Changeset 210824 in webkit for trunk/Source/JavaScriptCore/API/JSObjectRef.cpp

Timestamp:

Jan 17, 2017, 12:25:36 PM (8 years ago)

Author:

[email protected]

Message:

Unreviewed, roll out ​http://trac.webkit.org/changeset/210821
It was causing crashes.

Source/JavaScriptCore:

• API/JSAPIWrapperObject.mm:

(JSAPIWrapperObjectHandleOwner::finalize):

• API/JSCallbackObject.h:
• API/JSCallbackObjectFunctions.h:

(JSC::JSCallbackObject<Parent>::~JSCallbackObject):
(JSC::JSCallbackObject<Parent>::init):

• API/JSObjectRef.cpp:

(JSObjectGetPrivate):
(JSObjectSetPrivate):
(classInfoPrivate): Deleted.

• bytecode/EvalCodeBlock.cpp:

(JSC::EvalCodeBlock::destroy):

• bytecode/FunctionCodeBlock.cpp:

(JSC::FunctionCodeBlock::destroy):

• bytecode/ModuleProgramCodeBlock.cpp:

(JSC::ModuleProgramCodeBlock::destroy):

• bytecode/ProgramCodeBlock.cpp:

(JSC::ProgramCodeBlock::destroy):

• bytecode/UnlinkedEvalCodeBlock.cpp:

(JSC::UnlinkedEvalCodeBlock::destroy):

• bytecode/UnlinkedFunctionCodeBlock.cpp:

(JSC::UnlinkedFunctionCodeBlock::destroy):

• bytecode/UnlinkedFunctionExecutable.cpp:

(JSC::UnlinkedFunctionExecutable::destroy):

• bytecode/UnlinkedModuleProgramCodeBlock.cpp:

(JSC::UnlinkedModuleProgramCodeBlock::destroy):

• bytecode/UnlinkedProgramCodeBlock.cpp:

(JSC::UnlinkedProgramCodeBlock::destroy):

• heap/CodeBlockSet.cpp:

(JSC::CodeBlockSet::lastChanceToFinalize):
(JSC::CodeBlockSet::deleteUnmarkedAndUnreferenced):

• heap/MarkedAllocator.cpp:

(JSC::MarkedAllocator::allocateSlowCaseImpl):

• heap/MarkedBlock.cpp:

(JSC::MarkedBlock::Handle::sweep):

• jit/JITThunks.cpp:

(JSC::JITThunks::finalize):

• runtime/AbstractModuleRecord.cpp:

(JSC::AbstractModuleRecord::destroy):

• runtime/ExecutableBase.cpp:

(JSC::ExecutableBase::clearCode):

• runtime/JSCellInlines.h:

(JSC::JSCell::classInfo):
(JSC::JSCell::callDestructor):

• runtime/JSLock.h:

(JSC::JSLock::exclusiveThread):
(JSC::JSLock::ownerThread): Deleted.

• runtime/JSModuleNamespaceObject.cpp:

(JSC::JSModuleNamespaceObject::destroy):

• runtime/JSModuleRecord.cpp:

(JSC::JSModuleRecord::destroy):

• runtime/JSPropertyNameEnumerator.cpp:

(JSC::JSPropertyNameEnumerator::destroy):

• runtime/JSSegmentedVariableObject.h:
• runtime/SymbolTable.cpp:

(JSC::SymbolTable::destroy):

• runtime/VM.h:
• wasm/js/JSWebAssemblyCallee.cpp:

(JSC::JSWebAssemblyCallee::destroy):

• wasm/js/WebAssemblyModuleRecord.cpp:

(JSC::WebAssemblyModuleRecord::destroy):

• wasm/js/WebAssemblyToJSCallee.cpp:

(JSC::WebAssemblyToJSCallee::WebAssemblyToJSCallee):
(JSC::WebAssemblyToJSCallee::destroy):

Source/WebCore:

• bindings/js/JSCSSValueCustom.cpp:

(WebCore::JSDeprecatedCSSOMValueOwner::finalize):

• bindings/js/JSDOMIterator.h:

(WebCore::IteratorTraits>::destroy):

• bindings/scripts/CodeGeneratorJS.pm:

