Attachment #125683 for bug #73865

View Details Raw Unified Return to Bug 73865

| Differences between



2012-02-06  Erik Arvidsson  <arv@chromium.org>

        V8 wrappers for TextTrack and TextTrackCue should not be collected on event dispatch and when parent/owner are still reachable
        https://bugs.webkit.org/show_bug.cgi?id=73865

        Reviewed by NOBODY (OOPS!).

        Add special handling for HTMLMediaElement and TextTrack to add implicit references to the items in the
        textTracks and cues collections respectively.

        Covered by existing tests.

        * Target.pri:
        * UseV8.cmake:
        * WebCore.gypi:
        * bindings/scripts/CodeGeneratorV8.pm:
        (HasCustomToV8Implementation): Needs custom toV8 for TextTrackList to add reference from the HTMLMediaElement to the TextTrackList.
        * bindings/v8/V8GCController.cpp:
        (WebCore::GrouperVisitor::visitDOMWrapper):
        (GrouperVisitor):
        (WebCore::GrouperVisitor::appendToGrouperList): Extracted into a method.
        * html/TextTrack.idl:
        * html/TextTrackCue.idl:

2012-01-27  Ken Buchanan  <kenrb@chromium.org>

        Crash in updateFirstLetter() from unnecessary anonymous block

Lines 207-212 v8 { a/Source/WebCore/Target.pri_sec1
- a/Source/WebCore/Target.pri +1 lines
207	bindings/v8/custom/V8StorageCustom.cpp \	207	bindings/v8/custom/V8StorageCustom.cpp \
208	bindings/v8/custom/V8StyleSheetCustom.cpp \	208	bindings/v8/custom/V8StyleSheetCustom.cpp \
209	bindings/v8/custom/V8StyleSheetListCustom.cpp \	209	bindings/v8/custom/V8StyleSheetListCustom.cpp \
		210	bindings/v8/custom/V8TextTrackListCustom.cpp \
210	bindings/v8/custom/V8WebKitAnimationCustom.cpp \	211	bindings/v8/custom/V8WebKitAnimationCustom.cpp \
211	bindings/v8/custom/V8WebKitMutationObserverCustom.cpp \	212	bindings/v8/custom/V8WebKitMutationObserverCustom.cpp \
212	bindings/v8/custom/V8WebKitPointConstructor.cpp \	213	bindings/v8/custom/V8WebKitPointConstructor.cpp \

Lines 143-148 LIST(APPEND WebCore_SOURCES a/Source/WebCore/UseV8.cmake_sec1
- a/Source/WebCore/UseV8.cmake +1 lines
143	bindings/v8/custom/V8StorageCustom.cpp	143	bindings/v8/custom/V8StorageCustom.cpp
144	bindings/v8/custom/V8StyleSheetCustom.cpp	144	bindings/v8/custom/V8StyleSheetCustom.cpp
145	bindings/v8/custom/V8StyleSheetListCustom.cpp	145	bindings/v8/custom/V8StyleSheetListCustom.cpp
		146	bindings/v8/custom/V8TextTrackListCustom.cpp
146	bindings/v8/custom/V8Uint16ArrayCustom.cpp	147	bindings/v8/custom/V8Uint16ArrayCustom.cpp
147	bindings/v8/custom/V8Uint32ArrayCustom.cpp	148	bindings/v8/custom/V8Uint32ArrayCustom.cpp
148	bindings/v8/custom/V8Uint8ArrayCustom.cpp	149	bindings/v8/custom/V8Uint8ArrayCustom.cpp

