rootObject->interpreter()->globalExec();
+        RootObject* rootObject = obj->rootObject;
+        if (!rootObject || !rootObject->isValid())
+            return false;
+
+        ExecState* exec = rootObject->interpreter()->globalExec();
         PrivateIdentifier* i = (PrivateIdentifier*)propertyName;
         if (i->isString) {
@@ -282 +315 @@
             return false;
 
-        ExecState* exec = obj->rootObject->interpreter()->globalExec();
+        RootObject* rootObject = obj->rootObject;
+        if (!rootObject || !rootObject->isValid())
+            return false;
+
+        ExecState* exec = rootObject->interpreter()->globalExec();
         PrivateIdentifier* i = (PrivateIdentifier*)propertyName;
         JSLock lock;
@@ -307 +344 @@
             return false;
 
-        ExecState* exec = obj->rootObject->interpreter()->globalExec();
+        RootObject* rootObject = obj->rootObject;
+        if (!rootObject || !rootObject->isValid())
+            return false;
+
+        ExecState* exec = rootObject->interpreter()->globalExec();
         JSLock lock;
         JSValue* func = obj->imp->get(exec, identifierFromNPIdentifier(i->value.string));
@@ -323 +364 @@
     if (o->_class == NPScriptObjectClass) {
         JavaScriptObject* obj = (JavaScriptObject*)o; 
-        ExecState* exec = obj->rootObject->interpreter()->globalExec();
+        RootObject* rootObject = obj->rootObject;
+        if (!rootObject || !rootObject->isValid())
+            return;
+
+        ExecState* exec = rootObject->interpreter()->globalExec();
         JSLock lock;
         throwError(exec, GeneralError, message);

trunk/JavaScriptCore/bindings/NP_jsobject.h

@@ -28 +28 @@
 
 #include "npruntime.h"
+#include <wtf/Forward.h>
 
 namespace KJS {
@@ -42 +43 @@
     NPObject object;
     KJS::JSObject* imp;
-    const KJS::Bindings::RootObject* originRootObject;
-    const KJS::Bindings::RootObject* rootObject;
+    KJS::Bindings::RootObject* originRootObject;
+    KJS::Bindings::RootObject* rootObject;
 };
 
-NPObject* _NPN_CreateScriptObject(NPP npp, KJS::JSObject*, const KJS::Bindings::RootObject* originRootObject, const KJS::Bindings::RootObject* rootObject);
+NPObject* _NPN_CreateScriptObject(NPP npp, KJS::JSObject*, PassRefPtr<KJS::Bindings::RootObject> originRootObject, PassRefPtr<KJS::Bindings::RootObject> rootObject);
 NPObject* _NPN_CreateNoScriptObject(void);
 

trunk/JavaScriptCore/bindings/c/c_instance.cpp

@@ -32 +32 @@
 #include "list.h"
 #include "npruntime_impl.h"
+#include "runtime_root.h"
+#include <wtf/StringExtras.h>
 #include <wtf/Vector.h>
-#include <wtf/StringExtras.h>
 
 namespace KJS {

trunk/JavaScriptCore/bindings/c/c_utility.cpp

@@ -104 +104 @@
     JSType type = value->type();
     
+    VOID_TO_NPVARIANT(*result);
+
     if (type == StringType) {
         UString ustring = value->toString(exec);
@@ -126 +128 @@
             OBJECT_TO_NPVARIANT(obj, *result);
         } else {
-            Interpreter *originInterpreter = exec->dynamicInterpreter();
-            const Bindings::RootObject* originRootObject = findRootObject(originInterpreter);
+            Interpreter* originInterpreter = exec->dynamicInterpreter();
+            RootObject* originRootObject = findRootObject(originInterpreter);
 
-            Interpreter *interpreter = 0;
+            Interpreter* interpreter = 0;
             if (originInterpreter->isGlobalObject(value)) {
                 interpreter = originInterpreter->interpreterForGlobalObject(value);
@@ -137 +139 @@
                 interpreter = originInterpreter;
 
-            const RootObject* rootObject = findRootObject(interpreter);
-            if (!rootObject) {
-                RootObject* newRootObject = new RootObject(0, interpreter);
-                rootObject = newRootObject;
+            RootObject* rootObject = findRootObject(interpreter);
+            if (rootObject) {
+                NPObject* npObject = _NPN_CreateScriptObject(0, object, originRootObject, rootObject);
+                OBJECT_TO_NPVARIANT(npObject, *result);
             }
-
-            NPObject* npObject = _NPN_CreateScriptObject(0, object, originRootObject, rootObject);
-            OBJECT_TO_NPVARIANT(npObject, *result);
         }
     }
-    else
-        VOID_TO_NPVARIANT(*result);
 }
 

trunk/JavaScriptCore/bindings/jni/jni_instance.cpp

@@ -40 +40 @@
 }
 #endif
-
+ 
 using namespace KJS::Bindings;
 using namespace KJS;
 
