[v8] Security feature: JavaScript Bindings hardening
authorabarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 29 Jan 2013 02:37:52 +0000 (02:37 +0000)
committerabarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 29 Jan 2013 02:37:52 +0000 (02:37 +0000)
https://bugs.webkit.org/show_bug.cgi?id=106608

Source/WebCore:

The patch adds a check at wrapper creation time to enuse that the
object being wrapped is not already free, to the extent that we know
the information about the type of the object as provided in the IDL.

Patch by Tom Sepez <tsepez@chromium.org> on 2013-01-28
Reviewed by Adam Barth.

Patch is correct if existing tests pass without new crashes.

* bindings/scripts/CodeGeneratorV8.pm:
(GenerateImplementation):
(GenerateToV8Converters):
(GetNativeTypeForConversions):
(GetGnuVTableRefForInterface):
(GetGnuVTableNameForInterface):
(GetGnuMangledNameForInterface):
(GetGnuVTableOffsetForType):
(GetWinVTableRefForInterface):
(GetWinVTableNameForInterface):
(GetWinMangledNameForInterface):
(GetNamespaceForInterface):
(GetImplementationLacksVTableForInterface):
(GetV8SkipVTableValidationForInterface):
Update code generation to add object validity tests under the control
of the ENABLE_BINDING_INTEGRITY option.

* Modules/filesystem/DirectoryReader.idl:
* Modules/filesystem/DirectoryReaderSync.idl:
* Modules/filesystem/EntryArray.idl:
* Modules/filesystem/EntryArraySync.idl:
* Modules/filesystem/Metadata.idl:
* Modules/gamepad/Gamepad.idl:
* Modules/gamepad/GamepadList.idl:
* Modules/geolocation/Geoposition.idl:
* Modules/geolocation/PositionError.idl:
* Modules/indexeddb/IDBFactory.idl:
* Modules/indexeddb/IDBIndex.idl:
* Modules/indexeddb/IDBKeyRange.idl:
* Modules/indexeddb/IDBObjectStore.idl:
* Modules/mediastream/RTCStatsElement.idl:
* Modules/mediastream/RTCStatsReport.idl:
* Modules/quota/StorageInfo.idl:
* Modules/speech/SpeechGrammar.idl:
* Modules/speech/SpeechGrammarList.idl:
* Modules/speech/SpeechRecognitionAlternative.idl:
* Modules/speech/SpeechRecognitionResult.idl:
* Modules/speech/SpeechRecognitionResultList.idl:
* Modules/webaudio/AudioBuffer.idl:
* Modules/webaudio/AudioDestinationNode.idl:
* Modules/webaudio/AudioListener.idl:
* Modules/webaudio/AudioSourceNode.idl:
* Modules/webaudio/WaveTable.idl:
* Modules/webdatabase/SQLError.idl:
* Modules/webdatabase/SQLException.idl:
* Modules/webdatabase/SQLResultSet.idl:
* Modules/webdatabase/SQLResultSetRowList.idl:
* Modules/webdatabase/SQLTransaction.idl:
* Modules/webdatabase/SQLTransactionSync.idl:
* bindings/scripts/IDLAttributes.txt:
* css/CSSPrimitiveValue.idl:
* css/CSSRule.idl:
* css/CSSRuleList.idl:
* css/CSSStyleDeclaration.idl:
* css/CSSValue.idl:
* css/CSSValueList.idl:
* css/Counter.idl:
* css/MediaList.idl:
* css/MediaQueryList.idl:
* css/RGBColor.idl:
* css/Rect.idl:
* css/StyleSheetList.idl:
* css/WebKitCSSFilterValue.idl:
* css/WebKitCSSMixFunctionValue.idl:
* css/WebKitCSSTransformValue.idl:
* dom/ClientRect.idl:
* dom/ClientRectList.idl:
* dom/Clipboard.idl:
* dom/DOMCoreException.idl:
* dom/DOMError.idl:
* dom/DOMImplementation.idl:
* dom/DOMNamedFlowCollection.idl:
* dom/DOMStringList.idl:
* dom/DOMStringMap.idl:
* dom/DataTransferItem.idl:
* dom/DataTransferItemList.idl:
* dom/DocumentFragment.idl:
* dom/Element.idl:
* dom/Entity.idl:
* dom/Event.idl:
* dom/EventException.idl:
* dom/MessageChannel.idl:
* dom/MouseEvent.idl:
* dom/MutationObserver.idl:
* dom/MutationRecord.idl:
* dom/NamedNodeMap.idl:
* dom/NodeFilter.idl:
* dom/NodeIterator.idl:
* dom/NodeList.idl:
* dom/Range.idl:
* dom/RangeException.idl:
* dom/Touch.idl:
* dom/TouchList.idl:
* dom/TreeWalker.idl:
* fileapi/FileError.idl:
* fileapi/FileException.idl:
* fileapi/FileList.idl:
* html/DOMFormData.idl:
* html/DOMTokenList.idl:
* html/DOMURL.idl:
* html/HTMLAllCollection.idl:
* html/HTMLCollection.idl:
* html/HTMLDialogElement.idl:
* html/HTMLDivElement.idl:
* html/HTMLDocument.idl:
* html/HTMLElement.idl:
* html/HTMLImageElement.idl:
* html/HTMLInputElement.idl:
* html/HTMLSelectElement.idl:
* html/HTMLSpanElement.idl:
* html/HTMLUnknownElement.idl:
* html/ImageData.idl:
* html/MediaError.idl:
* html/MediaKeyError.idl:
* html/TimeRanges.idl:
* html/ValidityState.idl:
* html/canvas/ArrayBuffer.idl:
* html/canvas/ArrayBufferView.idl:
* html/canvas/CanvasGradient.idl:
* html/canvas/CanvasPattern.idl:
* html/canvas/Float32Array.idl:
* html/canvas/Float64Array.idl:
* html/canvas/Int16Array.idl:
* html/canvas/Int32Array.idl:
* html/canvas/Int8Array.idl:
* html/canvas/Uint16Array.idl:
* html/canvas/Uint32Array.idl:
* html/canvas/Uint8Array.idl:
* html/canvas/Uint8ClampedArray.idl:
* html/canvas/WebGLActiveInfo.idl:
* html/canvas/WebGLShaderPrecisionFormat.idl:
* html/track/TextTrack.idl:
* html/track/TextTrackCue.idl:
* html/track/TextTrackCueList.idl:
* inspector/InjectedScriptHost.idl:
* inspector/InspectorFrontendHost.idl:
* inspector/JavaScriptCallFrame.idl:
* page/Coordinates.idl:
* page/Crypto.idl:
* page/MemoryInfo.idl:
* page/PagePopupController.idl:
* page/PerformanceEntryList.idl:
* page/SpeechInputResult.idl:
* page/SpeechInputResultList.idl:
* page/WebKitPoint.idl:
* svg/SVGAnimatedAngle.idl:
* svg/SVGAnimatedBoolean.idl:
* svg/SVGAnimatedEnumeration.idl:
* svg/SVGAnimatedInteger.idl:
* svg/SVGAnimatedLength.idl:
* svg/SVGAnimatedLengthList.idl:
* svg/SVGAnimatedNumber.idl:
* svg/SVGAnimatedNumberList.idl:
* svg/SVGAnimatedPreserveAspectRatio.idl:
* svg/SVGAnimatedRect.idl:
* svg/SVGAnimatedString.idl:
* svg/SVGAnimatedTransformList.idl:
* svg/SVGColor.idl:
* svg/SVGException.idl:
* svg/SVGPaint.idl:
* svg/SVGPathSeg.idl:
* svg/SVGRenderingIntent.idl:
* svg/SVGUnitTypes.idl:
* svg/SVGZoomAndPan.idl:
* testing/MallocStatistics.idl:
* testing/TypeConversions.idl:
* workers/WorkerLocation.idl:
* xml/DOMParser.idl:
* xml/XMLHttpRequestException.idl:
* xml/XMLSerializer.idl:
* xml/XPathEvaluator.idl:
* xml/XPathException.idl:
* xml/XPathExpression.idl:
* xml/XPathNSResolver.idl:
* xml/XPathResult.idl:
* xml/XSLTProcessor.idl:
Add exceptions to binding integrity checks to IDL.

Source/WebKit/chromium:

Patch by Tom Sepez <tsepez@chromium.org> on 2013-01-28
Reviewed by Adam Barth.

* features.gypi:
Added ENABLE_BINDING_INTEGRITY option.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@141034 268f45cc-cd09-0410-ab3c-d52691b4dbfc

