Ignore:
Timestamp:
Jan 28, 2011, 12:21:07 PM (15 years ago)
Author:
[email protected]
Message:

2011-01-28 Michael Saboff <[email protected]>

Potentially Unsafe HashSet of RuntimeObject* in RootObject definition
https://bugs.webkit.org/show_bug.cgi?id=53271

Reapplying this this change. No change from prior patch in
JavaScriptCore.

Added new isValid() methods to check if a contained object in
a WeakGCMap is valid when using an unchecked iterator.

  • runtime/WeakGCMap.h: (JSC::WeakGCMap::isValid):

2011-01-28 Michael Saboff <[email protected]>

Reviewed by Geoffrey Garen.

Potentially Unsafe HashSet of RuntimeObject* in RootObject definition
https://bugs.webkit.org/show_bug.cgi?id=53271

Reapplying this patch with the change that the second ASSERT in
RootObject::removeRuntimeObject was changed to use
.uncheckedGet() instead of the failing .get(). The object in question
could be in the process of being GC'ed. The get() call will not return
such an object while the uncheckedGet() call will return the (unsafe)
object. This is the behavior we want.

Precautionary change.
Changed RootObject to use WeakGCMap instead of HashSet.
Found will looking for another issue, but can't produce a test case
that is problematic. THerefore there aren't any new tests.

  • bridge/runtime_root.cpp: (JSC::Bindings::RootObject::invalidate): (JSC::Bindings::RootObject::addRuntimeObject): (JSC::Bindings::RootObject::removeRuntimeObject):
  • bridge/runtime_root.h:
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/runtime/WeakGCMap.h

    r76925 r76969  
    7070    const_iterator uncheckedEnd() const { return m_map.end(); }
    7171
     72    bool isValid(iterator it) const { return Heap::isCellMarked(it->second); }
     73    bool isValid(const_iterator it) const { return Heap::isCellMarked(it->second); }
     74
    7275private:
    7376    HashMap<KeyType, MappedType> m_map;
Note: See TracChangeset for help on using the changeset viewer.