[JSC] Weak should only accept cell pointees.
authorakling@apple.com <akling@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 11 Sep 2015 09:16:37 +0000 (09:16 +0000)
committerakling@apple.com <akling@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 11 Sep 2015 09:16:37 +0000 (09:16 +0000)
<https://webkit.org/b/148955>

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Since WeakImpls only support pointing to JSCell derived objects,
enforce that at compile time by having the API use JSCell* instead of JSValue.

WeakHandleOwner callbacks now get JSCell& and JSCell*& respectively instead
of wrapping the cell pointer in a Handle<Unknown>.

Also added a static_assert so Weak<T> can't be instantiated with a T that's
not convertible to JSCell.

* API/JSAPIWrapperObject.mm:
(JSAPIWrapperObjectHandleOwner::finalize):
(JSAPIWrapperObjectHandleOwner::isReachableFromOpaqueRoots):
(JSC::JSAPIWrapperObject::finishCreation):
* API/JSManagedValue.mm:
(JSManagedValueHandleOwner::isReachableFromOpaqueRoots):
(JSManagedValueHandleOwner::finalize):
* builtins/BuiltinExecutables.cpp:
(JSC::BuiltinExecutables::finalize):
* builtins/BuiltinExecutables.h:
* heap/Heap.cpp:
(JSC::Heap::addFinalizer):
(JSC::Heap::FinalizerOwner::finalize):
* heap/Heap.h:
* heap/WeakBlock.cpp:
(JSC::WeakBlock::visit):
(JSC::WeakBlock::reap):
* heap/WeakHandleOwner.cpp:
(JSC::WeakHandleOwner::isReachableFromOpaqueRoots):
(JSC::WeakHandleOwner::finalize):
* heap/WeakHandleOwner.h:
* heap/WeakImpl.h:
(JSC::WeakImpl::WeakImpl):
(JSC::WeakImpl::state):
(JSC::WeakImpl::cell):
(JSC::WeakImpl::asWeakImpl):
(JSC::WeakImpl::jsValue): Deleted.
* heap/WeakInlines.h:
(JSC::Weak<T>::Weak):
(JSC::>):
(JSC::Weak<T>::operator):
(JSC::Weak<T>::get):
(JSC::Weak<T>::was):
* heap/WeakSet.h:
* heap/WeakSetInlines.h:
(JSC::WeakSet::allocate):
(JSC::WeakBlock::finalize):
* jit/JITThunks.cpp:
(JSC::JITThunks::finalize):
* jit/JITThunks.h:
* jsc.cpp:
(WTF::ElementHandleOwner::isReachableFromOpaqueRoots): Deleted.
* runtime/JSCell.h:
(JSC::jsCast):
* runtime/RegExpCache.cpp:
(JSC::RegExpCache::finalize):
* runtime/RegExpCache.h:
* runtime/Structure.cpp:
(JSC::StructureTransitionTable::singleTransition):
(JSC::StructureTransitionTable::setSingleTransition):

Source/WebCore:

Update WebCore bindings for the new Weak and Weak-related signatures.

* bindings/js/JSCSSRuleListCustom.cpp:
(WebCore::JSCSSRuleListOwner::isReachableFromOpaqueRoots):
* bindings/js/JSCSSValueCustom.cpp:
(WebCore::JSCSSValueOwner::isReachableFromOpaqueRoots):
(WebCore::JSCSSValueOwner::finalize):
* bindings/js/JSCallbackData.cpp:
(WebCore::JSCallbackDataWeak::WeakOwner::isReachableFromOpaqueRoots):
* bindings/js/JSCallbackData.h:
* bindings/js/JSMutationObserverCustom.cpp:
(WebCore::JSMutationObserverOwner::isReachableFromOpaqueRoots):
* bindings/js/JSNodeCustom.cpp:
(WebCore::isReachableFromDOM):
(WebCore::JSNodeOwner::isReachableFromOpaqueRoots):
* bindings/js/JSNodeListCustom.cpp:
(WebCore::JSNodeListOwner::isReachableFromOpaqueRoots):
* bindings/js/JSTextTrackCueCustom.cpp:
(WebCore::JSTextTrackCueOwner::isReachableFromOpaqueRoots):
* bindings/js/WebCoreTypedArrayController.cpp:
(WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::isReachableFromOpaqueRoots):
(WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::finalize):
* bindings/js/WebCoreTypedArrayController.h:
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateHeader):
(GenerateImplementation):
* bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
(WebCore::JSTestActiveDOMObjectOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestActiveDOMObjectOwner::finalize):
* bindings/scripts/test/JS/JSTestActiveDOMObject.h:
* bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
(WebCore::JSTestCustomConstructorWithNoInterfaceObjectOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestCustomConstructorWithNoInterfaceObjectOwner::finalize):
* bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.h:
* bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
(WebCore::JSTestCustomNamedGetterOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestCustomNamedGetterOwner::finalize):
* bindings/scripts/test/JS/JSTestCustomNamedGetter.h:
* bindings/scripts/test/JS/JSTestEventConstructor.cpp:
(WebCore::JSTestEventConstructorOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestEventConstructorOwner::finalize):
* bindings/scripts/test/JS/JSTestEventConstructor.h:
* bindings/scripts/test/JS/JSTestEventTarget.cpp:
(WebCore::JSTestEventTargetOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestEventTargetOwner::finalize):
* bindings/scripts/test/JS/JSTestEventTarget.h:
* bindings/scripts/test/JS/JSTestException.cpp:
(WebCore::JSTestExceptionOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestExceptionOwner::finalize):
* bindings/scripts/test/JS/JSTestException.h:
* bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
(WebCore::JSTestGenerateIsReachableOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestGenerateIsReachableOwner::finalize):
* bindings/scripts/test/JS/JSTestGenerateIsReachable.h:
* bindings/scripts/test/JS/JSTestInterface.cpp:
(WebCore::JSTestInterfaceOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestInterfaceOwner::finalize):
* bindings/scripts/test/JS/JSTestInterface.h:
* bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
(WebCore::JSTestMediaQueryListListenerOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestMediaQueryListListenerOwner::finalize):
* bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
* bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
(WebCore::JSTestNamedConstructorOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestNamedConstructorOwner::finalize):
* bindings/scripts/test/JS/JSTestNamedConstructor.h:
* bindings/scripts/test/JS/JSTestNondeterministic.cpp:
(WebCore::JSTestNondeterministicOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestNondeterministicOwner::finalize):
* bindings/scripts/test/JS/JSTestNondeterministic.h:
* bindings/scripts/test/JS/JSTestObj.cpp:
(WebCore::JSTestObjOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestObjOwner::finalize):
* bindings/scripts/test/JS/JSTestObj.h:
* bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
(WebCore::JSTestOverloadedConstructorsOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestOverloadedConstructorsOwner::finalize):
* bindings/scripts/test/JS/JSTestOverloadedConstructors.h:
* bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
(WebCore::JSTestOverrideBuiltinsOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestOverrideBuiltinsOwner::finalize):
* bindings/scripts/test/JS/JSTestOverrideBuiltins.h:
* bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
(WebCore::JSTestSerializedScriptValueInterfaceOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestSerializedScriptValueInterfaceOwner::finalize):
* bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h:
* bindings/scripts/test/JS/JSTestTypedefs.cpp:
(WebCore::JSTestTypedefsOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestTypedefsOwner::finalize):
* bindings/scripts/test/JS/JSTestTypedefs.h:
* bindings/scripts/test/JS/JSattribute.cpp:
(WebCore::JSattributeOwner::isReachableFromOpaqueRoots):
(WebCore::JSattributeOwner::finalize):
* bindings/scripts/test/JS/JSattribute.h:
* bindings/scripts/test/JS/JSreadonly.cpp:
(WebCore::JSreadonlyOwner::isReachableFromOpaqueRoots):
(WebCore::JSreadonlyOwner::finalize):
* bindings/scripts/test/JS/JSreadonly.h:
* bridge/runtime_root.cpp:
(JSC::Bindings::RootObject::finalize):
* bridge/runtime_root.h:

Source/WebKit2:

* WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:
(WebKit::NPRuntimeObjectMap::finalize):
* WebProcess/Plugins/Netscape/NPRuntimeObjectMap.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189616 268f45cc-cd09-0410-ab3c-d52691b4dbfc

74 files changed:
Source/JavaScriptCore/API/JSAPIWrapperObject.mm
Source/JavaScriptCore/API/JSManagedValue.mm
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/builtins/BuiltinExecutables.cpp
Source/JavaScriptCore/builtins/BuiltinExecutables.h
Source/JavaScriptCore/heap/Heap.cpp
Source/JavaScriptCore/heap/Heap.h
Source/JavaScriptCore/heap/WeakBlock.cpp
Source/JavaScriptCore/heap/WeakHandleOwner.cpp
Source/JavaScriptCore/heap/WeakHandleOwner.h
Source/JavaScriptCore/heap/WeakImpl.h
Source/JavaScriptCore/heap/WeakInlines.h
Source/JavaScriptCore/heap/WeakSet.h
Source/JavaScriptCore/heap/WeakSetInlines.h
Source/JavaScriptCore/jit/JITThunks.cpp
Source/JavaScriptCore/jit/JITThunks.h
Source/JavaScriptCore/jsc.cpp
Source/JavaScriptCore/runtime/JSCell.h
Source/JavaScriptCore/runtime/RegExpCache.cpp
Source/JavaScriptCore/runtime/RegExpCache.h
Source/JavaScriptCore/runtime/Structure.cpp
Source/WebCore/ChangeLog
Source/WebCore/bindings/js/JSCSSRuleListCustom.cpp
Source/WebCore/bindings/js/JSCSSValueCustom.cpp
Source/WebCore/bindings/js/JSCallbackData.cpp
Source/WebCore/bindings/js/JSCallbackData.h
Source/WebCore/bindings/js/JSMutationObserverCustom.cpp
Source/WebCore/bindings/js/JSNodeCustom.cpp
Source/WebCore/bindings/js/JSNodeListCustom.cpp
Source/WebCore/bindings/js/JSTextTrackCueCustom.cpp
Source/WebCore/bindings/js/WebCoreTypedArrayController.cpp
Source/WebCore/bindings/js/WebCoreTypedArrayController.h
Source/WebCore/bindings/scripts/CodeGeneratorJS.pm
Source/WebCore/bindings/scripts/test/JS/JSTestActiveDOMObject.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestActiveDOMObject.h
Source/WebCore/bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.h
Source/WebCore/bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestCustomNamedGetter.h
Source/WebCore/bindings/scripts/test/JS/JSTestEventConstructor.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestEventConstructor.h
Source/WebCore/bindings/scripts/test/JS/JSTestEventTarget.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestEventTarget.h
Source/WebCore/bindings/scripts/test/JS/JSTestException.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestException.h
Source/WebCore/bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestGenerateIsReachable.h
Source/WebCore/bindings/scripts/test/JS/JSTestInterface.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestInterface.h
Source/WebCore/bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestMediaQueryListListener.h
Source/WebCore/bindings/scripts/test/JS/JSTestNamedConstructor.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestNamedConstructor.h
Source/WebCore/bindings/scripts/test/JS/JSTestNondeterministic.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestNondeterministic.h
Source/WebCore/bindings/scripts/test/JS/JSTestObj.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestObj.h
Source/WebCore/bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestOverloadedConstructors.h
Source/WebCore/bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestOverrideBuiltins.h
Source/WebCore/bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h
Source/WebCore/bindings/scripts/test/JS/JSTestTypedefs.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestTypedefs.h
Source/WebCore/bindings/scripts/test/JS/JSattribute.cpp
Source/WebCore/bindings/scripts/test/JS/JSattribute.h
Source/WebCore/bindings/scripts/test/JS/JSreadonly.cpp
Source/WebCore/bindings/scripts/test/JS/JSreadonly.h
Source/WebCore/bridge/runtime_root.cpp
Source/WebCore/bridge/runtime_root.h
Source/WebKit2/ChangeLog
Source/WebKit2/WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp
Source/WebKit2/WebProcess/Plugins/Netscape/NPRuntimeObjectMap.h

index ef54602..6c6d399 100644 (file)
 
 #if JSC_OBJC_API_ENABLED
 
-class JSAPIWrapperObjectHandleOwner : public JSC::WeakHandleOwner {
+class JSAPIWrapperObjectHandleOwner final : public JSC::WeakHandleOwner {
 public:
-    virtual void finalize(JSC::Handle<JSC::Unknown>, void*) override;
-    virtual bool isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown>, void* context, JSC::SlotVisitor&) override;
+    void finalize(JSC::JSCell*&, void*) override;
+    bool isReachableFromOpaqueRoots(JSC::JSCell&, void* context, JSC::SlotVisitor&) override;
 };
 
 static JSAPIWrapperObjectHandleOwner* jsAPIWrapperObjectHandleOwner()
@@ -45,24 +45,24 @@ static JSAPIWrapperObjectHandleOwner* jsAPIWrapperObjectHandleOwner()
     return &jsWrapperObjectHandleOwner;
 }
 
-void JSAPIWrapperObjectHandleOwner::finalize(JSC::Handle<JSC::Unknown> handle, void*)
+void JSAPIWrapperObjectHandleOwner::finalize(JSC::JSCell*& cell, void*)
 {
-    JSC::JSAPIWrapperObject* wrapperObject = JSC::jsCast<JSC::JSAPIWrapperObject*>(handle.get().asCell());
-    if (!wrapperObject->wrappedObject())
+    auto& wrapperObject = JSC::jsCast<JSC::JSAPIWrapperObject&>(*cell);
+    if (!wrapperObject.wrappedObject())
         return;
 