163 files changed:
Source/WebCore/ChangeLog
Source/WebCore/Modules/filesystem/DirectoryReader.idl
Source/WebCore/Modules/filesystem/DirectoryReaderSync.idl
Source/WebCore/Modules/filesystem/EntryArray.idl
Source/WebCore/Modules/filesystem/EntryArraySync.idl
Source/WebCore/Modules/filesystem/Metadata.idl
Source/WebCore/Modules/gamepad/Gamepad.idl
Source/WebCore/Modules/gamepad/GamepadList.idl
Source/WebCore/Modules/geolocation/Geoposition.idl
Source/WebCore/Modules/geolocation/PositionError.idl
Source/WebCore/Modules/indexeddb/IDBFactory.idl
Source/WebCore/Modules/indexeddb/IDBIndex.idl
Source/WebCore/Modules/indexeddb/IDBKeyRange.idl
Source/WebCore/Modules/indexeddb/IDBObjectStore.idl
Source/WebCore/Modules/mediastream/RTCStatsElement.idl
Source/WebCore/Modules/mediastream/RTCStatsReport.idl
Source/WebCore/Modules/quota/StorageInfo.idl
Source/WebCore/Modules/speech/SpeechGrammar.idl
Source/WebCore/Modules/speech/SpeechGrammarList.idl
Source/WebCore/Modules/speech/SpeechRecognitionAlternative.idl
Source/WebCore/Modules/speech/SpeechRecognitionResult.idl
Source/WebCore/Modules/speech/SpeechRecognitionResultList.idl
Source/WebCore/Modules/webaudio/AudioBuffer.idl
Source/WebCore/Modules/webaudio/AudioDestinationNode.idl
Source/WebCore/Modules/webaudio/AudioListener.idl
Source/WebCore/Modules/webaudio/AudioSourceNode.idl
Source/WebCore/Modules/webaudio/WaveTable.idl
Source/WebCore/Modules/webdatabase/SQLError.idl
Source/WebCore/Modules/webdatabase/SQLException.idl
Source/WebCore/Modules/webdatabase/SQLResultSet.idl
Source/WebCore/Modules/webdatabase/SQLResultSetRowList.idl
Source/WebCore/Modules/webdatabase/SQLTransaction.idl
Source/WebCore/Modules/webdatabase/SQLTransactionSync.idl
Source/WebCore/bindings/scripts/CodeGeneratorV8.pm
Source/WebCore/bindings/scripts/IDLAttributes.txt
Source/WebCore/css/CSSPrimitiveValue.idl
Source/WebCore/css/CSSRule.idl
Source/WebCore/css/CSSRuleList.idl
Source/WebCore/css/CSSStyleDeclaration.idl
Source/WebCore/css/CSSValue.idl
Source/WebCore/css/CSSValueList.idl
Source/WebCore/css/Counter.idl
Source/WebCore/css/MediaList.idl
Source/WebCore/css/MediaQueryList.idl
Source/WebCore/css/RGBColor.idl
Source/WebCore/css/Rect.idl
Source/WebCore/css/StyleSheetList.idl
Source/WebCore/css/WebKitCSSFilterValue.idl
Source/WebCore/css/WebKitCSSMixFunctionValue.idl
Source/WebCore/css/WebKitCSSTransformValue.idl
Source/WebCore/dom/ClientRect.idl
Source/WebCore/dom/ClientRectList.idl
Source/WebCore/dom/Clipboard.idl
Source/WebCore/dom/DOMCoreException.idl
Source/WebCore/dom/DOMError.idl
Source/WebCore/dom/DOMImplementation.idl
Source/WebCore/dom/DOMNamedFlowCollection.idl
Source/WebCore/dom/DOMStringList.idl
Source/WebCore/dom/DOMStringMap.idl
Source/WebCore/dom/DataTransferItem.idl
Source/WebCore/dom/DataTransferItemList.idl
Source/WebCore/dom/DocumentFragment.idl
Source/WebCore/dom/Element.idl
Source/WebCore/dom/Entity.idl
Source/WebCore/dom/Event.idl
Source/WebCore/dom/EventException.idl
Source/WebCore/dom/MessageChannel.idl
Source/WebCore/dom/MouseEvent.idl
Source/WebCore/dom/MutationObserver.idl
Source/WebCore/dom/MutationRecord.idl
Source/WebCore/dom/NamedNodeMap.idl
Source/WebCore/dom/NodeFilter.idl
Source/WebCore/dom/NodeIterator.idl
Source/WebCore/dom/NodeList.idl
Source/WebCore/dom/Range.idl
Source/WebCore/dom/RangeException.idl
Source/WebCore/dom/Touch.idl
Source/WebCore/dom/TouchList.idl
Source/WebCore/dom/TreeWalker.idl
Source/WebCore/fileapi/FileError.idl
Source/WebCore/fileapi/FileException.idl
Source/WebCore/fileapi/FileList.idl
Source/WebCore/html/DOMFormData.idl
Source/WebCore/html/DOMTokenList.idl
Source/WebCore/html/DOMURL.idl
Source/WebCore/html/HTMLAllCollection.idl
Source/WebCore/html/HTMLCollection.idl
Source/WebCore/html/HTMLDialogElement.idl
Source/WebCore/html/HTMLDivElement.idl
Source/WebCore/html/HTMLDocument.idl
Source/WebCore/html/HTMLElement.idl
Source/WebCore/html/HTMLImageElement.idl
Source/WebCore/html/HTMLInputElement.idl
Source/WebCore/html/HTMLSelectElement.idl
Source/WebCore/html/HTMLSpanElement.idl
Source/WebCore/html/HTMLUnknownElement.idl
Source/WebCore/html/ImageData.idl
Source/WebCore/html/MediaError.idl
Source/WebCore/html/MediaKeyError.idl
Source/WebCore/html/TimeRanges.idl
Source/WebCore/html/ValidityState.idl
Source/WebCore/html/canvas/ArrayBuffer.idl
Source/WebCore/html/canvas/ArrayBufferView.idl
Source/WebCore/html/canvas/CanvasGradient.idl
Source/WebCore/html/canvas/CanvasPattern.idl
Source/WebCore/html/canvas/Float32Array.idl
Source/WebCore/html/canvas/Float64Array.idl
Source/WebCore/html/canvas/Int16Array.idl
Source/WebCore/html/canvas/Int32Array.idl
Source/WebCore/html/canvas/Int8Array.idl
Source/WebCore/html/canvas/Uint16Array.idl
Source/WebCore/html/canvas/Uint32Array.idl
Source/WebCore/html/canvas/Uint8Array.idl
Source/WebCore/html/canvas/Uint8ClampedArray.idl
Source/WebCore/html/canvas/WebGLActiveInfo.idl
Source/WebCore/html/canvas/WebGLShaderPrecisionFormat.idl
Source/WebCore/html/track/TextTrack.idl
Source/WebCore/html/track/TextTrackCue.idl
Source/WebCore/html/track/TextTrackCueList.idl
Source/WebCore/inspector/InjectedScriptHost.idl
Source/WebCore/inspector/InspectorFrontendHost.idl
Source/WebCore/inspector/JavaScriptCallFrame.idl
Source/WebCore/page/Coordinates.idl
Source/WebCore/page/Crypto.idl
Source/WebCore/page/MemoryInfo.idl
Source/WebCore/page/PagePopupController.idl
Source/WebCore/page/PerformanceEntryList.idl
Source/WebCore/page/SpeechInputResult.idl
Source/WebCore/page/SpeechInputResultList.idl
Source/WebCore/page/WebKitPoint.idl
Source/WebCore/svg/SVGAnimatedAngle.idl
Source/WebCore/svg/SVGAnimatedBoolean.idl
Source/WebCore/svg/SVGAnimatedEnumeration.idl
Source/WebCore/svg/SVGAnimatedInteger.idl
Source/WebCore/svg/SVGAnimatedLength.idl
Source/WebCore/svg/SVGAnimatedLengthList.idl
Source/WebCore/svg/SVGAnimatedNumber.idl
Source/WebCore/svg/SVGAnimatedNumberList.idl
Source/WebCore/svg/SVGAnimatedPreserveAspectRatio.idl
Source/WebCore/svg/SVGAnimatedRect.idl
Source/WebCore/svg/SVGAnimatedString.idl
Source/WebCore/svg/SVGAnimatedTransformList.idl
Source/WebCore/svg/SVGColor.idl
Source/WebCore/svg/SVGException.idl
Source/WebCore/svg/SVGPaint.idl
Source/WebCore/svg/SVGPathSeg.idl
Source/WebCore/svg/SVGRenderingIntent.idl
Source/WebCore/svg/SVGUnitTypes.idl
Source/WebCore/svg/SVGZoomAndPan.idl
Source/WebCore/testing/MallocStatistics.idl
Source/WebCore/testing/TypeConversions.idl
Source/WebCore/workers/WorkerLocation.idl
Source/WebCore/xml/DOMParser.idl
Source/WebCore/xml/XMLHttpRequestException.idl
Source/WebCore/xml/XMLSerializer.idl
Source/WebCore/xml/XPathEvaluator.idl
Source/WebCore/xml/XPathException.idl
Source/WebCore/xml/XPathExpression.idl
Source/WebCore/xml/XPathNSResolver.idl
Source/WebCore/xml/XPathResult.idl
Source/WebCore/xml/XSLTProcessor.idl
Source/WebKit/chromium/ChangeLog
Source/WebKit/chromium/features.gypi

index 67e1c3a..6521298 100644 (file)
@@ -1,3 +1,194 @@
+2013-01-28  Tom Sepez  <tsepez@chromium.org>
+
+        [v8] Security feature: JavaScript Bindings hardening
+        https://bugs.webkit.org/show_bug.cgi?id=106608
+
+        The patch adds a check at wrapper creation time to enuse that the
+        object being wrapped is not already free, to the extent that we know
+        the information about the type of the object as provided in the IDL.
+
+        Reviewed by Adam Barth.
+
+        Patch is correct if existing tests pass without new crashes.
+
+        * bindings/scripts/CodeGeneratorV8.pm:
+        (GenerateImplementation):
+        (GenerateToV8Converters):
+        (GetNativeTypeForConversions):
+        (GetGnuVTableRefForInterface):
+        (GetGnuVTableNameForInterface):
+        (GetGnuMangledNameForInterface):
+        (GetGnuVTableOffsetForType):
+        (GetWinVTableRefForInterface):
+        (GetWinVTableNameForInterface):
+        (GetWinMangledNameForInterface):
+        (GetNamespaceForInterface):
+        (GetImplementationLacksVTableForInterface):
+        (GetV8SkipVTableValidationForInterface):
+        Update code generation to add object validity tests under the control
+        of the ENABLE_BINDING_INTEGRITY option.
+        
+        * Modules/filesystem/DirectoryReader.idl:
+        * Modules/filesystem/DirectoryReaderSync.idl:
+        * Modules/filesystem/EntryArray.idl:
+        * Modules/filesystem/EntryArraySync.idl:
+        * Modules/filesystem/Metadata.idl:
+        * Modules/gamepad/Gamepad.idl:
+        * Modules/gamepad/GamepadList.idl:
+        * Modules/geolocation/Geoposition.idl:
+        * Modules/geolocation/PositionError.idl:
+        * Modules/indexeddb/IDBFactory.idl:
+        * Modules/indexeddb/IDBIndex.idl:
+        * Modules/indexeddb/IDBKeyRange.idl:
+        * Modules/indexeddb/IDBObjectStore.idl:
+        * Modules/mediastream/RTCStatsElement.idl:
+        * Modules/mediastream/RTCStatsReport.idl:
+        * Modules/quota/StorageInfo.idl:
+        * Modules/speech/SpeechGrammar.idl:
+        * Modules/speech/SpeechGrammarList.idl:
+        * Modules/speech/SpeechRecognitionAlternative.idl:
+        * Modules/speech/SpeechRecognitionResult.idl:
+        * Modules/speech/SpeechRecognitionResultList.idl:
+        * Modules/webaudio/AudioBuffer.idl:
+        * Modules/webaudio/AudioDestinationNode.idl:
+        * Modules/webaudio/AudioListener.idl:
+        * Modules/webaudio/AudioSourceNode.idl:
+        * Modules/webaudio/WaveTable.idl:
+        * Modules/webdatabase/SQLError.idl:
+        * Modules/webdatabase/SQLException.idl:
+        * Modules/webdatabase/SQLResultSet.idl:
+        * Modules/webdatabase/SQLResultSetRowList.idl:
+        * Modules/webdatabase/SQLTransaction.idl:
+        * Modules/webdatabase/SQLTransactionSync.idl:
+        * bindings/scripts/IDLAttributes.txt:
+        * css/CSSPrimitiveValue.idl:
+        * css/CSSRule.idl:
+        * css/CSSRuleList.idl:
+        * css/CSSStyleDeclaration.idl:
+        * css/CSSValue.idl:
+        * css/CSSValueList.idl:
+        * css/Counter.idl:
+        * css/MediaList.idl:
+        * css/MediaQueryList.idl:
+        * css/RGBColor.idl:
+        * css/Rect.idl:
+        * css/StyleSheetList.idl:
+        * css/WebKitCSSFilterValue.idl:
+        * css/WebKitCSSMixFunctionValue.idl:
+        * css/WebKitCSSTransformValue.idl:
+        * dom/ClientRect.idl:
+        * dom/ClientRectList.idl:
+        * dom/Clipboard.idl:
+        * dom/DOMCoreException.idl:
+        * dom/DOMError.idl:
+        * dom/DOMImplementation.idl:
+        * dom/DOMNamedFlowCollection.idl:
+        * dom/DOMStringList.idl:
+        * dom/DOMStringMap.idl:
+        * dom/DataTransferItem.idl:
+        * dom/DataTransferItemList.idl:
+        * dom/DocumentFragment.idl:
+        * dom/Element.idl:
+        * dom/Entity.idl:
+        * dom/Event.idl:
+        * dom/EventException.idl:
+        * dom/MessageChannel.idl:
+        * dom/MouseEvent.idl:
+        * dom/MutationObserver.idl:
+        * dom/MutationRecord.idl:
+        * dom/NamedNodeMap.idl:
+        * dom/NodeFilter.idl:
+        * dom/NodeIterator.idl:
+        * dom/NodeList.idl:
+        * dom/Range.idl:
+        * dom/RangeException.idl:
+        * dom/Touch.idl:
+        * dom/TouchList.idl:
+        * dom/TreeWalker.idl:
+        * fileapi/FileError.idl:
+        * fileapi/FileException.idl:
+        * fileapi/FileList.idl:
+        * html/DOMFormData.idl:
+        * html/DOMTokenList.idl:
+        * html/DOMURL.idl:
+        * html/HTMLAllCollection.idl:
+        * html/HTMLCollection.idl:
+        * html/HTMLDialogElement.idl:
+        * html/HTMLDivElement.idl:
+        * html/HTMLDocument.idl:
+        * html/HTMLElement.idl:
+        * html/HTMLImageElement.idl:
+        * html/HTMLInputElement.idl:
+        * html/HTMLSelectElement.idl:
+        * html/HTMLSpanElement.idl:
+        * html/HTMLUnknownElement.idl:
+        * html/ImageData.idl:
+        * html/MediaError.idl:
+        * html/MediaKeyError.idl:
+        * html/TimeRanges.idl:
+        * html/ValidityState.idl:
+        * html/canvas/ArrayBuffer.idl:
+        * html/canvas/ArrayBufferView.idl:
+        * html/canvas/CanvasGradient.idl:
+        * html/canvas/CanvasPattern.idl:
+        * html/canvas/Float32Array.idl:
+        * html/canvas/Float64Array.idl:
+        * html/canvas/Int16Array.idl:
+        * html/canvas/Int32Array.idl:
+        * html/canvas/Int8Array.idl:
+        * html/canvas/Uint16Array.idl:
+        * html/canvas/Uint32Array.idl:
+        * html/canvas/Uint8Array.idl:
+        * html/canvas/Uint8ClampedArray.idl:
+        * html/canvas/WebGLActiveInfo.idl:
+        * html/canvas/WebGLShaderPrecisionFormat.idl:
+        * html/track/TextTrack.idl:
+        * html/track/TextTrackCue.idl:
+        * html/track/TextTrackCueList.idl:
+        * inspector/InjectedScriptHost.idl:
+        * inspector/InspectorFrontendHost.idl:
+        * inspector/JavaScriptCallFrame.idl:
+        * page/Coordinates.idl:
+        * page/Crypto.idl:
+        * page/MemoryInfo.idl:
+        * page/PagePopupController.idl:
+        * page/PerformanceEntryList.idl:
+        * page/SpeechInputResult.idl:
+        * page/SpeechInputResultList.idl:
+        * page/WebKitPoint.idl:
+        * svg/SVGAnimatedAngle.idl:
+        * svg/SVGAnimatedBoolean.idl:
+        * svg/SVGAnimatedEnumeration.idl:
+        * svg/SVGAnimatedInteger.idl:
+        * svg/SVGAnimatedLength.idl:
+        * svg/SVGAnimatedLengthList.idl:
+        * svg/SVGAnimatedNumber.idl:
+        * svg/SVGAnimatedNumberList.idl:
+        * svg/SVGAnimatedPreserveAspectRatio.idl:
+        * svg/SVGAnimatedRect.idl:
+        * svg/SVGAnimatedString.idl:
+        * svg/SVGAnimatedTransformList.idl:
+        * svg/SVGColor.idl:
+        * svg/SVGException.idl:
+        * svg/SVGPaint.idl:
+        * svg/SVGPathSeg.idl:
+        * svg/SVGRenderingIntent.idl:
+        * svg/SVGUnitTypes.idl:
+        * svg/SVGZoomAndPan.idl:
+        * testing/MallocStatistics.idl:
+        * testing/TypeConversions.idl:
+        * workers/WorkerLocation.idl:
+        * xml/DOMParser.idl:
+        * xml/XMLHttpRequestException.idl:
+        * xml/XMLSerializer.idl:
+        * xml/XPathEvaluator.idl:
+        * xml/XPathException.idl:
+        * xml/XPathExpression.idl:
+        * xml/XPathNSResolver.idl:
+        * xml/XPathResult.idl:
+        * xml/XSLTProcessor.idl:
+        Add exceptions to binding integrity checks to IDL.
+        
 2013-01-28  Alpha Lam  <hclam@chromium.org>
 