-JavaInstance::JavaInstance (jobject instance, const RootObject *r) 
+JavaInstance::JavaInstance (jobject instance) 
 {
     _instance = new JObjectWrapper (instance);
     _class = 0;
-    setRootObject(r);
 }
 
@@ -139 +138 @@
     }
         
-
     jvalue result;
 
@@ -145 +143 @@
     // nornmal JNI.  The JNI dispatch abstraction allows the Java plugin
     // to dispatch the call on the appropriate internal VM thread.
-    const RootObject* rootObject = this->rootObject();
+    RootObject* rootObject = this->rootObject();
+    if (!rootObject)
+        return jsUndefined();
+
     bool handled = false;
-    if (rootObject && rootObject->nativeHandle()) {
+    if (rootObject->nativeHandle()) {
         jobject obj = _instance->_instance;
         JSValue *exceptionDescription = NULL;

trunk/JavaScriptCore/bindings/jni/jni_instance.h

@@ -67 +67 @@
 {
 public:
-    JavaInstance (jobject instance, const RootObject *r);
-        
-    ~JavaInstance ();
+    JavaInstance(jobject instance);
+    ~JavaInstance();
     
     virtual Class *getClass() const;
@@ -88 +87 @@
         
 private:
-    JavaInstance ();                         // prevent default construction
     JavaInstance (JavaInstance &);           // prevent copying
     JavaInstance &operator=(JavaInstance &); // prevent copying

trunk/JavaScriptCore/bindings/jni/jni_jsobject.cpp

@@ -127 +127 @@
     
                 case Finalize: {
-                    JSObject *imp = jlong_to_impptr(nativeHandle);
-                    // We may have received a finalize method call from the VM 
-                    // AFTER removing our last reference to the Java instance.
-                    if (findProtectCountSet(imp))
-                        JavaJSObject(nativeHandle).finalize();
+                    JavaJSObject(nativeHandle).finalize();
                     break;
                 }
@@ -151 +147 @@
     _imp = jlong_to_impptr(nativeJSObject);
     
-    // If we are unable to cast the nativeJSObject to an JSObject something is
-    // terribly wrong.
-    assert (_imp != 0);
-    
+    ASSERT(_imp);
     _rootObject = findRootObject(_imp);
-    
-    // If we can't find the root for the object something is terribly wrong.
-    assert (_rootObject != 0);
-}
-
+    ASSERT(_rootObject);
+}
+
+RootObject* JavaJSObject::rootObject() const
+{ 
+    return _rootObject && _rootObject->isValid() ? _rootObject.get() : 0; 
+}
 
 jobject JavaJSObject::call(jstring methodName, jobjectArray args) const
@@ -166 +161 @@
     JS_LOG ("methodName = %s\n", JavaString(methodName).UTF8String());
 
+    RootObject* rootObject = this->rootObject();
+    if (!rootObject)
+        return 0;
+    
     // Lookup the function object.
-    ExecState* exec = _rootObject->interpreter()->globalExec();
+    ExecState* exec = rootObject->interpreter()->globalExec();
     JSLock lock;
     
     Identifier identifier(JavaString(methodName).ustring());
     JSValue *func = _imp->get (exec, identifier);
-    if (func->isUndefinedOrNull()) {
-        // Maybe throw an exception here?
-        return 0;
-    }
+    if (func->isUndefinedOrNull())
+        return 0;
 
     // Call the function object.
@@ -195 +192 @@
     JSLock lock;
     
-    Completion completion = _rootObject->interpreter()->evaluate(UString(), 0, JavaString(script).ustring(),thisObj);
+    RootObject* rootObject = this->rootObject();
+    if (!rootObject)
+        return 0;
+
+    Completion completion = rootObject->interpreter()->evaluate(UString(), 0, JavaString(script).ustring(),thisObj);
     ComplType type = completion.complType();
     
@@ -212 +213 @@
     JS_LOG ("(%p) memberName = %s\n", _imp, JavaString(memberName).UTF8String());
 