-    JSC::Heap::heap(wrapperObject)->releaseSoon(adoptNS(static_cast<id>(wrapperObject->wrappedObject())));
-    JSC::WeakSet::deallocate(JSC::WeakImpl::asWeakImpl(handle.slot()));
+    JSC::Heap::heap(&wrapperObject)->releaseSoon(adoptNS(static_cast<id>(wrapperObject.wrappedObject())));
+    JSC::WeakSet::deallocate(JSC::WeakImpl::asWeakImpl(&cell));
 }
 
-bool JSAPIWrapperObjectHandleOwner::isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown> handle, void*, JSC::SlotVisitor& visitor)
+bool JSAPIWrapperObjectHandleOwner::isReachableFromOpaqueRoots(JSC::JSCell& cell, void*, JSC::SlotVisitor& visitor)
 {
-    JSC::JSAPIWrapperObject* wrapperObject = JSC::jsCast<JSC::JSAPIWrapperObject*>(handle.get().asCell());
+    JSC::JSAPIWrapperObject& wrapperObject = JSC::jsCast<JSC::JSAPIWrapperObject&>(cell);
     // We use the JSGlobalObject when processing weak handles to prevent the situation where using
     // the same Objective-C object in multiple global objects keeps all of the global objects alive.
-    if (!wrapperObject->wrappedObject())
+    if (!wrapperObject.wrappedObject())
         return false;
-    return JSC::Heap::isMarked(wrapperObject->structure()->globalObject()) && visitor.containsOpaqueRoot(wrapperObject->wrappedObject());
+    return JSC::Heap::isMarked(wrapperObject.globalObject()) && visitor.containsOpaqueRoot(wrapperObject.wrappedObject());
 }
 
 namespace JSC {
@@ -86,7 +86,7 @@ JSAPIWrapperObject::JSAPIWrapperObject(VM& vm, Structure* structure)
 void JSAPIWrapperObject::finishCreation(VM& vm)
 {
     Base::finishCreation(vm);
-    WeakSet::allocate(this, jsAPIWrapperObjectHandleOwner(), 0); // Balanced in JSAPIWrapperObjectHandleOwner::finalize.
+    WeakSet::allocate(*this, jsAPIWrapperObjectHandleOwner(), 0); // Balanced in JSAPIWrapperObjectHandleOwner::finalize.
 }
     
 void JSAPIWrapperObject::setWrappedObject(void* wrappedObject)
index a72d19b..7d89643 100644 (file)
 #import "JSCInlines.h"
 #import <wtf/spi/cocoa/NSMapTableSPI.h>
 
-class JSManagedValueHandleOwner : public JSC::WeakHandleOwner {
+class JSManagedValueHandleOwner final : public JSC::WeakHandleOwner {
 public:
-    virtual void finalize(JSC::Handle<JSC::Unknown>, void* context) override;
-    virtual bool isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown>, void* context, JSC::SlotVisitor&) override;
+    void finalize(JSC::JSCell*&, void* context) override;
+    bool isReachableFromOpaqueRoots(JSC::JSCell&, void* context, JSC::SlotVisitor&) override;
 };
 
 static JSManagedValueHandleOwner* managedValueHandleOwner()
@@ -295,13 +295,13 @@ private:
 - (void)disconnectValue;
 @end
 
-bool JSManagedValueHandleOwner::isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown>, void* context, JSC::SlotVisitor& visitor)
+bool JSManagedValueHandleOwner::isReachableFromOpaqueRoots(JSC::JSCell&, void* context, JSC::SlotVisitor& visitor)
 {
     JSManagedValue *managedValue = static_cast<JSManagedValue *>(context);
     return visitor.containsOpaqueRoot(managedValue);
 }
 
-void JSManagedValueHandleOwner::finalize(JSC::Handle<JSC::Unknown>, void* context)
+void JSManagedValueHandleOwner::finalize(JSC::JSCell*&, void* context)
 {
     JSManagedValue *managedValue = static_cast<JSManagedValue *>(context);
     [managedValue disconnectValue];
index 6cc8379..83ebdd5 100644 (file)
@@ -1,3 +1,70 @@
+2015-09-11  Andreas Kling  <akling@apple.com>
+
+        [JSC] Weak should only accept cell pointees.
+        <https://webkit.org/b/148955>
+
+        Reviewed by Geoffrey Garen.
+
+        Since WeakImpls only support pointing to JSCell derived objects,
+        enforce that at compile time by having the API use JSCell* instead of JSValue.
+
+        WeakHandleOwner callbacks now get JSCell& and JSCell*& respectively instead
+        of wrapping the cell pointer in a Handle<Unknown>.
+
+        Also added a static_assert so Weak<T> can't be instantiated with a T that's
+        not convertible to JSCell.
+
+        * API/JSAPIWrapperObject.mm:
+        (JSAPIWrapperObjectHandleOwner::finalize):
+        (JSAPIWrapperObjectHandleOwner::isReachableFromOpaqueRoots):
+        (JSC::JSAPIWrapperObject::finishCreation):
+        * API/JSManagedValue.mm:
+        (JSManagedValueHandleOwner::isReachableFromOpaqueRoots):
+        (JSManagedValueHandleOwner::finalize):
+        * builtins/BuiltinExecutables.cpp:
+        (JSC::BuiltinExecutables::finalize):
+        * builtins/BuiltinExecutables.h:
+        * heap/Heap.cpp:
+        (JSC::Heap::addFinalizer):
+        (JSC::Heap::FinalizerOwner::finalize):
+        * heap/Heap.h:
+        * heap/WeakBlock.cpp:
+        (JSC::WeakBlock::visit):
+        (JSC::WeakBlock::reap):
+        * heap/WeakHandleOwner.cpp:
+        (JSC::WeakHandleOwner::isReachableFromOpaqueRoots):
+        (JSC::WeakHandleOwner::finalize):
+        * heap/WeakHandleOwner.h:
+        * heap/WeakImpl.h:
+        (JSC::WeakImpl::WeakImpl):
+        (JSC::WeakImpl::state):
+        (JSC::WeakImpl::cell):
+        (JSC::WeakImpl::asWeakImpl):
+        (JSC::WeakImpl::jsValue): Deleted.
+        * heap/WeakInlines.h:
+        (JSC::Weak<T>::Weak):
+        (JSC::>):
+        (JSC::Weak<T>::operator):
+        (JSC::Weak<T>::get):
+        (JSC::Weak<T>::was):
+        * heap/WeakSet.h:
+        * heap/WeakSetInlines.h:
+        (JSC::WeakSet::allocate):
+        (JSC::WeakBlock::finalize):
+        * jit/JITThunks.cpp:
+        (JSC::JITThunks::finalize):
+        * jit/JITThunks.h:
+        * jsc.cpp:
+        (WTF::ElementHandleOwner::isReachableFromOpaqueRoots): Deleted.
+        * runtime/JSCell.h:
+        (JSC::jsCast):
+        * runtime/RegExpCache.cpp:
+        (JSC::RegExpCache::finalize):
+        * runtime/RegExpCache.h:
+        * runtime/Structure.cpp:
+        (JSC::StructureTransitionTable::singleTransition):
+        (JSC::StructureTransitionTable::setSingleTransition):
+
 2015-09-10  Sukolsak Sakshuwong  <sukolsak@gmail.com>
 
         Implement switch statements in WebAssembly
index 9370e7e..7ef1da3 100644 (file)
@@ -108,7 +108,7 @@ UnlinkedFunctionExecutable* BuiltinExecutables::createExecutableInternal(const S
     return functionExecutable;
 }
 
-void BuiltinExecutables::finalize(Handle<Unknown>, void* context)
+void BuiltinExecutables::finalize(JSCell*&, void* context)
 {
     static_cast<Weak<UnlinkedFunctionExecutable>*>(context)->clear();
 }
index 4e43222..2341c88 100644 (file)
@@ -53,7 +53,7 @@ const SourceCode& name##Source() { return m_##name##Source; }
     UnlinkedFunctionExecutable* createDefaultConstructor(ConstructorKind, const Identifier& name);
 
 private:
-    void finalize(Handle<Unknown>, void* context) override;
+    void finalize(JSCell*&, void* context) override;
 
     VM& m_vm;
 
index 049dfbf..846d70e 100644 (file)
@@ -1383,15 +1383,14 @@ bool Heap::isValidAllocation(size_t)
 
 void Heap::addFinalizer(JSCell* cell, Finalizer finalizer)
 {
-    WeakSet::allocate(cell, &m_finalizerOwner, reinterpret_cast<void*>(finalizer)); // Balanced by FinalizerOwner::finalize().
+    WeakSet::allocate(*cell, &m_finalizerOwner, reinterpret_cast<void*>(finalizer)); // Balanced by FinalizerOwner::finalize().
 }
 
-void Heap::FinalizerOwner::finalize(Handle<Unknown> handle, void* context)
+void Heap::FinalizerOwner::finalize(JSCell*& cell, void* context)
 {
-    HandleSlot slot = handle.slot();
     Finalizer finalizer = reinterpret_cast<Finalizer>(context);
-    finalizer(slot->asCell());
-    WeakSet::deallocate(WeakImpl::asWeakImpl(slot));
+    finalizer(cell);
+    WeakSet::deallocate(WeakImpl::asWeakImpl(&cell));
 }
 
 void Heap::addExecutable(ExecutableBase* executable)
index a45bc95..89f19be 100644 (file)
@@ -268,8 +268,8 @@ private:
 
     static const size_t minExtraMemory = 256;
     
-    class FinalizerOwner : public WeakHandleOwner {
-        virtual void finalize(Handle<Unknown>, void* context) override;
+    class FinalizerOwner final : public WeakHandleOwner {
+        void finalize(JSCell*&, void* context) override;
     };
 
     JS_EXPORT_PRIVATE bool isValidAllocation(size_t);
index 7c7d86c..13ddbc7 100644 (file)
@@ -112,18 +112,17 @@ void WeakBlock::visit(HeapRootVisitor& heapRootVisitor)
         if (weakImpl->state() != WeakImpl::Live)
             continue;
 
-        const JSValue& jsValue = weakImpl->jsValue();
-        if (m_markedBlock->isMarkedOrNewlyAllocated(jsValue.asCell()))
+        if (m_markedBlock->isMarkedOrNewlyAllocated(weakImpl->m_cell))
             continue;
 
         WeakHandleOwner* weakHandleOwner = weakImpl->weakHandleOwner();
         if (!weakHandleOwner)
             continue;
 
-        if (!weakHandleOwner->isReachableFromOpaqueRoots(Handle<Unknown>::wrapSlot(&const_cast<JSValue&>(jsValue)), weakImpl->context(), visitor))
+        if (!weakHandleOwner->isReachableFromOpaqueRoots(*weakImpl->m_cell, weakImpl->context(), visitor))
             continue;
 
-        heapRootVisitor.visit(&const_cast<JSValue&>(jsValue));
+        heapRootVisitor.visit(&weakImpl->m_cell);
     }
 }
 
@@ -144,7 +143,7 @@ void WeakBlock::reap()
         if (weakImpl->state() > WeakImpl::Dead)
             continue;
 
-        if (m_markedBlock->isMarkedOrNewlyAllocated(weakImpl->jsValue().asCell())) {
+        if (m_markedBlock->isMarkedOrNewlyAllocated(weakImpl->cell())) {
             ASSERT(weakImpl->state() == WeakImpl::Live);
             continue;
         }
index 044518f..dff91a9 100644 (file)
@@ -37,12 +37,12 @@ WeakHandleOwner::~WeakHandleOwner()
 {
 }
 
-bool WeakHandleOwner::isReachableFromOpaqueRoots(Handle<Unknown>, void*, SlotVisitor&)
+bool WeakHandleOwner::isReachableFromOpaqueRoots(JSCell&, void*, SlotVisitor&)
 {
     return false;
 }
 
-void WeakHandleOwner::finalize(Handle<Unknown>, void*)
+void WeakHandleOwner::finalize(JSCell*&, void*)
 {
 }
 
index 6304dd2..31a176f 100644 (file)
@@ -35,8 +35,8 @@ class SlotVisitor;
 class JS_EXPORT_PRIVATE WeakHandleOwner {
 public:
     virtual ~WeakHandleOwner();
-    virtual bool isReachableFromOpaqueRoots(Handle<Unknown>, void* context, SlotVisitor&);
-    virtual void finalize(Handle<Unknown>, void* context);
+    virtual bool isReachableFromOpaqueRoots(JSCell&, void* context, SlotVisitor&);
+    virtual void finalize(JSCell*&, void* context);
 };
 
 } // namespace JSC
index ca93fb2..93e2d4d 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012 Apple Inc. All rights reserved.
+ * Copyright (C) 2012-2015 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -46,40 +46,39 @@ public:
     };
 
     WeakImpl();
-    WeakImpl(JSValue, WeakHandleOwner*, void* context);
+    WeakImpl(JSCell&, WeakHandleOwner*, void* context);
 
-    State state();
+    State state() const;
     void setState(State);
 
-    const JSValue& jsValue();
+    JSCell* cell();
     WeakHandleOwner* weakHandleOwner();
     void* context();
 
-    static WeakImpl* asWeakImpl(JSValue*);
+    static WeakImpl* asWeakImpl(JSCell**);
 
 private:
-    const JSValue m_jsValue;
-    WeakHandleOwner* m_weakHandleOwner;
-    void* m_context;
+    friend class WeakBlock;
+
+    JSCell* m_cell { nullptr };
+    WeakHandleOwner* m_weakHandleOwner { nullptr };
+    void* m_context { nullptr };
 };
 
 inline WeakImpl::WeakImpl()
-    : m_weakHandleOwner(0)
-    , m_context(0)
 {
     setState(Deallocated);
 }
 