         [chromium] Build fix.
index 3e34544..e0467a9 100644 (file)
@@ -30,7 +30,8 @@
 
 [
     Conditional=FILE_SYSTEM,
-    JSNoStaticTables
+    JSNoStaticTables,
+    ImplementationLacksVTable
 ] interface DirectoryReader {
     void readEntries(in [Callback] EntriesCallback successCallback, in [Optional, Callback] ErrorCallback errorCallback);
 };
index acfba52..d21f90b 100644 (file)
@@ -30,7 +30,8 @@
 
 [
     Conditional=FILE_SYSTEM,
-    JSNoStaticTables
+    JSNoStaticTables,
+    ImplementationLacksVTable
 ] interface DirectoryReaderSync {
     EntryArraySync readEntries() raises (FileException);
 };
index 66a834b..bc03d55 100644 (file)
@@ -31,7 +31,8 @@
 [
     Conditional=FILE_SYSTEM,
     IndexedGetter,
-    JSNoStaticTables
+    JSNoStaticTables,
+    ImplementationLacksVTable
 ] interface EntryArray {
     readonly attribute unsigned long length;
     Entry item(in [IsIndex] unsigned long index);
index 0760c0b..ea4bed8 100644 (file)
@@ -31,7 +31,8 @@
 [
     Conditional=FILE_SYSTEM,
     IndexedGetter,
-    JSNoStaticTables
+    JSNoStaticTables,
+    ImplementationLacksVTable
 ] interface EntryArraySync {
     readonly attribute unsigned long length;
     EntrySync item(in [IsIndex] unsigned long index);
index 38e09df..627c5de 100644 (file)
@@ -30,7 +30,8 @@
 
 [
     Conditional=FILE_SYSTEM,
-    JSNoStaticTables
+    JSNoStaticTables,
+    ImplementationLacksVTable
 ] interface Metadata {
     readonly attribute Date modificationTime;
     readonly attribute unsigned long long size;
index 656d7da..0c5b8d5 100644 (file)
@@ -24,7 +24,8 @@
  */
 
 [
-    Conditional=GAMEPAD
+    Conditional=GAMEPAD,
+    ImplementationLacksVTable
 ] interface Gamepad {
     readonly attribute DOMString id;
     readonly attribute unsigned long index;
index 8008687..727cdc8 100644 (file)
@@ -25,7 +25,8 @@
 
 [
     Conditional=GAMEPAD,
-    IndexedGetter
+    IndexedGetter,
+    ImplementationLacksVTable
 ] interface GamepadList {
     readonly attribute unsigned long length;
     Gamepad item(in [Optional=DefaultIsUndefined] unsigned long index);
index f4d296a..3f00092 100644 (file)
@@ -25,7 +25,8 @@
 
 [
     Conditional=GEOLOCATION,
-    OmitConstructor
+    OmitConstructor,
+    ImplementationLacksVTable
 ] interface Geoposition {
     readonly attribute Coordinates coords;
     readonly attribute DOMTimeStamp timestamp;
index 7fbe987..4251896 100644 (file)
@@ -24,7 +24,8 @@
  */
 
 [
-    Conditional=GEOLOCATION
+    Conditional=GEOLOCATION,
+    ImplementationLacksVTable
 ] interface PositionError {
     readonly attribute unsigned short code;
     readonly attribute DOMString message;
index e3a4c19..6a0211f 100644 (file)
@@ -25,7 +25,8 @@
 
 [
     Conditional=INDEXED_DATABASE,
-    JSNoStaticTables
+    JSNoStaticTables,
+    ImplementationLacksVTable
 ] interface IDBFactory {
     [CallWith=ScriptExecutionContext, ImplementedAs=getDatabaseNames] IDBRequest webkitGetDatabaseNames();
 
index a6b39bb..391abe8 100644 (file)
@@ -25,7 +25,8 @@
 
 [
     Conditional=INDEXED_DATABASE,
-    JSNoStaticTables
+    JSNoStaticTables,
+    ImplementationLacksVTable
 ] interface IDBIndex {
     readonly attribute DOMString name;
     readonly attribute IDBObjectStore objectStore;
index 57e0e50..e5728c6 100644 (file)
@@ -25,7 +25,8 @@
 
 [
     Conditional=INDEXED_DATABASE,
-    JSNoStaticTables
+    JSNoStaticTables,
+    ImplementationLacksVTable
 ] interface IDBKeyRange {
     [ImplementedAs=lowerValue,CallWith=ScriptExecutionContext] readonly attribute any lower;
     [ImplementedAs=upperValue,CallWith=ScriptExecutionContext] readonly attribute any upper;
index 3595de1..4660322 100644 (file)
@@ -25,7 +25,8 @@
 
 [
     Conditional=INDEXED_DATABASE,
-    JSNoStaticTables
+    JSNoStaticTables,
+    ImplementationLacksVTable
 ] interface IDBObjectStore {
     [TreatReturnedNullStringAs=Null] readonly attribute DOMString name;
     [ImplementedAs=keyPathAny] readonly attribute IDBAny keyPath;
index 4224179..3bd4332 100644 (file)
@@ -24,6 +24,7 @@
 
 [
     Conditional=MEDIA_STREAM,
+    ImplementationLacksVTable
 ] interface RTCStatsElement {
     readonly attribute Date timestamp;
     DOMString stat(in DOMString name);
index 551ccef..fe6f7f3 100644 (file)
@@ -23,7 +23,8 @@
  */
 
 [
-    Conditional=MEDIA_STREAM
+    Conditional=MEDIA_STREAM,
+    ImplementationLacksVTable
 ] interface RTCStatsReport {
     readonly attribute RTCStatsElement local;
     readonly attribute RTCStatsElement remote;
index b61d037..328f29b 100644 (file)
@@ -25,7 +25,8 @@
 
 [
     Conditional=QUOTA,
-    OmitConstructor
+    OmitConstructor,
+    ImplementationLacksVTable
 ] interface StorageInfo {
     const unsigned short TEMPORARY = 0;
     const unsigned short PERSISTENT = 1;
index 340cacf..9b2a2a7 100644 (file)
@@ -25,7 +25,8 @@
 
 [
     Conditional=SCRIPTED_SPEECH,
-    Constructor
+    Constructor,
+    ImplementationLacksVTable
 ] interface SpeechGrammar {
     [URL,CallWith=ScriptExecutionContext] attribute DOMString src;
     attribute float weight;
index 94941da..a0a7ec9 100644 (file)
@@ -27,6 +27,7 @@
     Conditional=SCRIPTED_SPEECH,
     IndexedGetter,
     Constructor,
+    ImplementationLacksVTable
 ] interface SpeechGrammarList {
     readonly attribute unsigned long length;
     SpeechGrammar item(in [IsIndex] unsigned long index);
index 03cec18..719dce2 100644 (file)
@@ -24,7 +24,8 @@
  */
 
 [
-    Conditional=SCRIPTED_SPEECH
+    Conditional=SCRIPTED_SPEECH,
+    ImplementationLacksVTable
 ] interface SpeechRecognitionAlternative {
     readonly attribute DOMString transcript;
     readonly attribute float confidence;
index b749aed..3ae86c9 100644 (file)
@@ -25,7 +25,8 @@
 
 [
     Conditional=SCRIPTED_SPEECH,
-    IndexedGetter
+    IndexedGetter,
+    ImplementationLacksVTable
 ] interface SpeechRecognitionResult {
     readonly attribute unsigned long length;
     SpeechRecognitionAlternative item(in [IsIndex] unsigned long index);
index 57e3111..09a1b5a 100644 (file)
@@ -25,7 +25,8 @@
 
 [
     Conditional=SCRIPTED_SPEECH,
-    IndexedGetter
+    IndexedGetter,
+    ImplementationLacksVTable
 ] interface SpeechRecognitionResultList {
     readonly attribute unsigned long length;
     SpeechRecognitionResult item(in [IsIndex] unsigned long index);
index abd916d..3c1a644 100644 (file)
@@ -27,7 +27,8 @@
  */
 
 [
-    Conditional=WEB_AUDIO
+    Conditional=WEB_AUDIO,
+    ImplementationLacksVTable
 ] interface AudioBuffer {
     readonly attribute long length; // in sample-frames
     readonly attribute float duration; // in seconds
index bf2600b..c107e3d 100644 (file)
@@ -24,7 +24,8 @@
 
