[webkit-dev] JSC binding code question

Kinuko Yasuda kinuko at chromium.org
Tue Sep 28 23:19:31 PDT 2010

On Tue, Sep 28, 2010 at 11:02 PM, Maciej Stachowiak <mjs at apple.com> wrote:
>> And what I have written for this is like following:
>> if (!exec->argument(1).isNull() && !exec->argument(1).isUndefined() &&
>> exec->argument(1).isObject() &&
>> !exec->argument(1).inherits(&JSFlags::s_info)) {
>>        JSObject* object = exec->argument(1).getObject();
>>        flags = Flags::create();
>>        JSValue jsCreate = object->get(exec, Identifier(exec, "create"));
>>        flags->setCreate(jsCreate.toBoolean(exec));
>>        JSValue jsExclusive = object->get(exec, Identifier(exec, "exclusive"));
>>        flags->setExclusive(jsExclusive.toBoolean(exec));
>> }
>> Basically the code calls JSObject::get() to get values for the given
>> property names.
>> This looked straightforward, but I was told that the get(exec)
>> re-enters Javascript and could do any arbitrary thing.
> This much is true. In principle, any property can be a getter, so get() could re-enter into arbitrary JS code.
>> This means that during the get() even the parameter object or the
>> calling object (imp) may get deallocated.
> This part, I think not. As long as they are referenced by currently executing code (either by JS or by the machine stack via a local variable) they won't get deallocated.

Ah... that sounds right.  They must be referenced by the executing code/context.

> That being said, others may have suggestions for better ways to code this. Perhaps Geoff or Oliver have suggestions.

I'll try digging this a bit more (for myself) and will upload a patch
like that, but if anyone has suggestions for better ways I'd be very
glad to change/improve it.

>> So here I have two questions:
>> 1) How can I write a safe binding code that reads JSON-format
>> parameters?  Is there some recommended way or any good idea?
>> 2) I saw several other code doing the same/similar thing as I do
>> (calling JSObject::get()) to get arbitrary parameter values.
>> Are they safe?  Is there a guarantee that the code executed during
>> get() doesn't deallocate some objects?
> Nothing that has a live reference to it will get collected, and there's no such thing as explicit deallocation in JS.

Makes sense, all the objects must be deallocated in that way.

Thanks very much!

More information about the webkit-dev mailing list