-inline WeakImpl::WeakImpl(JSValue jsValue, WeakHandleOwner* weakHandleOwner, void* context)
-    : m_jsValue(jsValue)
+inline WeakImpl::WeakImpl(JSCell& cell, WeakHandleOwner* weakHandleOwner, void* context)
+    : m_cell(&cell)
     , m_weakHandleOwner(weakHandleOwner)
     , m_context(context)
 {
     ASSERT(state() == Live);
-    ASSERT(m_jsValue && m_jsValue.isCell());
 }
 
-inline WeakImpl::State WeakImpl::state()
+inline WeakImpl::State WeakImpl::state() const
 {
     return static_cast<State>(reinterpret_cast<uintptr_t>(m_weakHandleOwner) & StateMask);
 }
@@ -90,9 +89,9 @@ inline void WeakImpl::setState(WeakImpl::State state)
     m_weakHandleOwner = reinterpret_cast<WeakHandleOwner*>((reinterpret_cast<uintptr_t>(m_weakHandleOwner) & ~StateMask) | state);
 }
 
-inline const JSValue& WeakImpl::jsValue()
+inline JSCell* WeakImpl::cell()
 {
-    return m_jsValue;
+    return m_cell;
 }
 
 inline WeakHandleOwner* WeakImpl::weakHandleOwner()
@@ -105,9 +104,9 @@ inline void* WeakImpl::context()
     return m_context;
 }
 
-inline WeakImpl* WeakImpl::asWeakImpl(JSValue* slot)
+inline WeakImpl* WeakImpl::asWeakImpl(JSCell** slot)
 {
-    return reinterpret_cast_ptr<WeakImpl*>(reinterpret_cast_ptr<char*>(slot) + OBJECT_OFFSETOF(WeakImpl, m_jsValue));
+    return reinterpret_cast_ptr<WeakImpl*>(reinterpret_cast_ptr<char*>(slot));
 }
 
 } // namespace JSC
index fbd3520..0fd30dc 100644 (file)
@@ -34,8 +34,9 @@
 namespace JSC {
 
 template<typename T> inline Weak<T>::Weak(T* cell, WeakHandleOwner* weakOwner, void* context)
-    : m_impl(cell ? WeakSet::allocate(cell, weakOwner, context) : 0)
+    : m_impl(cell ? WeakSet::allocate(*cell, weakOwner, context) : 0)
 {
+    static_assert((std::is_convertible<T, JSCell>::value), "JSC::Weak can only be used with cell types.");
 }
 
 template<typename T> inline bool Weak<T>::isHashTableDeletedValue() const
@@ -73,30 +74,30 @@ template<typename T> inline auto Weak<T>::operator=(Weak&& other) -> Weak&
 template<typename T> inline T* Weak<T>::operator->() const
 {
     ASSERT(m_impl && m_impl->state() == WeakImpl::Live);
-    return jsCast<T*>(m_impl->jsValue().asCell());
+    return jsCast<T*>(m_impl->cell());
 }
 
 template<typename T> inline T& Weak<T>::operator*() const
 {
     ASSERT(m_impl && m_impl->state() == WeakImpl::Live);
-    return *jsCast<T*>(m_impl->jsValue().asCell());
+    return *jsCast<T*>(m_impl->cell());
 }
 
 template<typename T> inline T* Weak<T>::get() const
 {
     if (!m_impl || m_impl->state() != WeakImpl::Live)
         return 0;
-    return jsCast<T*>(m_impl->jsValue().asCell());
+    return jsCast<T*>(m_impl->cell());
 }
 
 template<typename T> inline bool Weak<T>::was(T* other) const
 {
-    return static_cast<T*>(m_impl->jsValue().asCell()) == other;
+    return static_cast<T*>(m_impl->cell()) == other;
 }
 
 template<typename T> inline bool Weak<T>::operator!() const
 {
-    return !m_impl || !m_impl->jsValue() || m_impl->state() != WeakImpl::Live;
+    return !m_impl || !m_impl->cell() || m_impl->state() != WeakImpl::Live;
 }
 
 template<typename T> inline Weak<T>::operator bool() const
index dbde510..3950cfd 100644 (file)
@@ -38,7 +38,7 @@ class WeakSet {
     friend class LLIntOffsetsExtractor;
 
 public:
-    static WeakImpl* allocate(JSValue, WeakHandleOwner* = 0, void* context = 0);
+    static WeakImpl* allocate(JSCell&, WeakHandleOwner* = 0, void* context = 0);
     static void deallocate(WeakImpl*);
 
     WeakSet(VM*, MarkedBlock&);
index f239224..94cb012 100644 (file)
 
 namespace JSC {
 
-inline WeakImpl* WeakSet::allocate(JSValue jsValue, WeakHandleOwner* weakHandleOwner, void* context)
+inline WeakImpl* WeakSet::allocate(JSCell& cell, WeakHandleOwner* weakHandleOwner, void* context)
 {
-    WeakSet& weakSet = MarkedBlock::blockFor(jsValue.asCell())->weakSet();
+    WeakSet& weakSet = MarkedBlock::blockFor(&cell)->weakSet();
     WeakBlock::FreeCell* allocator = weakSet.m_allocator;
     if (UNLIKELY(!allocator))
         allocator = weakSet.findAllocator();
     weakSet.m_allocator = allocator->next;
 
     WeakImpl* weakImpl = WeakBlock::asWeakImpl(allocator);
-    return new (NotNull, weakImpl) WeakImpl(jsValue, weakHandleOwner, context);
+    return new (NotNull, weakImpl) WeakImpl(cell, weakHandleOwner, context);
 }
 
 inline void WeakBlock::finalize(WeakImpl* weakImpl)
@@ -49,7 +49,7 @@ inline void WeakBlock::finalize(WeakImpl* weakImpl)
     WeakHandleOwner* weakHandleOwner = weakImpl->weakHandleOwner();
     if (!weakHandleOwner)
         return;
-    weakHandleOwner->finalize(Handle<Unknown>::wrapSlot(&const_cast<JSValue&>(weakImpl->jsValue())), weakImpl->context());
+    weakHandleOwner->finalize(weakImpl->m_cell, weakImpl->context());
 }
 
 } // namespace JSC
index fa61044..ff0fbf0 100644 (file)
@@ -76,9 +76,9 @@ MacroAssemblerCodeRef JITThunks::ctiStub(VM* vm, ThunkGenerator generator)
     return entry.iterator->value;
 }
 
-void JITThunks::finalize(Handle<Unknown> handle, void*)
+void JITThunks::finalize(JSCell*& cell, void*)
 {
-    auto* nativeExecutable = jsCast<NativeExecutable*>(handle.get().asCell());
+    auto* nativeExecutable = jsCast<NativeExecutable*>(cell);
     weakRemove(*m_hostFunctionStubMap, std::make_pair(nativeExecutable->function(), nativeExecutable->constructor()), nativeExecutable);
 }
 
index 2e02883..05af988 100644 (file)
@@ -63,7 +63,7 @@ public:
     void clearHostFunctionStubs();
 
 private:
-    void finalize(Handle<Unknown>, void* context) override;
+    void finalize(JSCell*&, void* context) override;
     
     typedef HashMap<ThunkGenerator, MacroAssemblerCodeRef> CTIStubMap;
     CTIStubMap m_ctiStubMap;
index 2369a9d..5cd9278 100644 (file)
@@ -176,12 +176,12 @@ private:
     WriteBarrier<Root> m_root;
 };
 
-class ElementHandleOwner : public WeakHandleOwner {
+class ElementHandleOwner final : public WeakHandleOwner {
 public:
-    virtual bool isReachableFromOpaqueRoots(Handle<JSC::Unknown> handle, void*, SlotVisitor& visitor)
+    virtual bool isReachableFromOpaqueRoots(JSCell& cell, void*, SlotVisitor& visitor)
     {
-        Element* element = jsCast<Element*>(handle.slot()->asCell());
-        return visitor.containsOpaqueRoot(element->root());
+        auto& element = jsCast<Element&>(cell);
+        return visitor.containsOpaqueRoot(element.root());
     }
 };
 
index 6d648ad..38155cf 100644 (file)
@@ -245,6 +245,13 @@ private:
 };
 
 template<typename To, typename From>
+inline To& jsCast(From& from)
+{
+    ASSERT_WITH_SECURITY_IMPLICATION(from.JSCell::inherits(std::remove_reference<To>::type::info()));
+    return static_cast<To&>(from);
+}
+
+template<typename To, typename From>
 inline To jsCast(From* from)
 {
     ASSERT_WITH_SECURITY_IMPLICATION(!from || from->JSCell::inherits(std::remove_pointer<To>::type::info()));
index 8f4660a..27a3fdf 100644 (file)
@@ -56,9 +56,9 @@ RegExpCache::RegExpCache(VM* vm)
 {
 }
 
-void RegExpCache::finalize(Handle<Unknown> handle, void*)
+void RegExpCache::finalize(JSCell*& cell, void*)
 {
-    RegExp* regExp = static_cast<RegExp*>(handle.get().asCell());
+    RegExp* regExp = jsCast<RegExp*>(cell);
     weakRemove(m_weakCache, regExp->key(), regExp);
 }
 
index 942f3dc..fe04d54 100644 (file)
@@ -54,7 +54,7 @@ private:
 
     static const int maxStrongCacheableEntries = 32;
 
-    virtual void finalize(Handle<Unknown>, void* context) override;
+    void finalize(JSCell*&, void* context) override;
 
     RegExp* lookupOrCreate(const WTF::String& patternString, RegExpFlags);
     void addToStrongCache(RegExp*);
index cc24b00..f395cca 100644 (file)
@@ -62,7 +62,7 @@ static HashSet<Structure*>& liveStructureSet = *(new HashSet<Structure*>);
 #endif
 
 class SingleSlotTransitionWeakOwner final : public WeakHandleOwner {
-    void finalize(Handle<Unknown>, void* context) override
+    void finalize(JSCell*&, void* context) override
     {
         StructureTransitionTable* table = reinterpret_cast<StructureTransitionTable*>(context);
         ASSERT(table->isUsingSingleSlot());
@@ -82,7 +82,7 @@ inline Structure* StructureTransitionTable::singleTransition() const
     ASSERT(isUsingSingleSlot());
     if (WeakImpl* impl = this->weakImpl()) {
         if (impl->state() == WeakImpl::Live)
-            return jsCast<Structure*>(impl->jsValue().asCell());
+            return jsCast<Structure*>(impl->cell());
     }
     return nullptr;
 }
@@ -92,7 +92,7 @@ inline void StructureTransitionTable::setSingleTransition(Structure* structure)
     ASSERT(isUsingSingleSlot());
     if (WeakImpl* impl = this->weakImpl())
         WeakSet::deallocate(impl);
-    WeakImpl* impl = WeakSet::allocate(structure, &singleSlotTransitionWeakOwner(), this);
+    WeakImpl* impl = WeakSet::allocate(*structure, &singleSlotTransitionWeakOwner(), this);
     m_data = reinterpret_cast<intptr_t>(impl) | UsingSingleSlotFlag;
 }
 
