Clear m_pendingTargets in MutationObserver::takeRecords
authorrniwa@webkit.org <rniwa@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 4 Oct 2018 03:55:12 +0000 (03:55 +0000)
committerrniwa@webkit.org <rniwa@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 4 Oct 2018 03:55:12 +0000 (03:55 +0000)
commit5cde9782c7b1425d10e03b6443911b26f13a033d
tree184720b9261c8a773d9c0caca1828c6cc83e72ba
parentab961c2ea39d5064c385f0691d8fb4ea39fbdc01
Clear m_pendingTargets in MutationObserver::takeRecords
https://bugs.webkit.org/show_bug.cgi?id=190240

Reviewed by Geoffrey Garen.

In r236781, we delayed the clearing of m_pendingTargets until the end of microtask to avoid a race between
mutation record's JS wrappers getting created and GC marking JS wrappers of elements in mutation records.

This patch shortens this delay to until mutation record's JS wrappers are created. Specifically, we make
MutationObserver::takeRecords() return a struct which has both pending targets hash set and the vector of
mutation records so that the hash set survives through the creation of JS wrappers for mutation records.

To do this, a new IDL extended attribute "ResultField" is introduced to specify the member variable in
which the result is stored.

No new tests. Unfortunately, this race condition appears to be impossible to capture in a regression test.

* bindings/scripts/CodeGeneratorJS.pm:
(GenerateOperationBodyDefinition):
* bindings/scripts/IDLAttributes.json:
* bindings/scripts/test/JS/JSTestInterface.cpp:
(WebCore::jsTestInterfacePrototypeFunctionTakeNodesBody):
(WebCore::jsTestInterfacePrototypeFunctionTakeNodes):
* bindings/scripts/test/TestImplements.idl: Added a test case.
* dom/MutationObserver.cpp:
(WebCore::MutationObserver::takeRecords):
(WebCore::MutationObserver::deliver):
* dom/MutationObserver.h:
* dom/MutationObserver.idl:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@236825 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WebCore/ChangeLog
Source/WebCore/bindings/scripts/CodeGeneratorJS.pm
Source/WebCore/bindings/scripts/IDLAttributes.json
Source/WebCore/bindings/scripts/test/JS/JSTestInterface.cpp
Source/WebCore/bindings/scripts/test/TestImplements.idl
Source/WebCore/dom/MutationObserver.cpp
Source/WebCore/dom/MutationObserver.h
Source/WebCore/dom/MutationObserver.idl