Lines 1891-1896 a/Source/WebCore/WebCore.gypi_sec1
- a/Source/WebCore/WebCore.gypi +1 lines
1891	'bindings/v8/custom/V8StorageCustom.cpp',	1891	'bindings/v8/custom/V8StorageCustom.cpp',
1892	'bindings/v8/custom/V8StyleSheetCustom.cpp',	1892	'bindings/v8/custom/V8StyleSheetCustom.cpp',
1893	'bindings/v8/custom/V8StyleSheetListCustom.cpp',	1893	'bindings/v8/custom/V8StyleSheetListCustom.cpp',
		1894	'bindings/v8/custom/V8TextTrackListCustom.cpp',
1894	'bindings/v8/custom/V8TrackEventCustom.cpp',	1895	'bindings/v8/custom/V8TrackEventCustom.cpp',
1895	'bindings/v8/custom/V8Uint16ArrayCustom.cpp',	1896	'bindings/v8/custom/V8Uint16ArrayCustom.cpp',
1896	'bindings/v8/custom/V8Uint32ArrayCustom.cpp',	1897	'bindings/v8/custom/V8Uint32ArrayCustom.cpp',

Lines 3153-3158 sub HasCustomToV8Implementation { a/Source/WebCore/bindings/scripts/CodeGeneratorV8.pm_sec1
- a/Source/WebCore/bindings/scripts/CodeGeneratorV8.pm +1 lines
3153	return 1 if $interfaceName eq "SVGElement";	3153	return 1 if $interfaceName eq "SVGElement";
3154	return 1 if $interfaceName eq "ScriptProfile";	3154	return 1 if $interfaceName eq "ScriptProfile";
3155	return 1 if $interfaceName eq "ScriptProfileNode";	3155	return 1 if $interfaceName eq "ScriptProfileNode";
		3156	return 1 if $interfaceName eq "TextTrackList";
3156	return 1 if $interfaceName eq "WorkerContext";	3157	return 1 if $interfaceName eq "WorkerContext";
3157	# We don't generate a custom converter (but JSC does) for the following:	3158	# We don't generate a custom converter (but JSC does) for the following:
3158	return 0 if $interfaceName eq "AbstractWorker";	3159	return 0 if $interfaceName eq "AbstractWorker";

