2011-05-13 Oliver Hunt <oliver@apple.com>
Reviewed by Geoffrey Garen.
Make GC validation more aggressive
https://bugs.webkit.org/show_bug.cgi?id=60802
This patch makes the checks performed under GC_VALIDATION
much more aggressive, and adds the checks to more places
in order to allow us to catch GC bugs much closer to the
point of failure.
* JavaScriptCore.exp:
* JavaScriptCore.xcodeproj/project.pbxproj:
* debugger/DebuggerActivation.cpp:
(JSC::DebuggerActivation::visitChildren):
* heap/MarkedBlock.cpp:
(JSC::MarkedBlock::MarkedBlock):
* heap/MarkedSpace.cpp:
* runtime/Arguments.cpp:
(JSC::Arguments::visitChildren):
* runtime/Executable.cpp:
(JSC::EvalExecutable::visitChildren):
(JSC::ProgramExecutable::visitChildren):
(JSC::FunctionExecutable::visitChildren):
* runtime/Executable.h:
* runtime/GetterSetter.cpp:
(JSC::GetterSetter::visitChildren):
* runtime/GetterSetter.h:
* runtime/JSAPIValueWrapper.h:
(JSC::JSAPIValueWrapper::createStructure):
(JSC::JSAPIValueWrapper::JSAPIValueWrapper):
* runtime/JSActivation.cpp:
(JSC::JSActivation::visitChildren):
* runtime/JSArray.cpp:
(JSC::JSArray::visitChildren):
* runtime/JSCell.cpp:
(JSC::slowValidateCell):
* runtime/JSCell.h:
(JSC::JSCell::JSCell::unvalidatedStructure):
(JSC::JSCell::JSCell::JSCell):
* runtime/JSFunction.cpp:
(JSC::JSFunction::visitChildren):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::visitChildren):
(JSC::slowValidateCell):
* runtime/JSONObject.h:
* runtime/JSObject.cpp:
(JSC::JSObject::visitChildren):
* runtime/JSPropertyNameIterator.cpp:
(JSC::JSPropertyNameIterator::visitChildren):
* runtime/JSPropertyNameIterator.h:
* runtime/JSStaticScopeObject.cpp:
(JSC::JSStaticScopeObject::visitChildren):
* runtime/JSString.h:
(JSC::RopeBuilder::JSString):
* runtime/JSWrapperObject.cpp:
(JSC::JSWrapperObject::visitChildren):
* runtime/NativeErrorConstructor.cpp:
(JSC::NativeErrorConstructor::visitChildren):
* runtime/PropertyMapHashTable.h:
(JSC::PropertyMapEntry::PropertyMapEntry):
* runtime/RegExpObject.cpp:
(JSC::RegExpObject::visitChildren):
* runtime/ScopeChain.cpp:
(JSC::ScopeChainNode::visitChildren):
* runtime/ScopeChain.h:
(JSC::ScopeChainNode::ScopeChainNode):
* runtime/Structure.cpp:
(JSC::Structure::Structure):
(JSC::Structure::addPropertyTransition):
(JSC::Structure::visitChildren):
* runtime/Structure.h:
(JSC::JSCell::classInfo):
* runtime/StructureChain.cpp:
(JSC::StructureChain::visitChildren):
* runtime/StructureChain.h:
* runtime/WriteBarrier.h:
(JSC::validateCell):
(JSC::JSCell):
(JSC::JSGlobalObject):
(JSC::WriteBarrierBase::set):
(JSC::WriteBarrierBase::setMayBeNull):
(JSC::WriteBarrierBase::setEarlyValue):
(JSC::WriteBarrierBase::get):
(JSC::WriteBarrierBase::operator*):
(JSC::WriteBarrierBase::operator->):
(JSC::WriteBarrierBase::unvalidatedGet):
(JSC::WriteBarrier::WriteBarrier):
* wtf/Assertions.h:
2011-05-13 Oliver Hunt <oliver@apple.com>
Reviewed by Geoffrey Garen.
Make GC validation more aggressive
https://bugs.webkit.org/show_bug.cgi?id=60802
This makes GC_VALIDATION much more aggressive in webcore,
adding logic to every visitChildren method to ensure that
the structure still has correct flags.
Additionally every function generated for the dom bindings
makes use of the new GC_VALIDATION object assertions to further
ensure that the object appears to be sensible.