-    ExecState* exec = _rootObject->interpreter()->globalExec();
+    RootObject* rootObject = this->rootObject();
+    if (!rootObject)
+        return 0;
+
+    ExecState* exec = rootObject->interpreter()->globalExec();
     
     JSLock lock;
@@ -223 +228 @@
 {
     JS_LOG ("memberName = %s, value = %p\n", JavaString(memberName).UTF8String(), value);
-    ExecState* exec = _rootObject->interpreter()->globalExec();
+
+    RootObject* rootObject = this->rootObject();
+    if (!rootObject)
+        return;
+
+    ExecState* exec = rootObject->interpreter()->globalExec();
     JSLock lock;
     _imp->put(exec, Identifier (JavaString(memberName).ustring()), convertJObjectToValue(value));
@@ -233 +243 @@
     JS_LOG ("memberName = %s\n", JavaString(memberName).UTF8String());
 
-    ExecState* exec = _rootObject->interpreter()->globalExec();
+    RootObject* rootObject = this->rootObject();
+    if (!rootObject)
+        return;
+
+    ExecState* exec = rootObject->interpreter()->globalExec();
     JSLock lock;
     _imp->deleteProperty(exec, Identifier (JavaString(memberName).ustring()));
@@ -247 +261 @@
 #endif
 
-    ExecState* exec = _rootObject->interpreter()->globalExec();
+    RootObject* rootObject = this->rootObject();
+    if (!rootObject)
+        return 0;
+
+    ExecState* exec = rootObject->interpreter()->globalExec();
 
     JSLock lock;
@@ -264 +282 @@
 #endif
 
-    ExecState* exec = _rootObject->interpreter()->globalExec();
+    RootObject* rootObject = this->rootObject();
+    if (!rootObject)
+        return;
+
+    ExecState* exec = rootObject->interpreter()->globalExec();
     JSLock lock;
     _imp->put(exec, (unsigned)index, convertJObjectToValue(value));
@@ -274 +296 @@
     JS_LOG ("\n");
     
+    RootObject* rootObject = this->rootObject();
+    if (!rootObject)
+        return 0;
+
     JSLock lock;
     JSObject *thisObj = const_cast<JSObject*>(_imp);
-    ExecState* exec = _rootObject->interpreter()->globalExec();
+    ExecState* exec = rootObject->interpreter()->globalExec();
     
     return (jstring)convertValueToJValue (exec, thisObj, object_type, "java.lang.String").l;
@@ -283 +309 @@
 void JavaJSObject::finalize() const
 {
-    JS_LOG ("\n");
-
-    removeNativeReference (_imp);
+    if (RootObject* rootObject = this->rootObject())
+        rootObject->gcUnprotect(_imp);
 }
 
@@ -304 +329 @@
         return ptr_to_jlong(0);
 
-    RootObject* rootObject = createRootObject(jlong_to_ptr(nativeHandle));
+    RefPtr<RootObject> rootObject = createRootObject(jlong_to_ptr(nativeHandle));
+
     // If rootObject is !NULL We must have been called via netscape.javascript.JavaJSObject.getWindow(),
     // otherwise we are being called after creating a JavaJSObject in
     // JavaJSObject::convertValueToJObject().
-    if (rootObject) {
-        JSObject* globalObject = rootObject->interpreter()->globalObject();
-        addNativeReference(rootObject, globalObject);
-        return ptr_to_jlong(globalObject);
-    }
+    if (rootObject)
+        return ptr_to_jlong(rootObject->interpreter()->globalObject());
 
     return nativeHandle;
@@ -319 +342 @@
 jobject JavaJSObject::convertValueToJObject (JSValue *value) const
 {
-    ExecState* exec = _rootObject->interpreter()->globalExec();
+    RootObject* rootObject = this->rootObject();
+    if (!rootObject)
+        return 0;
+
+    ExecState* exec = rootObject->interpreter()->globalExec();
     JNIEnv *env = getJNIEnv();
     jobject result = 0;
@@ -369 +396 @@
             else {
                 nativeHandle = ptr_to_jlong(imp);
-                
-                // Bump our 'meta' reference count for the imp.  We maintain the reference
-                // until either finalize is called or the applet shuts down.
-                addNativeReference(_rootObject, imp);
+                rootObject->gcProtect(imp);
             }
         }
@@ -430 +454 @@
 