index c4d5f36..fdb5394 100644 (file)
@@ -1,3 +1,112 @@
+2015-09-11  Andreas Kling  <akling@apple.com>
+
+        [JSC] Weak should only accept cell pointees.
+        <https://webkit.org/b/148955>
+
+        Reviewed by Geoffrey Garen.
+
+        Update WebCore bindings for the new Weak and Weak-related signatures.
+
+        * bindings/js/JSCSSRuleListCustom.cpp:
+        (WebCore::JSCSSRuleListOwner::isReachableFromOpaqueRoots):
+        * bindings/js/JSCSSValueCustom.cpp:
+        (WebCore::JSCSSValueOwner::isReachableFromOpaqueRoots):
+        (WebCore::JSCSSValueOwner::finalize):
+        * bindings/js/JSCallbackData.cpp:
+        (WebCore::JSCallbackDataWeak::WeakOwner::isReachableFromOpaqueRoots):
+        * bindings/js/JSCallbackData.h:
+        * bindings/js/JSMutationObserverCustom.cpp:
+        (WebCore::JSMutationObserverOwner::isReachableFromOpaqueRoots):
+        * bindings/js/JSNodeCustom.cpp:
+        (WebCore::isReachableFromDOM):
+        (WebCore::JSNodeOwner::isReachableFromOpaqueRoots):
+        * bindings/js/JSNodeListCustom.cpp:
+        (WebCore::JSNodeListOwner::isReachableFromOpaqueRoots):
+        * bindings/js/JSTextTrackCueCustom.cpp:
+        (WebCore::JSTextTrackCueOwner::isReachableFromOpaqueRoots):
+        * bindings/js/WebCoreTypedArrayController.cpp:
+        (WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::isReachableFromOpaqueRoots):
+        (WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::finalize):
+        * bindings/js/WebCoreTypedArrayController.h:
+        * bindings/scripts/CodeGeneratorJS.pm:
+        (GenerateHeader):
+        (GenerateImplementation):
+        * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
+        (WebCore::JSTestActiveDOMObjectOwner::isReachableFromOpaqueRoots):
+        (WebCore::JSTestActiveDOMObjectOwner::finalize):
+        * bindings/scripts/test/JS/JSTestActiveDOMObject.h:
+        * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
+        (WebCore::JSTestCustomConstructorWithNoInterfaceObjectOwner::isReachableFromOpaqueRoots):
+        (WebCore::JSTestCustomConstructorWithNoInterfaceObjectOwner::finalize):
+        * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.h:
+        * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
+        (WebCore::JSTestCustomNamedGetterOwner::isReachableFromOpaqueRoots):
+        (WebCore::JSTestCustomNamedGetterOwner::finalize):
+        * bindings/scripts/test/JS/JSTestCustomNamedGetter.h:
+        * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
+        (WebCore::JSTestEventConstructorOwner::isReachableFromOpaqueRoots):
+        (WebCore::JSTestEventConstructorOwner::finalize):
+        * bindings/scripts/test/JS/JSTestEventConstructor.h:
+        * bindings/scripts/test/JS/JSTestEventTarget.cpp:
+        (WebCore::JSTestEventTargetOwner::isReachableFromOpaqueRoots):
+        (WebCore::JSTestEventTargetOwner::finalize):
+        * bindings/scripts/test/JS/JSTestEventTarget.h:
+        * bindings/scripts/test/JS/JSTestException.cpp:
+        (WebCore::JSTestExceptionOwner::isReachableFromOpaqueRoots):
+        (WebCore::JSTestExceptionOwner::finalize):
+        * bindings/scripts/test/JS/JSTestException.h:
+        * bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
+        (WebCore::JSTestGenerateIsReachableOwner::isReachableFromOpaqueRoots):
+        (WebCore::JSTestGenerateIsReachableOwner::finalize):
+        * bindings/scripts/test/JS/JSTestGenerateIsReachable.h:
+        * bindings/scripts/test/JS/JSTestInterface.cpp:
+        (WebCore::JSTestInterfaceOwner::isReachableFromOpaqueRoots):
+        (WebCore::JSTestInterfaceOwner::finalize):
+        * bindings/scripts/test/JS/JSTestInterface.h:
+        * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
+        (WebCore::JSTestMediaQueryListListenerOwner::isReachableFromOpaqueRoots):
+        (WebCore::JSTestMediaQueryListListenerOwner::finalize):
+        * bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
+        * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
+        (WebCore::JSTestNamedConstructorOwner::isReachableFromOpaqueRoots):
+        (WebCore::JSTestNamedConstructorOwner::finalize):
+        * bindings/scripts/test/JS/JSTestNamedConstructor.h:
+        * bindings/scripts/test/JS/JSTestNondeterministic.cpp:
+        (WebCore::JSTestNondeterministicOwner::isReachableFromOpaqueRoots):
+        (WebCore::JSTestNondeterministicOwner::finalize):
+        * bindings/scripts/test/JS/JSTestNondeterministic.h:
+        * bindings/scripts/test/JS/JSTestObj.cpp:
+        (WebCore::JSTestObjOwner::isReachableFromOpaqueRoots):
+        (WebCore::JSTestObjOwner::finalize):
+        * bindings/scripts/test/JS/JSTestObj.h:
+        * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
+        (WebCore::JSTestOverloadedConstructorsOwner::isReachableFromOpaqueRoots):
+        (WebCore::JSTestOverloadedConstructorsOwner::finalize):
+        * bindings/scripts/test/JS/JSTestOverloadedConstructors.h:
+        * bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
+        (WebCore::JSTestOverrideBuiltinsOwner::isReachableFromOpaqueRoots):
+        (WebCore::JSTestOverrideBuiltinsOwner::finalize):
+        * bindings/scripts/test/JS/JSTestOverrideBuiltins.h:
+        * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
+        (WebCore::JSTestSerializedScriptValueInterfaceOwner::isReachableFromOpaqueRoots):
+        (WebCore::JSTestSerializedScriptValueInterfaceOwner::finalize):
+        * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h:
+        * bindings/scripts/test/JS/JSTestTypedefs.cpp:
+        (WebCore::JSTestTypedefsOwner::isReachableFromOpaqueRoots):
+        (WebCore::JSTestTypedefsOwner::finalize):
+        * bindings/scripts/test/JS/JSTestTypedefs.h:
+        * bindings/scripts/test/JS/JSattribute.cpp:
+        (WebCore::JSattributeOwner::isReachableFromOpaqueRoots):
+        (WebCore::JSattributeOwner::finalize):
+        * bindings/scripts/test/JS/JSattribute.h:
+        * bindings/scripts/test/JS/JSreadonly.cpp:
+        (WebCore::JSreadonlyOwner::isReachableFromOpaqueRoots):
+        (WebCore::JSreadonlyOwner::finalize):
+        * bindings/scripts/test/JS/JSreadonly.h:
+        * bridge/runtime_root.cpp:
+        (JSC::Bindings::RootObject::finalize):
+        * bridge/runtime_root.h:
+
 2015-09-10  Chris Fleizach  <cfleizach@apple.com>
 
         AX: Mavericks: Text cursor does not move along with VoiceOver cursor for text fields
index 89e9921..6dbe4ca 100644 (file)
@@ -36,14 +36,14 @@ using namespace JSC;
 
 namespace WebCore {
 
-bool JSCSSRuleListOwner::isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown> handle, void*, SlotVisitor& visitor)
+bool JSCSSRuleListOwner::isReachableFromOpaqueRoots(JSC::JSCell& cell, void*, SlotVisitor& visitor)
 {
-    JSCSSRuleList* jsCSSRuleList = jsCast<JSCSSRuleList*>(handle.slot()->asCell());
-    if (!jsCSSRuleList->hasCustomProperties())
+    auto& jsCSSRuleList = jsCast<JSCSSRuleList&>(cell);
+    if (!jsCSSRuleList.hasCustomProperties())
         return false;
-    if (CSSStyleSheet* styleSheet = jsCSSRuleList->impl().styleSheet())
+    if (CSSStyleSheet* styleSheet = jsCSSRuleList.impl().styleSheet())
         return visitor.containsOpaqueRoot(root(styleSheet));
-    if (CSSRule* cssRule = jsCSSRuleList->impl().item(0))
+    if (CSSRule* cssRule = jsCSSRuleList.impl().item(0))
         return visitor.containsOpaqueRoot(root(cssRule));
     return false;
 }
index ed51253..c5eb84f 100644 (file)
@@ -44,24 +44,24 @@ using namespace JSC;
 
 namespace WebCore {
 
-bool JSCSSValueOwner::isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown> handle, void* context, SlotVisitor& visitor)
+bool JSCSSValueOwner::isReachableFromOpaqueRoots(JSC::JSCell& cell, void* context, SlotVisitor& visitor)
 {
-    JSCSSValue* jsCSSValue = jsCast<JSCSSValue*>(handle.slot()->asCell());
-    if (!jsCSSValue->hasCustomProperties())
+    auto& jsCSSValue = jsCast<JSCSSValue&>(cell);
+    if (!jsCSSValue.hasCustomProperties())
         return false;
-    DOMWrapperWorld* world = static_cast<DOMWrapperWorld*>(context);
-    void* root = world->m_cssValueRoots.get(&jsCSSValue->impl());
+    DOMWrapperWorld& world = *static_cast<DOMWrapperWorld*>(context);
+    void* root = world.m_cssValueRoots.get(&jsCSSValue.impl());
     if (!root)
         return false;
     return visitor.containsOpaqueRoot(root);
 }
 
-void JSCSSValueOwner::finalize(JSC::Handle<JSC::Unknown> handle, void* context)
+void JSCSSValueOwner::finalize(JSC::JSCell*& cell, void* context)
 {
-    JSCSSValue* jsCSSValue = jsCast<JSCSSValue*>(handle.slot()->asCell());
+    auto& jsCSSValue = jsCast<JSCSSValue&>(*cell);
     DOMWrapperWorld& world = *static_cast<DOMWrapperWorld*>(context);
-    world.m_cssValueRoots.remove(&jsCSSValue->impl());
-    uncacheWrapper(world, &jsCSSValue->impl(), jsCSSValue);
+    world.m_cssValueRoots.remove(&jsCSSValue.impl());
+    uncacheWrapper(world, &jsCSSValue.impl(), &jsCSSValue);
 }
 
 JSValue toJS(ExecState*, JSDOMGlobalObject* globalObject, CSSValue* value)
index 6d40a47..ea3df93 100644 (file)
@@ -90,7 +90,7 @@ JSValue JSCallbackData::invokeCallback(JSObject* callback, MarkedArgumentBuffer&
     return result;
 }
 
-bool JSCallbackDataWeak::WeakOwner::isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown>, void* context, SlotVisitor& visitor)
+bool JSCallbackDataWeak::WeakOwner::isReachableFromOpaqueRoots(JSC::JSCell&, void* context, SlotVisitor& visitor)
 {
     return visitor.containsOpaqueRoot(context);
 }
index 7acf921..0207171 100644 (file)
@@ -105,8 +105,8 @@ public:
     }
 
 private:
-    class WeakOwner : public JSC::WeakHandleOwner {
-        virtual bool isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown>, void* context, JSC::SlotVisitor&);
+    class WeakOwner final : public JSC::WeakHandleOwner {
+        bool isReachableFromOpaqueRoots(JSC::JSCell&, void* context, JSC::SlotVisitor&) override;
     };
     WeakOwner m_weakOwner;
     JSC::Weak<JSC::JSObject> m_callback;
index 3805572..ca6b1e1 100644 (file)
@@ -61,9 +61,9 @@ EncodedJSValue JSC_HOST_CALL constructJSMutationObserver(ExecState* exec)
     return JSValue::encode(jsObserver);
 }
 
-bool JSMutationObserverOwner::isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown> handle, void*, SlotVisitor& visitor)
+bool JSMutationObserverOwner::isReachableFromOpaqueRoots(JSC::JSCell& cell, void*, SlotVisitor& visitor)
 {
-    MutationObserver& observer = jsCast<JSMutationObserver*>(handle.slot()->asCell())->impl();
+    MutationObserver& observer = jsCast<JSMutationObserver&>(cell).impl();
     auto observedNodes = observer.getObservedNodes();
     for (auto it = observedNodes.begin(), end = observedNodes.end(); it != end; ++it) {
         if (visitor.containsOpaqueRoot(root(*it)))
index 6d4c81d..f922e1c 100644 (file)
@@ -75,11 +75,11 @@ namespace WebCore {
 
 using namespace HTMLNames;
 
-static inline bool isReachableFromDOM(Node* node, SlotVisitor& visitor)
+static inline bool isReachableFromDOM(Node& node, SlotVisitor& visitor)
 {
-    if (!node->inDocument()) {
-        if (is<Element>(*node)) {
-            auto& element = downcast<Element>(*node);
+    if (!node.inDocument()) {
+        if (is<Element>(node)) {
+            auto& element = downcast<Element>(node);
 
             // If a wrapper is the last reference to an image element
             // that is loading but not in the document, the wrapper is observable
@@ -100,17 +100,17 @@ static inline bool isReachableFromDOM(Node* node, SlotVisitor& visitor)
 
         // If a node is firing event listeners, its wrapper is observable because
         // its wrapper is responsible for marking those event listeners.
-        if (node->isFiringEventListeners())
+        if (node.isFiringEventListeners())
             return true;
     }
 
-    return visitor.containsOpaqueRoot(root(node));
+    return visitor.containsOpaqueRoot(root(&node));
 }
 
-bool JSNodeOwner::isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown> handle, void*, SlotVisitor& visitor)
+bool JSNodeOwner::isReachableFromOpaqueRoots(JSC::JSCell& cell, void*, SlotVisitor& visitor)
 {
-    JSNode* jsNode = jsCast<JSNode*>(handle.slot()->asCell());
-    return isReachableFromDOM(&jsNode->impl(), visitor);
+    auto& jsNode = jsCast<JSNode&>(cell);
+    return isReachableFromDOM(jsNode.impl(), visitor);
 }
 
 JSValue JSNode::insertBefore(ExecState* exec)
index 7f02e24..90d71eb 100644 (file)
@@ -37,17 +37,17 @@ using namespace JSC;
 
 namespace WebCore {
 
-bool JSNodeListOwner::isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown> handle, void*, SlotVisitor& visitor)
+bool JSNodeListOwner::isReachableFromOpaqueRoots(JSC::JSCell& cell, void*, SlotVisitor& visitor)
 {
-    JSNodeList* jsNodeList = jsCast<JSNodeList*>(handle.slot()->asCell());
-    if (!jsNodeList->hasCustomProperties())
+    auto& jsNodeList = jsCast<JSNodeList&>(cell);
+    if (!jsNodeList.hasCustomProperties())
         return false;
-    if (jsNodeList->impl().isLiveNodeList())
-        return visitor.containsOpaqueRoot(root(static_cast<LiveNodeList&>(jsNodeList->impl()).ownerNode()));
-    if (jsNodeList->impl().isChildNodeList())
-        return visitor.containsOpaqueRoot(root(static_cast<ChildNodeList&>(jsNodeList->impl()).ownerNode()));
-    if (jsNodeList->impl().isEmptyNodeList())
-        return visitor.containsOpaqueRoot(root(static_cast<EmptyNodeList&>(jsNodeList->impl()).ownerNode()));
+    if (jsNodeList.impl().isLiveNodeList())
+        return visitor.containsOpaqueRoot(root(static_cast<LiveNodeList&>(jsNodeList.impl()).ownerNode()));
+    if (jsNodeList.impl().isChildNodeList())
+        return visitor.containsOpaqueRoot(root(static_cast<ChildNodeList&>(jsNodeList.impl()).ownerNode()));
+    if (jsNodeList.impl().isEmptyNodeList())
+        return visitor.containsOpaqueRoot(root(static_cast<EmptyNodeList&>(jsNodeList.impl()).ownerNode()));
     return false;
 }
 
index 57f88b9..d5c17dc 100644 (file)
@@ -38,10 +38,10 @@ using namespace JSC;
 
 namespace WebCore {
 
-bool JSTextTrackCueOwner::isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown> handle, void*, SlotVisitor& visitor)
+bool JSTextTrackCueOwner::isReachableFromOpaqueRoots(JSC::JSCell& cell, void*, SlotVisitor& visitor)
 {
-    JSTextTrackCue* jsTextTrackCue = jsCast<JSTextTrackCue*>(handle.slot()->asCell());
-    TextTrackCue& textTrackCue = jsTextTrackCue->impl();
+    auto& jsTextTrackCue = jsCast<JSTextTrackCue&>(cell);
+    TextTrackCue& textTrackCue = jsTextTrackCue.impl();
 
