Bug 87118

Summary: [JSC] SerializedScriptValue.create() succeeds even if MessagePort object cannot be found in transferred ports
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: WebCore JavaScriptAssignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: abarth, barraclough, dslomov, haraken, jianli, jsbell, levin, oliver, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on: 86841, 87384    
Bug Blocks: 86868    
Attachments:
Description Flags
Patch
none
Patch
none
Patch none

Chris Dumez
Reported 2012-05-22 04:53:50 PDT
This is tested by webintents/web-intents-obj-constructor.html: // Ports, if present, must be put in |transfer|. var badchannel = new MessageChannel(); badchannel.port2.onMessage = function() { debug("* got message"); } badPortIntentObj = {"action":"action1", "type":"text/plain+badport", "data":badchannel.port1}; shouldThrow("new WebKitIntent(badPortIntentObj)", "'Error: DATA_CLONE_ERR: DOM Exception 25'"); Unfortunately, this check fails with JSC because the serialization will succeed. I can fix this as follows: --- a/Source/WebCore/bindings/js/SerializedScriptValue.cpp +++ b/Source/WebCore/bindings/js/SerializedScriptValue.cpp @@ -627,21 +627,22 @@ private: write(UString(flags, flagCount)); return true; } if (obj->inherits(&JSMessagePort::s_info)) { ObjectPool::iterator index = m_transferredMessagePorts.find(obj); if (index != m_transferredMessagePorts.end()) { write(MessagePortReferenceTag); write(index->second); return true; } - return false; + code = ValidationError; + return true; } However, I'm not 100% sure this is the right way to fix it.
Attachments
Patch (1.64 KB, patch)
2012-05-24 06:29 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (3.23 KB, patch)
2012-05-30 14:49 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (3.23 KB, patch)
2012-05-30 15:04 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2012-05-22 04:57:59 PDT
I added Dmitry Lomov in CC since this part of the code was added by him in Bug 70658 and I need guidance.
Chris Dumez
Comment 2 2012-05-24 06:29:02 PDT
Created attachment 143815 [details] Patch
David Levin
Comment 3 2012-05-24 11:10:43 PDT
(In reply to comment #1) > I added Dmitry Lomov in CC since this part of the code was added by him in Bug 70658 and I need guidance. I think he is a lot less active these days. You/ll likely be better off finding someone else familiar with that area of the code.
Chris Dumez
Comment 4 2012-05-29 10:33:21 PDT
Any thought about this patch?
Adam Barth
Comment 5 2012-05-29 16:30:20 PDT
This looks plausible, but I don't know this code well enough to review it. Perhaps jsbell or haraken might be able to review your patch.
Kentaro Hara
Comment 6 2012-05-29 16:46:38 PDT
Comment on attachment 143815 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=143815&action=review > Source/WebCore/ChangeLog:11 > + matches the behavior of the V8 implementation. This behavior is tested > + by webintents/web-intents-obj-constructor.html. Would you add a test case for your change? I am afraid that the fact that there is no update in the test result of web-intents-obj-constructor.html indicates that the test is not testing your change.
Adam Barth
Comment 7 2012-05-29 16:53:08 PDT
> Would you add a test case for your change? I am afraid that the fact that there is no update in the test result of web-intents-obj-constructor.html indicates that the test is not testing your change. WebIntents is not yet enabled for JSC. This patch is part of a series to get it working in JSC. One its working, the test will exercise this patch.
Kentaro Hara
Comment 8 2012-05-29 17:06:34 PDT
Comment on attachment 143815 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=143815&action=review > Source/WebCore/bindings/js/SerializedScriptValue.cpp:638 > + code = ValidationError; It appears that v8/SerializedScriptValue.cpp returns DataCloneError in this case.
Chris Dumez
Comment 9 2012-05-29 22:31:48 PDT
(In reply to comment #7) > > Would you add a test case for your change? I am afraid that the fact that there is no update in the test result of web-intents-obj-constructor.html indicates that the test is not testing your change. > > WebIntents is not yet enabled for JSC. This patch is part of a series to get it working in JSC. One its working, the test will exercise this patch. Actually, Web Intents have been enabled by default on EFL port for a few days now, on top on JSC. The reason I cannot unskip the web-intents-obj-constructor.html test with this patch is because Bug 86841 is not closed yet. The web-intents-obj-constructor.html expects the number of MessagePorts in the Intent to be printed but our port does not support it yet. If you prefer, I can work on Bug 86841 first, and land this patch afterwards so that the web-intents-obj-constructor.html test case can be unskipped for EFL port at the same time.
Kentaro Hara
Comment 10 2012-05-29 22:38:32 PDT
(In reply to comment #9) > (In reply to comment #7) > If you prefer, I can work on Bug 86841 first, and land this patch afterwards so that the web-intents-obj-constructor.html test case can be unskipped for EFL port at the same time. If it is not difficult for you, that would be best. Otherwise, it would be OK to land this patch first without enabling the test (Now I understand your situation:-).
Chris Dumez
Comment 11 2012-05-29 22:51:58 PDT
(In reply to comment #8) > (From update of attachment 143815 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=143815&action=review > > > Source/WebCore/bindings/js/SerializedScriptValue.cpp:638 > > + code = ValidationError; > > It appears that v8/SerializedScriptValue.cpp returns DataCloneError in this case. JSC and V8 use different enums for error codes. JSC does not have a DataCloneError and it uses ValidationError instead for the cases where V8 uses DataCloneError.
Chris Dumez
Comment 12 2012-05-30 14:49:03 PDT
Created attachment 144927 [details] Patch Same patch but now I can actually unskip the test case (dependency patch has just landed).
Chris Dumez
Comment 13 2012-05-30 15:04:15 PDT
Created attachment 144932 [details] Patch Rebase on master.
Chris Dumez
Comment 14 2012-05-30 15:13:16 PDT
The ews-style bot apparently hasn't realized the dependency has landed yet because the patch applies cleanly on master.
Adam Barth
Comment 15 2012-05-30 16:10:39 PDT
Comment on attachment 144932 [details] Patch Yeah, the style bot runs quickly. Based on the discussion between you and Kentaro, it sounds like this patch is ready to go.
WebKit Review Bot
Comment 16 2012-05-30 20:05:45 PDT
Comment on attachment 144932 [details] Patch Clearing flags on attachment: 144932 Committed r119027: <http://trac.webkit.org/changeset/119027>
WebKit Review Bot
Comment 17 2012-05-30 20:05:53 PDT
All reviewed patches have been landed. Closing bug.
Chris Dumez
Comment 18 2012-05-31 03:14:30 PDT
fast/events/message-port-multi.html needs new baseline after this patch. I'll fix this in Bug 87949.
Note You need to log in before you can comment on or make changes to this bug.