172939 – Maintain an Invariant that a JSObject always has a GlobalObject

NEW172939

Maintain an Invariant that a JSObject always has a GlobalObject

https://bugs.webkit.org/show_bug.cgi?id=172939

Summary Maintain an Invariant that a JSObject always has a GlobalObject

Joseph Pecoraro

Reported 2017-06-05 15:55:59 PDT

JavaScriptCore should maintain an invariant where a JSObject's Structure should always have a GlobalObject. There are a few cases right now of Objects/Structures that do not have GlobalObject: Structures created in VM.cpp: exceptionStructure.set(*this, Exception::createStructure(*this, 0, jsNull())); terminatedExecutionErrorStructure.set(*this, TerminatedExecutionError::createStructure(*this, 0, jsNull())); iterationTerminator.set(*this, JSFinalObject::create(*this, JSFinalObject::createStructure(*this, 0, jsNull(), 1))); GlobalObject structures themselves in creation: jsc's GlobalObject WebCore::JSDOMWindowPrototype::createStructure WebCore::JSDOMWindowShell::createStructure ... Probably Others for JSContext / Workers ...

Attachments
Add attachment proposed patch, testcase, etc.

Note You need to log in before you can comment on or make changes to this bug.

Status NEW

Resolution

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

Nobody

Reported

2017-06-05 15:55 PDT

Modified

2017-06-05 15:55 PDT History

CC List

1 user Show

URL

Keywords

Depends on

Blocks