Changeset 93688 in webkit for trunk/Source/JavaScriptCore/runtime/StringObjectThatMasqueradesAsUndefined.h

Timestamp:

Aug 23, 2011, 7:05:33 PM (14 years ago)

Author:

[email protected]

Message:

Add checks to ensure allocation does not take place during initialization of GC-managed objects
​https://bugs.webkit.org/show_bug.cgi?id=65288

Patch by Mark Hahnenberg <​[email protected]> on 2011-08-23
Reviewed by Darin Adler.

Source/JavaScriptCore:

Adding the new validation functionality. In its current state, it will performs checks,
but they don't fail unless you do allocation in the arguments to the parent constructor in the
initialization list of a class. The allocateCell() method turns on the global flag disallowing any new
allocations, and the constructorBody() method in JSCell turns it off. This way, allocation is still
allowed in constructor bodies while other refactoring efforts continue.

• runtime/JSCell.h:

(JSC::JSCell::JSCell::constructorBody):
(JSC::JSCell::JSCell::JSCell):
(JSC::JSCell::allocateCell):

• runtime/JSGlobalData.cpp:

(JSC::JSGlobalData::JSGlobalData):

• runtime/JSGlobalData.h:

(JSC::JSGlobalData::isInitializingObject):
(JSC::JSGlobalData::setInitializingObject):

• runtime/StringObjectThatMasqueradesAsUndefined.h:

(JSC::StringObjectThatMasqueradesAsUndefined::create):

Source/WebCore:

No new tests.

Adding the new validation functionality. In its current state, it will performs checks,
but they don't fail unless you do allocation in the arguments to the parent constructor in the
initialization list of a class. The allocateCell() method turns on the global flag disallowing any new
allocations, and the constructorBody() method in JSCell turns it off. This way, allocation is still
allowed in constructor bodies while other refactoring efforts continue.

• bindings/js/JSDOMWindowShell.cpp:

(WebCore::JSDOMWindowShell::operator new):

• bindings/js/JSDOMWindowShell.h:

Source/WebKit/mac:

Adding the new validation functionality. In its current state, it will performs checks,
but they don't fail unless you do allocation in the arguments to the parent constructor in the
initialization list of a class. The allocateCell() method turns on the global flag disallowing any new
allocations, and the constructorBody() method in JSCell turns it off. This way, allocation is still
allowed in constructor bodies while other refactoring efforts continue.

• Plugins/Hosted/ProxyRuntimeObject.h:

(WebKit::ProxyRuntimeObject::create):

• Plugins/Hosted/ProxyRuntimeObject.mm:

(WebKit::ProxyRuntimeObject::ProxyRuntimeObject):

File:

• trunk/Source/JavaScriptCore/runtime/StringObjectThatMasqueradesAsUndefined.h (modified) (1 diff)

trunk/Source/JavaScriptCore/runtime/StringObjectThatMasqueradesAsUndefined.h

@@ -36 +36 @@
         {
             JSString* newString = jsString(exec, string);
-            return new (allocateCell<StringObjectThatMasqueradesAsUndefined>(*exec->heap())) StringObjectThatMasqueradesAsUndefined(exec,
-                createStructure(exec->globalData(), exec->lexicalGlobalObject()->stringPrototype()), newString);
+            Structure* structure = createStructure(exec->globalData(), exec->lexicalGlobalObject()->stringPrototype());
+            return new (allocateCell<StringObjectThatMasqueradesAsUndefined>(*exec->heap())) StringObjectThatMasqueradesAsUndefined(exec, structure, newString);
         }