     // If the cue is firing event listeners, its wrapper is reachable because
     // the wrapper is responsible for marking those event listeners.
@@ -49,7 +49,7 @@ bool JSTextTrackCueOwner::isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown> h
         return true;
 
     // If the cue has no event listeners and has no custom properties, it is not reachable.
-    if (!textTrackCue.hasEventListeners() && !jsTextTrackCue->hasCustomProperties())
+    if (!textTrackCue.hasEventListeners() && !jsTextTrackCue.hasCustomProperties())
         return false;
 
     // If the cue is not associated with a track, it is not reachable.
index 1106929..fab7357 100644 (file)
@@ -47,17 +47,17 @@ JSC::JSArrayBuffer* WebCoreTypedArrayController::toJS(JSC::ExecState* state, JSC
     return JSC::jsCast<JSC::JSArrayBuffer*>(WebCore::toJS(state, JSC::jsCast<JSDOMGlobalObject*>(globalObject), buffer));
 }
 
-bool WebCoreTypedArrayController::JSArrayBufferOwner::isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown> handle, void*, JSC::SlotVisitor& visitor)
+bool WebCoreTypedArrayController::JSArrayBufferOwner::isReachableFromOpaqueRoots(JSC::JSCell& cell, void*, JSC::SlotVisitor& visitor)
 {
-    auto& wrapper = *JSC::jsCast<JSC::JSArrayBuffer*>(handle.slot()->asCell());
+    auto& wrapper = JSC::jsCast<JSC::JSArrayBuffer&>(cell);
     if (!wrapper.hasCustomProperties())
         return false;
     return visitor.containsOpaqueRoot(wrapper.impl());
 }
 
-void WebCoreTypedArrayController::JSArrayBufferOwner::finalize(JSC::Handle<JSC::Unknown> handle, void* context)
+void WebCoreTypedArrayController::JSArrayBufferOwner::finalize(JSC::JSCell*& cell, void* context)
 {
-    auto& wrapper = *static_cast<JSC::JSArrayBuffer*>(handle.slot()->asCell());
+    auto& wrapper = static_cast<JSC::JSArrayBuffer&>(*cell);
     auto& buffer = *wrapper.impl();
     uncacheWrapper(*static_cast<DOMWrapperWorld*>(context), &buffer, &wrapper);
     buffer.deref();
index 7e044c4..c9099ce 100644 (file)
@@ -35,7 +35,7 @@ class WeakHandleOwner;
 
 namespace WebCore {
 
-class WebCoreTypedArrayController : public JSC::TypedArrayController {
+class WebCoreTypedArrayController final : public JSC::TypedArrayController {
 public:
     WebCoreTypedArrayController();
     virtual ~WebCoreTypedArrayController();
@@ -45,10 +45,10 @@ public:
     JSC::WeakHandleOwner* wrapperOwner() { return &m_owner; }
 
 private:
-    class JSArrayBufferOwner : public JSC::WeakHandleOwner {
+    class JSArrayBufferOwner final : public JSC::WeakHandleOwner {
     public:
-        virtual bool isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown>, void* context, JSC::SlotVisitor&) override;
-        virtual void finalize(JSC::Handle<JSC::Unknown>, void* context) override;
+        bool isReachableFromOpaqueRoots(JSC::JSCell&, void* context, JSC::SlotVisitor&) override;
+        void finalize(JSC::JSCell*&, void* context) override;
     };
 
     JSArrayBufferOwner m_owner;
index 9c72979..1b95158 100644 (file)
@@ -1191,8 +1191,8 @@ sub GenerateHeader
         }
         $headerIncludes{"<wtf/NeverDestroyed.h>"} = 1;
         push(@headerContent, "public:\n");
-        push(@headerContent, "    virtual bool isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown>, void* context, JSC::SlotVisitor&);\n");
-        push(@headerContent, "    virtual void finalize(JSC::Handle<JSC::Unknown>, void* context);\n");
+        push(@headerContent, "    bool isReachableFromOpaqueRoots(JSC::JSCell&, void* context, JSC::SlotVisitor&) override;\n");
+        push(@headerContent, "    void finalize(JSC::JSCell*&, void* context) override;\n");
         push(@headerContent, "};\n");
         push(@headerContent, "\n");
         push(@headerContent, "inline JSC::WeakHandleOwner* wrapperOwner(DOMWrapperWorld&, $implType*)\n");
@@ -2945,7 +2945,7 @@ sub GenerateImplementation
 
     if ((!$hasParent && !GetCustomIsReachable($interface)) || GetGenerateIsReachable($interface) || $codeGenerator->InheritsExtendedAttribute($interface, "ActiveDOMObject")) {
 
-        push(@implContent, "bool JS${interfaceName}Owner::isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown> handle, void*, SlotVisitor& visitor)\n");
+        push(@implContent, "bool JS${interfaceName}Owner::isReachableFromOpaqueRoots(JSC::JSCell& cell, void*, SlotVisitor& visitor)\n");
         push(@implContent, "{\n");
         # All ActiveDOMObjects implement hasPendingActivity(), but not all of them
         # increment their C++ reference counts when hasPendingActivity() becomes
@@ -2956,70 +2956,70 @@ sub GenerateImplementation
         # check just above the (GetGenerateIsReachable($interface) eq "Impl") check below.
         my $emittedJSCast = 0;
         if ($codeGenerator->InheritsExtendedAttribute($interface, "ActiveDOMObject")) {
-            push(@implContent, "    auto* js${interfaceName} = jsCast<JS${interfaceName}*>(handle.slot()->asCell());\n");
+            push(@implContent, "    auto& js${interfaceName} = jsCast<JS${interfaceName}&>(cell);\n");
             $emittedJSCast = 1;
-            push(@implContent, "    if (js${interfaceName}->impl().hasPendingActivity())\n");
+            push(@implContent, "    if (js${interfaceName}.impl().hasPendingActivity())\n");
             push(@implContent, "        return true;\n");
         }
         if ($codeGenerator->InheritsExtendedAttribute($interface, "EventTarget")) {
             if (!$emittedJSCast) {
-                push(@implContent, "    auto* js${interfaceName} = jsCast<JS${interfaceName}*>(handle.slot()->asCell());\n");
+                push(@implContent, "    auto& js${interfaceName} = jsCast<JS${interfaceName}&>(cell);\n");
                 $emittedJSCast = 1;
             }
-            push(@implContent, "    if (js${interfaceName}->impl().isFiringEventListeners())\n");
+            push(@implContent, "    if (js${interfaceName}.impl().isFiringEventListeners())\n");
             push(@implContent, "        return true;\n");
         }
         if ($codeGenerator->InheritsInterface($interface, "Node")) {
             if (!$emittedJSCast) {
-                push(@implContent, "    auto* js${interfaceName} = jsCast<JS${interfaceName}*>(handle.slot()->asCell());\n");
+                push(@implContent, "    auto& js${interfaceName} = jsCast<JS${interfaceName}&>(cell);\n");
                 $emittedJSCast = 1;
             }
-            push(@implContent, "    if (JSNodeOwner::isReachableFromOpaqueRoots(handle, 0, visitor))\n");
+            push(@implContent, "    if (JSNodeOwner::isReachableFromOpaqueRoots(cell, 0, visitor))\n");
             push(@implContent, "        return true;\n");
         }
         if (GetGenerateIsReachable($interface)) {
             if (!$emittedJSCast) {
-                push(@implContent, "    auto* js${interfaceName} = jsCast<JS${interfaceName}*>(handle.slot()->asCell());\n");
+                push(@implContent, "    auto& js${interfaceName} = jsCast<JS${interfaceName}&>(cell);\n");
                 $emittedJSCast = 1;
             }
 
             my $rootString;
             if (GetGenerateIsReachable($interface) eq "Impl") {
-                $rootString  = "    ${implType}* root = &js${interfaceName}->impl();\n";
+                $rootString  = "    ${implType}* root = &js${interfaceName}.impl();\n";
             } elsif (GetGenerateIsReachable($interface) eq "ImplWebGLRenderingContext") {
-                $rootString  = "    WebGLRenderingContextBase* root = WTF::getPtr(js${interfaceName}->impl().context());\n";
+                $rootString  = "    WebGLRenderingContextBase* root = WTF::getPtr(js${interfaceName}.impl().context());\n";
             } elsif (GetGenerateIsReachable($interface) eq "ImplFrame") {
-                $rootString  = "    Frame* root = WTF::getPtr(js${interfaceName}->impl().frame());\n";
+                $rootString  = "    Frame* root = WTF::getPtr(js${interfaceName}.impl().frame());\n";
                 $rootString .= "    if (!root)\n";
                 $rootString .= "        return false;\n";
             } elsif (GetGenerateIsReachable($interface) eq "ImplDocument") {
-                $rootString  = "    Document* root = WTF::getPtr(js${interfaceName}->impl().document());\n";
+                $rootString  = "    Document* root = WTF::getPtr(js${interfaceName}.impl().document());\n";
                 $rootString .= "    if (!root)\n";
                 $rootString .= "        return false;\n";
             } elsif (GetGenerateIsReachable($interface) eq "ImplElementRoot") {
                 $implIncludes{"Element.h"} = 1;
                 $implIncludes{"JSNodeCustom.h"} = 1;
-                $rootString  = "    Element* element = WTF::getPtr(js${interfaceName}->impl().element());\n";
+                $rootString  = "    Element* element = WTF::getPtr(js${interfaceName}.impl().element());\n";
                 $rootString .= "    if (!element)\n";
                 $rootString .= "        return false;\n";
                 $rootString .= "    void* root = WebCore::root(element);\n";
             } elsif ($interfaceName eq "CanvasRenderingContext") {
                 $implIncludes{"Element.h"} = 1;
                 $implIncludes{"JSNodeCustom.h"} = 1;
-                $rootString  = "    void* root = WebCore::root(js${interfaceName}->impl().canvas());\n";
+                $rootString  = "    void* root = WebCore::root(js${interfaceName}.impl().canvas());\n";
             } elsif (GetGenerateIsReachable($interface) eq "ImplOwnerNodeRoot") {
                 $implIncludes{"Element.h"} = 1;
                 $implIncludes{"JSNodeCustom.h"} = 1;
-                $rootString  = "    void* root = WebCore::root(js${interfaceName}->impl().ownerNode());\n";
+                $rootString  = "    void* root = WebCore::root(js${interfaceName}.impl().ownerNode());\n";
             } else {
-                $rootString  = "    void* root = WebCore::root(&js${interfaceName}->impl());\n";
+                $rootString  = "    void* root = WebCore::root(&js${interfaceName}.impl());\n";
             }
 
             push(@implContent, $rootString);
             push(@implContent, "    return visitor.containsOpaqueRoot(root);\n");
         } else {
             if (!$emittedJSCast) {
-                push(@implContent, "    UNUSED_PARAM(handle);\n");
+                push(@implContent, "    UNUSED_PARAM(cell);\n");
             }
             push(@implContent, "    UNUSED_PARAM(visitor);\n");
             push(@implContent, "    return false;\n");
@@ -3032,11 +3032,11 @@ sub GenerateImplementation
          GetGenerateIsReachable($interface) ||
          GetCustomIsReachable($interface) ||
          $codeGenerator->InheritsExtendedAttribute($interface, "ActiveDOMObject"))) {
-        push(@implContent, "void JS${interfaceName}Owner::finalize(JSC::Handle<JSC::Unknown> handle, void* context)\n");
+        push(@implContent, "void JS${interfaceName}Owner::finalize(JSC::JSCell*& cell, void* context)\n");
         push(@implContent, "{\n");
-        push(@implContent, "    auto* js${interfaceName} = jsCast<JS${interfaceName}*>(handle.slot()->asCell());\n");
+        push(@implContent, "    auto& wrapper = jsCast<JS${interfaceName}&>(*cell);\n");
         push(@implContent, "    auto& world = *static_cast<DOMWrapperWorld*>(context);\n");
-        push(@implContent, "    uncacheWrapper(world, &js${interfaceName}->impl(), js${interfaceName});\n");
+        push(@implContent, "    uncacheWrapper(world, &wrapper.impl(), &wrapper);\n");
         push(@implContent, "}\n\n");
     }
 
index dd82855..1a1093d 100644 (file)
@@ -240,18 +240,18 @@ EncodedJSValue JSC_HOST_CALL jsTestActiveDOMObjectPrototypeFunctionPostMessage(E
     return JSValue::encode(jsUndefined());
 }
 
-bool JSTestActiveDOMObjectOwner::isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown> handle, void*, SlotVisitor& visitor)
+bool JSTestActiveDOMObjectOwner::isReachableFromOpaqueRoots(JSC::JSCell& cell, void*, SlotVisitor& visitor)
 {
-    UNUSED_PARAM(handle);
+    UNUSED_PARAM(cell);
     UNUSED_PARAM(visitor);
     return false;
 }
 
-void JSTestActiveDOMObjectOwner::finalize(JSC::Handle<JSC::Unknown> handle, void* context)
+void JSTestActiveDOMObjectOwner::finalize(JSC::JSCell*& cell, void* context)
 {
-    auto* jsTestActiveDOMObject = jsCast<JSTestActiveDOMObject*>(handle.slot()->asCell());
+    auto& wrapper = jsCast<JSTestActiveDOMObject&>(*cell);
     auto& world = *static_cast<DOMWrapperWorld*>(context);
-    uncacheWrapper(world, &jsTestActiveDOMObject->impl(), jsTestActiveDOMObject);
+    uncacheWrapper(world, &wrapper.impl(), &wrapper);
 }
 
