Add liveness tests to JSC API entry points
Created attachment 197185 [details] Patch
Committed r148062: <http://trac.webkit.org/changeset/148062>
Reopening to attach new patch.
Created attachment 197191 [details] Patch
Comment on attachment 197191 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=197191&action=review > Source/JavaScriptCore/API/JSObjectRef.cpp:343 > void* JSObjectGetPrivate(JSObjectRef object) > { > - JSObject* jsObject = toJS(object); > + JSObject* jsObject = unsafeToJS(object); Why does GetPrivate need to use the unsafe function?
(In reply to comment #5) > (From update of attachment 197191 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=197191&action=review > > > Source/JavaScriptCore/API/JSObjectRef.cpp:343 > > void* JSObjectGetPrivate(JSObjectRef object) > > { > > - JSObject* jsObject = toJS(object); > > + JSObject* jsObject = unsafeToJS(object); > > Why does GetPrivate need to use the unsafe function? It's called by finalizers when (by definition) the structure chain for an object may no longer be perfect :-/ Somewhat annoying, but this still covers the majority of cases.
> > Why does GetPrivate need to use the unsafe function? > > It's called by finalizers when (by definition) the structure chain for an object may no longer be perfect :-/ OK. You should add a comment that explains that detail. Also, let's rename the function to "uncheckedToJS". It's always safe to call the function, it just does less checking.
Comment on attachment 197191 [details] Patch r=me with those changes
Committed r148073: <http://trac.webkit.org/changeset/148073>
This has caused (or maybe uncovered) bug 114341.