 [
     Conditional=WEB_AUDIO,
-    JSGenerateToJSObject
+    JSGenerateToJSObject,
+    V8SkipVTableValidation
 ] interface AudioDestinationNode : AudioNode {
     readonly attribute long numberOfChannels;
 };
index 8ed8992..fe44dbd 100644 (file)
@@ -27,7 +27,8 @@
  */
 
 [
-    Conditional=WEB_AUDIO
+    Conditional=WEB_AUDIO,
+    ImplementationLacksVTable
 ] interface AudioListener {
     attribute float dopplerFactor;  // same as OpenAL (default 1.0)
     attribute float speedOfSound;   // in meters / second (default 343.3)
index e83ac1c..1981c46 100644 (file)
@@ -27,6 +27,7 @@
  */
 
 [
-    Conditional=WEB_AUDIO
+    Conditional=WEB_AUDIO,
+    ImplementationLacksVTable
 ] interface AudioSourceNode : AudioNode {
 };
index 0174b5e..d153b60 100644 (file)
@@ -24,7 +24,8 @@
 
 // WaveTable represents a periodic audio waveform given by its Fourier coefficients.
 [
-    Conditional=WEB_AUDIO
+    Conditional=WEB_AUDIO,
+    ImplementationLacksVTable
 ] interface WaveTable {
 
 };
index aa27ebf..4803584 100644 (file)
@@ -29,7 +29,8 @@
 [
     Conditional=SQL_DATABASE,
     OmitConstructor,
-    JSNoStaticTables
+    JSNoStaticTables,
+    ImplementationLacksVTable
 ] interface SQLError {
     readonly attribute unsigned long code;
     readonly attribute DOMString message;
index 5282a96..b9511b4 100644 (file)
@@ -31,7 +31,8 @@
 [
     Conditional=SQL_DATABASE,
     JSNoStaticTables,
-    DoNotCheckConstants
+    DoNotCheckConstants,
+    ImplementationLacksVTable
 ] exception SQLException {
     readonly attribute unsigned long code;
     readonly attribute DOMString message;
index 8c80bde..7cc8889 100644 (file)
@@ -29,7 +29,8 @@
 [
     Conditional=SQL_DATABASE,
     OmitConstructor,
-    JSNoStaticTables
+    JSNoStaticTables,
+    ImplementationLacksVTable
 ] interface SQLResultSet {
     readonly attribute SQLResultSetRowList rows;
 
index a6dddaa..305855d 100644 (file)
@@ -29,7 +29,8 @@
 [
     Conditional=SQL_DATABASE,
     OmitConstructor,
-    JSNoStaticTables
+    JSNoStaticTables,
+    ImplementationLacksVTable
 ] interface SQLResultSetRowList {
     readonly attribute unsigned long length;
     [Custom] DOMObject item(in unsigned long index);
index 406fea9..4d4df17 100644 (file)
@@ -29,7 +29,8 @@
 [
     Conditional=SQL_DATABASE,
     OmitConstructor,
-    JSNoStaticTables
+    JSNoStaticTables,
+    ImplementationLacksVTable
 ] interface SQLTransaction {
     [Custom] void executeSql(in DOMString sqlStatement,
                              in ObjectArray arguments,
index f4072c6..1fe8a17 100644 (file)
@@ -31,7 +31,8 @@
 [
     Conditional=SQL_DATABASE,
     OmitConstructor,
-    JSNoStaticTables
+    JSNoStaticTables,
+    ImplementationLacksVTable
 ] interface SQLTransactionSync {
     [Custom] SQLResultSet executeSql(in DOMString sqlStatement, in ObjectArray arguments);
 };
index caca217..524e229 100644 (file)
@@ -2614,6 +2614,9 @@ sub GenerateImplementation
     my $visibleInterfaceName = $codeGenerator->GetVisibleInterfaceName($interface);
     my $v8InterfaceName = "V8$interfaceName";
     my $nativeType = GetNativeTypeForConversions($interface);
+    my $vtableNameGnu = GetGnuVTableNameForInterface($interface);
+    my $vtableRefGnu = GetGnuVTableRefForInterface($interface);
+    my $vtableRefWin = GetWinVTableRefForInterface($interface);
 
     # - Add default header template
     push(@implContentHeader, GenerateImplementationContentHeader($interface));
@@ -2640,7 +2643,39 @@ sub GenerateImplementation
         $parentClassTemplate = $parentClass . "::GetTemplate()";
         last;
     }
+
+    push(@implContentDecls, <<END) if $vtableNameGnu;
+#if ENABLE(BINDING_INTEGRITY)
+#if defined(OS_WIN)
+#pragma warning(disable: 4483)
+extern "C" { extern void (*const ${vtableRefWin}[])(); }
+#else
+extern "C" { extern void* ${vtableNameGnu}[]; }
+#endif
+#endif // ENABLE(BINDING_INTEGRITY)
+
+END
+
     push(@implContentDecls, "namespace WebCore {\n\n");
+
+    push(@implContentDecls, <<END) if $vtableNameGnu;
+#if ENABLE(BINDING_INTEGRITY)
+inline void checkTypeOrDieTrying(${nativeType}* object)
+{
+    void* actualVTablePointer = *(reinterpret_cast<void**>(object));
+#if defined(OS_WIN)
+    void* expectedVTablePointer = reinterpret_cast<void*>(${vtableRefWin});
+#else
+    void* expectedVTablePointer = ${vtableRefGnu};
+#endif
+    if (actualVTablePointer != expectedVTablePointer)
+        CRASH();
+}
+#endif // ENABLE(BINDING_INTEGRITY)
+
+END
+
+
     my $parentClassInfo = $parentClass ? "&${parentClass}::info" : "0";
 
     my $WrapperTypePrototype = $interface->isException ? "WrapperTypeErrorPrototype" : "WrapperTypeObjectPrototype";
@@ -3466,6 +3501,8 @@ sub GenerateToV8Converters
         return;
     }
 
+    AddToImplIncludes("Frame.h");
+
     my $createWrapperArgumentType = GetPassRefPtrType($nativeType);
     my $baseType = BaseInterfaceName($interface);
 
@@ -3476,13 +3513,18 @@ v8::Handle<v8::Object> ${v8InterfaceName}::createWrapper(${createWrapperArgument
     ASSERT(impl.get());
     ASSERT(DOMDataStore::getWrapper(impl.get(), isolate).IsEmpty());
 END
-    if ($baseType ne $interfaceName) {
-        push(@implContent, <<END);
-    ASSERT(static_cast<void*>(static_cast<${baseType}*>(impl.get())) == static_cast<void*>(impl.get()));
+
+    my $vtableNameGnu = GetGnuVTableNameForInterface($interface);
+    push(@implContent, <<END) if $vtableNameGnu;
+
+#if ENABLE(BINDING_INTEGRITY)
+    checkTypeOrDieTrying(impl.get());
+#endif
 END
-    }
 
-    AddToImplIncludes("Frame.h");
+    push(@implContent, <<END) if ($baseType ne $interfaceName);
+    ASSERT(static_cast<void*>(static_cast<${baseType}*>(impl.get())) == static_cast<void*>(impl.get()));
+END
 
     if ($codeGenerator->InheritsInterface($interface, "Document")) {
         push(@implContent, <<END);
@@ -3516,9 +3558,121 @@ sub GetNativeTypeForConversions
 {
     my $interface = shift;
     my $interfaceName = $interface->name;
-
     $interfaceName = $codeGenerator->GetSVGTypeNeedingTearOff($interfaceName) if $codeGenerator->IsSVGTypeNeedingTearOff($interfaceName);
-    return $interfaceName;;
+    return $interfaceName;
+}
+
+# See http://refspecs.linux-foundation.org/cxxabi-1.83.html.
+sub GetGnuVTableRefForInterface
+{
+    my $interface = shift;
+    my $vtableName = GetGnuVTableNameForInterface($interface);
+    if (!$vtableName) {
+        return "0";
+    }
+    my $typename = GetNativeTypeForConversions($interface);
+    my $offset = GetGnuVTableOffsetForType($typename);
+    return "&" . $vtableName . "[" . $offset . "]";
+}
+
+sub GetGnuVTableNameForInterface
+{
+    my $interface = shift;
+    my $typename = GetNativeTypeForConversions($interface);
+    my $templatePosition = index($typename, "<");
+    return "" if $templatePosition != -1;
+    return "" if GetImplementationLacksVTableForInterface($interface);
+    return "" if GetV8SkipVTableValidationForInterface($interface);
+    return "_ZTV" . GetGnuMangledNameForInterface($interface);
+}
+
+sub GetGnuMangledNameForInterface
+{
+    my $interface = shift;
+    my $typename = GetNativeTypeForConversions($interface);
+    my $templatePosition = index($typename, "<");
+    if ($templatePosition != -1) {
+        return "";
+    }
+    my $mangledType = length($typename) . $typename;
+    my $namespace = GetNamespaceForInterface($interface);
+    my $mangledNamespace =  "N" . length($namespace) . $namespace;
+    return $mangledNamespace . $mangledType . "E";
+}
+
+sub GetGnuVTableOffsetForType
+{
+    my $typename = shift;
+    if ($typename eq "SVGAElement"
+        || $typename eq "SVGCircleElement"
+        || $typename eq "SVGClipPathElement"
+        || $typename eq "SVGDefsElement"
+        || $typename eq "SVGEllipseElement"
+        || $typename eq "SVGForeignObjectElement"
+        || $typename eq "SVGGElement"
+        || $typename eq "SVGImageElement"
+        || $typename eq "SVGLineElement"
+        || $typename eq "SVGPathElement"
+        || $typename eq "SVGPolyElement"
+        || $typename eq "SVGPolygonElement"
+        || $typename eq "SVGPolylineElement"
+        || $typename eq "SVGRectElement"
+        || $typename eq "SVGSVGElement"
+        || $typename eq "SVGStyledLocatableElement"
+        || $typename eq "SVGStyledTransformableElement"
+        || $typename eq "SVGSwitchElement"
+        || $typename eq "SVGTextElement"
+        || $typename eq "SVGTransformable"
+        || $typename eq "SVGUseElement") {
+        return "3";
+    }
+    return "2";
+}
+
+# See http://en.wikipedia.org/wiki/Microsoft_Visual_C%2B%2B_Name_Mangling.
+sub GetWinVTableRefForInterface
+{
+    my $interface = shift;
+    my $vtableName = GetWinVTableNameForInterface($interface);
+    return 0 if !$vtableName;
+    return "__identifier(\"" . $vtableName . "\")";
+}
+
+sub GetWinVTableNameForInterface
+{
+    my $interface = shift;
+    my $typename = GetNativeTypeForConversions($interface);
+    my $templatePosition = index($typename, "<");
+    return "" if $templatePosition != -1;
+    return "" if GetImplementationLacksVTableForInterface($interface);
+    return "" if GetV8SkipVTableValidationForInterface($interface);
+    return "??_7" . GetWinMangledNameForInterface($interface) . "6B@";
+}
+
+sub GetWinMangledNameForInterface
+{
+    my $interface = shift;
+    my $typename = GetNativeTypeForConversions($interface);
+    my $namespace = GetNamespaceForInterface($interface);
+    return $typename . "@" . $namespace . "@@";
+}
+
+sub GetNamespaceForInterface
+{
+    my $interface = shift;
+    return $interface->extendedAttributes->{"ImplementationNamespace"} || "WebCore";
+}
+
+sub GetImplementationLacksVTableForInterface
+{
+    my $interface = shift;
+    return $interface->extendedAttributes->{"ImplementationLacksVTable"};
+}
+
+sub GetV8SkipVTableValidationForInterface
+{
+    my $interface = shift;
+    return $interface->extendedAttributes->{"V8SkipVTableValidation"};
 }
 
 sub GenerateFunctionCallString()
index 705443e..c63644f 100644 (file)
@@ -56,6 +56,8 @@ EventTarget
 ExtendsDOMGlobalObject
 GenerateIsReachable=ImplDocument|ImplElementRoot|ImplOwnerNodeRoot
 Immutable
+ImplementationLacksVTable
+ImplementationNamespace=*
 ImplementedAs=*
 IndexedGetter
 InitializedByEventConstructor
@@ -125,4 +127,5 @@ V8GenerateIsReachable=ImplDocument|ImplElementRoot|ImplOwnerRoot|ImplOwnerNodeRo
 V8NoWrapperCache
 V8MeasureAs=*
 V8ReadOnly
+V8SkipVTableValidation
 V8Unforgeable
index f64cb47..60fe46e 100644 (file)
@@ -17,7 +17,9 @@
  * Boston, MA 02110-1301, USA.
  */
 