 #if ENABLE(BINDING_INTEGRITY)
index 3a0dd97..96787d4 100644 (file)
@@ -72,8 +72,8 @@ protected:
 
 class JSTestActiveDOMObjectOwner : public JSC::WeakHandleOwner {
 public:
-    virtual bool isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown>, void* context, JSC::SlotVisitor&);
-    virtual void finalize(JSC::Handle<JSC::Unknown>, void* context);
+    bool isReachableFromOpaqueRoots(JSC::JSCell&, void* context, JSC::SlotVisitor&) override;
+    void finalize(JSC::JSCell*&, void* context) override;
 };
 
 inline JSC::WeakHandleOwner* wrapperOwner(DOMWrapperWorld&, TestActiveDOMObject*)
index c7ba747..42c7d98 100644 (file)
@@ -157,18 +157,18 @@ EncodedJSValue jsTestCustomConstructorWithNoInterfaceObjectConstructor(ExecState
     return JSValue::encode(constructor);
 }
 
-bool JSTestCustomConstructorWithNoInterfaceObjectOwner::isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown> handle, void*, SlotVisitor& visitor)
+bool JSTestCustomConstructorWithNoInterfaceObjectOwner::isReachableFromOpaqueRoots(JSC::JSCell& cell, void*, SlotVisitor& visitor)
 {
-    UNUSED_PARAM(handle);
+    UNUSED_PARAM(cell);
     UNUSED_PARAM(visitor);
     return false;
 }
 
-void JSTestCustomConstructorWithNoInterfaceObjectOwner::finalize(JSC::Handle<JSC::Unknown> handle, void* context)
+void JSTestCustomConstructorWithNoInterfaceObjectOwner::finalize(JSC::JSCell*& cell, void* context)
 {
-    auto* jsTestCustomConstructorWithNoInterfaceObject = jsCast<JSTestCustomConstructorWithNoInterfaceObject*>(handle.slot()->asCell());
+    auto& wrapper = jsCast<JSTestCustomConstructorWithNoInterfaceObject&>(*cell);
     auto& world = *static_cast<DOMWrapperWorld*>(context);
-    uncacheWrapper(world, &jsTestCustomConstructorWithNoInterfaceObject->impl(), jsTestCustomConstructorWithNoInterfaceObject);
+    uncacheWrapper(world, &wrapper.impl(), &wrapper);
 }
 
 #if ENABLE(BINDING_INTEGRITY)
index 738c392..dce9d05 100644 (file)
@@ -68,8 +68,8 @@ protected:
 
 class JSTestCustomConstructorWithNoInterfaceObjectOwner : public JSC::WeakHandleOwner {
 public:
-    virtual bool isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown>, void* context, JSC::SlotVisitor&);
-    virtual void finalize(JSC::Handle<JSC::Unknown>, void* context);
+    bool isReachableFromOpaqueRoots(JSC::JSCell&, void* context, JSC::SlotVisitor&) override;
+    void finalize(JSC::JSCell*&, void* context) override;
 };
 
 inline JSC::WeakHandleOwner* wrapperOwner(DOMWrapperWorld&, TestCustomConstructorWithNoInterfaceObject*)
index 84456bd..bba23f7 100644 (file)
@@ -225,18 +225,18 @@ EncodedJSValue JSC_HOST_CALL jsTestCustomNamedGetterPrototypeFunctionAnotherFunc
     return JSValue::encode(jsUndefined());
 }
 
-bool JSTestCustomNamedGetterOwner::isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown> handle, void*, SlotVisitor& visitor)
+bool JSTestCustomNamedGetterOwner::isReachableFromOpaqueRoots(JSC::JSCell& cell, void*, SlotVisitor& visitor)
 {
-    UNUSED_PARAM(handle);
+    UNUSED_PARAM(cell);
     UNUSED_PARAM(visitor);
     return false;
 }
 
-void JSTestCustomNamedGetterOwner::finalize(JSC::Handle<JSC::Unknown> handle, void* context)
+void JSTestCustomNamedGetterOwner::finalize(JSC::JSCell*& cell, void* context)
 {
-    auto* jsTestCustomNamedGetter = jsCast<JSTestCustomNamedGetter*>(handle.slot()->asCell());
+    auto& wrapper = jsCast<JSTestCustomNamedGetter&>(*cell);
     auto& world = *static_cast<DOMWrapperWorld*>(context);
-    uncacheWrapper(world, &jsTestCustomNamedGetter->impl(), jsTestCustomNamedGetter);
+    uncacheWrapper(world, &wrapper.impl(), &wrapper);
 }
 
 #if ENABLE(BINDING_INTEGRITY)
index 4f99291..845d7c3 100644 (file)
@@ -75,8 +75,8 @@ private:
 
 class JSTestCustomNamedGetterOwner : public JSC::WeakHandleOwner {
 public:
-    virtual bool isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown>, void* context, JSC::SlotVisitor&);
-    virtual void finalize(JSC::Handle<JSC::Unknown>, void* context);
+    bool isReachableFromOpaqueRoots(JSC::JSCell&, void* context, JSC::SlotVisitor&) override;
+    void finalize(JSC::JSCell*&, void* context) override;
 };
 
 inline JSC::WeakHandleOwner* wrapperOwner(DOMWrapperWorld&, TestCustomNamedGetter*)
index 9eaf8f1..71a1592 100644 (file)
@@ -241,18 +241,18 @@ JSValue JSTestEventConstructor::getConstructor(VM& vm, JSGlobalObject* globalObj
     return getDOMConstructor<JSTestEventConstructorConstructor>(vm, jsCast<JSDOMGlobalObject*>(globalObject));
 }
 
-bool JSTestEventConstructorOwner::isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown> handle, void*, SlotVisitor& visitor)
+bool JSTestEventConstructorOwner::isReachableFromOpaqueRoots(JSC::JSCell& cell, void*, SlotVisitor& visitor)
 {
-    UNUSED_PARAM(handle);
+    UNUSED_PARAM(cell);
     UNUSED_PARAM(visitor);
     return false;
 }
 
-void JSTestEventConstructorOwner::finalize(JSC::Handle<JSC::Unknown> handle, void* context)
+void JSTestEventConstructorOwner::finalize(JSC::JSCell*& cell, void* context)
 {
-    auto* jsTestEventConstructor = jsCast<JSTestEventConstructor*>(handle.slot()->asCell());
+    auto& wrapper = jsCast<JSTestEventConstructor&>(*cell);
     auto& world = *static_cast<DOMWrapperWorld*>(context);
-    uncacheWrapper(world, &jsTestEventConstructor->impl(), jsTestEventConstructor);
+    uncacheWrapper(world, &wrapper.impl(), &wrapper);
 }
 
 #if ENABLE(BINDING_INTEGRITY)
index eeebe04..022162b 100644 (file)
@@ -71,8 +71,8 @@ protected:
 
 class JSTestEventConstructorOwner : public JSC::WeakHandleOwner {
 public:
-    virtual bool isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown>, void* context, JSC::SlotVisitor&);
-    virtual void finalize(JSC::Handle<JSC::Unknown>, void* context);
+    bool isReachableFromOpaqueRoots(JSC::JSCell&, void* context, JSC::SlotVisitor&) override;
+    void finalize(JSC::JSCell*&, void* context) override;
 };
 
 inline JSC::WeakHandleOwner* wrapperOwner(DOMWrapperWorld&, TestEventConstructor*)
index f205fe3..64c7482 100644 (file)
@@ -320,20 +320,20 @@ void JSTestEventTarget::visitChildren(JSCell* cell, SlotVisitor& visitor)
     thisObject->impl().visitJSEventListeners(visitor);
 }
 
-bool JSTestEventTargetOwner::isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown> handle, void*, SlotVisitor& visitor)
+bool JSTestEventTargetOwner::isReachableFromOpaqueRoots(JSC::JSCell& cell, void*, SlotVisitor& visitor)
 {
-    auto* jsTestEventTarget = jsCast<JSTestEventTarget*>(handle.slot()->asCell());
-    if (jsTestEventTarget->impl().isFiringEventListeners())
+    auto& jsTestEventTarget = jsCast<JSTestEventTarget&>(cell);
+    if (jsTestEventTarget.impl().isFiringEventListeners())
         return true;
     UNUSED_PARAM(visitor);
     return false;
 }
 
-void JSTestEventTargetOwner::finalize(JSC::Handle<JSC::Unknown> handle, void* context)
+void JSTestEventTargetOwner::finalize(JSC::JSCell*& cell, void* context)
 {
-    auto* jsTestEventTarget = jsCast<JSTestEventTarget*>(handle.slot()->asCell());
+    auto& wrapper = jsCast<JSTestEventTarget&>(*cell);
     auto& world = *static_cast<DOMWrapperWorld*>(context);
-    uncacheWrapper(world, &jsTestEventTarget->impl(), jsTestEventTarget);
+    uncacheWrapper(world, &wrapper.impl(), &wrapper);
 }
 
 #if ENABLE(BINDING_INTEGRITY)
index 831daf9..5195319 100644 (file)
@@ -79,8 +79,8 @@ private:
 
 class JSTestEventTargetOwner : public JSC::WeakHandleOwner {
 public:
-    virtual bool isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown>, void* context, JSC::SlotVisitor&);
-    virtual void finalize(JSC::Handle<JSC::Unknown>, void* context);
+    bool isReachableFromOpaqueRoots(JSC::JSCell&, void* context, JSC::SlotVisitor&) override;
+    void finalize(JSC::JSCell*&, void* context) override;
 };
 
 inline JSC::WeakHandleOwner* wrapperOwner(DOMWrapperWorld&, TestEventTarget*)
index e48d6be..387c2f6 100644 (file)
@@ -190,18 +190,18 @@ JSValue JSTestException::getConstructor(VM& vm, JSGlobalObject* globalObject)
     return getDOMConstructor<JSTestExceptionConstructor>(vm, jsCast<JSDOMGlobalObject*>(globalObject));
 }
 
-bool JSTestExceptionOwner::isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown> handle, void*, SlotVisitor& visitor)
+bool JSTestExceptionOwner::isReachableFromOpaqueRoots(JSC::JSCell& cell, void*, SlotVisitor& visitor)
 {
-    UNUSED_PARAM(handle);
+    UNUSED_PARAM(cell);
     UNUSED_PARAM(visitor);
     return false;
 }
 
-void JSTestExceptionOwner::finalize(JSC::Handle<JSC::Unknown> handle, void* context)
+void JSTestExceptionOwner::finalize(JSC::JSCell*& cell, void* context)
 {
-    auto* jsTestException = jsCast<JSTestException*>(handle.slot()->asCell());
+    auto& wrapper = jsCast<JSTestException&>(*cell);
     auto& world = *static_cast<DOMWrapperWorld*>(context);
-    uncacheWrapper(world, &jsTestException->impl(), jsTestException);
+    uncacheWrapper(world, &wrapper.impl(), &wrapper);
 }
 
 #if ENABLE(BINDING_INTEGRITY)
index 5432f43..c710149 100644 (file)
@@ -73,8 +73,8 @@ protected:
 
 class JSTestExceptionOwner : public JSC::WeakHandleOwner {
 public:
-    virtual bool isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown>, void* context, JSC::SlotVisitor&);
-    virtual void finalize(JSC::Handle<JSC::Unknown>, void* context);
+    bool isReachableFromOpaqueRoots(JSC::JSCell&, void* context, JSC::SlotVisitor&) override;
+    void finalize(JSC::JSCell*&, void* context) override;
 };
 
 inline JSC::WeakHandleOwner* wrapperOwner(DOMWrapperWorld&, TestException*)
index 697b1bd..cfc78a8 100644 (file)
@@ -152,18 +152,18 @@ JSValue JSTestGenerateIsReachable::getConstructor(VM& vm, JSGlobalObject* global
     return getDOMConstructor<JSTestGenerateIsReachableConstructor>(vm, jsCast<JSDOMGlobalObject*>(globalObject));
 }
 
-bool JSTestGenerateIsReachableOwner::isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown> handle, void*, SlotVisitor& visitor)
+bool JSTestGenerateIsReachableOwner::isReachableFromOpaqueRoots(JSC::JSCell& cell, void*, SlotVisitor& visitor)
 {
-    auto* jsTestGenerateIsReachable = jsCast<JSTestGenerateIsReachable*>(handle.slot()->asCell());
-    TestGenerateIsReachable* root = &jsTestGenerateIsReachable->impl();
+    auto& jsTestGenerateIsReachable = jsCast<JSTestGenerateIsReachable&>(cell);
+    TestGenerateIsReachable* root = &jsTestGenerateIsReachable.impl();
     return visitor.containsOpaqueRoot(root);
 }
 
-void JSTestGenerateIsReachableOwner::finalize(JSC::Handle<JSC::Unknown> handle, void* context)
+void JSTestGenerateIsReachableOwner::finalize(JSC::JSCell*& cell, void* context)
 {
-    auto* jsTestGenerateIsReachable = jsCast<JSTestGenerateIsReachable*>(handle.slot()->asCell());
+    auto& wrapper = jsCast<JSTestGenerateIsReachable&>(*cell);
     auto& world = *static_cast<DOMWrapperWorld*>(context);
-    uncacheWrapper(world, &jsTestGenerateIsReachable->impl(), jsTestGenerateIsReachable);
+    uncacheWrapper(world, &wrapper.impl(), &wrapper);
 }
 
