2008-05-30 Maciej Stachowiak <mjs@apple.com>
authormjs@apple.com <mjs@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 30 May 2008 08:15:31 +0000 (08:15 +0000)
committermjs@apple.com <mjs@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 30 May 2008 08:15:31 +0000 (08:15 +0000)
commitb6aa115622e982810ac4a67b8394eb61fabd7fa5
tree6e63b1a50e05bcc955786388196d6712b37eab8a
parentea61d43db595f711b1af373006e48a7ea0af30d3
2008-05-30  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Alexey.

        - speculative fix for "REGRESSION(r34143?): Frequent crash while browsing"
        https://bugs.webkit.org/show_bug.cgi?id=19285

        I'm pretty sure this fixes it but I have not been able to
        reproduce and am unsure if my theory of the bug is right.

        I belive the bug was because JSDOMWindowBase accessed
        JSDOMWindowShell in its destructor to remove itself from a
        hashtable, but GC destructor order is not guaranteed, so the
        hashtable may have been freed already. This patch changes things
        so that a non-GC object (the KJSProxy) does the tracking of live
        window objects for a frame. JSDOMWindowBase can null check the frame
        pointer to verify if it is still good.

        * bindings/js/JSDOMWindowBase.cpp:
        (WebCore::JSDOMWindowBase::~JSDOMWindowBase):
        * bindings/js/JSDOMWindowShell.cpp:
        (WebCore::JSDOMWindowShell::JSDOMWindowShell):
        * bindings/js/JSDOMWindowShell.h:
        (WebCore::JSDOMWindowShell::setWindow):
        * bindings/js/kjs_proxy.cpp:
        (WebCore::KJSProxy::clear):
        (WebCore::KJSProxy::initScript):
        (WebCore::KJSProxy::updateDocument):
        * bindings/js/kjs_proxy.h:
        (WebCore::KJSProxy::clearFormerWindow):
        * page/Frame.cpp:
        (WebCore::Frame::setDocument):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@34257 268f45cc-cd09-0410-ab3c-d52691b4dbfc
WebCore/ChangeLog
WebCore/bindings/js/JSDOMWindowBase.cpp
WebCore/bindings/js/JSDOMWindowShell.cpp
WebCore/bindings/js/JSDOMWindowShell.h
WebCore/bindings/js/kjs_proxy.cpp
WebCore/bindings/js/kjs_proxy.h
WebCore/page/Frame.cpp