-interface CSSPrimitiveValue : CSSValue {
+[
+    ImplementationLacksVTable
+] interface CSSPrimitiveValue : CSSValue {
 
     // UnitTypes
     const unsigned short CSS_UNKNOWN    = 0;
index 436e951..b8bca3c 100644 (file)
@@ -24,7 +24,8 @@
     JSGenerateIsReachable,
     CustomToJSObject,
     ObjCPolymorphic,
-    V8DependentLifetime
+    V8DependentLifetime,
+    V8SkipVTableValidation
 ] interface CSSRule {
 
     // RuleType
index 02448c0..683b655 100644 (file)
@@ -27,7 +27,8 @@
 [
     JSCustomIsReachable,
     IndexedGetter,
-    V8DependentLifetime
+    V8DependentLifetime,
+    V8SkipVTableValidation
 ] interface CSSRuleList {
     readonly attribute unsigned long    length;
     CSSRule           item(in [Optional=DefaultIsUndefined] unsigned long index);
index 196bfac..1849ed8 100644 (file)
@@ -29,7 +29,8 @@
 #endif
     IndexedGetter,
     CustomEnumerateProperty,
-    V8DependentLifetime
+    V8DependentLifetime,
+    V8SkipVTableValidation
 ] interface CSSStyleDeclaration {
              [TreatReturnedNullStringAs=Null, TreatNullAs=NullString] attribute DOMString        cssText
                  setter raises(DOMException);
index dec3714..b961037 100644 (file)
@@ -23,7 +23,8 @@
     JSCustomIsReachable,
     JSCustomFinalize,
     ObjCPolymorphic,
-    V8DependentLifetime
+    V8DependentLifetime,
+    ImplementationLacksVTable
 ] interface CSSValue {
 
     // UnitTypes
index e96392b..f3c6895 100644 (file)
@@ -25,7 +25,8 @@
 
 // Introduced in DOM Level 2:
 [
-    IndexedGetter
+    IndexedGetter,
+    ImplementationLacksVTable
 ] interface CSSValueList : CSSValue {
     readonly attribute unsigned long    length;
     CSSValue           item(in [Optional=DefaultIsUndefined] unsigned long index);
index c96c708..aff8b56 100644 (file)
@@ -18,7 +18,9 @@
  */
 
 // Introduced in DOM Level 2:
-interface Counter {
+[
+    ImplementationLacksVTable
+] interface Counter {
     readonly attribute DOMString identifier;
     readonly attribute DOMString listStyle;
     readonly attribute DOMString separator;
index 308eaf4..b454d1e 100644 (file)
@@ -26,7 +26,8 @@
 // Introduced in DOM Level 2:
 [
     JSGenerateIsReachable,
-    IndexedGetter
+    IndexedGetter,
+    ImplementationLacksVTable
 ] interface MediaList {
 
              [TreatNullAs=NullString, TreatReturnedNullStringAs=Null] attribute DOMString mediaText
index e22cbd8..b34aa7e 100644 (file)
@@ -16,8 +16,9 @@
  *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
  *  Boston, MA 02110-1301, USA.
  */
-
-interface MediaQueryList {
+[
+    ImplementationLacksVTable
+] interface MediaQueryList {
     readonly attribute DOMString media;
     readonly attribute boolean matches;
     void addListener(in [Optional=DefaultIsUndefined] MediaQueryListListener listener);
index fa2ffc4..16744f4 100644 (file)
@@ -19,7 +19,9 @@
  */
 
 // Introduced in DOM Level 2:
-interface RGBColor {
+[
+    ImplementationLacksVTable
+] interface RGBColor {
     readonly attribute CSSPrimitiveValue  red;
     readonly attribute CSSPrimitiveValue  green;
     readonly attribute CSSPrimitiveValue  blue;
index ffc490c..5013285 100644 (file)
@@ -17,7 +17,9 @@
  * Boston, MA 02110-1301, USA.
  */
 
-interface Rect {
+[
+    ImplementationLacksVTable
+] interface Rect {
     readonly attribute CSSPrimitiveValue  top;
     readonly attribute CSSPrimitiveValue  right;
     readonly attribute CSSPrimitiveValue  bottom;
index 362430e..23df1c6 100644 (file)
@@ -22,7 +22,8 @@
 [
     GenerateIsReachable=ImplDocument,
     IndexedGetter,
-    NamedGetter
+    NamedGetter,
+    ImplementationLacksVTable
 ] interface StyleSheetList {
     readonly attribute unsigned long    length;
     StyleSheet         item(in [Optional=DefaultIsUndefined] unsigned long index);
index e3a2ead..021ffa6 100644 (file)
@@ -26,7 +26,8 @@
 [
         Conditional=CSS_FILTERS,
         IndexedGetter,
-        DoNotCheckConstants
+        DoNotCheckConstants,
+    ImplementationLacksVTable
 ] interface WebKitCSSFilterValue : CSSValueList {
 
     // OperationTypes
index 6026816..3a7c02f 100644 (file)
@@ -29,6 +29,7 @@
 
 [
     Conditional=CSS_SHADERS,
+    ImplementationLacksVTable
 ] interface WebKitCSSMixFunctionValue : CSSValueList {
 };
 
index 5e7aa79..95dbb28 100644 (file)
@@ -28,7 +28,8 @@
 
 [
         IndexedGetter,
-        DoNotCheckConstants
+        DoNotCheckConstants,
+    ImplementationLacksVTable
 ] interface WebKitCSSTransformValue : CSSValueList {
 
     // OperationTypes
index ab5d170..3dc5b03 100644 (file)
@@ -24,7 +24,9 @@
  *
  */
 
-interface ClientRect {
+[
+    ImplementationLacksVTable
+] interface ClientRect {
     readonly attribute float top;
     readonly attribute float right;
     readonly attribute float bottom;
index 93513a4..d5f60ad 100644 (file)
@@ -25,7 +25,8 @@
  */
 
 [
-    IndexedGetter
+    IndexedGetter,
+    ImplementationLacksVTable
 ] interface ClientRectList {
     readonly attribute unsigned long length;
     ClientRect item(in [IsIndex,Optional=DefaultIsUndefined] unsigned long index);
index 43f3aaa..b85235e 100644 (file)
@@ -26,7 +26,9 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-interface Clipboard {
+[
+    V8SkipVTableValidation
+] interface Clipboard {
              [TreatReturnedNullStringAs=Undefined] attribute DOMString dropEffect;
              [TreatReturnedNullStringAs=Undefined] attribute DOMString effectAllowed;
     [CustomGetter] readonly attribute Array types;
index 419202c..2c67f1e 100644 (file)
@@ -29,7 +29,8 @@
 [
     JSNoStaticTables,
     DoNotCheckConstants,
-    InterfaceName=DOMException
+    InterfaceName=DOMException,
+    ImplementationLacksVTable
 ] exception DOMCoreException {
 
     readonly attribute unsigned short   code;
index 7014e84..79a5881 100644 (file)
@@ -25,9 +25,9 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
-
-  interface [
-] DOMError {
+[
+    ImplementationLacksVTable
+] interface  DOMError {
     readonly attribute DOMString name;
   };
 
index 1b92054..7a57cd5 100644 (file)
@@ -20,6 +20,7 @@
 
 [
     GenerateIsReachable=ImplDocument,
+    ImplementationLacksVTable
 ] interface DOMImplementation {
 
     // DOM Level 1
index 86757e8..b546ddc 100644 (file)
@@ -33,7 +33,8 @@
     InterfaceName=WebKitNamedFlowCollection,
     JSGenerateToJSObject,
     IndexedGetter,
-    NamedGetter
+    NamedGetter,
+    ImplementationLacksVTable
 ] interface DOMNamedFlowCollection {
     readonly attribute unsigned long length;
     WebKitNamedFlow item(in unsigned long index);
index aa643e6..6e13b2b 100644 (file)
@@ -26,7 +26,8 @@
 [
     IndexedGetter,
     JSCustomToNativeObject,
-    JSNoStaticTables
+    JSNoStaticTables,
+    ImplementationLacksVTable
 ] interface DOMStringList {
     readonly attribute unsigned long length;
     [TreatReturnedNullStringAs=Null] DOMString item(in [Optional=DefaultIsUndefined] unsigned long index);
index 732ab1c..ff1c4d4 100644 (file)
@@ -28,7 +28,8 @@
     NamedGetter,
     CustomDeleteProperty,
     CustomEnumerateProperty,
-    CustomNamedSetter
+    CustomNamedSetter,
+    V8SkipVTableValidation
 ] interface DOMStringMap {
 };
 
index a66656e..7c33893 100644 (file)
@@ -30,6 +30,7 @@
 
 [
     Conditional=DATA_TRANSFER_ITEMS,
+    ImplementationLacksVTable
 ] interface DataTransferItem {
     readonly attribute DOMString kind;
     readonly attribute DOMString type;
index 67956a1..e65336a 100644 (file)
@@ -35,6 +35,7 @@
 #if defined(V8_BINDING) && V8_BINDING
     CustomDeleteProperty,
 #endif
+    ImplementationLacksVTable
 ] interface DataTransferItemList {
     readonly attribute long length;
     DataTransferItem item(in [Optional=DefaultIsUndefined] unsigned long index);
index bcf035c..191311e 100644 (file)
@@ -17,7 +17,9 @@
  * Boston, MA 02110-1301, USA.
  */
 
-interface DocumentFragment : Node {
+[
+    V8SkipVTableValidation
+] interface DocumentFragment : Node {
     // NodeSelector - Selector API
     Element querySelector(in DOMString selectors)
         raises(DOMException);
index f7d3707..85ac1df 100644 (file)
@@ -21,7 +21,8 @@
 [
     JSGenerateToNativeObject,
     JSInlineGetOwnPropertySlot,
-    V8CustomToJSObject
+    V8CustomToJSObject,
+    V8SkipVTableValidation
 ] interface Element : Node {
 
     // DOM Level 1 Core
index f6c2247..7f5bf4b 100644 (file)
@@ -16,8 +16,9 @@
  * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
  * Boston, MA 02110-1301, USA.
  */
-
-interface Entity : Node {
+[
+    ImplementationLacksVTable
+] interface Entity : Node {
     [TreatReturnedNullStringAs=Null] readonly attribute DOMString publicId;
     [TreatReturnedNullStringAs=Null] readonly attribute DOMString systemId;
     [TreatReturnedNullStringAs=Null] readonly attribute DOMString notationName;
index a9af046..7a75193 100644 (file)
@@ -23,7 +23,8 @@
     CustomToJSObject,
     ConstructorTemplate=Event,
     JSNoStaticTables,
-    ObjCPolymorphic
+    ObjCPolymorphic,
+    V8SkipVTableValidation
 ] interface Event {
 