     JSLock lock;
-    RuntimeObjectImp* newImp = new RuntimeObjectImp(new JavaInstance(theObject, _rootObject));
+    JavaInstance* javaInstance = new JavaInstance(theObject);
+    javaInstance->setRootObject(rootObject());
+    RuntimeObjectImp* newImp = new RuntimeObjectImp(javaInstance);
 
     return newImp;

trunk/JavaScriptCore/bindings/jni/jni_jsobject.h

@@ -92 +92 @@
     List listFromJArray(jobjectArray) const;
     
+    RootObject* rootObject() const;
+    
 private:
-    const RootObject* _rootObject;
-    JSObject *_imp;
+    RefPtr<RootObject> _rootObject;
+    JSObject* _imp;
 };
 

trunk/JavaScriptCore/bindings/jni/jni_runtime.cpp

@@ -66 +66 @@
     _name = JavaString(env, fieldName);
 
-    _field = new JavaInstance(aField, 0);
-}
-
-JSValue* JavaArray::convertJObjectToArray(ExecState* exec, jobject anObject, const char* type, const RootObject* r)
+    _field = new JavaInstance(aField);
+}
+
+JSValue* JavaArray::convertJObjectToArray(ExecState* exec, jobject anObject, const char* type, PassRefPtr<RootObject> rootObject)
 {
     if (type[0] != '[')
         return jsUndefined();
 
-    return new RuntimeArray(exec, new JavaArray((jobject)anObject, type, r));
+    return new RuntimeArray(exec, new JavaArray((jobject)anObject, type, rootObject));
 }
 
@@ -90 +90 @@
         if ( mid != NULL )
         {
-            const RootObject* rootObject = instance->rootObject();
+            RootObject* rootObject = instance->rootObject();
             if (rootObject && rootObject->nativeHandle()) {
                 JSValue *exceptionDescription = NULL;
@@ -171 +171 @@
         if ( mid != NULL )
         {
-            const RootObject* rootObject = instance->rootObject();
+            RootObject* rootObject = instance->rootObject();
             if (rootObject && rootObject->nativeHandle()) {
                 JSValue *exceptionDescription = NULL;
@@ -365 +365 @@
 
 
-JavaArray::JavaArray (jobject a, const char *t, const RootObject *r) 
-{
-    _array = new JObjectWrapper (a);
+JavaArray::JavaArray(jobject array, const char* type, PassRefPtr<RootObject> rootObject) 
+{
+    _array = new JObjectWrapper(array);
     // Java array are fixed length, so we can cache length.
     JNIEnv *env = getJNIEnv();
     _length = env->GetArrayLength((jarray)_array->_instance);
-    _type = strdup(t);
-    _rootObject = r;
+    _type = strdup(type);
+    _rootObject = rootObject;
 }
 
@@ -380 +380 @@
 }
 
-
-JavaArray::JavaArray (const JavaArray &other) : Array() 
-{
-    _array = other._array;
-    _type = strdup(other._type);
+RootObject* JavaArray::rootObject() const 
+{ 
+    return _rootObject && _rootObject->isValid() ? _rootObject.get() : 0;
 }
 

trunk/JavaScriptCore/bindings/jni/jni_runtime.h

@@ -267 +267 @@
 {
 public:
-    JavaArray (jobject a, const char *type, const RootObject *r);
-
-    JavaArray (const JavaArray &other);
-
-    JavaArray &operator=(const JavaArray &other){
-        if (this == &other)
-            return *this;
-        
-        free ((void *)_type);
-        _type = strdup(other._type);
-        _rootObject = other._rootObject;
-        _array = other._array;
-        
-        return *this;
-    };
+    JavaArray(jobject array, const char* type, PassRefPtr<RootObject>);
+    virtual ~JavaArray();
+
+    RootObject* rootObject() const;
 
     virtual void setValueAt(ExecState *exec, unsigned int index, JSValue *aValue) const;
@@ -287 +276 @@
     virtual unsigned int getLength() const;
     
-    virtual ~JavaArray();
-
     jobject javaArray() const { return _array->_instance; }
 
-    static JSValue *convertJObjectToArray (ExecState *exec, jobject anObject, const char *type, const RootObject *r);
-
-    const RootObject* rootObject() const { return _rootObject; }
-    
-private:
+    static JSValue* convertJObjectToArray (ExecState* exec, jobject anObject, const char* type, PassRefPtr<RootObject>);
+
+private:
+    JavaArray(const JavaArray&);
+    JavaArray& operator=(const JavaArray&);
+
     RefPtr<JObjectWrapper> _array;
     unsigned int _length;
     const char *_type;
-    const RootObject *_rootObject;
+    RefPtr<RootObject> _rootObject;
 };
 

trunk/JavaScriptCore/bindings/objc/WebScriptObject.h

@@ -29 +29 @@
 #include "runtime_root.h"
 
