ChangeLog

2012-02-06  Erik Arvidsson  <arv@chromium.org>

        V8 wrappers for TextTrack and TextTrackCue should not be collected on event dispatch and when parent/owner are still reachable

        https://bugs.webkit.org/show_bug.cgi?id=73865

        Reviewed by NOBODY (OOPS!).

        Add special handling for HTMLMediaElement and TextTrack to add implicit references to the items in the

        textTracks and cues collections respectively.

        Covered by existing tests.

        * Target.pri:

        * UseV8.cmake:

        * WebCore.gypi:

        * bindings/scripts/CodeGeneratorV8.pm:

        (HasCustomToV8Implementation): Needs custom toV8 for TextTrackList to add reference from the HTMLMediaElement to the TextTrackList.

        * bindings/v8/V8GCController.cpp:

        (WebCore::GrouperVisitor::visitDOMWrapper):

        (GrouperVisitor):

        (WebCore::GrouperVisitor::appendToGrouperList): Extracted into a method.

        * html/TextTrack.idl:

        * html/TextTrackCue.idl:

2012-01-27  Ken Buchanan  <kenrb@chromium.org>

        Crash in updateFirstLetter() from unnecessary anonymous block

Source/WebCore/Target.pri

@@v8 {

        bindings/v8/custom/V8StorageCustom.cpp \

        bindings/v8/custom/V8StyleSheetCustom.cpp \

        bindings/v8/custom/V8StyleSheetListCustom.cpp \

210 bindings/v8/custom/V8TextTrackListCustom.cpp \

        bindings/v8/custom/V8WebKitAnimationCustom.cpp \

        bindings/v8/custom/V8WebKitMutationObserverCustom.cpp \

        bindings/v8/custom/V8WebKitPointConstructor.cpp \

Source/WebCore/UseV8.cmake

@@LIST(APPEND WebCore_SOURCES

    bindings/v8/custom/V8StorageCustom.cpp

    bindings/v8/custom/V8StyleSheetCustom.cpp

    bindings/v8/custom/V8StyleSheetListCustom.cpp

146 bindings/v8/custom/V8TextTrackListCustom.cpp

    bindings/v8/custom/V8Uint16ArrayCustom.cpp

    bindings/v8/custom/V8Uint32ArrayCustom.cpp

    bindings/v8/custom/V8Uint8ArrayCustom.cpp

Source/WebCore/WebCore.gypi

            'bindings/v8/custom/V8StorageCustom.cpp',

            'bindings/v8/custom/V8StyleSheetCustom.cpp',

            'bindings/v8/custom/V8StyleSheetListCustom.cpp',

1894 'bindings/v8/custom/V8TextTrackListCustom.cpp',

            'bindings/v8/custom/V8TrackEventCustom.cpp',

            'bindings/v8/custom/V8Uint16ArrayCustom.cpp',

            'bindings/v8/custom/V8Uint32ArrayCustom.cpp',

Source/WebCore/bindings/scripts/CodeGeneratorV8.pm

@@sub HasCustomToV8Implementation {

    return 1 if $interfaceName eq "SVGElement";

    return 1 if $interfaceName eq "ScriptProfile";

    return 1 if $interfaceName eq "ScriptProfileNode";

3156 return 1 if $interfaceName eq "TextTrackList";

    return 1 if $interfaceName eq "WorkerContext";

    # We don't generate a custom converter (but JSC does) for the following:

    return 0 if $interfaceName eq "AbstractWorker";

Source/WebCore/bindings/v8/V8GCController.cpp

#include "Attr.h"

#include "DOMDataStore.h"

#include "DOMImplementation.h"

38#include "Element.h"

3839#include "HTMLImageElement.h"

40#include "HTMLMediaElement.h"

#include "HTMLNames.h"

#include "MessagePort.h"

#include "PlatformSupport.h"

#include "RetainedDOMInfo.h"

#include "RetainedObjectInfo.h"

#include "TextTrack.h"

#include "TextTrackCueList.h"

#include "TextTrackList.h"

#include "V8Binding.h"

#include "V8CSSRule.h"

#include "V8CSSRuleList.h"

#include "V8MessagePort.h"

#include "V8StyleSheet.h"

#include "V8StyleSheetList.h"

#include "V8TextTrack.h"

#include "V8TextTrackCueList.h"

#include "V8TextTrackList.h"

#include "WrapperTypeInfo.h"

#include <algorithm>

@@public:

    void visitDOMWrapper(DOMDataStore* store, Node* node, v8::Persistent<v8::Object> wrapper)

    {

        if (node->hasEventListeners()) {

317 Vector<v8::Persistent<v8::Value> > ~~listen~~ers;

325 Vector<v8::Persistent<v8::Value> > wrappers;

            EventListenerIterator iterator(node);

            while (EventListener* listener = iterator.nextListener()) {

                if (listener->type() != EventListener::JSEventListenerType)

@@public:

                V8AbstractEventListener* v8listener = static_cast<V8AbstractEventListener*>(listener);

                if (!v8listener->hasExistingListenerObject())

                    continue;

325 ~~listen~~ers.append(v8listener->existingListenerObjectPersistentHandle());