Lines 35-46 a/Source/WebCore/bindings/v8/V8GCController.cpp_sec1
- a/Source/WebCore/bindings/v8/V8GCController.cpp -8 / +70 lines
35	#include "Attr.h"	35	#include "Attr.h"
36	#include "DOMDataStore.h"	36	#include "DOMDataStore.h"
37	#include "DOMImplementation.h"	37	#include "DOMImplementation.h"
		38	#include "Element.h"
38	#include "HTMLImageElement.h"	39	#include "HTMLImageElement.h"
		40	#include "HTMLMediaElement.h"
39	#include "HTMLNames.h"	41	#include "HTMLNames.h"
40	#include "MessagePort.h"	42	#include "MessagePort.h"
41	#include "PlatformSupport.h"	43	#include "PlatformSupport.h"
42	#include "RetainedDOMInfo.h"	44	#include "RetainedDOMInfo.h"
43	#include "RetainedObjectInfo.h"	45	#include "RetainedObjectInfo.h"
		46	#include "TextTrack.h"
		47	#include "TextTrackCueList.h"
		48	#include "TextTrackList.h"
44	#include "V8Binding.h"	49	#include "V8Binding.h"
45	#include "V8CSSRule.h"	50	#include "V8CSSRule.h"
46	#include "V8CSSRuleList.h"	51	#include "V8CSSRuleList.h"
Lines 49-54 a/Source/WebCore/bindings/v8/V8GCController.cpp_sec2
49	#include "V8MessagePort.h"	54	#include "V8MessagePort.h"
50	#include "V8StyleSheet.h"	55	#include "V8StyleSheet.h"
51	#include "V8StyleSheetList.h"	56	#include "V8StyleSheetList.h"
		57	#include "V8TextTrack.h"
		58	#include "V8TextTrackCueList.h"
		59	#include "V8TextTrackList.h"
52	#include "WrapperTypeInfo.h"	60	#include "WrapperTypeInfo.h"
53		61
54	#include <algorithm>	62	#include <algorithm>
Lines 314-320 public: a/Source/WebCore/bindings/v8/V8GCController.cpp_sec3
314	void visitDOMWrapper(DOMDataStore* store, Node* node, v8::Persistent<v8::Object> wrapper)	322	void visitDOMWrapper(DOMDataStore* store, Node* node, v8::Persistent<v8::Object> wrapper)
315	{	323	{
316	if (node->hasEventListeners()) {	324	if (node->hasEventListeners()) {
317	Vector<v8::Persistent<v8::Value> > listeners;	325	Vector<v8::Persistent<v8::Value> > wrappers;
318	EventListenerIterator iterator(node);	326	EventListenerIterator iterator(node);
319	while (EventListener* listener = iterator.nextListener()) {	327	while (EventListener* listener = iterator.nextListener()) {
320	if (listener->type() != EventListener::JSEventListenerType)	328	if (listener->type() != EventListener::JSEventListenerType)
Lines 322-341 public: a/Source/WebCore/bindings/v8/V8GCController.cpp_sec4
322	V8AbstractEventListener* v8listener = static_cast<V8AbstractEventListener*>(listener);	330	V8AbstractEventListener* v8listener = static_cast<V8AbstractEventListener*>(listener);
323	if (!v8listener->hasExistingListenerObject())	331	if (!v8listener->hasExistingListenerObject())
324	continue;	332	continue;
325	listeners.append(v8listener->existingListenerObjectPersistentHandle());	333	wrappers.append(v8listener->existingListenerObjectPersistentHandle());
326	}	334	}
327	if (!listeners.isEmpty())	335	if (!wrappers.isEmpty())
328	v8::V8::AddImplicitReferences(wrapper, listeners.data(), listeners.size());	336	v8::V8::AddImplicitReferences(wrapper, wrappers.data(), wrappers.size());
329	}	337	}
330		338
331	GroupId groupId = calculateGroupId(node);	339	#if ENABLE(VIDEO_TRACK)
332	if (!groupId)	340	if (node->isElementNode() && static_cast<Element*>(node)->isMediaElement()) {
333	return;	341	HTMLMediaElement* mediaElement = static_cast<HTMLMediaElement*>(node);
334	m_grouper.append(GrouperItem(groupId, wrapper));	342	TextTrackList* textTrackList = mediaElement->textTracks();
		343
		344	Vector<v8::Persistent<v8::Value> > wrappers;
		345	for (unsigned i = 0; i < textTrackList->length(); ++i) {
		346	TextTrack* textTrack = textTrackList->item(i);
		347	v8::Persistent<v8::Object> wrapper = getDOMObjectMap().get(textTrack);
		348	if (!wrapper.IsEmpty())
		349	wrappers.append(wrapper);
		350	}
		351
		352	if (!wrappers.isEmpty())
		353	v8::V8::AddImplicitReferences(wrapper, wrappers.data(), wrappers.size());
		354	}
		355	#endif
		356
		357	appendToGrouperList(node, wrapper);
335	}	358	}
336		359
337	void visitDOMWrapper(DOMDataStore* store, void* object, v8::Persistent<v8::Object> wrapper)	360	void visitDOMWrapper(DOMDataStore* store, void* object, v8::Persistent<v8::Object> wrapper)
338	{	361	{
		362	#if ENABLE(VIDEO_TRACK)
		363	WrapperTypeInfo* type = V8DOMWrapper::domWrapperType(wrapper);
		364	if (type == &V8TextTrack::info)
		365	visitDOMWrapper(store, static_cast<TextTrack*>(object), wrapper);
		366	#endif
339	}	367	}
340		368
341	void applyGrouping()	369	void applyGrouping()
Lines 380-385 public: a/Source/WebCore/bindings/v8/V8GCController.cpp_sec5
380	}	408	}
381		409
382	private:	410	private:
		411
		412	#if ENABLE(VIDEO_TRACK)
		413	void visitDOMWrapper(DOMDataStore* store, TextTrack* textTrack, v8::Persistent<v8::Object> wrapper)
		414	{
		415	HTMLMediaElement* mediaElement = textTrack->mediaElement();
		416	if (!mediaElement)
		417	return;
		418
		419	Vector<v8::Persistent<v8::Value> > wrappers;
		420	TextTrackCueList* cues = textTrack->cues();
		421	if (cues) {
		422	for (unsigned i = 0; i < cues->length(); ++i) {
		423	TextTrackCue* cue = cues->item(i);
		424	v8::Handle<v8::Object> wrapper = getDOMObjectMap().get(cue);
		425	if (!wrapper.IsEmpty())
		426	wrappers.append(wrapper);
		427	}
		428
		429	if (!wrappers.isEmpty())
		430	v8::V8::AddImplicitReferences(wrapper, wrappers.data(), wrappers.size());
		431	}
		432
		433	appendToGrouperList(mediaElement, wrapper);
		434	}
		435	#endif
		436
		437	void appendToGrouperList(Node* node, v8::Persistent<v8::Object> wrapper)
		438	{
		439	GroupId groupId = calculateGroupId(node);
		440	if (!groupId)
		441	return;
		442	m_grouper.append(GrouperItem(groupId, wrapper));
		443	}
		444
383	GrouperList m_grouper;	445	GrouperList m_grouper;
384	};	446	};
385		447