(GenerateImplementation):

File:

• trunk/Source/JavaScriptCore/API/JSObjectRef.cpp (modified) (2 diffs)

trunk/Source/JavaScriptCore/API/JSObjectRef.cpp

@@ -381 +381 @@
 }
 
-// API objects have private properties, which may get accessed during destruction. This
-// helper lets us get the ClassInfo of an API object from a function that may get called
-// during destruction.
-static const ClassInfo* classInfoPrivate(JSObject* jsObject)
-{
-    VM* vm = jsObject->vm();
-    
-    if (vm->currentlyDestructingCallbackObject != jsObject)
-        return jsObject->classInfo();
-
-    return vm->currentlyDestructingCallbackObjectClassInfo;
-}
-
 void* JSObjectGetPrivate(JSObjectRef object)
 {
     JSObject* jsObject = uncheckedToJS(object);
 
-    const ClassInfo* classInfo = classInfoPrivate(jsObject);
-    
     // Get wrapped object if proxied
-    if (classInfo->isSubClassOf(JSProxy::info())) {
-        jsObject = static_cast<JSProxy*>(jsObject)->target();
-        classInfo = jsObject->classInfo();
-    }
-
-    if (classInfo->isSubClassOf(JSCallbackObject<JSGlobalObject>::info()))
-        return static_cast<JSCallbackObject<JSGlobalObject>*>(jsObject)->getPrivate();
-    if (classInfo->isSubClassOf(JSCallbackObject<JSDestructibleObject>::info()))
-        return static_cast<JSCallbackObject<JSDestructibleObject>*>(jsObject)->getPrivate();
+    if (jsObject->inherits(JSProxy::info()))
+        jsObject = jsCast<JSProxy*>(jsObject)->target();
+
+    if (jsObject->inherits(JSCallbackObject<JSGlobalObject>::info()))
+        return jsCast<JSCallbackObject<JSGlobalObject>*>(jsObject)->getPrivate();
+    if (jsObject->inherits(JSCallbackObject<JSDestructibleObject>::info()))
+        return jsCast<JSCallbackObject<JSDestructibleObject>*>(jsObject)->getPrivate();
 #if JSC_OBJC_API_ENABLED
-    if (classInfo->isSubClassOf(JSCallbackObject<JSAPIWrapperObject>::info()))
-        return static_cast<JSCallbackObject<JSAPIWrapperObject>*>(jsObject)->getPrivate();
+    if (jsObject->inherits(JSCallbackObject<JSAPIWrapperObject>::info()))
+        return jsCast<JSCallbackObject<JSAPIWrapperObject>*>(jsObject)->getPrivate();
 #endif
     
@@ -422 +405 @@
     JSObject* jsObject = uncheckedToJS(object);
 
-    const ClassInfo* classInfo = classInfoPrivate(jsObject);
-    
     // Get wrapped object if proxied
-    if (classInfo->isSubClassOf(JSProxy::info())) {
+    if (jsObject->inherits(JSProxy::info()))
         jsObject = jsCast<JSProxy*>(jsObject)->target();
-        classInfo = jsObject->classInfo();
-    }
-
-    if (classInfo->isSubClassOf(JSCallbackObject<JSGlobalObject>::info())) {
+
+    if (jsObject->inherits(JSCallbackObject<JSGlobalObject>::info())) {
         jsCast<JSCallbackObject<JSGlobalObject>*>(jsObject)->setPrivate(data);
         return true;
     }
-    if (classInfo->isSubClassOf(JSCallbackObject<JSDestructibleObject>::info())) {
+    if (jsObject->inherits(JSCallbackObject<JSDestructibleObject>::info())) {
         jsCast<JSCallbackObject<JSDestructibleObject>*>(jsObject)->setPrivate(data);
         return true;
     }
 #if JSC_OBJC_API_ENABLED
-    if (classInfo->isSubClassOf(JSCallbackObject<JSAPIWrapperObject>::info())) {
+    if (jsObject->inherits(JSCallbackObject<JSAPIWrapperObject>::info())) {
         jsCast<JSCallbackObject<JSAPIWrapperObject>*>(jsObject)->setPrivate(data);
         return true;