2011-05-10 Oliver Hunt <oliver@apple.com>
authoroliver@apple.com <oliver@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 11 May 2011 02:11:56 +0000 (02:11 +0000)
committeroliver@apple.com <oliver@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 11 May 2011 02:11:56 +0000 (02:11 +0000)
        Reviewed by Geoffrey Garen.

        Assertion failure in JSC::Structure::typeInfo when reloading weather.com video page
        https://bugs.webkit.org/show_bug.cgi?id=60580

        The plugin object map was incorrect trying to implement a weak map itself using
        destructors.  Switch to a WeakGCMap and the problem is fixed.

        * WebProcess/Plugins/Netscape/JSNPObject.cpp:
        (WebKit::JSNPObject::~JSNPObject):
        * WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:
        (WebKit::NPRuntimeObjectMap::getOrCreateJSObject):
        (WebKit::NPRuntimeObjectMap::invalidate):
        * WebProcess/Plugins/Netscape/NPRuntimeObjectMap.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@86206 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit2/ChangeLog
Source/WebKit2/WebProcess/Plugins/Netscape/JSNPObject.cpp
Source/WebKit2/WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp
Source/WebKit2/WebProcess/Plugins/Netscape/NPRuntimeObjectMap.h

index 5a5f646..75f18c0 100644 (file)
@@ -1,3 +1,20 @@
+2011-05-10  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoffrey Garen.
+
+        Assertion failure in JSC::Structure::typeInfo when reloading weather.com video page
+        https://bugs.webkit.org/show_bug.cgi?id=60580
+
+        The plugin object map was incorrect trying to implement a weak map itself using
+        destructors.  Switch to a WeakGCMap and the problem is fixed.
+
+        * WebProcess/Plugins/Netscape/JSNPObject.cpp:
+        (WebKit::JSNPObject::~JSNPObject):
+        * WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:
+        (WebKit::NPRuntimeObjectMap::getOrCreateJSObject):
+        (WebKit::NPRuntimeObjectMap::invalidate):
+        * WebProcess/Plugins/Netscape/NPRuntimeObjectMap.h:
+
 2011-05-10  Sam Weinig  <sam@webkit.org>
 
         Reviewed by Dan Bernstein.
index 93f9fc5..f23c83d 100644 (file)
@@ -66,8 +66,6 @@ JSNPObject::~JSNPObject()
 {
     if (!m_npObject)
         return;
-
-    m_objectMap->jsNPObjectDestroyed(this);
     releaseNPObject(m_npObject);
 }
 
index 1cf60d2..21485df 100644 (file)
@@ -99,18 +99,11 @@ JSObject* NPRuntimeObjectMap::getOrCreateJSObject(JSGlobalObject* globalObject,
         return jsNPObject;
 
     JSNPObject* jsNPObject = new (&globalObject->globalData()) JSNPObject(globalObject, this, npObject);
-    m_jsNPObjects.set(npObject, jsNPObject);
+    m_jsNPObjects.set(globalObject->globalData(), npObject, jsNPObject);
 
     return jsNPObject;
 }
 
-void NPRuntimeObjectMap::jsNPObjectDestroyed(JSNPObject* jsNPObject)
-{
-    // Remove the object from the map.
-    ASSERT(m_jsNPObjects.contains(jsNPObject->npObject()));
-    m_jsNPObjects.remove(jsNPObject->npObject());
-}
-
 JSValue NPRuntimeObjectMap::convertNPVariantToJSValue(JSC::ExecState* exec, JSC::JSGlobalObject* globalObject, const NPVariant& variant)
 {
     switch (variant.type) {
@@ -224,13 +217,9 @@ void NPRuntimeObjectMap::invalidate()
     // We shouldn't have any NPJSObjects left now.
     ASSERT(m_npJSObjects.isEmpty());
 
-    Vector<JSNPObject*> jsNPObjects;
-    copyValuesToVector(m_jsNPObjects, jsNPObjects);
-
-    // Invalidate all the JSObjects that wrap NPObjects.
-    for (size_t i = 0; i < jsNPObjects.size(); ++i)
-        jsNPObjects[i]->invalidate();
-
+    WeakGCMap<NPObject*, JSNPObject>::iterator end = m_jsNPObjects.end();
+    for (WeakGCMap<NPObject*, JSNPObject>::iterator ptr = m_jsNPObjects.begin(); ptr != end; ++ptr)
+        ptr.get().second->invalidate();
     m_jsNPObjects.clear();
 }
 
index d13e1fe..01e03ba 100644 (file)
@@ -26,6 +26,7 @@
 #ifndef NPJSObjectWrapperMap_h
 #define NPJSObjectWrapperMap_h
 
+#include <JavaScriptCore/WeakGCMap.h>
 #include <wtf/Forward.h>
 #include <wtf/HashMap.h>
 
@@ -87,7 +88,7 @@ private:
     PluginView* m_pluginView;
 
     HashMap<JSC::JSObject*, NPJSObject*> m_npJSObjects;
-    HashMap<NPObject*, JSNPObject*> m_jsNPObjects;
+    JSC::WeakGCMap<NPObject*, JSNPObject> m_jsNPObjects;
 };
 
 } // namespace WebKit