        EnabledAtRuntime=webkitVideoTrack,
        EventTarget,
        CustomMarkFunction,
        CustomIsReachable,
        V8DependentLifetime
    ] TextTrack {
        readonly attribute DOMString kind;
        readonly attribute DOMString label;



        CallWith=ScriptExecutionContext,
        EventTarget,
        CustomMarkFunction,
        CustomIsReachable,
        V8DependentLifetime
    ] TextTrackCue {
        readonly attribute TextTrack track;




2012-02-06  Erik Arvidsson  <arv@chromium.org>

        V8 wrappers for TextTrack and TextTrackCue should not be collected on event dispatch and when parent/owner are still reachable
        https://bugs.webkit.org/show_bug.cgi?id=73865

        Reviewed by NOBODY (OOPS!).

        * platform/chromium/test_expectations.txt:

2012-01-27  Ken Buchanan  <kenrb@chromium.org>

        Crash in updateFirstLetter() from unnecessary anonymous block




BUGWK66953 : transitions/default-timing-function.html = PASS FAIL

BUGWK73865 : media/track/tracklist-is-reachable.html = TEXT CRASH
BUGWK73865 : media/track/text-track-cue-is-reachable.html = TEXT CRASH
BUGWK73865 : media/track/text-track-is-reachable.html = TEXT CRASH

// use Skia to draw vertical text directly instead of text-on-path
BUG_CARYCLARK MAC CPU : editing/selection/vertical-lr-ltr-extend-line-backward-br.html = IMAGE
BUG_CARYCLARK MAC CPU : editing/selection/vertical-lr-ltr-extend-line-forward-br.html = IMAGE

Return to Bug 73865

Lines 3586-3595 BUG_SENORBLANCO GPU : fast/canvas/canvas-transforms-fillRect-shadow.html = TEXT a/LayoutTests/platform/chromium/test_expectations.txt_sec1
- a/LayoutTests/platform/chromium/test_expectations.txt -4 lines
3586		3586
3587	BUGWK66953 : transitions/default-timing-function.html = PASS FAIL	3587	BUGWK66953 : transitions/default-timing-function.html = PASS FAIL
3588		3588
3589	BUGWK73865 : media/track/tracklist-is-reachable.html = TEXT CRASH
3590	BUGWK73865 : media/track/text-track-cue-is-reachable.html = TEXT CRASH
3591	BUGWK73865 : media/track/text-track-is-reachable.html = TEXT CRASH
3592
3593	// use Skia to draw vertical text directly instead of text-on-path	3589	// use Skia to draw vertical text directly instead of text-on-path
3594	BUG_CARYCLARK MAC CPU : editing/selection/vertical-lr-ltr-extend-line-backward-br.html = IMAGE	3590	BUG_CARYCLARK MAC CPU : editing/selection/vertical-lr-ltr-extend-line-backward-br.html = IMAGE
3595	BUG_CARYCLARK MAC CPU : editing/selection/vertical-lr-ltr-extend-line-forward-br.html = IMAGE	3591	BUG_CARYCLARK MAC CPU : editing/selection/vertical-lr-ltr-extend-line-forward-br.html = IMAGE

