<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[168548] trunk/Source</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/168548">168548</a></dd>
<dt>Author</dt> <dd>mhahnenberg@apple.com</dd>
<dt>Date</dt> <dd>2014-05-09 13:26:17 -0700 (Fri, 09 May 2014)</dd>
</dl>
<h3>Log Message</h3>
<pre>JSDOMWindow should have a WatchpointSet to fire on window close
https://bugs.webkit.org/show_bug.cgi?id=132721
Reviewed by Filip Pizlo.
Source/JavaScriptCore:
This patch allows us to reset the inline caches that assumed they could skip
the first part of JSDOMWindow::getOwnPropertySlot that checks if the window has
been closed. This is part of getting rid of HasImpureGetOwnPropertySlot on JSDOMWindow.
PropertySlot now accepts a WatchpointSet which the inline cache code can look for
to see if it should create a new Watchpoint for that particular inline cache site.
* bytecode/Watchpoint.h:
* jit/Repatch.cpp:
(JSC::generateByIdStub):
(JSC::tryBuildGetByIDList):
(JSC::tryCachePutByID):
(JSC::tryBuildPutByIdList):
* runtime/PropertySlot.h:
(JSC::PropertySlot::PropertySlot):
(JSC::PropertySlot::watchpointSet):
(JSC::PropertySlot::setWatchpointSet):
Source/WebCore:
No new tests.
This patch allows us to reset the inline caches that assumed they could skip
the first part of JSDOMWindow::getOwnPropertySlot that checks if the window has
been closed. This is part of getting rid of HasImpureGetOwnPropertySlot on JSDOMWindow.
JSDOMWindowBase now has a WatchpointSet that the underlying DOMWindow fires when its
frame is cleared. In getOwnPropertySlot, we now pass this WatchpointSet to PropertySlot
which will shepherd it back up to the code that generates the inline cache (and the
Watchpoint for clearing it).
* bindings/js/JSDOMWindowBase.cpp:
(WebCore::JSDOMWindowBase::JSDOMWindowBase):
(WebCore::JSDOMWindowBase::fireFrameClearedWatchpointsForWindow):
* bindings/js/JSDOMWindowBase.h:
* bindings/js/JSDOMWindowCustom.cpp:
(WebCore::JSDOMWindow::getOwnPropertySlot):
* page/DOMWindow.cpp:
(WebCore::DOMWindow::frameDestroyed):</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceJavaScriptCoreChangeLog">trunk/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeGetByIdStatuscpp">trunk/Source/JavaScriptCore/bytecode/GetByIdStatus.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodePolymorphicGetByIdListh">trunk/Source/JavaScriptCore/bytecode/PolymorphicGetByIdList.h</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeWatchpointh">trunk/Source/JavaScriptCore/bytecode/Watchpoint.h</a></li>
<li><a href="#trunkSourceJavaScriptCorejitRepatchcpp">trunk/Source/JavaScriptCore/jit/Repatch.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimePropertySloth">trunk/Source/JavaScriptCore/runtime/PropertySlot.h</a></li>
<li><a href="#trunkSourceWebCoreChangeLog">trunk/Source/WebCore/ChangeLog</a></li>
<li><a href="#trunkSourceWebCorebindingsjsJSDOMWindowBasecpp">trunk/Source/WebCore/bindings/js/JSDOMWindowBase.cpp</a></li>
<li><a href="#trunkSourceWebCorebindingsjsJSDOMWindowBaseh">trunk/Source/WebCore/bindings/js/JSDOMWindowBase.h</a></li>
<li><a href="#trunkSourceWebCorebindingsjsJSDOMWindowCustomcpp">trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp</a></li>
<li><a href="#trunkSourceWebCorepageDOMWindowcpp">trunk/Source/WebCore/page/DOMWindow.cpp</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ChangeLog (168547 => 168548)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ChangeLog 2014-05-09 20:25:02 UTC (rev 168547)
+++ trunk/Source/JavaScriptCore/ChangeLog 2014-05-09 20:26:17 UTC (rev 168548)
</span><span class="lines">@@ -1,3 +1,28 @@
</span><ins>+2014-05-08 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ JSDOMWindow should have a WatchpointSet to fire on window close
+ https://bugs.webkit.org/show_bug.cgi?id=132721
+
+ Reviewed by Filip Pizlo.