     // DOM PhaseType
index d9438a1..f97c2aa 100644 (file)
@@ -29,7 +29,8 @@
 // Introduced in DOM Level 2:
 [
     JSNoStaticTables,
-    DoNotCheckConstants
+    DoNotCheckConstants,
+    ImplementationLacksVTable,
 ] exception EventException {
 
     readonly attribute unsigned short   code;
index 00649f7..103014d 100644 (file)
@@ -29,7 +29,8 @@
     CallWith=ScriptExecutionContext,
     V8CustomConstructor,
     JSCustomMarkFunction,
-    JSNoStaticTables
+    JSNoStaticTables,
+    ImplementationLacksVTable
 ] interface MessageChannel {
 
     readonly attribute MessagePort port1;
index 78728cf..bb523fb 100644 (file)
@@ -19,7 +19,8 @@
 
 [
     ConstructorConditional=DOM4_EVENTS_CONSTRUCTOR,
-    ConstructorTemplate=Event
+    ConstructorTemplate=Event,
+    V8SkipVTableValidation
 ] interface MouseEvent : UIEvent {
     [InitializedByEventConstructor] readonly attribute long             screenX;
     [InitializedByEventConstructor] readonly attribute long             screenY;
index bbcd518..d420bbb 100644 (file)
@@ -31,7 +31,8 @@
 [
     CustomConstructor,
     ConstructorParameters=1,
-    JSCustomIsReachable
+    JSCustomIsReachable,
+    ImplementationLacksVTable
 ] interface MutationObserver {
     void observe(in Node target, in Dictionary options)
         raises(DOMException);
index f2813da..bb9ea05 100644 (file)
@@ -28,7 +28,9 @@
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-interface MutationRecord {
+[
+    V8SkipVTableValidation
+] interface MutationRecord {
     readonly attribute DOMString type;
     readonly attribute Node target;
 
index e1791da..5d556a2 100644 (file)
@@ -22,7 +22,8 @@
     GenerateIsReachable=ImplElementRoot,
     IndexedGetter,
     JSCustomMarkFunction,
-    NamedGetter
+    NamedGetter,
+    ImplementationLacksVTable
 ] interface NamedNodeMap {
 
     Node getNamedItem(in [Optional=DefaultIsUndefined] DOMString name);
index abd5ce4..fa1535c 100644 (file)
@@ -23,7 +23,8 @@
     JSCustomMarkFunction,
     JSCustomToNativeObject,
     ObjCProtocol,
-    CPPPureInterface
+    CPPPureInterface,
+    ImplementationLacksVTable
 ] interface NodeFilter {
     // Constants returned by acceptNode
     const short               FILTER_ACCEPT                  = 1;
index b360d05..77259d0 100644 (file)
@@ -20,7 +20,8 @@
 
 // Introduced in DOM Level 2:
 [
-    JSCustomMarkFunction
+    JSCustomMarkFunction,
+    ImplementationLacksVTable
 ] interface NodeIterator {
     readonly attribute Node root;
     readonly attribute unsigned long whatToShow;
index b69ed4d..9a71212 100644 (file)
@@ -22,7 +22,8 @@
     CustomIsReachable,
     IndexedGetter,
     NamedGetter,
-    V8DependentLifetime
+    V8DependentLifetime,
+    V8SkipVTableValidation
 ] interface NodeList {
 
     Node item(in [IsIndex,Optional=DefaultIsUndefined] unsigned long index);
index 05c6e2a..940fc8c 100644 (file)
@@ -19,7 +19,9 @@
  */
 
 // Introduced in DOM Level 2:
-interface Range {
+[
+    ImplementationLacksVTable
+] interface Range {
 
     readonly attribute Node startContainer
         getter raises(DOMException);
index df92b42..7cc310e 100644 (file)
@@ -18,7 +18,8 @@
  */
 
 [
-    DoNotCheckConstants
+    DoNotCheckConstants,
+    ImplementationLacksVTable
 ] exception RangeException {
 
     readonly attribute unsigned short   code;
index 3a50e07..7486c6f 100644 (file)
@@ -24,7 +24,8 @@
  */
 
 [
-    Conditional=TOUCH_EVENTS
+    Conditional=TOUCH_EVENTS,
+    ImplementationLacksVTable
 ] interface Touch {
     readonly attribute long             clientX;
     readonly attribute long             clientY;
index f66c6cc..0ec3b0d 100644 (file)
@@ -25,7 +25,8 @@
 
 [
     Conditional=TOUCH_EVENTS,
-    IndexedGetter
+    IndexedGetter,
+    ImplementationLacksVTable
 ] interface TouchList {
     readonly attribute unsigned long length;
 
index 52cf98f..4d4bf18 100644 (file)
@@ -20,7 +20,8 @@
 
 // Introduced in DOM Level 2:
 [
-    JSCustomMarkFunction
+    JSCustomMarkFunction,
+    ImplementationLacksVTable
 ] interface TreeWalker {
     readonly attribute Node root;
     readonly attribute unsigned long whatToShow;
index 70a2768..c588100 100644 (file)
@@ -30,7 +30,8 @@
 
 [
     Conditional=BLOB|FILE_SYSTEM,
-    JSNoStaticTables
+    JSNoStaticTables,
+    ImplementationLacksVTable
 ] interface FileError {
 #if !defined(LANGUAGE_OBJECTIVE_C)
     // FIXME: Some of constant names are already defined in DOMException.h for Objective-C binding and we cannot have the same names here (they are translated into a enum in the same namespace).
index 6059d22..4e3e0ab 100644 (file)
@@ -31,7 +31,8 @@
 [
     Conditional=BLOB|FILE_SYSTEM,
     DoNotCheckConstants,
-    JSNoStaticTables
+    JSNoStaticTables,
+    ImplementationLacksVTable
 ] exception FileException {
 
     readonly attribute unsigned short   code;
index 6b790f7..9e8ef50 100644 (file)
@@ -25,7 +25,8 @@
 
 [
     IndexedGetter,
-    JSNoStaticTables
+    JSNoStaticTables,
+    ImplementationLacksVTable
 ] interface FileList {
     readonly attribute unsigned long length;
     File item(in unsigned long index);
index cf16bab..10febe9 100644 (file)
@@ -33,7 +33,8 @@
     ConstructorParameters=1,
     JSGenerateToNativeObject,
     JSGenerateToJSObject,
-    InterfaceName=FormData
+    InterfaceName=FormData,
+    ImplementationLacksVTable
 ] interface DOMFormData {
     // void append(DOMString name, DOMString value);
     // void append(DOMString name, Blob value, optional DOMString filename);
index 959a8ee..5689dfa 100644 (file)
@@ -24,7 +24,8 @@
 
 [
     GenerateIsReachable=ImplElementRoot,
-    IndexedGetter
+    IndexedGetter,
+    V8SkipVTableValidation
 ] interface DOMTokenList {
     readonly attribute unsigned long length;
     [TreatReturnedNullStringAs=Null] DOMString item(in unsigned long index);
index a90443f..f21c2d1 100644 (file)
@@ -30,7 +30,8 @@
     JSGenerateToNativeObject,
     JSGenerateToJSObject,
     JSNoStaticTables,
-    InterfaceName=URL
+    InterfaceName=URL,
+    ImplementationLacksVTable
 ] interface DOMURL {
 #if defined(ENABLE_MEDIA_SOURCE) && ENABLE_MEDIA_SOURCE
     [CallWith=ScriptExecutionContext,TreatReturnedNullStringAs=Null] static DOMString createObjectURL(in MediaSource? source);
index 4d714fb..8a8840e 100644 (file)
@@ -29,7 +29,8 @@
     CustomCall,
     MasqueradesAsUndefined,
     GenerateIsReachable=ImplOwnerNodeRoot,
-    V8DependentLifetime
+    V8DependentLifetime,
+    V8SkipVTableValidation
 ] interface HTMLAllCollection {
     readonly attribute unsigned long length;
     [Custom] Node item(in [Optional=DefaultIsUndefined] unsigned long index);
index d38a704..dd5acbc 100644 (file)
@@ -24,7 +24,8 @@
     CustomToJSObject,
     GenerateIsReachable=ImplOwnerNodeRoot,
     V8DependentLifetime,
-    ObjCPolymorphic
+    ObjCPolymorphic,
+    V8SkipVTableValidation
 ] interface HTMLCollection {
     readonly attribute unsigned long length;
     Node item(in [Optional=DefaultIsUndefined] unsigned long index);
index a6df0c7..edc2ac2 100644 (file)
@@ -24,7 +24,8 @@
  */
 
 [
-    Conditional=DIALOG_ELEMENT
+    Conditional=DIALOG_ELEMENT,
+    V8SkipVTableValidation
 ] interface HTMLDialogElement : HTMLElement {
     [Reflect] attribute boolean open;
     void close() raises(DOMException);
index 40c8db4..5dd9acd 100644 (file)
@@ -17,7 +17,9 @@
  * Boston, MA 02110-1301, USA.
  */
 
-interface HTMLDivElement : HTMLElement {
+[
+    V8SkipVTableValidation
+] interface HTMLDivElement : HTMLElement {
     [Reflect] attribute DOMString align;
 };
 
index 3d8050a..25f0a5c 100644 (file)
@@ -20,7 +20,8 @@
 
 [
     CustomNamedGetter,
-    V8CustomToJSObject
+    V8CustomToJSObject,
+    V8SkipVTableValidation
 ] interface HTMLDocument : Document {
     [JSCustom, V8Custom] void open();
     void close();
index d3206f2..1e035dd 100644 (file)
@@ -21,7 +21,8 @@
 [
     JSGenerateToNativeObject,
     JSCustomPushEventHandlerScope,
-    V8CustomToJSObject
+    V8CustomToJSObject,
+    V8SkipVTableValidation
 ] interface HTMLElement : Element {
              // iht.com relies on id returning the empty string when no id is present. 
              // Other browsers do this as well. So we don't convert null to JS null.
index ce1ea17..5ef7cde 100644 (file)
@@ -19,7 +19,8 @@
  */
 
 [
-    JSGenerateToNativeObject
+    JSGenerateToNativeObject,
+    V8SkipVTableValidation
 ] interface HTMLImageElement : HTMLElement {
     [Reflect] attribute DOMString name;
     [Reflect] attribute DOMString align;
index fa416a0..2e03551 100644 (file)
@@ -19,7 +19,9 @@
  * Boston, MA 02110-1301, USA.
  */
 
-interface HTMLInputElement : HTMLElement {
+[
+    V8SkipVTableValidation
+] interface HTMLInputElement : HTMLElement {
     [Reflect] attribute DOMString accept;
     [Reflect] attribute DOMString alt;
     [Reflect] attribute DOMString autocomplete;
index ac7f989..3d06bc9 100644 (file)
@@ -20,7 +20,8 @@
 
 [
     IndexedGetter,
-    CustomIndexedSetter
+    CustomIndexedSetter,
+    V8SkipVTableValidation
 ] interface HTMLSelectElement : HTMLElement {
     attribute [Reflect] boolean autofocus;
     attribute [Reflect] boolean disabled;
index e47cfd7..5924757 100644 (file)
@@ -24,6 +24,8 @@
  */
 
 // http://www.whatwg.org/specs/web-apps/current-work/#htmlspanelement
-interface HTMLSpanElement : HTMLElement {
+[
+    V8SkipVTableValidation
+] interface HTMLSpanElement : HTMLElement {
 };
 
index fe1ca9e..28e04c1 100644 (file)
@@ -26,7 +26,8 @@
  * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
-
-interface HTMLUnknownElement : HTMLElement {
+[
+    V8SkipVTableValidation
+] interface HTMLUnknownElement : HTMLElement {
 };
 
index ca3195f..44102a1 100644 (file)
@@ -27,7 +27,8 @@
  */
 
 [
-    CustomToJSObject
+    CustomToJSObject,
+    ImplementationLacksVTable
 ] interface ImageData {
     readonly attribute long width;
     readonly attribute long height;
index 95e7c84..e2cd271 100644 (file)
@@ -24,7 +24,8 @@
  */
 
