Google Git
Sign in
webkit / WebKit / 197cd32c3b5527e8c2bbe3fcb7d78cc993dd8904^! / . / Source / WebCore / svg / SVGFEDisplacementMapElement.h
commit197cd32c3b5527e8c2bbe3fcb7d78cc993dd8904[log] [tgz]
authorfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Sat Mar 17 06:11:00 2018 +0000
committerfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Sat Mar 17 06:11:00 2018 +0000
treef6c23be8a02e74aca3f7bcd3f1ff02349f11b6cb
parentc53a51684e9bab06072a8bf94dcee030dc5ff8ab [diff] [blame]
Put the DOM in IsoHeaps
https://bugs.webkit.org/show_bug.cgi?id=183546

Source/bmalloc:

Reviewed by Simon Fraser.
        
Make it easy to runtime-disable IsoHeaps.

* bmalloc/Allocator.h:
* bmalloc/IsoTLS.cpp:
(bmalloc::IsoTLS::determineMallocFallbackState):
* bmalloc/IsoTLS.h:
* bmalloc/IsoTLSInlines.h:
(bmalloc::IsoTLS::allocateSlow):
(bmalloc::IsoTLS::deallocateSlow):

Source/WebCore:

Reviewed by Daniel Bates.

No new tests because no change in behavior.
        
This puts all descendants of WebCore::Node in isoheaps, so that UAFs on the DOM cannot be
used for RCE attacks. This probably also makes it harder to use UAFs for UXSS, since it means
that DOM UAFs cannot be used for universal read gadgets.
        
This looks neutral on Speedometer and membuster, though I did have one round of testing
that led me to believe that membuster was regressed - I just wasn't able to reproduce that
result on subsequent testing.

