Timestamp:
Apr 19, 2018, 12:33:03 PM (7 years ago)
Author:
[email protected]
Message:

The InternalFunction hierarchy should be in IsoSubspaces
https://bugs.webkit.org/show_bug.cgi?id=184721

Reviewed by Saam Barati.
Source/JavaScriptCore:


This moves InternalFunction into a IsoSubspace. It also moves all subclasses into IsoSubspaces,
but subclasses that are the same size as InternalFunction share its subspace. I did this
because the subclasses appear to just override methods, which are called dynamically via the
structure or class of the object. So, I don't see a type confusion risk if UAF is used to
allocate one kind of InternalFunction over another.

  • API/JSBase.h:
  • API/JSCallbackFunction.h:
  • API/ObjCCallbackFunction.h:

(JSC::ObjCCallbackFunction::subspaceFor):

  • CMakeLists.txt:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • Sources.txt:
  • heap/IsoSubspacePerVM.cpp: Added.

(JSC::IsoSubspacePerVM::AutoremovingIsoSubspace::AutoremovingIsoSubspace):
(JSC::IsoSubspacePerVM::AutoremovingIsoSubspace::~AutoremovingIsoSubspace):
(JSC::IsoSubspacePerVM::IsoSubspacePerVM):
(JSC::IsoSubspacePerVM::~IsoSubspacePerVM):
(JSC::IsoSubspacePerVM::forVM):

  • heap/IsoSubspacePerVM.h: Added.

(JSC::IsoSubspacePerVM::SubspaceParameters::SubspaceParameters):

  • runtime/Error.h:
  • runtime/ErrorConstructor.h:
  • runtime/InternalFunction.h:

(JSC::InternalFunction::subspaceFor):

  • runtime/IntlCollatorConstructor.h:
  • runtime/IntlDateTimeFormatConstructor.h:
  • runtime/IntlNumberFormatConstructor.h:
  • runtime/JSArrayBufferConstructor.h:
  • runtime/NativeErrorConstructor.h:
  • runtime/ProxyRevoke.h:
  • runtime/RegExpConstructor.h:
  • runtime/VM.cpp:

(JSC::VM::VM):

  • runtime/VM.h:

Source/WebCore:

No new tests because no new behavior.

  • bindings/js/WebCoreJSClientData.cpp:

(WebCore::JSVMClientData::JSVMClientData):

  • bindings/js/WebCoreJSClientData.h:

(WebCore::JSVMClientData::runtimeMethodSpace):

  • bridge/runtime_method.cpp:

(JSC::RuntimeMethod::subspaceForImpl):

  • bridge/runtime_method.h:

Source/WebKit:

  • WebProcess/Plugins/Netscape/JSNPMethod.cpp:

(WebKit::JSNPMethod::subspaceForImpl):

  • WebProcess/Plugins/Netscape/JSNPMethod.h:

(WebKit::JSNPMethod::create): Deleted.
(WebKit::JSNPMethod::npIdentifier const): Deleted.
(WebKit::JSNPMethod::createStructure): Deleted.

  • WebProcess/Plugins/Netscape/JSNPObject.cpp:

(WebKit::JSNPObject::subspaceForImpl):

  • WebProcess/Plugins/Netscape/JSNPObject.h:

(WebKit::JSNPObject::create): Deleted.
(WebKit::JSNPObject::npObject const): Deleted.
(WebKit::JSNPObject::createStructure): Deleted.

File:
1 added

Note: See TracChangeset for help on using the changeset viewer.