 [
-    Conditional=VIDEO
+    Conditional=VIDEO,
+    ImplementationLacksVTable
 ] interface MediaError {
       const unsigned short MEDIA_ERR_ABORTED = 1;
       const unsigned short MEDIA_ERR_NETWORK = 2;
index 5877d52..f7279d3 100644 (file)
@@ -26,6 +26,7 @@
 [
     Conditional=ENCRYPTED_MEDIA,
     V8EnabledAtRuntime=encryptedMedia, 
+    ImplementationLacksVTable
 ] interface MediaKeyError {
     const unsigned short MEDIA_KEYERR_UNKNOWN = 1;
     const unsigned short MEDIA_KEYERR_CLIENT = 2;
index 97cd461..61da093 100644 (file)
@@ -24,7 +24,8 @@
  */
 
 [
-    Conditional=VIDEO
+    Conditional=VIDEO,
+    ImplementationLacksVTable
 ] interface TimeRanges {
     readonly attribute unsigned long length;
     float start(in unsigned long index)
index 170c45e..069e7b5 100644 (file)
@@ -21,7 +21,8 @@
  */
 
 [
-    OmitConstructor
+    OmitConstructor,
+    ImplementationLacksVTable
 ] interface ValidityState {
     readonly attribute boolean         valueMissing;
     readonly attribute boolean         typeMismatch;
index b3f013b..8a13001 100644 (file)
@@ -27,7 +27,9 @@
     JSGenerateIsReachable=Impl,
     CustomConstructor,
     ConstructorParameters=1,
-    JSNoStaticTables
+    JSNoStaticTables,
+    ImplementationNamespace=WTF,
+    ImplementationLacksVTable
 ] interface ArrayBuffer {
     readonly attribute unsigned long byteLength;
     ArrayBuffer slice(in long begin, in [Optional] long end);
index dac3812..3d6fae2 100644 (file)
@@ -25,7 +25,8 @@
 
 [
     CustomToJSObject,
-    JSNoStaticTables
+    JSNoStaticTables,
+    ImplementationNamespace=WTF
 ] interface ArrayBufferView {
     readonly attribute ArrayBuffer buffer;
     readonly attribute unsigned long byteOffset;
index f35a68b..17580c8 100644 (file)
@@ -22,8 +22,9 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
  */
-
-interface CanvasGradient {
+[
+    ImplementationLacksVTable
+] interface CanvasGradient {
 
     void addColorStop(in [Optional=DefaultIsUndefined] float offset, 
                       in [Optional=DefaultIsUndefined] DOMString color)
index 7bcab17..4ded936 100644 (file)
@@ -22,7 +22,8 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
  */
-
-interface CanvasPattern {
+[
+    ImplementationLacksVTable
+] interface CanvasPattern {
 };
 
index e37f42d..5b466c2 100644 (file)
@@ -33,7 +33,8 @@
     JSNoStaticTables,
     CustomToJSObject,
     DoNotCheckConstants,
-    TypedArray=float
+    TypedArray=float,
+    ImplementationNamespace=WTF
 ] interface Float32Array : ArrayBufferView {
     const unsigned long BYTES_PER_ELEMENT = 4;
 
index 0b938b5..0f3a513 100644 (file)
@@ -33,7 +33,8 @@
     JSNoStaticTables,
     CustomToJSObject,
     DoNotCheckConstants,
-    TypedArray=double
+    TypedArray=double,
+    ImplementationNamespace=WTF
 ] interface Float64Array : ArrayBufferView {
     const unsigned long BYTES_PER_ELEMENT = 8;
 
index 07789d3..44e23f5 100644 (file)
@@ -32,7 +32,8 @@
     JSNoStaticTables,
     CustomToJSObject,
     DoNotCheckConstants,
-    TypedArray=short
+    TypedArray=short,
+    ImplementationNamespace=WTF
 ] interface Int16Array : ArrayBufferView {
     const unsigned long BYTES_PER_ELEMENT = 2;
 
index 6ef836a..141cbd0 100644 (file)
@@ -33,7 +33,8 @@
     JSNoStaticTables,
     CustomToJSObject,
     DoNotCheckConstants,
-    TypedArray=int
+    TypedArray=int,
+    ImplementationNamespace=WTF
 ] interface Int32Array : ArrayBufferView {
     const unsigned long BYTES_PER_ELEMENT = 4;
 
index 8b38ca3..1e2c990 100644 (file)
@@ -33,7 +33,8 @@
     JSNoStaticTables,
     CustomToJSObject,
     DoNotCheckConstants,
-    TypedArray=signed char
+    TypedArray=signed char,
+    ImplementationNamespace=WTF
 ] interface Int8Array : ArrayBufferView {
     const unsigned long BYTES_PER_ELEMENT = 1;
 
index 4e08022..efa0b59 100644 (file)
@@ -33,7 +33,8 @@
     JSNoStaticTables,
     CustomToJSObject,
     DoNotCheckConstants,
-    TypedArray=unsigned short
+    TypedArray=unsigned short,
+    ImplementationNamespace=WTF
 ] interface Uint16Array : ArrayBufferView {
     const unsigned long BYTES_PER_ELEMENT = 2;
 
index 8d34293..acfd7c6 100644 (file)
@@ -33,7 +33,8 @@
     JSNoStaticTables,
     CustomToJSObject,
     DoNotCheckConstants,
-    TypedArray=unsigned int
+    TypedArray=unsigned int,
+    ImplementationNamespace=WTF
 ] interface Uint32Array : ArrayBufferView {
     const unsigned long BYTES_PER_ELEMENT = 4;
 
index 65d2312..583d6c3 100644 (file)
@@ -33,7 +33,8 @@
     JSNoStaticTables,
     CustomToJSObject,
     DoNotCheckConstants,
-    TypedArray=unsigned char
+    TypedArray=unsigned char,
+    ImplementationNamespace=WTF
 ] interface Uint8Array : ArrayBufferView {
     const unsigned long BYTES_PER_ELEMENT = 1;
 
index efcc98a..4ca932a 100644 (file)
@@ -33,7 +33,8 @@
     JSNoStaticTables,
     CustomToJSObject,
     DoNotCheckConstants,
-    TypedArray=unsigned char
+    TypedArray=unsigned char,
+    ImplementationNamespace=WTF
 ] interface Uint8ClampedArray : Uint8Array {
     const unsigned long BYTES_PER_ELEMENT = 1;
 
index 47789bd..32ff970 100644 (file)
@@ -25,6 +25,7 @@
 
 [
     Conditional=WEBGL,
+    ImplementationLacksVTable
 ] interface WebGLActiveInfo {
     readonly attribute long size;
     readonly attribute unsigned long type;
index a217fcb..b31a58d 100644 (file)
@@ -26,6 +26,7 @@
 
 [
     Conditional=WEBGL,
+    ImplementationLacksVTable
 ] interface WebGLShaderPrecisionFormat {
     readonly attribute long rangeMin;
     readonly attribute long rangeMax;
index 150545c..75da6b3 100644 (file)
@@ -28,7 +28,8 @@
     V8EnabledAtRuntime=webkitVideoTrack,
     EventTarget,
     JSCustomMarkFunction,
-    JSCustomIsReachable
+    JSCustomIsReachable,
+    V8SkipVTableValidation
 ] interface TextTrack {
     readonly attribute DOMString kind;
     readonly attribute DOMString label;
index 3c6af0b..8c20d8a 100644 (file)
@@ -31,7 +31,8 @@
     CallWith=ScriptExecutionContext,
     EventTarget,
     JSCustomMarkFunction,
-    JSCustomIsReachable
+    JSCustomIsReachable,
+    ImplementationLacksVTable
 ] interface TextTrackCue {
     readonly attribute TextTrack track;
 
index dab976c..e51349c 100644 (file)
@@ -26,7 +26,8 @@
 [
     Conditional=VIDEO_TRACK,
     V8EnabledAtRuntime=webkitVideoTrack,
-    IndexedGetter
+    IndexedGetter,
+    ImplementationLacksVTable
 ] interface TextTrackCueList {
     readonly attribute unsigned long length;
     TextTrackCue item(in unsigned long index);
index 883b5ff..d37a1b8 100644 (file)
@@ -31,7 +31,8 @@
  */
 
 [
-    Conditional=INSPECTOR
+    Conditional=INSPECTOR,
+    ImplementationLacksVTable
 ] interface InjectedScriptHost {
     void clearConsoleMessages();
 
index 36f1c5b..3a63c09 100644 (file)
@@ -31,7 +31,8 @@
  */
 
 [
-    Conditional=INSPECTOR
+    Conditional=INSPECTOR,
+    ImplementationLacksVTable
 ] interface InspectorFrontendHost {
     void loaded();
     void closeWindow();
index 17011e4..3c1d31d 100644 (file)
@@ -26,7 +26,8 @@
 [
     Conditional=JAVASCRIPT_DEBUGGER,
     OmitConstructor,
-    DoNotCheckConstants
+    DoNotCheckConstants,
+    ImplementationLacksVTable
 ] interface JavaScriptCallFrame {
 
     // Scope type
index cccba22..dc64a60 100644 (file)
@@ -24,7 +24,8 @@
  */
 
 [
-    OmitConstructor
+    OmitConstructor,
+    ImplementationLacksVTable
 ] interface Coordinates {
     readonly attribute double latitude;
     readonly attribute double longitude;
index 5bec37a..9d848ae 100644 (file)
@@ -27,7 +27,8 @@
  */
 
 [
-    OmitConstructor
+    OmitConstructor,
+    ImplementationLacksVTable
 ] interface Crypto {
     [Custom] ArrayBufferView getRandomValues(in ArrayBufferView array) raises(DOMException);
 };
index df50b48..4e31749 100644 (file)
@@ -29,7 +29,8 @@
  */
 
 [
-    OmitConstructor
+    OmitConstructor,
+    ImplementationLacksVTable
 ] interface MemoryInfo {
 
     readonly attribute unsigned long totalJSHeapSize;
index 6050936..03f4728 100644 (file)
@@ -29,7 +29,8 @@
  */
 
 [
-    Conditional=PAGE_POPUP
+    Conditional=PAGE_POPUP,
+    ImplementationLacksVTable
 ] interface PagePopupController {
     void setValueAndClosePopup(in long numberValue, in DOMString stringValue);
     DOMString localizeNumberString(in DOMString numberString);
index 9226541..56f5150 100644 (file)
@@ -33,7 +33,8 @@
     Conditional=WEB_TIMING,
     Conditional=PERFORMANCE_TIMELINE,
     OmitConstructor,
-    IndexedGetter
+    IndexedGetter,
+    ImplementationLacksVTable
 ] interface PerformanceEntryList {
     readonly attribute unsigned long length;
     PerformanceEntry item(in unsigned long index);
index ee17270..2f09cb0 100644 (file)
@@ -25,6 +25,7 @@
 
 [
     Conditional=INPUT_SPEECH,
+    ImplementationLacksVTable
 ] interface SpeechInputResult {
     readonly attribute DOMString utterance;
     readonly attribute float confidence;
index 79357cd..fa82ade 100644 (file)
@@ -25,7 +25,8 @@
 
 [
     IndexedGetter,
-    Conditional=INPUT_SPEECH
+    Conditional=INPUT_SPEECH,
+    ImplementationLacksVTable
 ] interface SpeechInputResultList {
     readonly attribute unsigned long length;
     SpeechInputResult item(in [IsIndex] unsigned long index);
index 7034eb4..793b849 100644 (file)
@@ -25,7 +25,8 @@
 
 [
     CustomConstructor,
-    ConstructorParameters=2
+    ConstructorParameters=2,
+    ImplementationLacksVTable
 ] interface WebKitPoint {
     attribute float x;
     attribute float y;
index 3e96104..40dac7f 100644 (file)
@@ -24,7 +24,8 @@
  */
 