 #if ENABLE(BINDING_INTEGRITY)
index 408dc59..9a75a7c 100644 (file)
@@ -69,8 +69,8 @@ protected:
 
 class JSTestGenerateIsReachableOwner : public JSC::WeakHandleOwner {
 public:
-    virtual bool isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown>, void* context, JSC::SlotVisitor&);
-    virtual void finalize(JSC::Handle<JSC::Unknown>, void* context);
+    bool isReachableFromOpaqueRoots(JSC::JSCell&, void* context, JSC::SlotVisitor&) override;
+    void finalize(JSC::JSCell*&, void* context) override;
 };
 
 inline JSC::WeakHandleOwner* wrapperOwner(DOMWrapperWorld&, TestGenerateIsReachable*)
index 654c552..1035688 100644 (file)
@@ -939,20 +939,20 @@ EncodedJSValue JSC_HOST_CALL jsTestInterfaceConstructorFunctionSupplementalMetho
 
 #endif
 
-bool JSTestInterfaceOwner::isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown> handle, void*, SlotVisitor& visitor)
+bool JSTestInterfaceOwner::isReachableFromOpaqueRoots(JSC::JSCell& cell, void*, SlotVisitor& visitor)
 {
-    auto* jsTestInterface = jsCast<JSTestInterface*>(handle.slot()->asCell());
-    if (jsTestInterface->impl().hasPendingActivity())
+    auto& jsTestInterface = jsCast<JSTestInterface&>(cell);
+    if (jsTestInterface.impl().hasPendingActivity())
         return true;
     UNUSED_PARAM(visitor);
     return false;
 }
 
-void JSTestInterfaceOwner::finalize(JSC::Handle<JSC::Unknown> handle, void* context)
+void JSTestInterfaceOwner::finalize(JSC::JSCell*& cell, void* context)
 {
-    auto* jsTestInterface = jsCast<JSTestInterface*>(handle.slot()->asCell());
+    auto& wrapper = jsCast<JSTestInterface&>(*cell);
     auto& world = *static_cast<DOMWrapperWorld*>(context);
-    uncacheWrapper(world, &jsTestInterface->impl(), jsTestInterface);
+    uncacheWrapper(world, &wrapper.impl(), &wrapper);
 }
 
 JSC::JSValue toJS(JSC::ExecState*, JSDOMGlobalObject* globalObject, TestInterface* impl)
index e2603dc..0bc77ef 100644 (file)
@@ -99,8 +99,8 @@ protected:
 
 class JSTestInterfaceOwner : public JSC::WeakHandleOwner {
 public:
-    virtual bool isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown>, void* context, JSC::SlotVisitor&);
-    virtual void finalize(JSC::Handle<JSC::Unknown>, void* context);
+    bool isReachableFromOpaqueRoots(JSC::JSCell&, void* context, JSC::SlotVisitor&) override;
+    void finalize(JSC::JSCell*&, void* context) override;
 };
 
 inline JSC::WeakHandleOwner* wrapperOwner(DOMWrapperWorld&, TestInterface*)
index 67302d4..f47e2da 100644 (file)
@@ -177,18 +177,18 @@ EncodedJSValue JSC_HOST_CALL jsTestMediaQueryListListenerPrototypeFunctionMethod
     return JSValue::encode(jsUndefined());
 }
 
-bool JSTestMediaQueryListListenerOwner::isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown> handle, void*, SlotVisitor& visitor)
+bool JSTestMediaQueryListListenerOwner::isReachableFromOpaqueRoots(JSC::JSCell& cell, void*, SlotVisitor& visitor)
 {
-    UNUSED_PARAM(handle);
+    UNUSED_PARAM(cell);
     UNUSED_PARAM(visitor);
     return false;
 }
 
-void JSTestMediaQueryListListenerOwner::finalize(JSC::Handle<JSC::Unknown> handle, void* context)
+void JSTestMediaQueryListListenerOwner::finalize(JSC::JSCell*& cell, void* context)
 {
-    auto* jsTestMediaQueryListListener = jsCast<JSTestMediaQueryListListener*>(handle.slot()->asCell());
+    auto& wrapper = jsCast<JSTestMediaQueryListListener&>(*cell);
     auto& world = *static_cast<DOMWrapperWorld*>(context);
-    uncacheWrapper(world, &jsTestMediaQueryListListener->impl(), jsTestMediaQueryListListener);
+    uncacheWrapper(world, &wrapper.impl(), &wrapper);
 }
 
 #if ENABLE(BINDING_INTEGRITY)
index 9754ee0..18b43d8 100644 (file)
@@ -69,8 +69,8 @@ protected:
 
 class JSTestMediaQueryListListenerOwner : public JSC::WeakHandleOwner {
 public:
-    virtual bool isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown>, void* context, JSC::SlotVisitor&);
-    virtual void finalize(JSC::Handle<JSC::Unknown>, void* context);
+    bool isReachableFromOpaqueRoots(JSC::JSCell&, void* context, JSC::SlotVisitor&) override;
+    void finalize(JSC::JSCell*&, void* context) override;
 };
 
 inline JSC::WeakHandleOwner* wrapperOwner(DOMWrapperWorld&, TestMediaQueryListListener*)
index 313f940..0cf9e80 100644 (file)
@@ -230,20 +230,20 @@ JSValue JSTestNamedConstructor::getNamedConstructor(VM& vm, JSGlobalObject* glob
     return getDOMConstructor<JSTestNamedConstructorNamedConstructor>(vm, jsCast<JSDOMGlobalObject*>(globalObject));
 }
 
-bool JSTestNamedConstructorOwner::isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown> handle, void*, SlotVisitor& visitor)
+bool JSTestNamedConstructorOwner::isReachableFromOpaqueRoots(JSC::JSCell& cell, void*, SlotVisitor& visitor)
 {
-    auto* jsTestNamedConstructor = jsCast<JSTestNamedConstructor*>(handle.slot()->asCell());
-    if (jsTestNamedConstructor->impl().hasPendingActivity())
+    auto& jsTestNamedConstructor = jsCast<JSTestNamedConstructor&>(cell);
+    if (jsTestNamedConstructor.impl().hasPendingActivity())
         return true;
     UNUSED_PARAM(visitor);
     return false;
 }
 
-void JSTestNamedConstructorOwner::finalize(JSC::Handle<JSC::Unknown> handle, void* context)
+void JSTestNamedConstructorOwner::finalize(JSC::JSCell*& cell, void* context)
 {
-    auto* jsTestNamedConstructor = jsCast<JSTestNamedConstructor*>(handle.slot()->asCell());
+    auto& wrapper = jsCast<JSTestNamedConstructor&>(*cell);
     auto& world = *static_cast<DOMWrapperWorld*>(context);
-    uncacheWrapper(world, &jsTestNamedConstructor->impl(), jsTestNamedConstructor);
+    uncacheWrapper(world, &wrapper.impl(), &wrapper);
 }
 
 #if ENABLE(BINDING_INTEGRITY)
index d608e16..66f2ec7 100644 (file)
@@ -70,8 +70,8 @@ protected:
 
 class JSTestNamedConstructorOwner : public JSC::WeakHandleOwner {
 public:
-    virtual bool isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown>, void* context, JSC::SlotVisitor&);
-    virtual void finalize(JSC::Handle<JSC::Unknown>, void* context);
+    bool isReachableFromOpaqueRoots(JSC::JSCell&, void* context, JSC::SlotVisitor&) override;
+    void finalize(JSC::JSCell*&, void* context) override;
 };
 
 inline JSC::WeakHandleOwner* wrapperOwner(DOMWrapperWorld&, TestNamedConstructor*)
index 18d2cd4..5e8aa6e 100644 (file)
@@ -483,18 +483,18 @@ EncodedJSValue JSC_HOST_CALL jsTestNondeterministicPrototypeFunctionNondetermini
     return JSValue::encode(result);
 }
 
-bool JSTestNondeterministicOwner::isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown> handle, void*, SlotVisitor& visitor)
+bool JSTestNondeterministicOwner::isReachableFromOpaqueRoots(JSC::JSCell& cell, void*, SlotVisitor& visitor)
 {
-    UNUSED_PARAM(handle);
+    UNUSED_PARAM(cell);
     UNUSED_PARAM(visitor);
     return false;
 }
 
-void JSTestNondeterministicOwner::finalize(JSC::Handle<JSC::Unknown> handle, void* context)
+void JSTestNondeterministicOwner::finalize(JSC::JSCell*& cell, void* context)
 {
-    auto* jsTestNondeterministic = jsCast<JSTestNondeterministic*>(handle.slot()->asCell());
+    auto& wrapper = jsCast<JSTestNondeterministic&>(*cell);
     auto& world = *static_cast<DOMWrapperWorld*>(context);
-    uncacheWrapper(world, &jsTestNondeterministic->impl(), jsTestNondeterministic);
+    uncacheWrapper(world, &wrapper.impl(), &wrapper);
 }
 
 #if ENABLE(BINDING_INTEGRITY)
index 075ef7a..eb51703 100644 (file)
@@ -69,8 +69,8 @@ protected:
 
 class JSTestNondeterministicOwner : public JSC::WeakHandleOwner {
 public:
-    virtual bool isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown>, void* context, JSC::SlotVisitor&);
-    virtual void finalize(JSC::Handle<JSC::Unknown>, void* context);
+    bool isReachableFromOpaqueRoots(JSC::JSCell&, void* context, JSC::SlotVisitor&) override;
+    void finalize(JSC::JSCell*&, void* context) override;
 };
 
 inline JSC::WeakHandleOwner* wrapperOwner(DOMWrapperWorld&, TestNondeterministic*)
index 3a0ae54..2e10f53 100644 (file)
@@ -4682,18 +4682,18 @@ void JSTestObj::visitChildren(JSCell* cell, SlotVisitor& visitor)
     visitor.append(&thisObject->m_cachedAttribute2);
 }
 
-bool JSTestObjOwner::isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown> handle, void*, SlotVisitor& visitor)
+bool JSTestObjOwner::isReachableFromOpaqueRoots(JSC::JSCell& cell, void*, SlotVisitor& visitor)
 {
-    UNUSED_PARAM(handle);
+    UNUSED_PARAM(cell);
     UNUSED_PARAM(visitor);
     return false;
 }
 
-void JSTestObjOwner::finalize(JSC::Handle<JSC::Unknown> handle, void* context)
+void JSTestObjOwner::finalize(JSC::JSCell*& cell, void* context)
 {
-    auto* jsTestObj = jsCast<JSTestObj*>(handle.slot()->asCell());
+    auto& wrapper = jsCast<JSTestObj&>(*cell);
     auto& world = *static_cast<DOMWrapperWorld*>(context);
-    uncacheWrapper(world, &jsTestObj->impl(), jsTestObj);
+    uncacheWrapper(world, &wrapper.impl(), &wrapper);
 }
 
 #if ENABLE(BINDING_INTEGRITY)
index 23545ee..774c714 100644 (file)
@@ -85,8 +85,8 @@ protected:
 
 class JSTestObjOwner : public JSC::WeakHandleOwner {
 public:
-    virtual bool isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown>, void* context, JSC::SlotVisitor&);
-    virtual void finalize(JSC::Handle<JSC::Unknown>, void* context);
+    bool isReachableFromOpaqueRoots(JSC::JSCell&, void* context, JSC::SlotVisitor&) override;
+    void finalize(JSC::JSCell*&, void* context) override;
 };
 
 inline JSC::WeakHandleOwner* wrapperOwner(DOMWrapperWorld&, TestObj*)
index bbc4789..4469424 100644 (file)
@@ -246,18 +246,18 @@ JSValue JSTestOverloadedConstructors::getConstructor(VM& vm, JSGlobalObject* glo
     return getDOMConstructor<JSTestOverloadedConstructorsConstructor>(vm, jsCast<JSDOMGlobalObject*>(globalObject));
 }
 
-bool JSTestOverloadedConstructorsOwner::isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown> handle, void*, SlotVisitor& visitor)
+bool JSTestOverloadedConstructorsOwner::isReachableFromOpaqueRoots(JSC::JSCell& cell, void*, SlotVisitor& visitor)
 {
-    UNUSED_PARAM(handle);
+    UNUSED_PARAM(cell);
     UNUSED_PARAM(visitor);
     return false;
 }
 
-void JSTestOverloadedConstructorsOwner::finalize(JSC::Handle<JSC::Unknown> handle, void* context)
+void JSTestOverloadedConstructorsOwner::finalize(JSC::JSCell*& cell, void* context)
 {
-    auto* jsTestOverloadedConstructors = jsCast<JSTestOverloadedConstructors*>(handle.slot()->asCell());
+    auto& wrapper = jsCast<JSTestOverloadedConstructors&>(*cell);
     auto& world = *static_cast<DOMWrapperWorld*>(context);
-    uncacheWrapper(world, &jsTestOverloadedConstructors->impl(), jsTestOverloadedConstructors);
+    uncacheWrapper(world, &wrapper.impl(), &wrapper);
 }
 
 #if ENABLE(BINDING_INTEGRITY)
index 86a4ac3..e523fc1 100644 (file)
@@ -69,8 +69,8 @@ protected:
 
 class JSTestOverloadedConstructorsOwner : public JSC::WeakHandleOwner {
 public:
-    virtual bool isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown>, void* context, JSC::SlotVisitor&);
-    virtual void finalize(JSC::Handle<JSC::Unknown>, void* context);
+    bool isReachableFromOpaqueRoots(JSC::JSCell&, void* context, JSC::SlotVisitor&) override;
+    void finalize(JSC::JSCell*&, void* context) override;
 };
 
 inline JSC::WeakHandleOwner* wrapperOwner(DOMWrapperWorld&, TestOverloadedConstructors*)
index 346e0cd..5f7ca69 100644 (file)
@@ -221,18 +221,18 @@ EncodedJSValue JSC_HOST_CALL jsTestOverrideBuiltinsPrototypeFunctionNamedItem(Ex
     return JSValue::encode(result);
 }
 