+@class WebUndefined;
+
 @protocol WebScriptObject
 + (NSString *)webScriptNameForSelector:(SEL)aSelector;
@@ -35 +37 @@
 + (BOOL)isKeyExcludedFromWebScript:(const char *)name;
 
-+ (id)_convertValueToObjcValue:(KJS::JSValue *)value originRootObject:(const KJS::Bindings::RootObject*)originRootObject rootObject:(const KJS::Bindings::RootObject *)rootObject;
-- _initWithJSObject:(KJS::JSObject *)imp originRootObject:(const KJS::Bindings::RootObject*)originRootObject rootObject:(const KJS::Bindings::RootObject*)rootObject;
++ (id)_convertValueToObjcValue:(KJS::JSValue *)value originRootObject:(KJS::Bindings::RootObject*)originRootObject rootObject:(KJS::Bindings::RootObject*)rootObject;
+- _initWithJSObject:(KJS::JSObject*)imp originRootObject:(PassRefPtr<KJS::Bindings::RootObject>)originRootObject rootObject:(PassRefPtr<KJS::Bindings::RootObject>)rootObject;
 - (KJS::JSObject *)_imp;
 @end
+
+@protocol WebUndefined
++ (WebUndefined *)undefined;
+@end

trunk/JavaScriptCore/bindings/objc/objc_runtime.mm

@@ -43 +43 @@
 extern ClassStructPtr KJS::Bindings::webUndefinedClass()
 {
-    static ClassStructPtr<WebScriptObject> webUndefinedClass = NSClassFromString(@"WebUndefined");
+    static ClassStructPtr<WebUndefined> webUndefinedClass = NSClassFromString(@"WebUndefined");
     return webUndefinedClass;
 }
@@ -142 +142 @@
 static id convertValueToObjcObject(ExecState* exec, JSValue* value)
 {
-    const RootObject* rootObject = findRootObject(exec->dynamicInterpreter());
-    if (!rootObject) {
-        RootObject* newRootObject = new RootObject(0, exec->dynamicInterpreter());
-        rootObject = newRootObject;
-    }
-    return [webScriptObjectClass() _convertValueToObjcValue:value originRootObject:rootObject rootObject:rootObject ];
+    RefPtr<RootObject> rootObject = findRootObject(exec->dynamicInterpreter());
+    if (!rootObject)
+        return nil;
+    return [webScriptObjectClass() _convertValueToObjcValue:value originRootObject:rootObject.get() rootObject:rootObject.get()];
 }
 

trunk/JavaScriptCore/bindings/objc/objc_utility.mm

@@ -137 +137 @@
         case ObjcObjectType: {
             Interpreter *originInterpreter = exec->dynamicInterpreter();
-            const RootObject* originRootObject = findRootObject(originInterpreter);
+            RootObject* originRootObject = findRootObject(originInterpreter);
 
             Interpreter *interpreter = 0;
@@ -146 +146 @@
                 interpreter = originInterpreter;
                 
-            const RootObject* rootObject = findRootObject(interpreter);
-            if (!rootObject) {
-                RootObject* newRootObject = new RootObject(0, interpreter);
-                rootObject = newRootObject;
-            }
-
-            result.objectValue = [webScriptObjectClass() _convertValueToObjcValue:value originRootObject:originRootObject rootObject:rootObject];
+            RootObject* rootObject = findRootObject(interpreter);
+            result.objectValue =  rootObject
+                ? [webScriptObjectClass() _convertValueToObjcValue:value originRootObject:originRootObject rootObject:rootObject]
+                : nil;
         }
         break;

trunk/JavaScriptCore/bindings/runtime.cpp

@@ -30 +30 @@
 #include "NP_jsobject.h"
 #include "c_instance.h"
+#include "runtime_object.h"
+#include "runtime_root.h"
+
 #if HAVE(JNI)
 #include "jni_instance.h"
@@ -39 +42 @@
 #include "qt_instance.h"
 #endif
-#include "runtime_object.h"
 
 namespace KJS { namespace Bindings {
@@ -95 +97 @@
 
 Instance::Instance()
-    : _rootObject(0)
-    , _refCount(0)
+    : _refCount(0)
+{
+}
+
+Instance::~Instance()
 {
 }
@@ -115 +120 @@
 }
 
