Changeset 86785 in webkit for trunk/Source/JavaScriptCore/jsc.cpp


Ignore:
Timestamp:
May 18, 2011, 1:41:54 PM (14 years ago)
Author:
[email protected]
Message:

2011-05-18 Oliver Hunt <[email protected]>

Reviewed by Sam Weinig.

JSGlobalObject and some others do GC allocation during initialization, which can cause heap corruption
https://bugs.webkit.org/show_bug.cgi?id=61090

Remove the Structure-free JSGlobalObject constructor and instead always
pass the structure into the JSGlobalObject constructor.
Stop DebuggerActivation creating a new structure every time, and simply
use a single shared structure held by the GlobalData.

  • API/JSContextRef.cpp:
  • debugger/DebuggerActivation.cpp: (JSC::DebuggerActivation::DebuggerActivation):
  • jsc.cpp: (GlobalObject::GlobalObject): (functionRun): (jscmain):
  • runtime/JSGlobalData.cpp: (JSC::JSGlobalData::JSGlobalData): (JSC::JSGlobalData::clearBuiltinStructures):
  • runtime/JSGlobalData.h:
  • runtime/JSGlobalObject.h:

2011-05-18 Oliver Hunt <[email protected]>

Reviewed by Sam Weinig.

JSGlobalObject and some others do GC allocation during initialization, which can cause heap corruption
https://bugs.webkit.org/show_bug.cgi?id=61090

Rather than having Constructor objects create their structure
as part of initialisation, we now pass their expected structure
in as an argument. This required fixing the few custom Constructors
and the code generator.

  • bindings/js/JSAudioConstructor.cpp: (WebCore::JSAudioConstructor::JSAudioConstructor):
  • bindings/js/JSAudioConstructor.h:
  • bindings/js/JSDOMGlobalObject.h: (WebCore::getDOMConstructor): Pass the Constructor objects structure in as an argument
  • bindings/js/JSImageConstructor.cpp: (WebCore::JSImageConstructor::JSImageConstructor):
  • bindings/js/JSImageConstructor.h:
  • bindings/js/JSOptionConstructor.cpp: (WebCore::JSOptionConstructor::JSOptionConstructor):
  • bindings/js/JSOptionConstructor.h:
  • bindings/scripts/CodeGeneratorJS.pm:
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/jsc.cpp

    r84052 r86785  
    142142class GlobalObject : public JSGlobalObject {
    143143public:
    144     GlobalObject(JSGlobalData&, const Vector<UString>& arguments);
     144    GlobalObject(JSGlobalData&, Structure*, const Vector<UString>& arguments);
    145145    virtual UString className() const { return "global"; }
    146146};
     
    148148ASSERT_CLASS_FITS_IN_CELL(GlobalObject);
    149149
    150 GlobalObject::GlobalObject(JSGlobalData& globalData, const Vector<UString>& arguments)
    151     : JSGlobalObject(globalData)
     150GlobalObject::GlobalObject(JSGlobalData& globalData, Structure* structure, const Vector<UString>& arguments)
     151    : JSGlobalObject(globalData, structure)
    152152{
    153153    putDirectFunction(globalExec(), new (globalExec()) JSFunction(globalExec(), this, functionStructure(), 1, Identifier(globalExec(), "debug"), functionDebug));
     
    213213        return JSValue::encode(throwError(exec, createError(exec, "Could not open file.")));
    214214
    215     GlobalObject* globalObject = new (&exec->globalData()) GlobalObject(exec->globalData(), Vector<UString>());
     215    GlobalObject* globalObject = new (&exec->globalData()) GlobalObject(exec->globalData(), GlobalObject::createStructure(exec->globalData(), jsNull()), Vector<UString>());
    216216
    217217    StopWatch stopWatch;
     
    538538    parseArguments(argc, argv, options, globalData);
    539539
    540     GlobalObject* globalObject = new (globalData) GlobalObject(*globalData, options.arguments);
     540    GlobalObject* globalObject = new (globalData) GlobalObject(*globalData, GlobalObject::createStructure(*globalData, jsNull()), options.arguments);
    541541    bool success = runWithScripts(globalObject, options.scripts, options.dump);
    542542    if (options.interactive && success)
Note: See TracChangeset for help on using the changeset viewer.