[Webkit-unassigned] [Bug 112858] Remove upcastPointer from ActiveDOMObject constructor
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Mar 20 19:34:18 PDT 2013
https://bugs.webkit.org/show_bug.cgi?id=112858
--- Comment #5 from Alexey Proskuryakov <ap at webkit.org> 2013-03-20 19:36:45 PST ---
> the idea is that it holds a pointer to the most-derived class. I guess this was put in with the idea that it was going to be used somewhere
It used to be necessary for garbage collection, see <http://trac.webkit.org/changeset/37649/trunk/WebCore/bindings/js/JSDOMBinding.cpp>. The reason was of course that an object that had a JS wrapper could have a different address than its ActiveDOMObject part in multiple inheritance scenarios.
I _think_ that changes in garbage collection have obsoleted the need.
> The reason I want to remove it is I'm trying to make a whole class hierarchy (AudioNodes) into ActiveDOMObjects to solve a GC issue.
A general word of caution - ActiveDOMObject has very strict requirements of what can be done from suspend/resume functions. ScriptExecutionContext::suspendActiveDOMObjects() iterates over the HashMap, and if any new objects are created or destroyed during iteration, it's an instant security bug.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list