114318 – Add liveness tests to JSC API entry points

Bug 114318 - Add liveness tests to JSC API entry points

Summary: Add liveness tests to JSC API entry points

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	New Bugs (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Oliver Hunt

URL:
Keywords:

Depends on:
Blocks:

Reported:	2013-04-09 16:21 PDT by Oliver Hunt
Modified:	2013-04-10 10:34 PDT (History)
CC List:	1 user (show)

See Also:

Attachments
Patch (2.85 KB, patch) 2013-04-09 16:22 PDT, Oliver Hunt	no flags	Details \| Formatted Diff \| Diff
Patch (3.76 KB, patch) 2013-04-09 17:46 PDT, Oliver Hunt	ggaren: review+	Details \| Formatted Diff \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Oliver Hunt 2013-04-09 16:21:09 PDT

Add liveness tests to JSC API entry points

Comment 1 Oliver Hunt 2013-04-09 16:22:30 PDT

Created attachment 197185 [details]
Patch

Comment 2 Oliver Hunt 2013-04-09 16:27:38 PDT

Committed r148062: <http://trac.webkit.org/changeset/148062>

Comment 3 Oliver Hunt 2013-04-09 17:46:10 PDT

Reopening to attach new patch.

Comment 4 Oliver Hunt 2013-04-09 17:46:11 PDT

Created attachment 197191 [details]
Patch

Comment 5 Geoffrey Garen 2013-04-09 18:13:24 PDT

Comment on attachment 197191 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=197191&action=review

> Source/JavaScriptCore/API/JSObjectRef.cpp:343
>  void* JSObjectGetPrivate(JSObjectRef object)
>  {
> -    JSObject* jsObject = toJS(object);
> +    JSObject* jsObject = unsafeToJS(object);

Why does GetPrivate need to use the unsafe function?

Comment 6 Oliver Hunt 2013-04-09 18:16:44 PDT

(In reply to comment #5)
> (From update of attachment 197191 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=197191&action=review
> 
> > Source/JavaScriptCore/API/JSObjectRef.cpp:343
> >  void* JSObjectGetPrivate(JSObjectRef object)
> >  {
> > -    JSObject* jsObject = toJS(object);
> > +    JSObject* jsObject = unsafeToJS(object);
> 
> Why does GetPrivate need to use the unsafe function?

It's called by finalizers when (by definition) the structure chain for an object may no longer be perfect :-/

Somewhat annoying, but this still covers the majority of cases.

Comment 7 Geoffrey Garen 2013-04-09 18:19:11 PDT

> > Why does GetPrivate need to use the unsafe function?
> 
> It's called by finalizers when (by definition) the structure chain for an object may no longer be perfect :-/

OK. You should add a comment that explains that detail.

Also, let's rename the function to "uncheckedToJS". It's always safe to call the function, it just does less checking.

Comment 8 Geoffrey Garen 2013-04-09 18:19:25 PDT

Comment on attachment 197191 [details]
Patch

r=me with those changes

Comment 9 Oliver Hunt 2013-04-09 18:22:20 PDT

Committed r148073: <http://trac.webkit.org/changeset/148073>

Comment 10 Alexey Proskuryakov 2013-04-10 10:34:37 PDT

This has caused (or maybe uncovered) bug 114341.