+
+ This patch allows us to reset the inline caches that assumed they could skip
+ the first part of JSDOMWindow::getOwnPropertySlot that checks if the window has
+ been closed. This is part of getting rid of HasImpureGetOwnPropertySlot on JSDOMWindow.
+
+ PropertySlot now accepts a WatchpointSet which the inline cache code can look for
+ to see if it should create a new Watchpoint for that particular inline cache site.
+
+ * bytecode/Watchpoint.h:
+ * jit/Repatch.cpp:
+ (JSC::generateByIdStub):
+ (JSC::tryBuildGetByIDList):
+ (JSC::tryCachePutByID):
+ (JSC::tryBuildPutByIdList):
+ * runtime/PropertySlot.h:
+ (JSC::PropertySlot::PropertySlot):
+ (JSC::PropertySlot::watchpointSet):
+ (JSC::PropertySlot::setWatchpointSet):
+
</ins><span class="cx"> 2014-05-09 Tanay C <tanay.c@samsung.com>
</span><span class="cx">
</span><span class="cx"> Fix build warning (uninitialized variable) in DFGFixupPhase.cpp
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeGetByIdStatuscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/GetByIdStatus.cpp (168547 => 168548)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/GetByIdStatus.cpp 2014-05-09 20:25:02 UTC (rev 168547)
+++ trunk/Source/JavaScriptCore/bytecode/GetByIdStatus.cpp 2014-05-09 20:26:17 UTC (rev 168548)
</span><span class="lines">@@ -178,10 +178,23 @@
</span><span class="cx"> PolymorphicGetByIdList* list = 0;
</span><span class="cx"> if (stubInfo->accessType == access_get_by_id_list) {
</span><span class="cx"> list = stubInfo->u.getByIdList.list;
</span><ins>+ bool makesCalls = false;
+ bool isWatched = false;
</ins><span class="cx"> for (unsigned i = 0; i < list->size(); ++i) {
</span><del>- if (list->at(i).doesCalls())
- return GetByIdStatus(MakesCalls, true);
</del><ins>+ const GetByIdAccess& access = list->at(i);
+ if (access.doesCalls()) {
+ makesCalls = true;
+ break;
+ }
+ if (access.isWatched()) {
+ isWatched = true;
+ continue;
+ }
</ins><span class="cx"> }
</span><ins>+ if (makesCalls)
+ return GetByIdStatus(MakesCalls, true);
+ if (isWatched)
+ return GetByIdStatus(TakesSlowPath, true);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> // Finally figure out if we can derive an access strategy.
</span><span class="lines">@@ -215,7 +228,7 @@
</span><span class="cx">
</span><span class="cx"> case access_get_by_id_list: {
</span><span class="cx"> for (unsigned listIndex = 0; listIndex < list->size(); ++listIndex) {
</span><del>- ASSERT(!list->at(listIndex).doesCalls());
</del><ins>+ ASSERT(list->at(listIndex).isSimple());
</ins><span class="cx">
</span><span class="cx"> Structure* structure = list->at(listIndex).structure();
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodePolymorphicGetByIdListh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/PolymorphicGetByIdList.h (168547 => 168548)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/PolymorphicGetByIdList.h 2014-05-09 20:25:02 UTC (rev 168547)
+++ trunk/Source/JavaScriptCore/bytecode/PolymorphicGetByIdList.h 2014-05-09 20:26:17 UTC (rev 168548)
</span><span class="lines">@@ -45,6 +45,7 @@
</span><span class="cx"> Invalid,
</span><span class="cx"> SimpleInline, // This is the patched inline access.