 [
-    Conditional=SVG
+    Conditional=SVG,
+    ImplementationLacksVTable
 ] interface SVGAnimatedAngle {
     readonly attribute SVGAngle baseVal;
     readonly attribute SVGAngle animVal;
index e50521b..c79350c 100644 (file)
@@ -24,7 +24,8 @@
  */
 
 [
-    Conditional=SVG
+    Conditional=SVG,
+    ImplementationLacksVTable
 ] interface SVGAnimatedBoolean {
     [StrictTypeChecking] attribute boolean baseVal
         setter raises(DOMException);
index 6b90981..2c7de45 100644 (file)
@@ -24,7 +24,8 @@
  */
 
 [
-    Conditional=SVG
+    Conditional=SVG,
+    ImplementationLacksVTable
 ] interface SVGAnimatedEnumeration {
     [StrictTypeChecking] attribute unsigned short baseVal
         setter raises(DOMException);
index ecabce7..b89de0e 100644 (file)
@@ -24,7 +24,8 @@
  */
 
 [
-    Conditional=SVG
+    Conditional=SVG,
+    ImplementationLacksVTable
 ] interface SVGAnimatedInteger {
     [StrictTypeChecking] attribute long baseVal
         setter raises(DOMException);
index 241aaad..7abba37 100644 (file)
@@ -24,7 +24,8 @@
  */
 
 [
-    Conditional=SVG
+    Conditional=SVG,
+    ImplementationLacksVTable
 ] interface SVGAnimatedLength {
     readonly attribute SVGLength baseVal;
     readonly attribute SVGLength animVal;
index 934748a..cfb3c91 100644 (file)
@@ -24,7 +24,8 @@
  */
 
 [
-    Conditional=SVG
+    Conditional=SVG,
+    ImplementationLacksVTable
 ] interface SVGAnimatedLengthList {
     readonly attribute SVGLengthList baseVal;
     readonly attribute SVGLengthList animVal;
index ab770f9..ee346c2 100644 (file)
@@ -25,7 +25,8 @@
  */
 
 [
-    Conditional=SVG
+    Conditional=SVG,
+    ImplementationLacksVTable
 ] interface SVGAnimatedNumber {
     [StrictTypeChecking] attribute float baseVal
         setter raises(DOMException);
index b912780..f7cbfb7 100644 (file)
@@ -24,7 +24,8 @@
  */
 
 [
-    Conditional=SVG
+    Conditional=SVG,
+    ImplementationLacksVTable
 ] interface SVGAnimatedNumberList {
     readonly attribute SVGNumberList baseVal;
     readonly attribute SVGNumberList animVal;
index a84c02d..f6b89dd 100644 (file)
@@ -24,7 +24,8 @@
  */
 
 [
-    Conditional=SVG
+    Conditional=SVG,
+    ImplementationLacksVTable
 ] interface SVGAnimatedPreserveAspectRatio {
     readonly attribute SVGPreserveAspectRatio baseVal;
     readonly attribute SVGPreserveAspectRatio animVal;
index 99e9a62..6be752e 100644 (file)
@@ -24,7 +24,8 @@
  */
 
 [
-    Conditional=SVG
+    Conditional=SVG,
+    ImplementationLacksVTable
 ] interface SVGAnimatedRect {
     readonly attribute SVGRect baseVal;
     readonly attribute SVGRect animVal;
index 10838b4..60ccd49 100644 (file)
@@ -24,7 +24,8 @@
  */
 
 [
-    Conditional=SVG
+    Conditional=SVG,
+    ImplementationLacksVTable
 ] interface SVGAnimatedString {
     attribute DOMString baseVal
         setter raises(DOMException);
index 4ce7240..0f2f46f 100644 (file)
@@ -24,7 +24,8 @@
  */
 
 [
-    Conditional=SVG
+    Conditional=SVG,
+    ImplementationLacksVTable
 ] interface SVGAnimatedTransformList {
     readonly attribute SVGTransformList baseVal;
     readonly attribute SVGTransformList animVal;
index e7a5328..13943b1 100644 (file)
@@ -20,7 +20,8 @@
  */
 
 [
-    Conditional=SVG
+    Conditional=SVG,
+    ImplementationLacksVTable
 ] interface SVGColor : CSSValue {
     const unsigned short SVG_COLORTYPE_UNKNOWN = 0;
     const unsigned short SVG_COLORTYPE_RGBCOLOR = 1;
index 4745115..7b28b28 100644 (file)
@@ -20,7 +20,8 @@
 
 [
     Conditional=SVG,
-    DoNotCheckConstants
+    DoNotCheckConstants,
+    ImplementationLacksVTable
 ] exception SVGException {
 
     readonly attribute unsigned short   code;
index fa7dc9d..173679b 100644 (file)
@@ -24,7 +24,8 @@
  */
 
 [
-    Conditional=SVG
+    Conditional=SVG,
+    ImplementationLacksVTable
 ] interface SVGPaint : SVGColor {
     const unsigned short SVG_PAINTTYPE_UNKNOWN = 0;
     const unsigned short SVG_PAINTTYPE_RGBCOLOR = 1;
index 1f8491f..e277b37 100644 (file)
@@ -27,7 +27,8 @@
 [
     Conditional=SVG,
     CustomToJSObject,
-    ObjCPolymorphic
+    ObjCPolymorphic,
+    ImplementationLacksVTable
 ] interface SVGPathSeg {
     // Path Segment Types
     const unsigned short PATHSEG_UNKNOWN = 0;
index 1b2375f..708f7a1 100644 (file)
@@ -25,7 +25,8 @@
 
 [
     Conditional=SVG,
-    SuppressToJSObject
+    SuppressToJSObject,
+    ImplementationLacksVTable
 ] interface SVGRenderingIntent {
     // Rendering Intent Types
     const unsigned short RENDERING_INTENT_UNKNOWN               = 0;
index 7498d20..c6c0551 100644 (file)
@@ -25,7 +25,8 @@
 
 [
     Conditional=SVG,
-    SuppressToJSObject
+    SuppressToJSObject,
+    ImplementationLacksVTable
 ] interface SVGUnitTypes {
     // Unit Types
     const unsigned short SVG_UNIT_TYPE_UNKNOWN           = 0;
index 9bcdb6d..594033e 100644 (file)
@@ -27,7 +27,8 @@
 [
     Conditional=SVG,
     ObjCProtocol,
-    SuppressToJSObject
+    SuppressToJSObject,
+    ImplementationLacksVTable
 ] interface SVGZoomAndPan {
     const unsigned short SVG_ZOOMANDPAN_UNKNOWN = 0;
     const unsigned short SVG_ZOOMANDPAN_DISABLE = 1;
index bea9741..249e460 100644 (file)
@@ -24,7 +24,8 @@
  */
 
 [
-    OmitConstructor
+    OmitConstructor,
+    ImplementationLacksVTable
 ] interface MallocStatistics {
     readonly attribute unsigned long reservedVMBytes;
     readonly attribute unsigned long committedVMBytes;
index 1b47181..367d1f7 100644 (file)
@@ -24,7 +24,8 @@
  */
 
 [
-    OmitConstructor
+    OmitConstructor,
+    ImplementationLacksVTable
 ] interface TypeConversions {
     attribute long testLong;
     attribute unsigned long testUnsignedLong;
index d0d22b0..5c9ddfa 100644 (file)
@@ -29,7 +29,8 @@
 [
     Conditional=WORKERS,
     JSGenerateIsReachable=Impl,
-    JSNoStaticTables
+    JSNoStaticTables,
+    ImplementationLacksVTable
 ] interface WorkerLocation {
     readonly attribute DOMString href;
     readonly attribute DOMString protocol;
index 2e67aa5..ece8971 100644 (file)
@@ -18,7 +18,8 @@
  */
 
 [
-    Constructor
+    Constructor,
+    ImplementationLacksVTable
 ] interface DOMParser {
     Document parseFromString(in [Optional=DefaultIsUndefined] DOMString str, 
                              in [Optional=DefaultIsUndefined] DOMString contentType);
index 4114292..540f282 100644 (file)
@@ -28,7 +28,8 @@
 
 [
     JSNoStaticTables,
-    DoNotCheckConstants
+    DoNotCheckConstants,
+    ImplementationLacksVTable
 ] exception XMLHttpRequestException {
 
     readonly attribute unsigned short   code;
index 709fe1d..31ec051 100644 (file)
@@ -19,7 +19,8 @@
  */
 
 [
-    Constructor
+    Constructor,
+    ImplementationLacksVTable
 ] interface XMLSerializer {
     DOMString serializeToString(in [Optional=DefaultIsUndefined] Node node)
         raises(DOMException);
index 6cf4dc0..5ba6ab3 100644 (file)
@@ -18,7 +18,8 @@
  */
 
 [
-    Constructor
+    Constructor,
+    ImplementationLacksVTable
 ] interface XPathEvaluator {
     XPathExpression createExpression(in [Optional=DefaultIsUndefined] DOMString expression,
                                      in [Optional=DefaultIsUndefined] XPathNSResolver resolver)
index 2398187..55879f6 100644 (file)
@@ -27,7 +27,8 @@
  */
 
 [
-    DoNotCheckConstants
+    DoNotCheckConstants,
+    ImplementationLacksVTable
 ] exception XPathException {
 
     readonly attribute unsigned short   code;
index 1f3c8c4..aec35fd 100644 (file)
@@ -17,8 +17,9 @@
  * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
  * Boston, MA 02110-1301, USA.
  */
-
-interface XPathExpression {
+[
+     ImplementationLacksVTable
+] interface XPathExpression {
     [ObjCLegacyUnnamedParameters] XPathResult evaluate(in [Optional=DefaultIsUndefined] Node contextNode, 
                                         in [Optional=DefaultIsUndefined] unsigned short type, 
                                         in [Optional=DefaultIsUndefined] XPathResult inResult)
index 518e1da..0d64f1b 100644 (file)
@@ -20,7 +20,8 @@
 
 [
     ObjCProtocol,
-    OmitConstructor
+    OmitConstructor,
+    V8SkipVTableValidation
 ] interface XPathNSResolver {
     [TreatReturnedNullStringAs=Null] DOMString lookupNamespaceURI(in [Optional=DefaultIsUndefined] DOMString prefix);
 };
index 0c297e0..6fa77c8 100644 (file)
@@ -18,7 +18,8 @@
  */
 
 [
-    JSCustomMarkFunction
+    JSCustomMarkFunction,
+    ImplementationLacksVTable
 ] interface XPathResult {
     const unsigned short ANY_TYPE                       = 0;
     const unsigned short NUMBER_TYPE                    = 1;
index 0914e06..e351659 100644 (file)
@@ -32,7 +32,8 @@
 
 [
     Conditional=XSLT,
-    Constructor
+    Constructor,
+    ImplementationLacksVTable
 ] interface XSLTProcessor {
     
     void importStylesheet(in [Optional=DefaultIsUndefined] Node stylesheet);
index f880d71..0ec3823 100644 (file)
@@ -1,3 +1,13 @@
+2013-01-28  Tom Sepez  <tsepez@chromium.org>
+
+        [v8] Security feature: JavaScript Bindings hardening
+        https://bugs.webkit.org/show_bug.cgi?id=106608
+
+        Reviewed by Adam Barth.
+
+        * features.gypi:
+        Added ENABLE_BINDING_INTEGRITY option.
+
 2013-01-28  Sheriff Bot  <webkit.review.bot@gmail.com>
 
         Unreviewed, rolling out r141006.
index 7e73c75..11921b6 100644 (file)
@@ -34,6 +34,7 @@
     'feature_defines': [
       'ENABLE_3D_PLUGIN=1',
       'ENABLE_BATTERY_STATUS=0',
+      'ENABLE_BINDING_INTEGRITY=0',
       'ENABLE_BLOB=1',
       'ENABLE_BLOB_SLICE=1',
       'ENABLE_CANVAS_PATH=0',