Regression(r196145): Crash in getOwnPropertyDescriptor on http://www.history.com...
authorcdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 4 Apr 2016 20:01:38 +0000 (20:01 +0000)
committercdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 4 Apr 2016 20:01:38 +0000 (20:01 +0000)
commit99b219526f0ec119083ba3280d2a4d37401d1d98
tree8727ae9e28541742d575c5454114965283a846ea
parent4cb0d84d80bedc5cde44bcdef74cbfe63459b40b
Regression(r196145): Crash in getOwnPropertyDescriptor on history.com/shows/vikings
https://bugs.webkit.org/show_bug.cgi?id=156136
<rdar://problem/25410767>

Reviewed by Ryosuke Niwa.

Source/JavaScriptCore:

Add a few more identifiers for using in the generated bindings.

* runtime/CommonIdentifiers.h:

Source/WebCore:

The page was crashing when doing the following:
Object.getOwnPropertyDescriptor(window, "indexedDB")

getOwnPropertyDescriptor() expected getDirect() to return a CustomGetterSetter for
CustomAccessors but it was not the case for window.indexedDB. The reason was that
window.indexedDB was a special property, which is not part of the static table but
returned by GetOwnPropertySlot() if IndexedDB feature is enabled. This weirdness
was due to our bindings generator not having proper support for [EnabledAtRuntime]
properties on Window.

This patch adds support for [EnabledAtRuntime] properties on Window by omitting
these properties from the static property table and then setting them at runtime
in JSDOMWindow::finishCreation() if the corresponding feature is enabled.
window.indexedDB now looks like a regular property when IndexedDB is enabled
and getOwnPropertyDescriptor() works as expected for this property.

Test: storage/indexeddb/indexeddb-getownpropertyDescriptor.html

* Modules/indexeddb/DOMWindowIndexedDatabase.cpp:
(WebCore::DOMWindowIndexedDatabase::indexedDB):
* Modules/indexeddb/DOMWindowIndexedDatabase.h:
The generated bindings pass DOMWindow by reference instead of pointer so update
the implementation accordingly.

* Modules/indexeddb/DOMWindowIndexedDatabase.idl:
Add 'indexedDB' and 'webkitIndexedDB' properties and mark them as
[EnabledAtRuntime]. Now that the bindings generator correctly handles
[EnabledAtRuntime] properties on the Window, there is no need to
custom-handle them in JSDOMWindowCustom.

* bindings/js/JSDOMWindowCustom.cpp:
Drop custom handling for 'indexedDB' and 'webkitIndexedDB' properties
in getOwnPropertySlot(). The generated bindings code now makes sure to
only set those properties on the Window if IndexedDB is enabled so we
can let the regular code path look up those properties.

* bindings/scripts/CodeGeneratorJS.pm:
(GetJSCAttributesForAttribute):
(GenerateHeader):
(GeneratePropertiesHashTable):
(GenerateImplementation):
Add support for [EnabledAtRuntime] properties on DOMWindow. For such
properties, we do the following:
1. Omit them from the static property table
2. In JSDOMWindow::finishCreation(), dynamically add those properties
   at runtime if the corresponding feature is enabled.

Note that this works for constructors as well.

* inspector/InspectorIndexedDBAgent.cpp:
(WebCore::assertIDBFactory):
Pass Window by reference instead of pointer.

LayoutTests:

Add a layout test to confirm that calling Object.getOwnPropertyDescriptor(window, "indexedDB")
does not crash and works as expected.

* storage/indexeddb/indexeddb-getownpropertyDescriptor-expected.txt: Added.
* storage/indexeddb/indexeddb-getownpropertyDescriptor.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199017 268f45cc-cd09-0410-ab3c-d52691b4dbfc
12 files changed:
LayoutTests/ChangeLog
LayoutTests/storage/indexeddb/indexeddb-getownpropertyDescriptor-expected.txt [new file with mode: 0644]
LayoutTests/storage/indexeddb/indexeddb-getownpropertyDescriptor.html [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/runtime/CommonIdentifiers.h
Source/WebCore/ChangeLog
Source/WebCore/Modules/indexeddb/DOMWindowIndexedDatabase.cpp
Source/WebCore/Modules/indexeddb/DOMWindowIndexedDatabase.h
Source/WebCore/Modules/indexeddb/DOMWindowIndexedDatabase.idl
Source/WebCore/bindings/js/JSDOMWindowCustom.cpp
Source/WebCore/bindings/scripts/CodeGeneratorJS.pm
Source/WebCore/inspector/InspectorIndexedDBAgent.cpp