-Instance* Instance::createBindingForLanguageInstance(BindingLanguage language, void* nativeInstance, const RootObject* rootObject)
+Instance* Instance::createBindingForLanguageInstance(BindingLanguage language, void* nativeInstance, PassRefPtr<RootObject> rootObject)
 {
     Instance *newInstance = 0;
@@ -122 +127 @@
 #if HAVE(JNI)
         case Instance::JavaLanguage: {
-            newInstance = new Bindings::JavaInstance((jobject)nativeInstance, rootObject);
+            newInstance = new Bindings::JavaInstance((jobject)nativeInstance);
             break;
         }
@@ -152 +157 @@
 }
 
-JSObject* Instance::createRuntimeObject(BindingLanguage language, void* nativeInstance, const RootObject* rootObject)
+JSObject* Instance::createRuntimeObject(BindingLanguage language, void* nativeInstance, PassRefPtr<RootObject> rootObject)
 {
-    Instance* interfaceObject = Instance::createBindingForLanguageInstance(language, nativeInstance, rootObject);
+    Instance* instance = Instance::createBindingForLanguageInstance(language, nativeInstance, rootObject);
     
     JSLock lock;
-    return new RuntimeObjectImp(interfaceObject);
+    return new RuntimeObjectImp(instance);
+}
+
+void Instance::setRootObject(PassRefPtr<RootObject> rootObject)
+{
+    _rootObject = rootObject;
+}
+
+RootObject* Instance::rootObject() const 
+{ 
+    return _rootObject && _rootObject->isValid() ? _rootObject.get() : 0;
 }
 

trunk/JavaScriptCore/bindings/runtime.h

@@ -142 +142 @@
     static KJSDidExecuteFunctionPtr didExecuteFunction();
     
-    static Instance* createBindingForLanguageInstance(BindingLanguage, void* nativeInstance, const RootObject* = 0);
-    static JSObject* createRuntimeObject(BindingLanguage, void* nativeInstance, const RootObject* = 0);
+    static Instance* createBindingForLanguageInstance(BindingLanguage, void* nativeInstance, PassRefPtr<RootObject> = 0);
+    static JSObject* createRuntimeObject(BindingLanguage, void* nativeInstance, PassRefPtr<RootObject> = 0);
 
     void ref() { _refCount++; }
@@ -175 +175 @@
     virtual JSValue* valueOf() const { return jsString(getClass()->name()); }
     
-    void setRootObject(const RootObject* r) { _rootObject = r; }
-    const RootObject* rootObject() const { return _rootObject; }
-    
-    virtual ~Instance() {}
+    void setRootObject(PassRefPtr<RootObject>);
+    RootObject* rootObject() const;
+    
+    virtual ~Instance();
 
 protected:
-    const RootObject* _rootObject;
+    RefPtr<RootObject> _rootObject;
     unsigned _refCount;
 

trunk/JavaScriptCore/bindings/runtime_root.cpp

@@ -28 +28 @@
 #include "runtime_root.h"
 #include <wtf/HashCountedSet.h>
+#include <wtf/HashSet.h>
 
 namespace KJS { namespace Bindings {
 
-// Java does NOT always call finalize (and thus KJS_JSObject_JSFinalize) when
-// it collects an objects.  This presents some difficulties.  We must ensure
-// the a JavaJSObject's corresponding JavaScript object doesn't get collected.  We
-// do this by incrementing the JavaScript's reference count the first time we
-// create a JavaJSObject for it, and decrementing the JavaScript reference count when
-// the last JavaJSObject that refers to it is finalized, or when the applet is
-// shutdown.
-//
-// To do this we keep a map that maps each applet instance
-// to the JavaScript objects it is referencing.  For each JavaScript instance
-// we also maintain a secondary reference count.  When that reference count reaches
-// 1 OR the applet is shutdown we deref the JavaScript instance.  Applet instances
-// are represented by a jlong.
-
-typedef HashMap<const RootObject*, ProtectCountSet*> RootObjectMap;
-
-static RootObjectMap* rootObjectMap()
-{
-    static RootObjectMap staticRootObjectMap;
-    return &staticRootObjectMap;
-}
-
-static ProtectCountSet* getProtectCountSet(const RootObject* rootObject)
-{
-    ProtectCountSet* protectCountSet = rootObjectMap()->get(rootObject);
-
-    if (!protectCountSet) {
-        protectCountSet = new ProtectCountSet;
-        rootObjectMap()->add(rootObject, protectCountSet);
-    }
-    return protectCountSet;
-}
-
-static void destroyProtectCountSet(const RootObject* rootObject, ProtectCountSet* protectCountSet)
-{
-    rootObjectMap()->remove(rootObject);
-    delete protectCountSet;
+// This code attempts to solve two problems: (1) plug-ins leaking references to 
+// JS and the DOM; (2) plug-ins holding stale references to JS and the DOM. Previous 
+// comments in this file claimed that problem #1 was an issue in Java, in particular, 
+// because Java, allegedly, didn't always call finalize when collecting an object.
+
+typedef HashSet<RootObject*> RootObjectSet;
+
+static RootObjectSet* rootObjectSet()
+{
+    static RootObjectSet staticRootObjectSet;
+    return &staticRootObjectSet;
 }
 