Lines 1-3 a/Source/WebCore/ChangeLog_sec1
- a/Source/WebCore/ChangeLog +24 lines
		1	2012-02-06 Erik Arvidsson <arv@chromium.org>
		2
		3	V8 wrappers for TextTrack and TextTrackCue should not be collected on event dispatch and when parent/owner are still reachable
		4	https://bugs.webkit.org/show_bug.cgi?id=73865
		5
		6	Reviewed by NOBODY (OOPS!).
		7
		8	Add special handling for HTMLMediaElement and TextTrack to add implicit references to the items in the
		9	textTracks and cues collections respectively.
		10
		11	Covered by existing tests.
		12
		13	* Target.pri:
		14	* UseV8.cmake:
		15	* WebCore.gypi:
		16	* bindings/scripts/CodeGeneratorV8.pm:
		17	(HasCustomToV8Implementation): Needs custom toV8 for TextTrackList to add reference from the HTMLMediaElement to the TextTrackList.
		18	* bindings/v8/V8GCController.cpp:
		19	(WebCore::GrouperVisitor::visitDOMWrapper):
		20	(GrouperVisitor):
		21	(WebCore::GrouperVisitor::appendToGrouperList): Extracted into a method.
		22	* html/TextTrack.idl:
		23	* html/TextTrackCue.idl:
		24
1	2012-01-27 Ken Buchanan <kenrb@chromium.org>	25	2012-01-27 Ken Buchanan <kenrb@chromium.org>
2		26
3	Crash in updateFirstLetter() from unnecessary anonymous block	27	Crash in updateFirstLetter() from unnecessary anonymous block

Lines 30-36 module html { a/Source/WebCore/html/TextTrack.idl_sec1
- a/Source/WebCore/html/TextTrack.idl -1 / +2 lines
30	EnabledAtRuntime=webkitVideoTrack,	30	EnabledAtRuntime=webkitVideoTrack,
31	EventTarget,	31	EventTarget,
32	CustomMarkFunction,	32	CustomMarkFunction,
33	CustomIsReachable	33	CustomIsReachable,
		34	V8DependentLifetime
34	] TextTrack {	35	] TextTrack {
35	readonly attribute DOMString kind;	36	readonly attribute DOMString kind;
36	readonly attribute DOMString label;	37	readonly attribute DOMString label;

Lines 33-39 module html { a/Source/WebCore/html/TextTrackCue.idl_sec1
- a/Source/WebCore/html/TextTrackCue.idl -1 / +2 lines
33	CallWith=ScriptExecutionContext,	33	CallWith=ScriptExecutionContext,
34	EventTarget,	34	EventTarget,
35	CustomMarkFunction,	35	CustomMarkFunction,
36	CustomIsReachable	36	CustomIsReachable,
		37	V8DependentLifetime
37	] TextTrackCue {	38	] TextTrackCue {
38	readonly attribute TextTrack track;	39	readonly attribute TextTrack track;
39		40

Lines 1-3 a/LayoutTests/ChangeLog_sec1
- a/LayoutTests/ChangeLog +9 lines
		1	2012-02-06 Erik Arvidsson <arv@chromium.org>
		2
		3	V8 wrappers for TextTrack and TextTrackCue should not be collected on event dispatch and when parent/owner are still reachable
		4	https://bugs.webkit.org/show_bug.cgi?id=73865
		5
		6	Reviewed by NOBODY (OOPS!).
		7
		8	* platform/chromium/test_expectations.txt:
		9
1	2012-01-27 Ken Buchanan <kenrb@chromium.org>	10	2012-01-27 Ken Buchanan <kenrb@chromium.org>
2		11
3	Crash in updateFirstLetter() from unnecessary anonymous block	12	Crash in updateFirstLetter() from unnecessary anonymous block