-bool JSTestOverrideBuiltinsOwner::isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown> handle, void*, SlotVisitor& visitor)
+bool JSTestOverrideBuiltinsOwner::isReachableFromOpaqueRoots(JSC::JSCell& cell, void*, SlotVisitor& visitor)
 {
-    UNUSED_PARAM(handle);
+    UNUSED_PARAM(cell);
     UNUSED_PARAM(visitor);
     return false;
 }
 
-void JSTestOverrideBuiltinsOwner::finalize(JSC::Handle<JSC::Unknown> handle, void* context)
+void JSTestOverrideBuiltinsOwner::finalize(JSC::JSCell*& cell, void* context)
 {
-    auto* jsTestOverrideBuiltins = jsCast<JSTestOverrideBuiltins*>(handle.slot()->asCell());
+    auto& wrapper = jsCast<JSTestOverrideBuiltins&>(*cell);
     auto& world = *static_cast<DOMWrapperWorld*>(context);
-    uncacheWrapper(world, &jsTestOverrideBuiltins->impl(), jsTestOverrideBuiltins);
+    uncacheWrapper(world, &wrapper.impl(), &wrapper);
 }
 
 #if ENABLE(BINDING_INTEGRITY)
index f5ad555..04492aa 100644 (file)
@@ -75,8 +75,8 @@ private:
 
 class JSTestOverrideBuiltinsOwner : public JSC::WeakHandleOwner {
 public:
-    virtual bool isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown>, void* context, JSC::SlotVisitor&);
-    virtual void finalize(JSC::Handle<JSC::Unknown>, void* context);
+    bool isReachableFromOpaqueRoots(JSC::JSCell&, void* context, JSC::SlotVisitor&) override;
+    void finalize(JSC::JSCell*&, void* context) override;
 };
 
 inline JSC::WeakHandleOwner* wrapperOwner(DOMWrapperWorld&, TestOverrideBuiltins*)
index ca4354a..f1b64d2 100644 (file)
@@ -311,18 +311,18 @@ void JSTestSerializedScriptValueInterface::visitChildren(JSCell* cell, SlotVisit
     visitor.append(&thisObject->m_cachedReadonlyValue);
 }
 
-bool JSTestSerializedScriptValueInterfaceOwner::isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown> handle, void*, SlotVisitor& visitor)
+bool JSTestSerializedScriptValueInterfaceOwner::isReachableFromOpaqueRoots(JSC::JSCell& cell, void*, SlotVisitor& visitor)
 {
-    UNUSED_PARAM(handle);
+    UNUSED_PARAM(cell);
     UNUSED_PARAM(visitor);
     return false;
 }
 
-void JSTestSerializedScriptValueInterfaceOwner::finalize(JSC::Handle<JSC::Unknown> handle, void* context)
+void JSTestSerializedScriptValueInterfaceOwner::finalize(JSC::JSCell*& cell, void* context)
 {
-    auto* jsTestSerializedScriptValueInterface = jsCast<JSTestSerializedScriptValueInterface*>(handle.slot()->asCell());
+    auto& wrapper = jsCast<JSTestSerializedScriptValueInterface&>(*cell);
     auto& world = *static_cast<DOMWrapperWorld*>(context);
-    uncacheWrapper(world, &jsTestSerializedScriptValueInterface->impl(), jsTestSerializedScriptValueInterface);
+    uncacheWrapper(world, &wrapper.impl(), &wrapper);
 }
 
 #if ENABLE(BINDING_INTEGRITY)
index ee71120..6421d23 100644 (file)
@@ -75,8 +75,8 @@ protected:
 
 class JSTestSerializedScriptValueInterfaceOwner : public JSC::WeakHandleOwner {
 public:
-    virtual bool isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown>, void* context, JSC::SlotVisitor&);
-    virtual void finalize(JSC::Handle<JSC::Unknown>, void* context);
+    bool isReachableFromOpaqueRoots(JSC::JSCell&, void* context, JSC::SlotVisitor&) override;
+    void finalize(JSC::JSCell*&, void* context) override;
 };
 
 inline JSC::WeakHandleOwner* wrapperOwner(DOMWrapperWorld&, TestSerializedScriptValueInterface*)
index 8eefee2..f0ea283 100644 (file)
@@ -720,18 +720,18 @@ EncodedJSValue JSC_HOST_CALL jsTestTypedefsPrototypeFunctionMethodWithException(
     return JSValue::encode(jsUndefined());
 }
 
-bool JSTestTypedefsOwner::isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown> handle, void*, SlotVisitor& visitor)
+bool JSTestTypedefsOwner::isReachableFromOpaqueRoots(JSC::JSCell& cell, void*, SlotVisitor& visitor)
 {
-    UNUSED_PARAM(handle);
+    UNUSED_PARAM(cell);
     UNUSED_PARAM(visitor);
     return false;
 }
 
-void JSTestTypedefsOwner::finalize(JSC::Handle<JSC::Unknown> handle, void* context)
+void JSTestTypedefsOwner::finalize(JSC::JSCell*& cell, void* context)
 {
-    auto* jsTestTypedefs = jsCast<JSTestTypedefs*>(handle.slot()->asCell());
+    auto& wrapper = jsCast<JSTestTypedefs&>(*cell);
     auto& world = *static_cast<DOMWrapperWorld*>(context);
-    uncacheWrapper(world, &jsTestTypedefs->impl(), jsTestTypedefs);
+    uncacheWrapper(world, &wrapper.impl(), &wrapper);
 }
 
 #if ENABLE(BINDING_INTEGRITY)
index 7b26e34..6b183a9 100644 (file)
@@ -72,8 +72,8 @@ protected:
 
 class JSTestTypedefsOwner : public JSC::WeakHandleOwner {
 public:
-    virtual bool isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown>, void* context, JSC::SlotVisitor&);
-    virtual void finalize(JSC::Handle<JSC::Unknown>, void* context);
+    bool isReachableFromOpaqueRoots(JSC::JSCell&, void* context, JSC::SlotVisitor&) override;
+    void finalize(JSC::JSCell*&, void* context) override;
 };
 
 inline JSC::WeakHandleOwner* wrapperOwner(DOMWrapperWorld&, TestTypedefs*)
index f6c9197..983153e 100644 (file)
@@ -173,18 +173,18 @@ JSValue JSattribute::getConstructor(VM& vm, JSGlobalObject* globalObject)
     return getDOMConstructor<JSattributeConstructor>(vm, jsCast<JSDOMGlobalObject*>(globalObject));
 }
 
-bool JSattributeOwner::isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown> handle, void*, SlotVisitor& visitor)
+bool JSattributeOwner::isReachableFromOpaqueRoots(JSC::JSCell& cell, void*, SlotVisitor& visitor)
 {
-    UNUSED_PARAM(handle);
+    UNUSED_PARAM(cell);
     UNUSED_PARAM(visitor);
     return false;
 }
 
-void JSattributeOwner::finalize(JSC::Handle<JSC::Unknown> handle, void* context)
+void JSattributeOwner::finalize(JSC::JSCell*& cell, void* context)
 {
-    auto* jsattribute = jsCast<JSattribute*>(handle.slot()->asCell());
+    auto& wrapper = jsCast<JSattribute&>(*cell);
     auto& world = *static_cast<DOMWrapperWorld*>(context);
-    uncacheWrapper(world, &jsattribute->impl(), jsattribute);
+    uncacheWrapper(world, &wrapper.impl(), &wrapper);
 }
 
 #if ENABLE(BINDING_INTEGRITY)
index c657b85..b769e9d 100644 (file)
@@ -70,8 +70,8 @@ protected:
 
 class JSattributeOwner : public JSC::WeakHandleOwner {
 public:
-    virtual bool isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown>, void* context, JSC::SlotVisitor&);
-    virtual void finalize(JSC::Handle<JSC::Unknown>, void* context);
+    bool isReachableFromOpaqueRoots(JSC::JSCell&, void* context, JSC::SlotVisitor&) override;
+    void finalize(JSC::JSCell*&, void* context) override;
 };
 
 inline JSC::WeakHandleOwner* wrapperOwner(DOMWrapperWorld&, attribute*)
index 7b05680..207c0b5 100644 (file)
@@ -152,18 +152,18 @@ JSValue JSreadonly::getConstructor(VM& vm, JSGlobalObject* globalObject)
     return getDOMConstructor<JSreadonlyConstructor>(vm, jsCast<JSDOMGlobalObject*>(globalObject));
 }
 
-bool JSreadonlyOwner::isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown> handle, void*, SlotVisitor& visitor)
+bool JSreadonlyOwner::isReachableFromOpaqueRoots(JSC::JSCell& cell, void*, SlotVisitor& visitor)
 {
-    UNUSED_PARAM(handle);
+    UNUSED_PARAM(cell);
     UNUSED_PARAM(visitor);
     return false;
 }
 
-void JSreadonlyOwner::finalize(JSC::Handle<JSC::Unknown> handle, void* context)
+void JSreadonlyOwner::finalize(JSC::JSCell*& cell, void* context)
 {
-    auto* jsreadonly = jsCast<JSreadonly*>(handle.slot()->asCell());
+    auto& wrapper = jsCast<JSreadonly&>(*cell);
     auto& world = *static_cast<DOMWrapperWorld*>(context);
-    uncacheWrapper(world, &jsreadonly->impl(), jsreadonly);
+    uncacheWrapper(world, &wrapper.impl(), &wrapper);
 }
 
 JSC::JSValue toJS(JSC::ExecState*, JSDOMGlobalObject* globalObject, readonly* impl)
index b1f62e8..d0e1888 100644 (file)
@@ -69,8 +69,8 @@ protected:
 
 class JSreadonlyOwner : public JSC::WeakHandleOwner {
 public:
-    virtual bool isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown>, void* context, JSC::SlotVisitor&);
-    virtual void finalize(JSC::Handle<JSC::Unknown>, void* context);
+    bool isReachableFromOpaqueRoots(JSC::JSCell&, void* context, JSC::SlotVisitor&) override;
+    void finalize(JSC::JSCell*&, void* context) override;
 };
 
 inline JSC::WeakHandleOwner* wrapperOwner(DOMWrapperWorld&, readonly*)
index f865c8a..7cde399 100644 (file)
@@ -196,9 +196,9 @@ void RootObject::removeRuntimeObject(RuntimeObject* object)
     weakRemove(m_runtimeObjects, object, object);
 }
 
-void RootObject::finalize(JSC::Handle<JSC::Unknown> handle, void*)
+void RootObject::finalize(JSC::JSCell*& cell, void*)
 {
-    RuntimeObject* object = static_cast<RuntimeObject*>(handle.slot()->asCell());
+    RuntimeObject* object = jsCast<RuntimeObject*>(cell);
 
     Ref<RootObject> protect(*this);
     object->invalidate();
index 841a64e..efbbe0e 100644 (file)
@@ -83,7 +83,7 @@ private:
     RootObject(const void* nativeHandle, JSGlobalObject*);
 
     // WeakHandleOwner
-    virtual void finalize(JSC::Handle<JSC::Unknown>, void* context) override;
+    void finalize(JSC::JSCell*&, void* context) override;
 
     bool m_isValid;
     
index 22b25ad..0311865 100644 (file)
@@ -1,3 +1,14 @@
+2015-09-11  Andreas Kling  <akling@apple.com>
+
+        [JSC] Weak should only accept cell pointees.
+        <https://webkit.org/b/148955>
+
+        Reviewed by Geoffrey Garen.
+
+        * WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:
+        (WebKit::NPRuntimeObjectMap::finalize):
+        * WebProcess/Plugins/Netscape/NPRuntimeObjectMap.h:
+
 2015-09-10  Joseph Pecoraro  <pecoraro@apple.com>
 
         Web Inspector: Remove unused files
index 49c1d3b..89ec344 100644 (file)
@@ -305,11 +305,11 @@ void NPRuntimeObjectMap::addToInvalidationQueue(NPObject* npObject)
     m_npObjectsToFinalize.append(npObject);
 }
 
-void NPRuntimeObjectMap::finalize(JSC::Handle<JSC::Unknown> handle, void* context)
+void NPRuntimeObjectMap::finalize(JSC::JSCell*& cell, void* context)
 {
-    JSNPObject* object = jsCast<JSNPObject*>(handle.get().asCell());
-    weakRemove(m_jsNPObjects, static_cast<NPObject*>(context), object);
-    addToInvalidationQueue(object->leakNPObject());
+    JSNPObject& object = jsCast<JSNPObject&>(*cell);
+    weakRemove(m_jsNPObjects, static_cast<NPObject*>(context), &object);
+    addToInvalidationQueue(object.leakNPObject());
 }
 
 } // namespace WebKit
index fade41d..48aa4f1 100644 (file)
@@ -52,7 +52,7 @@ class NPJSObject;
 class PluginView;
 
 // A per plug-in map of NPObjects that wrap JavaScript objects.
-class NPRuntimeObjectMap : private JSC::WeakHandleOwner {
+class NPRuntimeObjectMap final : private JSC::WeakHandleOwner {
 public:
     explicit NPRuntimeObjectMap(PluginView*);
 
@@ -90,7 +90,8 @@ public:
 
 private:
     // WeakHandleOwner
-    virtual void finalize(JSC::Handle<JSC::Unknown>, void* context);
+    void finalize(JSC::JSCell*&, void* context) override;
+
     void addToInvalidationQueue(NPObject*);
     void invalidateQueuedObjects();