</span><span class="cx"> SimpleStub, // This is a stub.
</span><ins>+ WatchedStub,
</ins><span class="cx"> Getter,
</span><span class="cx"> CustomGetter
</span><span class="cx"> };
</span><span class="lines">@@ -80,6 +81,8 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> bool doesCalls() const { return type() == Getter || type() == CustomGetter; }
</span><ins>+ bool isWatched() const { return type() == WatchedStub; }
+ bool isSimple() const { return !doesCalls() && !isWatched(); }
</ins><span class="cx">
</span><span class="cx"> bool visitWeak(RepatchBuffer&) const;
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeWatchpointh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/Watchpoint.h (168547 => 168548)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/Watchpoint.h 2014-05-09 20:25:02 UTC (rev 168547)
+++ trunk/Source/JavaScriptCore/bytecode/Watchpoint.h 2014-05-09 20:26:17 UTC (rev 168548)
</span><span class="lines">@@ -57,8 +57,8 @@
</span><span class="cx"> class WatchpointSet : public ThreadSafeRefCounted<WatchpointSet> {
</span><span class="cx"> friend class LLIntOffsetsExtractor;
</span><span class="cx"> public:
</span><del>- WatchpointSet(WatchpointState);
- ~WatchpointSet(); // Note that this will not fire any of the watchpoints; if you need to know when a WatchpointSet dies then you need a separate mechanism for this.
</del><ins>+ JS_EXPORT_PRIVATE WatchpointSet(WatchpointState);
+ JS_EXPORT_PRIVATE ~WatchpointSet(); // Note that this will not fire any of the watchpoints; if you need to know when a WatchpointSet dies then you need a separate mechanism for this.
</ins><span class="cx">
</span><span class="cx"> // It is safe to call this from another thread. It may return an old
</span><span class="cx"> // state. Guarantees that if *first* read the state() of the thing being
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitRepatchcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/Repatch.cpp (168547 => 168548)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/Repatch.cpp 2014-05-09 20:25:02 UTC (rev 168547)
+++ trunk/Source/JavaScriptCore/jit/Repatch.cpp 2014-05-09 20:26:17 UTC (rev 168548)
</span><span class="lines">@@ -285,8 +285,8 @@
</span><span class="cx"> static void generateByIdStub(
</span><span class="cx"> ExecState* exec, ByIdStubKind kind, const Identifier& propertyName,
</span><span class="cx"> FunctionPtr custom, StructureStubInfo& stubInfo, StructureChain* chain, size_t count,
</span><del>- PropertyOffset offset, Structure* structure, bool loadTargetFromProxy, CodeLocationLabel successLabel,
- CodeLocationLabel slowCaseLabel, RefPtr<JITStubRoutine>& stubRoutine)
</del><ins>+ PropertyOffset offset, Structure* structure, bool loadTargetFromProxy, WatchpointSet* watchpointSet,
+ CodeLocationLabel successLabel, CodeLocationLabel slowCaseLabel, RefPtr<JITStubRoutine>& stubRoutine)
</ins><span class="cx"> {
</span><span class="cx"> VM* vm = &exec->vm();
</span><span class="cx"> GPRReg baseGPR = static_cast<GPRReg>(stubInfo.patch.baseGPR);
</span><span class="lines">@@ -329,6 +329,9 @@
</span><span class="cx"> if (structure->typeInfo().newImpurePropertyFiresWatchpoints())
</span><span class="cx"> vm->registerWatchpointForImpureProperty(propertyName, stubInfo.addWatchpoint(codeBlock));
</span><span class="cx">
</span><ins>+ if (watchpointSet)
+ watchpointSet->add(stubInfo.addWatchpoint(codeBlock));
+
</ins><span class="cx"> Structure* currStructure = structure;
</span><span class="cx"> JSObject* protoObject = 0;
</span><span class="cx"> if (chain) {
</span><span class="lines">@@ -692,6 +695,7 @@
</span><span class="cx"> // Optimize self access.
