[webkit-dev] JSC binding code question

Adam Barth abarth at webkit.org
Tue Sep 28 23:31:17 PDT 2010 

On Tue, Sep 28, 2010 at 11:02 PM, Maciej Stachowiak <mjs at apple.com> wrote:
> On Sep 28, 2010, at 10:48 PM, Kinuko Yasuda wrote:
>> Hi Webkit folks,
>>
>> I'm writing a JSC binding code (custom binding code for now) for a
>> method that can take JSON-format parameters, and I want to know what
>> would be the right/recommended way.
>> I mean, I want to write a binding code that can executes javascript code like:
>>
>>   directoryEntry.getFile("lockfile.txt", {create: true, exclusive: true});
>>
>> Where the getFile() method is defined as:
>>
>>   interface DirectoryEntry : Entry {
>>     void getFile(in DOMString path, in Flags flags, /* ... */);
>>   };
>>   interface Flags {
>>     attribute boolean create;
>>     attribute boolean exclusive;
>>   };
>>
>> (They are from the File API: Directories and System's draft [1])
>>
>> And what I have written for this is like following:
>>
>> if (!exec->argument(1).isNull() && !exec->argument(1).isUndefined() &&
>> exec->argument(1).isObject() &&
>> !exec->argument(1).inherits(&JSFlags::s_info)) {
>>        JSObject* object = exec->argument(1).getObject();
>>        flags = Flags::create();
>>        JSValue jsCreate = object->get(exec, Identifier(exec, "create"));
>>        flags->setCreate(jsCreate.toBoolean(exec));
>>        JSValue jsExclusive = object->get(exec, Identifier(exec, "exclusive"));
>>        flags->setExclusive(jsExclusive.toBoolean(exec));
>> }
>>
>> Basically the code calls JSObject::get() to get values for the given
>> property names.
>> This looked straightforward, but I was told that the get(exec)
>> re-enters Javascript and could do any arbitrary thing.
>
> This much is true. In principle, any property can be a getter, so get() could re-enter into arbitrary JS code.

In general, this is a dangerous pattern that we use in our bindings.
Figuring out which objects can be garbage collected when running
arbitrary JavaScript is very tricky.

In the V8 bindings, it's cheap to grab a "local" handle to a JS
object, which prevents its GC.  Is there / should there be a similar
concept in JSC?

Adam

More information about the webkit-dev mailing list