* Sources.txt:
* WebCore.xcodeproj/project.pbxproj:
* dom/Attr.cpp:
* dom/Attr.h:
* dom/CDATASection.cpp:
* dom/CDATASection.h:
* dom/CharacterData.cpp:
* dom/CharacterData.h:
* dom/Comment.cpp:
* dom/Comment.h:
* dom/ContainerNode.cpp:
* dom/ContainerNode.h:
* dom/Document.cpp:
* dom/Document.h:
* dom/DocumentFragment.cpp:
* dom/DocumentFragment.h:
* dom/DocumentType.cpp:
* dom/DocumentType.h:
* dom/Node.cpp:
* dom/Node.h:
* dom/ProcessingInstruction.cpp:
* dom/ProcessingInstruction.h:
* dom/PseudoElement.cpp:
* dom/PseudoElement.h:
* dom/ShadowRoot.cpp:
* dom/ShadowRoot.h:
* dom/StyledElement.cpp:
* dom/StyledElement.h:
* dom/TemplateContentDocumentFragment.cpp: Added.
* dom/TemplateContentDocumentFragment.h:
* dom/Text.cpp:
* dom/Text.h:
* dom/XMLDocument.cpp: Added.
* dom/XMLDocument.h:
* html/FTPDirectoryDocument.cpp:
* html/FTPDirectoryDocument.h:
* html/FileInputType.cpp:
* html/HTMLAnchorElement.cpp:
* html/HTMLAnchorElement.h:
* html/HTMLAppletElement.cpp:
* html/HTMLAppletElement.h:
* html/HTMLAreaElement.cpp:
* html/HTMLAreaElement.h:
* html/HTMLAttachmentElement.cpp:
* html/HTMLAttachmentElement.h:
* html/HTMLBDIElement.cpp: Added.
* html/HTMLBDIElement.h:
* html/HTMLBRElement.cpp:
* html/HTMLBRElement.h:
* html/HTMLBaseElement.cpp:
* html/HTMLBaseElement.h:
* html/HTMLBodyElement.cpp:
* html/HTMLBodyElement.h:
* html/HTMLButtonElement.cpp:
* html/HTMLButtonElement.h:
* html/HTMLCanvasElement.cpp:
* html/HTMLCanvasElement.h:
* html/HTMLDListElement.cpp:
* html/HTMLDListElement.h:
* html/HTMLDataElement.cpp:
* html/HTMLDataElement.h:
* html/HTMLDataListElement.cpp:
* html/HTMLDataListElement.h:
* html/HTMLDetailsElement.cpp:
* html/HTMLDetailsElement.h:
* html/HTMLDirectoryElement.cpp:
* html/HTMLDirectoryElement.h:
* html/HTMLDivElement.cpp:
* html/HTMLDivElement.h:
* html/HTMLDocument.cpp:
* html/HTMLDocument.h:
* html/HTMLElement.cpp:
* html/HTMLElement.h:
* html/HTMLEmbedElement.cpp:
* html/HTMLEmbedElement.h:
* html/HTMLFieldSetElement.cpp:
* html/HTMLFieldSetElement.h:
* html/HTMLFontElement.cpp:
* html/HTMLFontElement.h:
* html/HTMLFormControlElement.cpp:
* html/HTMLFormControlElement.h:
* html/HTMLFormControlElementWithState.cpp:
* html/HTMLFormControlElementWithState.h:
* html/HTMLFormElement.cpp:
* html/HTMLFormElement.h:
* html/HTMLFrameElement.cpp:
* html/HTMLFrameElement.h:
* html/HTMLFrameElementBase.cpp:
* html/HTMLFrameElementBase.h:
* html/HTMLFrameOwnerElement.cpp:
* html/HTMLFrameOwnerElement.h:
* html/HTMLFrameSetElement.cpp:
* html/HTMLFrameSetElement.h:
* html/HTMLHRElement.cpp:
* html/HTMLHRElement.h:
* html/HTMLHeadElement.cpp:
* html/HTMLHeadElement.h:
* html/HTMLHeadingElement.cpp:
* html/HTMLHeadingElement.h:
* html/HTMLHtmlElement.cpp:
* html/HTMLHtmlElement.h:
* html/HTMLIFrameElement.cpp:
* html/HTMLIFrameElement.h:
* html/HTMLImageElement.cpp:
* html/HTMLImageElement.h:
* html/HTMLInputElement.cpp:
* html/HTMLInputElement.h:
* html/HTMLKeygenElement.cpp:
* html/HTMLKeygenElement.h:
* html/HTMLLIElement.cpp:
* html/HTMLLIElement.h:
* html/HTMLLabelElement.cpp:
* html/HTMLLabelElement.h:
* html/HTMLLegendElement.cpp:
* html/HTMLLegendElement.h:
* html/HTMLLinkElement.cpp:
* html/HTMLLinkElement.h:
* html/HTMLMapElement.cpp:
* html/HTMLMapElement.h:
* html/HTMLMarqueeElement.cpp:
* html/HTMLMarqueeElement.h:
* html/HTMLMenuElement.cpp:
* html/HTMLMenuElement.h:
* html/HTMLMenuItemElement.cpp:
* html/HTMLMenuItemElement.h:
* html/HTMLMetaElement.cpp:
* html/HTMLMetaElement.h:
* html/HTMLMeterElement.cpp:
* html/HTMLMeterElement.h:
* html/HTMLModElement.cpp:
* html/HTMLModElement.h:
* html/HTMLOListElement.cpp:
* html/HTMLOListElement.h:
* html/HTMLObjectElement.cpp:
* html/HTMLObjectElement.h:
* html/HTMLOptGroupElement.cpp:
* html/HTMLOptGroupElement.h:
* html/HTMLOptionElement.cpp:
* html/HTMLOptionElement.h:
* html/HTMLOutputElement.cpp:
* html/HTMLOutputElement.h:
* html/HTMLParagraphElement.cpp:
* html/HTMLParagraphElement.h:
* html/HTMLParamElement.cpp:
* html/HTMLParamElement.h:
* html/HTMLPictureElement.cpp:
* html/HTMLPictureElement.h:
* html/HTMLPlugInElement.cpp:
* html/HTMLPlugInElement.h:
* html/HTMLPlugInImageElement.cpp:
* html/HTMLPlugInImageElement.h:
* html/HTMLPreElement.cpp:
* html/HTMLPreElement.h:
* html/HTMLProgressElement.cpp:
* html/HTMLProgressElement.h:
* html/HTMLQuoteElement.cpp:
* html/HTMLQuoteElement.h:
* html/HTMLScriptElement.cpp:
* html/HTMLScriptElement.h:
* html/HTMLSelectElement.cpp:
* html/HTMLSelectElement.h:
* html/HTMLSlotElement.cpp:
* html/HTMLSlotElement.h:
* html/HTMLSourceElement.cpp:
* html/HTMLSourceElement.h:
* html/HTMLSpanElement.cpp:
* html/HTMLSpanElement.h:
* html/HTMLStyleElement.cpp:
* html/HTMLStyleElement.h:
* html/HTMLSummaryElement.cpp:
* html/HTMLSummaryElement.h:
* html/HTMLTableCaptionElement.cpp:
* html/HTMLTableCaptionElement.h:
* html/HTMLTableCellElement.cpp:
* html/HTMLTableCellElement.h:
* html/HTMLTableColElement.cpp:
* html/HTMLTableColElement.h:
* html/HTMLTableElement.cpp:
* html/HTMLTableElement.h:
* html/HTMLTablePartElement.cpp:
* html/HTMLTablePartElement.h:
* html/HTMLTableRowElement.cpp:
* html/HTMLTableRowElement.h:
* html/HTMLTableSectionElement.cpp:
* html/HTMLTableSectionElement.h:
* html/HTMLTemplateElement.cpp:
* html/HTMLTemplateElement.h:
* html/HTMLTextAreaElement.cpp:
* html/HTMLTextAreaElement.h:
* html/HTMLTextFormControlElement.cpp:
* html/HTMLTextFormControlElement.h:
* html/HTMLTimeElement.cpp:
* html/HTMLTimeElement.h:
* html/HTMLTitleElement.cpp:
* html/HTMLTitleElement.h:
* html/HTMLTrackElement.cpp:
* html/HTMLTrackElement.h:
* html/HTMLUListElement.cpp:
* html/HTMLUListElement.h:
* html/HTMLUnknownElement.cpp: Added.
* html/HTMLUnknownElement.h:
* html/HTMLWBRElement.cpp:
* html/HTMLWBRElement.h:
* html/ImageDocument.cpp:
* html/ImageDocument.h:
* html/LabelableElement.cpp:
* html/LabelableElement.h:
* html/MediaController.cpp:
(MediaController::create): Deleted.
(MediaController::MediaController): Deleted.
(MediaController::addMediaElement): Deleted.
(MediaController::removeMediaElement): Deleted.
(MediaController::containsMediaElement const): Deleted.
(MediaController::buffered const): Deleted.
(MediaController::seekable const): Deleted.
(MediaController::played): Deleted.
(MediaController::duration const): Deleted.
(MediaController::currentTime const): Deleted.
(MediaController::setCurrentTime): Deleted.
(MediaController::unpause): Deleted.
(MediaController::play): Deleted.
(MediaController::pause): Deleted.
(MediaController::setDefaultPlaybackRate): Deleted.
(MediaController::playbackRate const): Deleted.