@@ -73 +48 @@
 // fix them by adding a JSObject to RootObject dictionary.
 
-ProtectCountSet* findProtectCountSet(JSObject* jsObject)
-{
-    const RootObject* rootObject = findRootObject(jsObject);
-    return rootObject ? getProtectCountSet(rootObject) : 0;
-}
-
-const RootObject* findRootObject(JSObject* jsObject)
-{
-    RootObjectMap::const_iterator end = rootObjectMap()->end();
-    for (RootObjectMap::const_iterator it = rootObjectMap()->begin(); it != end; ++it) {
-        ProtectCountSet* set = it->second;
-        if (set->contains(jsObject))
-            return it->first;
-    }
-    
+RootObject* findRootObject(JSObject* jsObject)
+{
+    RootObjectSet::const_iterator end = rootObjectSet()->end();
+    for (RootObjectSet::const_iterator it = rootObjectSet()->begin(); it != end; ++it) {
+        if ((*it)->gcIsProtected(jsObject))
+            return *it;
+    }
     return 0;
 }
 
-const RootObject* findRootObject(Interpreter* interpreter)
-{
-    RootObjectMap::const_iterator end = rootObjectMap()->end();
-    for (RootObjectMap::const_iterator it = rootObjectMap()->begin(); it != end; ++it) {
-        const RootObject* aRootObject = it->first;
-        
-        if (aRootObject->interpreter() == interpreter)
-            return aRootObject;
-    }
-    
+RootObject* findRootObject(Interpreter* interpreter)
+{
+    RootObjectSet::const_iterator end = rootObjectSet()->end();
+    for (RootObjectSet::const_iterator it = rootObjectSet()->begin(); it != end; ++it) {
+        if ((*it)->interpreter() == interpreter)
+            return *it;
+    }
     return 0;
-}
-
-void addNativeReference(const RootObject* rootObject, JSObject* jsObject)
-{
-    if (!rootObject)
-        return;
-    
-    ProtectCountSet* protectCountSet = getProtectCountSet(rootObject);
-    if (!protectCountSet->contains(jsObject)) {
-        JSLock lock;
-        gcProtect(jsObject);
-    }
-    protectCountSet->add(jsObject);
-}
-
-void removeNativeReference(JSObject* jsObject)
-{
-    if (!jsObject)
-        return;
-
-    // We might have manually detroyed the root object and its protect set already
-    ProtectCountSet* protectCountSet = findProtectCountSet(jsObject);
-    if (!protectCountSet)
-        return;
-
-    if (protectCountSet->count(jsObject) == 1) {
-        JSLock lock;
-        gcUnprotect(jsObject);
-    }
-    protectCountSet->remove(jsObject);
 }
 
@@ -256 +190 @@
     CFRunLoopAddSource(RootObject::_runLoop, RootObject::_performJavaScriptSource, kCFRunLoopDefaultMode);
 }
+
 #endif
 