</span><span class="cx"> if (slot.slotBase() == baseValue
</span><span class="cx"> && slot.isCacheableValue()
</span><ins>+ && !slot.watchpointSet()
</ins><span class="cx"> && MacroAssembler::isCompactPtrAlignedAddressOffset(maxOffsetRelativeToPatchedStorage(slot.cachedOffset()))) {
</span><span class="cx"> repatchByIdSelfAccess(*vm, codeBlock, stubInfo, structure, propertyName, slot.cachedOffset(), operationGetByIdBuildList, true);
</span><span class="cx"> stubInfo.initGetByIdSelf(*vm, codeBlock->ownerExecutable(), structure);
</span><span class="lines">@@ -783,12 +787,13 @@
</span><span class="cx"> RefPtr<JITStubRoutine> stubRoutine;
</span><span class="cx"> generateByIdStub(
</span><span class="cx"> exec, kindFor(slot), ident, customFor(slot), stubInfo, prototypeChain, count, offset,
</span><del>- structure, loadTargetFromProxy, stubInfo.callReturnLocation.labelAtOffset(stubInfo.patch.deltaCallToDone),
</del><ins>+ structure, loadTargetFromProxy, slot.watchpointSet(),
+ stubInfo.callReturnLocation.labelAtOffset(stubInfo.patch.deltaCallToDone),
</ins><span class="cx"> CodeLocationLabel(list->currentSlowPathTarget(stubInfo)), stubRoutine);
</span><span class="cx">
</span><span class="cx"> GetByIdAccess::AccessType accessType;
</span><span class="cx"> if (slot.isCacheableValue())
</span><del>- accessType = GetByIdAccess::SimpleStub;
</del><ins>+ accessType = slot.watchpointSet() ? GetByIdAccess::WatchedStub : GetByIdAccess::SimpleStub;
</ins><span class="cx"> else if (slot.isCacheableGetter())
</span><span class="cx"> accessType = GetByIdAccess::Getter;
</span><span class="cx"> else
</span><span class="lines">@@ -1201,7 +1206,7 @@
</span><span class="cx">
</span><span class="cx"> generateByIdStub(
</span><span class="cx"> exec, kindFor(slot), ident, customFor(slot), stubInfo, prototypeChain, count,
</span><del>- offset, structure, false,
</del><ins>+ offset, structure, false, nullptr,
</ins><span class="cx"> stubInfo.callReturnLocation.labelAtOffset(stubInfo.patch.deltaCallToDone),
</span><span class="cx"> stubInfo.callReturnLocation.labelAtOffset(stubInfo.patch.deltaCallToSlowCase),
</span><span class="cx"> stubRoutine);
</span><span class="lines">@@ -1333,7 +1338,7 @@
</span><span class="cx">
</span><span class="cx"> generateByIdStub(
</span><span class="cx"> exec, kindFor(slot), propertyName, customFor(slot), stubInfo, prototypeChain, count,
</span><del>- offset, structure, false,
</del><ins>+ offset, structure, false, nullptr,
</ins><span class="cx"> stubInfo.callReturnLocation.labelAtOffset(stubInfo.patch.deltaCallToDone),
</span><span class="cx"> CodeLocationLabel(list->currentSlowPathTarget()),
</span><span class="cx"> stubRoutine);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimePropertySloth"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/PropertySlot.h (168547 => 168548)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/PropertySlot.h 2014-05-09 20:25:02 UTC (rev 168547)
+++ trunk/Source/JavaScriptCore/runtime/PropertySlot.h 2014-05-09 20:26:17 UTC (rev 168548)
</span><span class="lines">@@ -61,6 +61,7 @@
</span><span class="cx"> : m_propertyType(TypeUnset)
</span><span class="cx"> , m_offset(invalidOffset)
</span><span class="cx"> , m_thisValue(thisValue)
</span><ins>+ , m_watchpointSet(nullptr)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -104,6 +105,11 @@
</span><span class="cx"> return m_slotBase;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ WatchpointSet* watchpointSet() const