333 wrappers.append(v8listener->existingListenerObjectPersistentHandle());

326334 }

327 if (!~~listen~~ers.isEmpty())

328 v8::V8::AddImplicitReferences(wrapper, ~~listen~~ers.data(), ~~listen~~ers.size());

335 if (!wrappers.isEmpty())

336 v8::V8::AddImplicitReferences(wrapper, wrappers.data(), wrappers.size());

329337 }

330338

        GroupId groupId = calculateGroupId(node);

        if (!groupId)

            return;

        m_grouper.append(GrouperItem(groupId, wrapper));

#if ENABLE(VIDEO_TRACK)

        if (node->isElementNode() && static_cast<Element*>(node)->isMediaElement()) {

            HTMLMediaElement* mediaElement = static_cast<HTMLMediaElement*>(node);

            TextTrackList* textTrackList = mediaElement->textTracks();

            Vector<v8::Persistent<v8::Value> > wrappers;

            for (unsigned i = 0; i < textTrackList->length(); ++i) {

                TextTrack* textTrack = textTrackList->item(i);

                v8::Persistent<v8::Object> wrapper = getDOMObjectMap().get(textTrack);

                if (!wrapper.IsEmpty())

                    wrappers.append(wrapper);

            }

            if (!wrappers.isEmpty())

                v8::V8::AddImplicitReferences(wrapper, wrappers.data(), wrappers.size());

        }

#endif

        appendToGrouperList(node, wrapper);

    }

    void visitDOMWrapper(DOMDataStore* store, void* object, v8::Persistent<v8::Object> wrapper)

    {

#if ENABLE(VIDEO_TRACK)

        WrapperTypeInfo* type = V8DOMWrapper::domWrapperType(wrapper);

        if (type == &V8TextTrack::info)

            visitDOMWrapper(store, static_cast<TextTrack*>(object), wrapper);

#endif

    }

    void applyGrouping()

@@public:

    }

private:

#if ENABLE(VIDEO_TRACK)

    void visitDOMWrapper(DOMDataStore* store, TextTrack* textTrack, v8::Persistent<v8::Object> wrapper)

    {

        HTMLMediaElement* mediaElement = textTrack->mediaElement();

        if (!mediaElement)

            return;

        Vector<v8::Persistent<v8::Value> > wrappers;

        TextTrackCueList* cues = textTrack->cues();

        if (cues) {

            for (unsigned i = 0; i < cues->length(); ++i) {

                TextTrackCue* cue = cues->item(i);

                v8::Handle<v8::Object> wrapper = getDOMObjectMap().get(cue);

                if (!wrapper.IsEmpty())

                    wrappers.append(wrapper);

            }

            if (!wrappers.isEmpty())

                v8::V8::AddImplicitReferences(wrapper, wrappers.data(), wrappers.size());

        }

        appendToGrouperList(mediaElement, wrapper);

    }

#endif

    void appendToGrouperList(Node* node, v8::Persistent<v8::Object> wrapper)

    {

        GroupId groupId = calculateGroupId(node);

        if (!groupId)

            return;

        m_grouper.append(GrouperItem(groupId, wrapper));

    }

    GrouperList m_grouper;

};

Source/WebCore/html/TextTrack.idl

@@module html {

        EnabledAtRuntime=webkitVideoTrack,

        EventTarget,

        CustomMarkFunction,

33 CustomIsReachable

33 CustomIsReachable,

34 V8DependentLifetime

    ] TextTrack {

        readonly attribute DOMString kind;

        readonly attribute DOMString label;

Source/WebCore/html/TextTrackCue.idl

@@module html {

        CallWith=ScriptExecutionContext,

        EventTarget,

        CustomMarkFunction,

36 CustomIsReachable

36 CustomIsReachable,

37 V8DependentLifetime

    ] TextTrackCue {

        readonly attribute TextTrack track;

LayoutTests/ChangeLog

2012-02-06  Erik Arvidsson  <arv@chromium.org>

        V8 wrappers for TextTrack and TextTrackCue should not be collected on event dispatch and when parent/owner are still reachable

        https://bugs.webkit.org/show_bug.cgi?id=73865

        Reviewed by NOBODY (OOPS!).

        * platform/chromium/test_expectations.txt:

2012-01-27  Ken Buchanan  <kenrb@chromium.org>

        Crash in updateFirstLetter() from unnecessary anonymous block

LayoutTests/platform/chromium/test_expectations.txt

@@BUG_SENORBLANCO GPU : fast/canvas/canvas-transforms-fillRect-shadow.html = TEXT

BUGWK66953 : transitions/default-timing-function.html = PASS FAIL

BUGWK73865 : media/track/tracklist-is-reachable.html = TEXT CRASH

BUGWK73865 : media/track/text-track-cue-is-reachable.html = TEXT CRASH

BUGWK73865 : media/track/text-track-is-reachable.html = TEXT CRASH

// use Skia to draw vertical text directly instead of text-on-path

BUG_CARYCLARK MAC CPU : editing/selection/vertical-lr-ltr-extend-line-backward-br.html = IMAGE

BUG_CARYCLARK MAC CPU : editing/selection/vertical-lr-ltr-extend-line-forward-br.html = IMAGE