-// Destroys the RootObject and unprotects all JSObjects associated with it.
-void RootObject::destroy()
-{
-    ProtectCountSet* protectCountSet = getProtectCountSet(this);
-    
-    if (protectCountSet) {
-        ProtectCountSet::iterator end = protectCountSet->end();
-        for (ProtectCountSet::iterator it = protectCountSet->begin(); it != end; ++it) {
-            JSLock lock;
-            gcUnprotect(it->first);            
-        }
-
-        destroyProtectCountSet(this, protectCountSet);
-    }
-
-    delete this;
+PassRefPtr<RootObject> RootObject::create(const void* nativeHandle, PassRefPtr<Interpreter> interpreter)
+{
+    return new RootObject(nativeHandle, interpreter);
+}
+
+RootObject::RootObject(const void* nativeHandle, PassRefPtr<Interpreter> interpreter)
+    : m_refCount(0)
+    , m_isValid(true)
+    , m_nativeHandle(nativeHandle)
+    , m_interpreter(interpreter)
+{
+    ASSERT(m_interpreter);
+    rootObjectSet()->add(this);
+}
+
+RootObject::~RootObject()
+{
+    if (m_isValid)
+        invalidate();
+}
+
+void RootObject::invalidate()
+{
+    if (!m_isValid)
+        return;
+
+    m_isValid = false;
+
+    m_nativeHandle = 0;
+    m_interpreter = 0;
+
+    ProtectCountSet::iterator end = m_protectCountSet.end();
+    for (ProtectCountSet::iterator it = m_protectCountSet.begin(); it != end; ++it) {
+        JSLock lock;
+        KJS::gcUnprotect(it->first);
+    }
+    m_protectCountSet.clear();
+
+    rootObjectSet()->remove(this);
+}
+
+void RootObject::gcProtect(JSObject* jsObject)
+{
+    ASSERT(m_isValid);
+    
+    if (!m_protectCountSet.contains(jsObject)) {
+        JSLock lock;
+        KJS::gcProtect(jsObject);
+    }
+    m_protectCountSet.add(jsObject);
+}
+
+void RootObject::gcUnprotect(JSObject* jsObject)
+{
+    ASSERT(m_isValid);
+    
+    if (!jsObject)
+        return;
+
+    if (m_protectCountSet.count(jsObject) == 1) {
+        JSLock lock;
+        KJS::gcUnprotect(jsObject);
+    }
+    m_protectCountSet.remove(jsObject);
+}
+
+bool RootObject::gcIsProtected(JSObject* jsObject)
+{
+    ASSERT(m_isValid);
+    return m_protectCountSet.contains(jsObject);
+}
+
+const void* RootObject::nativeHandle() const 
+{ 
+    ASSERT(m_isValid);
+    return m_nativeHandle; 
+}
+
+Interpreter* RootObject::interpreter() const 
+{ 
+    ASSERT(m_isValid);
+    return m_interpreter.get(); 
 }
 

trunk/JavaScriptCore/bindings/runtime_root.h

@@ -39 +39 @@
 class RootObject;
 
-typedef RootObject* (*CreateRootObjectFunction)(void* nativeHandle);
+typedef PassRefPtr<RootObject> (*CreateRootObjectFunction)(void* nativeHandle);
 typedef HashCountedSet<JSObject*> ProtectCountSet;
 
-extern ProtectCountSet* findProtectCountSet(JSObject*);
-extern const RootObject* findRootObject(JSObject*);
-extern const RootObject* findRootObject(Interpreter*);
-extern void addNativeReference(const RootObject*, JSObject*);
-extern void removeNativeReference(JSObject*);
+extern RootObject* findRootObject(JSObject*);
+extern RootObject* findRootObject(Interpreter*);
 
 class RootObject
@@ -52 +49 @@
 friend class JavaJSObject;
 public:
-    RootObject(const void* nativeHandle, PassRefPtr<Interpreter> interpreter)
-        : m_nativeHandle(nativeHandle)
-        , m_interpreter(interpreter)
+    static PassRefPtr<RootObject> create(const void* nativeHandle, PassRefPtr<Interpreter> interpreter);
+
+    void ref() { m_refCount++; }
+    void deref()
     {
+        if (--m_refCount == 0)
+            delete this;
     }
+
+    bool isValid() { return m_isValid; }
+    void invalidate();
     
-    const void *nativeHandle() const { return m_nativeHandle; }
-    Interpreter *interpreter() const { return m_interpreter.get(); }
+    void gcProtect(JSObject*);
+    void gcUnprotect(JSObject*);
+    bool gcIsProtected(JSObject*);
 
-    void destroy();
+    const void* nativeHandle() const;
+    Interpreter* interpreter() const;
 
 #if PLATFORM(MAC)
@@ -77 +82 @@
 
 private:
+    RootObject(const void* nativeHandle, PassRefPtr<Interpreter> interpreter);
+    ~RootObject();
+    
+    // Uncopyable
+    RootObject(const RootObject&);
+    RootObject& operator=(const RootObject&);
+    
+    unsigned m_refCount;
+    bool m_isValid;
+    
     const void* m_nativeHandle;
     RefPtr<Interpreter> m_interpreter;
+    ProtectCountSet m_protectCountSet;
 
 #if PLATFORM(MAC)