+ {
+ return m_watchpointSet;
+ }
+
</ins><span class="cx"> void setValue(JSObject* slotBase, unsigned attributes, JSValue value)
</span><span class="cx"> {
</span><span class="cx"> ASSERT(value);
</span><span class="lines">@@ -210,6 +216,11 @@
</span><span class="cx"> m_offset = invalidOffset;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ void setWatchpointSet(WatchpointSet& set)
+ {
+ m_watchpointSet = &set;
+ }
+
</ins><span class="cx"> private:
</span><span class="cx"> JS_EXPORT_PRIVATE JSValue functionGetter(ExecState*) const;
</span><span class="cx">
</span><span class="lines">@@ -232,6 +243,7 @@
</span><span class="cx"> PropertyOffset m_offset;
</span><span class="cx"> const JSValue m_thisValue;
</span><span class="cx"> JSObject* m_slotBase;
</span><ins>+ WatchpointSet* m_watchpointSet;
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="trunkSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/ChangeLog (168547 => 168548)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/ChangeLog 2014-05-09 20:25:02 UTC (rev 168547)
+++ trunk/Source/WebCore/ChangeLog 2014-05-09 20:26:17 UTC (rev 168548)
</span><span class="lines">@@ -1,3 +1,30 @@
</span><ins>+2014-05-08 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ JSDOMWindow should have a WatchpointSet to fire on window close
+ https://bugs.webkit.org/show_bug.cgi?id=132721
+
+ Reviewed by Filip Pizlo.
+
+ No new tests.
+
+ This patch allows us to reset the inline caches that assumed they could skip
+ the first part of JSDOMWindow::getOwnPropertySlot that checks if the window has
+ been closed. This is part of getting rid of HasImpureGetOwnPropertySlot on JSDOMWindow.
+
+ JSDOMWindowBase now has a WatchpointSet that the underlying DOMWindow fires when its
+ frame is cleared. In getOwnPropertySlot, we now pass this WatchpointSet to PropertySlot
+ which will shepherd it back up to the code that generates the inline cache (and the
+ Watchpoint for clearing it).
+
+ * bindings/js/JSDOMWindowBase.cpp:
+ (WebCore::JSDOMWindowBase::JSDOMWindowBase):
+ (WebCore::JSDOMWindowBase::fireFrameClearedWatchpointsForWindow):
+ * bindings/js/JSDOMWindowBase.h:
+ * bindings/js/JSDOMWindowCustom.cpp:
+ (WebCore::JSDOMWindow::getOwnPropertySlot):
+ * page/DOMWindow.cpp:
+ (WebCore::DOMWindow::frameDestroyed):
+
</ins><span class="cx"> 2014-05-09 Zsolt Borbely <zsborbely.u-szeged@partner.samsung.com>
</span><span class="cx">
</span><span class="cx"> ASSERTION FAILED: object->style()->overflowX() == object->style()->overflowY()
</span></span></pre></div>
<a id="trunkSourceWebCorebindingsjsJSDOMWindowBasecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/bindings/js/JSDOMWindowBase.cpp (168547 => 168548)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/bindings/js/JSDOMWindowBase.cpp 2014-05-09 20:25:02 UTC (rev 168547)
+++ trunk/Source/WebCore/bindings/js/JSDOMWindowBase.cpp 2014-05-09 20:26:17 UTC (rev 168548)
</span><span class="lines">@@ -60,6 +60,7 @@
</span><span class="cx">
</span><span class="cx"> JSDOMWindowBase::JSDOMWindowBase(VM& vm, Structure* structure, PassRefPtr<DOMWindow> window, JSDOMWindowShell* shell)
</span><span class="cx"> : JSDOMGlobalObject(vm, structure, &shell->world(), &s_globalObjectMethodTable)
</span><ins>+ , m_windowCloseWatchpoints((window && window->frame()) ? IsWatched : IsInvalidated)
</ins><span class="cx"> , m_impl(window)
</span><span class="cx"> , m_shell(shell)
