Bug 30648

Summary: [V8] Change event listeners to not hold context.
Product: WebKit Reporter: Dimitri Glazkov (Google) <dglazkov>
Component: WebCore JavaScriptAssignee: Dimitri Glazkov (Google) <dglazkov>
Status: RESOLVED FIXED    
Severity: Normal CC: abarth, christian.plesner.hansen, vitalyr
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: OS X 10.5   
Bug Depends on: 29077    
Bug Blocks:    
Attachments:
Description Flags
Change event listeners to not hold context, v1. abarth: review+

Dimitri Glazkov (Google)
Reported 2009-10-21 16:04:21 PDT
This change largely just aligns V8 bindings with http://trac.webkit.org/changeset/48884. In the process, most of bug 29077's work is demolished, because we no longer need to persist v8::Context in listeners. I left it for isolated worlds, but only because I don't know much about them.
Attachments
Change event listeners to not hold context, v1. (54.63 KB, patch)
2009-10-21 16:46 PDT, Dimitri Glazkov (Google) 		abarth: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Dimitri Glazkov (Google)
Comment 1 2009-10-21 16:46:14 PDT
Created attachment 41620 [details] Change event listeners to not hold context, v1.
Adam Barth
Comment 2 2009-10-21 22:53:49 PDT
Comment on attachment 41620 [details] Change event listeners to not hold context, v1. In v8::Local<v8::Context> V8Proxy::context() we seem to have lost this code: if (frame != V8Proxy::retrieveFrame(context->get())) Can you add it back before landing this? I know there isn't a test that explains this code. The behavior is "wrong" but missing the code is worse. Also, this patch as a subtle bug with isolated worlds and event handlers and I must be tested properly. I think because we're testing it with JS events, not native events. I think we should land this patch anyway and deal with that issue separately (if it isn't a figment of my imagination). Other than that *this patch is awesome*. In my ideal world, the bindings would have little or no knowledge of Frame.
Dimitri Glazkov (Google)
Comment 3 2009-10-22 11:36:54 PDT
Landed as http://trac.webkit.org/changeset/49949.
Christian Plesner Hansen
Comment 4 2009-10-23 00:00:55 PDT
> - v8::Handle<v8::Context> v8Context = v8::Local<v8::Context>::New(m_context->get()); > + v8::Local<v8::Context> v8Context = toV8Context(context); I'm not too familiar with this code so I may be wrong, but doesn't this switch event execution from occurring in the context where the event was defined to the current context? > - context()->Global()->ForceSet(v8::String::New("document"), documentWrapper, static_cast<v8::PropertyAttribute>(v8::ReadOnly | v8::DontDelete)); > + m_context->Global()->ForceSet(v8::String::New("document"), documentWrapper, static_cast<v8::PropertyAttribute>(v8::ReadOnly | v8::DontDelete)); > } As a general principle you should not do operations that involve allocation directly on persistent handles, since persistent handles may be disposed during gc. This change (and the other similar changes) may be safe but there are other places where we do extra work to wrap contexts in Locals to avoid this issue so it does seem a little suspect.
Adam Barth
Comment 5 2009-10-23 01:45:11 PDT
> As a general principle you should not do operations that involve allocation > directly on persistent handles, since persistent handles may be disposed during > gc. How can the handle be disposed if we're holding it persistently? Isn't the point of a persistent handle that we don't want it to be GCed?
Christian Plesner Hansen
Comment 6 2009-10-23 02:10:27 PDT
> How can the handle be disposed if we're holding it persistently? Isn't the > point of a persistent handle that we don't want it to be GCed? The object stored in the handle will be kept alive but if the handle itself is weak the weak callback may cause it to be disposed.
Note You need to log in before you can comment on or make changes to this bug.