(MediaController::setPlaybackRate): Deleted.
(MediaController::setVolume): Deleted.
(MediaController::setMuted): Deleted.
(playbackStateWaiting): Deleted.
(playbackStatePlaying): Deleted.
(playbackStateEnded): Deleted.
(MediaController::playbackState const): Deleted.
(MediaController::reportControllerState): Deleted.
(eventNameForReadyState): Deleted.
(MediaController::updateReadyState): Deleted.
(MediaController::updatePlaybackState): Deleted.
(MediaController::updateMediaElements): Deleted.
(MediaController::bringElementUpToSpeed): Deleted.
(MediaController::isBlocked const): Deleted.
(MediaController::hasEnded const): Deleted.
(MediaController::scheduleEvent): Deleted.
(MediaController::asyncEventTimerFired): Deleted.
(MediaController::clearPositionTimerFired): Deleted.
(MediaController::hasAudio const): Deleted.
(MediaController::hasVideo const): Deleted.
(MediaController::hasClosedCaptions const): Deleted.
(MediaController::setClosedCaptionsVisible): Deleted.
(MediaController::supportsScanning const): Deleted.
(MediaController::beginScrubbing): Deleted.
(MediaController::endScrubbing): Deleted.
(MediaController::beginScanning): Deleted.
(MediaController::endScanning): Deleted.
(MediaController::canPlay const): Deleted.
(MediaController::isLiveStream const): Deleted.
(MediaController::hasCurrentSrc const): Deleted.
(MediaController::returnToRealtime): Deleted.
(MediaController::startTimeupdateTimer): Deleted.
(MediaController::scheduleTimeupdateEvent): Deleted.
* html/MediaDocument.cpp:
* html/MediaDocument.h:
* html/PluginDocument.cpp:
* html/PluginDocument.h:
* html/RubyElement.cpp:
* html/RubyElement.h:
* html/RubyTextElement.cpp:
* html/RubyTextElement.h:
* html/TextDocument.cpp:
* html/TextDocument.h:
* html/shadow/AutoFillButtonElement.cpp:
* html/shadow/AutoFillButtonElement.h:
* html/shadow/DetailsMarkerControl.cpp:
* html/shadow/DetailsMarkerControl.h:
* html/shadow/ImageControlsRootElement.cpp:
* html/shadow/ImageControlsRootElement.h:
* html/shadow/MediaControlElementTypes.cpp:
* html/shadow/MediaControlElementTypes.h:
* html/shadow/MediaControlElements.cpp:
* html/shadow/MediaControlElements.h:
* html/shadow/MediaControls.cpp:
* html/shadow/MediaControls.h:
* html/shadow/ProgressShadowElement.cpp:
* html/shadow/ProgressShadowElement.h:
* html/shadow/SliderThumbElement.cpp:
* html/shadow/SliderThumbElement.h:
* html/shadow/SpinButtonElement.cpp:
* html/shadow/SpinButtonElement.h:
* html/shadow/TextControlInnerElements.cpp:
* html/shadow/TextControlInnerElements.h:
* html/shadow/YouTubeEmbedShadowElement.cpp:
* html/shadow/YouTubeEmbedShadowElement.h:
* html/shadow/mac/ImageControlsButtonElementMac.cpp:
* html/shadow/mac/ImageControlsButtonElementMac.h:
* html/shadow/mac/ImageControlsRootElementMac.cpp:
* html/shadow/mac/ImageControlsRootElementMac.h:
* html/track/TextTrackCueGeneric.cpp:
* html/track/VTTCue.cpp:
* html/track/VTTCue.h:
* html/track/WebVTTElement.cpp:
* html/track/WebVTTElement.h:
* loader/SinkDocument.cpp:
* loader/SinkDocument.h:
* mathml/MathMLAnnotationElement.cpp:
* mathml/MathMLAnnotationElement.h:
* mathml/MathMLElement.cpp:
* mathml/MathMLElement.h:
* mathml/MathMLFractionElement.cpp:
* mathml/MathMLFractionElement.h:
* mathml/MathMLMathElement.cpp:
* mathml/MathMLMathElement.h:
* mathml/MathMLMencloseElement.cpp:
* mathml/MathMLMencloseElement.h:
* mathml/MathMLOperatorElement.cpp:
* mathml/MathMLOperatorElement.h:
* mathml/MathMLPaddedElement.cpp:
* mathml/MathMLPaddedElement.h:
* mathml/MathMLPresentationElement.cpp:
* mathml/MathMLPresentationElement.h:
* mathml/MathMLRootElement.cpp:
* mathml/MathMLRootElement.h:
* mathml/MathMLRowElement.cpp:
* mathml/MathMLRowElement.h:
* mathml/MathMLScriptsElement.cpp:
* mathml/MathMLScriptsElement.h:
* mathml/MathMLSelectElement.cpp:
* mathml/MathMLSelectElement.h:
* mathml/MathMLSpaceElement.cpp:
* mathml/MathMLSpaceElement.h:
* mathml/MathMLTokenElement.cpp:
* mathml/MathMLTokenElement.h:
* mathml/MathMLUnderOverElement.cpp:
* mathml/MathMLUnderOverElement.h:
* mathml/MathMLUnknownElement.cpp: Added.
* mathml/MathMLUnknownElement.h:
* svg/SVGAElement.cpp:
* svg/SVGAElement.h:
* svg/SVGAltGlyphDefElement.cpp:
* svg/SVGAltGlyphDefElement.h:
* svg/SVGAltGlyphElement.cpp:
* svg/SVGAltGlyphElement.h:
* svg/SVGAltGlyphItemElement.cpp:
* svg/SVGAltGlyphItemElement.h:
* svg/SVGAnimateColorElement.cpp:
* svg/SVGAnimateColorElement.h:
* svg/SVGAnimateElement.cpp:
* svg/SVGAnimateElement.h:
* svg/SVGAnimateElementBase.cpp:
* svg/SVGAnimateElementBase.h:
* svg/SVGAnimateMotionElement.cpp:
* svg/SVGAnimateMotionElement.h:
* svg/SVGAnimateTransformElement.cpp:
* svg/SVGAnimateTransformElement.h:
* svg/SVGAnimationElement.cpp:
* svg/SVGAnimationElement.h:
* svg/SVGCircleElement.cpp:
* svg/SVGCircleElement.h:
* svg/SVGClipPathElement.cpp:
* svg/SVGClipPathElement.h:
* svg/SVGComponentTransferFunctionElement.cpp:
* svg/SVGComponentTransferFunctionElement.h:
* svg/SVGCursorElement.cpp:
* svg/SVGCursorElement.h:
* svg/SVGDefsElement.cpp:
* svg/SVGDefsElement.h:
* svg/SVGDescElement.cpp:
* svg/SVGDescElement.h:
* svg/SVGDocument.cpp:
* svg/SVGDocument.h:
* svg/SVGElement.cpp:
* svg/SVGElement.h:
* svg/SVGEllipseElement.cpp:
* svg/SVGEllipseElement.h:
* svg/SVGFEBlendElement.cpp:
* svg/SVGFEBlendElement.h:
* svg/SVGFEColorMatrixElement.cpp:
* svg/SVGFEColorMatrixElement.h:
* svg/SVGFEComponentTransferElement.cpp:
* svg/SVGFEComponentTransferElement.h:
* svg/SVGFECompositeElement.cpp:
* svg/SVGFECompositeElement.h:
* svg/SVGFEConvolveMatrixElement.cpp:
* svg/SVGFEConvolveMatrixElement.h:
* svg/SVGFEDiffuseLightingElement.cpp:
* svg/SVGFEDiffuseLightingElement.h:
* svg/SVGFEDisplacementMapElement.cpp:
* svg/SVGFEDisplacementMapElement.h:
* svg/SVGFEDropShadowElement.cpp:
* svg/SVGFEDropShadowElement.h:
* svg/SVGFEFloodElement.cpp:
* svg/SVGFEFloodElement.h:
* svg/SVGFEGaussianBlurElement.cpp:
* svg/SVGFEGaussianBlurElement.h:
* svg/SVGFEImageElement.cpp:
* svg/SVGFEImageElement.h:
* svg/SVGFELightElement.cpp:
* svg/SVGFELightElement.h:
* svg/SVGFEMergeElement.cpp:
* svg/SVGFEMergeElement.h:
* svg/SVGFEMergeNodeElement.cpp:
* svg/SVGFEMergeNodeElement.h:
* svg/SVGFEMorphologyElement.cpp:
* svg/SVGFEMorphologyElement.h:
* svg/SVGFEOffsetElement.cpp:
* svg/SVGFEOffsetElement.h:
* svg/SVGFESpecularLightingElement.cpp:
* svg/SVGFESpecularLightingElement.h:
* svg/SVGFETileElement.cpp:
* svg/SVGFETileElement.h:
* svg/SVGFETurbulenceElement.cpp:
* svg/SVGFETurbulenceElement.h:
* svg/SVGFilterElement.cpp:
* svg/SVGFilterElement.h:
* svg/SVGFilterPrimitiveStandardAttributes.cpp:
* svg/SVGFilterPrimitiveStandardAttributes.h:
* svg/SVGFontFaceElement.cpp:
* svg/SVGFontFaceElement.h:
* svg/SVGFontFaceFormatElement.cpp:
* svg/SVGFontFaceFormatElement.h:
* svg/SVGFontFaceNameElement.cpp:
* svg/SVGFontFaceNameElement.h:
* svg/SVGFontFaceSrcElement.cpp:
* svg/SVGFontFaceSrcElement.h:
* svg/SVGFontFaceUriElement.cpp:
* svg/SVGFontFaceUriElement.h:
* svg/SVGForeignObjectElement.cpp:
* svg/SVGForeignObjectElement.h:
* svg/SVGGElement.cpp:
* svg/SVGGElement.h:
* svg/SVGGlyphElement.cpp:
* svg/SVGGlyphElement.h:
* svg/SVGGlyphRefElement.cpp:
* svg/SVGGlyphRefElement.h:
* svg/SVGGradientElement.cpp:
* svg/SVGGradientElement.h:
* svg/SVGGraphicsElement.cpp:
* svg/SVGGraphicsElement.h:
* svg/SVGHKernElement.cpp:
* svg/SVGHKernElement.h:
* svg/SVGImageElement.cpp:
* svg/SVGImageElement.h:
* svg/SVGLineElement.cpp:
* svg/SVGLineElement.h:
* svg/SVGLinearGradientElement.cpp:
* svg/SVGLinearGradientElement.h:
* svg/SVGMPathElement.cpp:
* svg/SVGMPathElement.h:
* svg/SVGMarkerElement.cpp:
* svg/SVGMarkerElement.h:
* svg/SVGMaskElement.cpp:
* svg/SVGMaskElement.h:
* svg/SVGMetadataElement.cpp:
* svg/SVGMetadataElement.h:
* svg/SVGMissingGlyphElement.cpp:
* svg/SVGMissingGlyphElement.h:
* svg/SVGPathElement.cpp:
* svg/SVGPathElement.h:
* svg/SVGPatternElement.cpp:
* svg/SVGPatternElement.h:
* svg/SVGPolyElement.cpp:
* svg/SVGPolyElement.h:
* svg/SVGPolygonElement.cpp:
* svg/SVGPolygonElement.h:
* svg/SVGPolylineElement.cpp:
* svg/SVGPolylineElement.h:
* svg/SVGRadialGradientElement.cpp:
* svg/SVGRadialGradientElement.h:
* svg/SVGRectElement.cpp:
* svg/SVGRectElement.h:
* svg/SVGSVGElement.cpp:
* svg/SVGSVGElement.h:
* svg/SVGScriptElement.cpp:
* svg/SVGScriptElement.h:
* svg/SVGSetElement.cpp:
* svg/SVGSetElement.h:
* svg/SVGStopElement.cpp:
* svg/SVGStopElement.h:
* svg/SVGStyleElement.cpp:
* svg/SVGStyleElement.h:
* svg/SVGSwitchElement.cpp:
* svg/SVGSwitchElement.h:
* svg/SVGSymbolElement.cpp:
* svg/SVGSymbolElement.h:
* svg/SVGTRefElement.cpp:
* svg/SVGTRefElement.h:
* svg/SVGTSpanElement.cpp:
* svg/SVGTSpanElement.h:
* svg/SVGTextContentElement.cpp:
* svg/SVGTextContentElement.h:
* svg/SVGTextElement.cpp:
* svg/SVGTextElement.h:
* svg/SVGTextPathElement.cpp:
* svg/SVGTextPathElement.h:
* svg/SVGTextPositioningElement.cpp:
* svg/SVGTextPositioningElement.h:
* svg/SVGTitleElement.cpp:
* svg/SVGTitleElement.h:
* svg/SVGUnknownElement.cpp: Added.
* svg/SVGUnknownElement.h:
* svg/SVGUseElement.cpp:
* svg/SVGUseElement.h:
* svg/SVGVKernElement.cpp:
* svg/SVGVKernElement.h:
* svg/SVGViewElement.cpp:
* svg/SVGViewElement.h:
* svg/animation/SVGSMILElement.cpp:
* svg/animation/SVGSMILElement.h:



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@229694 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/Source/WebCore/svg/SVGFEDisplacementMapElement.h b/Source/WebCore/svg/SVGFEDisplacementMapElement.h
index e29cdc6..57ceddb 100644
--- a/Source/WebCore/svg/SVGFEDisplacementMapElement.h
+++ b/Source/WebCore/svg/SVGFEDisplacementMapElement.h

@@ -64,6 +64,7 @@
 };
 
 class SVGFEDisplacementMapElement final : public SVGFilterPrimitiveStandardAttributes {
+    WTF_MAKE_ISO_ALLOCATED(SVGFEDisplacementMapElement);
 public:
     static Ref<SVGFEDisplacementMapElement> create(const QualifiedName&, Document&);