</span><span class="cx"> {
</span><span class="lines">@@ -266,4 +267,23 @@
</span><span class="cx"> return 0;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+void JSDOMWindowBase::fireFrameClearedWatchpointsForWindow(DOMWindow* window)
+{
+ JSC::VM& vm = JSDOMWindowBase::commonVM();
+ WebCoreJSClientData* clientData = static_cast<WebCoreJSClientData*>(vm.clientData);
+ Vector<Ref<DOMWrapperWorld>> wrapperWorlds;
+ clientData->getAllWorlds(wrapperWorlds);
+ for (unsigned i = 0; i < wrapperWorlds.size(); ++i) {
+ DOMObjectWrapperMap& wrappers = wrapperWorlds[i]->m_wrappers;
+ auto result = wrappers.find(window);
+ if (result == wrappers.end())
+ continue;
+ JSC::JSObject* wrapper = result->value.get();
+ if (!wrapper)
+ continue;
+ JSDOMWindowBase* jsWindow = JSC::jsCast<JSDOMWindowBase*>(wrapper);
+ jsWindow->m_windowCloseWatchpoints.fireAll();
+ }
+}
+
</ins><span class="cx"> } // namespace WebCore
</span></span></pre></div>
<a id="trunkSourceWebCorebindingsjsJSDOMWindowBaseh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/bindings/js/JSDOMWindowBase.h (168547 => 168548)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/bindings/js/JSDOMWindowBase.h 2014-05-09 20:25:02 UTC (rev 168547)
+++ trunk/Source/WebCore/bindings/js/JSDOMWindowBase.h 2014-05-09 20:26:17 UTC (rev 168548)
</span><span class="lines">@@ -72,7 +72,11 @@
</span><span class="cx"> JSDOMWindowShell* shell() const;
</span><span class="cx">
</span><span class="cx"> static JSC::VM& commonVM();
</span><ins>+ static void fireFrameClearedWatchpointsForWindow(DOMWindow*);
</ins><span class="cx">
</span><ins>+ protected:
+ JSC::WatchpointSet m_windowCloseWatchpoints;
+
</ins><span class="cx"> private:
</span><span class="cx"> RefPtr<DOMWindow> m_impl;
</span><span class="cx"> JSDOMWindowShell* m_shell;
</span></span></pre></div>
<a id="trunkSourceWebCorebindingsjsJSDOMWindowCustomcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp (168547 => 168548)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp 2014-05-09 20:25:02 UTC (rev 168547)
+++ trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp 2014-05-09 20:26:17 UTC (rev 168548)
</span><span class="lines">@@ -132,7 +132,8 @@
</span><span class="cx"> // not allowed.
</span><span class="cx"> slot.setUndefined();
</span><span class="cx"> return true;
</span><del>- }
</del><ins>+ } else
+ slot.setWatchpointSet(thisObject->m_windowCloseWatchpoints);
</ins><span class="cx">
</span><span class="cx"> // We need to check for cross-domain access here without printing the generic warning message
</span><span class="cx"> // because we always allow access to some function, just different ones depending whether access
</span></span></pre></div>
<a id="trunkSourceWebCorepageDOMWindowcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/page/DOMWindow.cpp (168547 => 168548)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/page/DOMWindow.cpp 2014-05-09 20:25:02 UTC (rev 168547)
+++ trunk/Source/WebCore/page/DOMWindow.cpp 2014-05-09 20:26:17 UTC (rev 168548)
</span><span class="lines">@@ -457,6 +457,7 @@
</span><span class="cx"> willDestroyDocumentInFrame();
</span><span class="cx"> FrameDestructionObserver::frameDestroyed();
</span><span class="cx"> resetDOMWindowProperties();
</span><ins>+ JSDOMWindowBase::fireFrameClearedWatchpointsForWindow(this);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void DOMWindow::willDetachPage()
</span></span></pre>
</div>
</div>
</body>
</html>