* bindings/js/JSAttrCustom.cpp:
(WebCore::JSAttr::visitChildren):
* bindings/js/JSAudioContextCustom.cpp:
(WebCore::JSAudioContext::visitChildren):
* bindings/js/JSCSSRuleCustom.cpp:
(WebCore::JSCSSRule::visitChildren):
* bindings/js/JSCSSStyleDeclarationCustom.cpp:
(WebCore::JSCSSStyleDeclaration::visitChildren):
* bindings/js/JSCanvasRenderingContextCustom.cpp:
(WebCore::JSCanvasRenderingContext::visitChildren):
* bindings/js/JSDOMGlobalObject.cpp:
(WebCore::JSDOMGlobalObject::visitChildren):
(WebCore::JSDOMGlobalObject::setInjectedScript):
* bindings/js/JSDOMWindowCustom.cpp:
(WebCore::JSDOMWindow::visitChildren):
* bindings/js/JSDOMWindowShell.cpp:
(WebCore::JSDOMWindowShell::visitChildren):
* bindings/js/JSEventListener.cpp:
(WebCore::JSEventListener::JSEventListener):
* bindings/js/JSEventListener.h:
(WebCore::JSEventListener::jsFunction):
* bindings/js/JSJavaScriptAudioNodeCustom.cpp:
(WebCore::JSJavaScriptAudioNode::visitChildren):
* bindings/js/JSMessageChannelCustom.cpp:
(WebCore::JSMessageChannel::visitChildren):
* bindings/js/JSMessagePortCustom.cpp:
(WebCore::JSMessagePort::visitChildren):
* bindings/js/JSNamedNodeMapCustom.cpp:
(WebCore::JSNamedNodeMap::visitChildren):
* bindings/js/JSNodeCustom.cpp:
(WebCore::JSNode::visitChildren):
* bindings/js/JSNodeFilterCustom.cpp:
(WebCore::JSNodeFilter::visitChildren):
* bindings/js/JSNodeIteratorCustom.cpp:
(WebCore::JSNodeIterator::visitChildren):
* bindings/js/JSSVGElementInstanceCustom.cpp:
(WebCore::JSSVGElementInstance::visitChildren):
* bindings/js/JSSharedWorkerCustom.cpp:
(WebCore::JSSharedWorker::visitChildren):
* bindings/js/JSStyleSheetCustom.cpp:
(WebCore::JSStyleSheet::visitChildren):
* bindings/js/JSTreeWalkerCustom.cpp:
(WebCore::JSTreeWalker::visitChildren):
* bindings/js/JSWebGLRenderingContextCustom.cpp:
(WebCore::JSWebGLRenderingContext::visitChildren):
* bindings/js/JSWorkerContextCustom.cpp:
(WebCore::JSWorkerContext::visitChildren):
* bindings/js/JSXMLHttpRequestCustom.cpp:
(WebCore::JSXMLHttpRequest::visitChildren):
* bindings/js/JSXPathResultCustom.cpp:
(WebCore::JSXPathResult::visitChildren):
* bindings/scripts/CodeGeneratorJS.pm:
2011-05-13 Oliver Hunt <oliver@apple.com>
Reviewed by Geoffrey Garen.
Make GC validation more aggressive
https://bugs.webkit.org/show_bug.cgi?id=60802
Add GC_VALIDATION calls to all the JSNPObject methods.
* WebProcess/Plugins/Netscape/JSNPObject.cpp:
(WebKit::JSNPObject::invalidate):
(WebKit::JSNPObject::callMethod):
(WebKit::JSNPObject::callObject):
(WebKit::JSNPObject::callConstructor):
(WebKit::JSNPObject::getCallData):
(WebKit::JSNPObject::getConstructData):
(WebKit::JSNPObject::getOwnPropertySlot):
(WebKit::JSNPObject::getOwnPropertyDescriptor):
(WebKit::JSNPObject::put):
(WebKit::JSNPObject::getOwnPropertyNames):
(WebKit::JSNPObject::propertyGetter):
(WebKit::JSNPObject::methodGetter):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@86499 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/Source/JavaScriptCore/runtime/Structure.h b/Source/JavaScriptCore/runtime/Structure.h
index a2857e1..1fa7f69 100644
--- a/Source/JavaScriptCore/runtime/Structure.h
+++ b/Source/JavaScriptCore/runtime/Structure.h
@@ -160,6 +160,8 @@
ASSERT(!globalData.structureStructure);
return new (&globalData) Structure(globalData);
}
+
+ static JS_EXPORTDATA const ClassInfo s_info;
private:
Structure(JSGlobalData&, JSValue prototype, const TypeInfo&, unsigned anonymousSlotCount, const ClassInfo*);
@@ -172,8 +174,6 @@
return new (&globalData) Structure(globalData, structure);
}
- static JS_EXPORTDATA const ClassInfo s_info;
-
typedef enum {
NoneDictionaryKind = 0,
CachedDictionaryKind = 1,
@@ -278,7 +278,11 @@
inline const ClassInfo* JSCell::classInfo() const
{
+#if ENABLE(GC_VALIDATION)
+ return m_structure.unvalidatedGet()->classInfo();
+#else
return m_structure->classInfo();
+#endif
}
inline Structure* JSCell::createDummyStructure(JSGlobalData& globalData)
