diff options
author | Simon Hausmann <simon.hausmann@nokia.com> | 2009-07-23 14:14:01 (GMT) |
---|---|---|
committer | Simon Hausmann <simon.hausmann@nokia.com> | 2009-07-23 14:14:01 (GMT) |
commit | fdaed851ce71fc474a7959d8fc30b50465a98d0d (patch) | |
tree | e6fc5f217c43d0e18e9e1baa65aed3e152ec56c3 /src | |
parent | c29d1cc49998ef895df9dcbccafe1b6d6d8e7efc (diff) | |
download | Qt-fdaed851ce71fc474a7959d8fc30b50465a98d0d.zip Qt-fdaed851ce71fc474a7959d8fc30b50465a98d0d.tar.gz Qt-fdaed851ce71fc474a7959d8fc30b50465a98d0d.tar.bz2 |
Updated WebKit from /home/shausman/src/webkit/trunk to origin/qtwebkit-4.5 ( 1535d41a668e5f74f44ff3aa1313a84d5718d2d7 )
Changes in WebKit since the last update:
++ b/WebCore/ChangeLog
2009-07-23 Simon Hausmann <simon.hausmann@nokia.com>
Reviewed by Holger Freyther.
Fix crashes with the QObject bindings after garbage collection.
There is one QtInstance per wrapped QObject, and that QtInstance keeps
references to cached JSObjects for slots. When those objects get
deleted due to GC, then they becoming dangling pointers.
When a cached member dies, it is now removed from the QtInstance's
cache.
As we cannot track the lifetime of the children, we have to remove
them from QtInstance alltogether. They are not cached and were
only used for mark(), but we _want_ them to be subject to gc.
* bridge/qt/qt_instance.cpp:
(JSC::Bindings::QtInstance::~QtInstance): Minor coding style cleanup,
use qDeleteAll().
(JSC::Bindings::QtInstance::removeCachedMethod): New function, to
clean m_methods and m_defaultMethod.
(JSC::Bindings::QtInstance::mark): Avoid marking already marked objects.
(JSC::Bindings::QtField::valueFromInstance): Don't save children for
marking.
* bridge/qt/qt_instance.h: Declare removeCachedMethod.
* bridge/qt/qt_runtime.cpp:
(JSC::Bindings::QtRuntimeMethod::~QtRuntimeMethod): Call removeCachedMethod
with this on the instance.
2009-05-04 Jakub Wieczorek <faw217@gmail.com>
Reviewed by Simon Hausmann.
As Qtish implementation of MIMETypeRegistry::getMIMETypeForExtension()
returns the application/octet-stream mimetype when it can't associate
extension with any mimetype, it can happen that the application/octet-stream
mimetype will hit the list of supported image formats. For instance,
it is possible when QImageReader or QImageWriter support an extension
that is not in the extensions map.
Make sure that this mimetype is not treated as displayable image type.
* platform/MIMETypeRegistry.cpp:
(WebCore::initializeSupportedImageMIMETypes):
(WebCore::initializeSupportedImageMIMETypesForEncoding):
++ b/WebKit/qt/ChangeLog
2009-07-23 Simon Hausmann <simon.hausmann@nokia.com>
Reviewed by Holger Freyther.
Added a testcase to verify that cached methods in the QOBject bindings
remain alife even after garbage collection.
* tests/qwebpage/tst_qwebpage.cpp:
(tst_QWebPage::protectBindingsRuntimeObjectsFromCollector):
Diffstat (limited to 'src')
-rw-r--r-- | src/3rdparty/webkit/VERSION | 2 | ||||
-rw-r--r-- | src/3rdparty/webkit/WebCore/ChangeLog | 47 | ||||
-rw-r--r-- | src/3rdparty/webkit/WebCore/bridge/qt/qt_instance.cpp | 31 | ||||
-rw-r--r-- | src/3rdparty/webkit/WebCore/bridge/qt/qt_instance.h | 3 | ||||
-rw-r--r-- | src/3rdparty/webkit/WebCore/bridge/qt/qt_runtime.cpp | 2 | ||||
-rw-r--r-- | src/3rdparty/webkit/WebCore/platform/MIMETypeRegistry.cpp | 5 | ||||
-rw-r--r-- | src/3rdparty/webkit/WebKit/qt/Api/qwebframe.cpp | 6 | ||||
-rw-r--r-- | src/3rdparty/webkit/WebKit/qt/ChangeLog | 10 | ||||
-rw-r--r-- | src/3rdparty/webkit/WebKit/qt/tests/qwebpage/tst_qwebpage.cpp | 25 |
9 files changed, 114 insertions, 17 deletions
diff --git a/src/3rdparty/webkit/VERSION b/src/3rdparty/webkit/VERSION index 88f32d9..eaa0479 100644 --- a/src/3rdparty/webkit/VERSION +++ b/src/3rdparty/webkit/VERSION @@ -8,4 +8,4 @@ The commit imported was from the and has the sha1 checksum - a3e05ad8acdead3b534d0cef772b85f002e80b8d + 1535d41a668e5f74f44ff3aa1313a84d5718d2d7 diff --git a/src/3rdparty/webkit/WebCore/ChangeLog b/src/3rdparty/webkit/WebCore/ChangeLog index 19bb36a..83f5e6f 100644 --- a/src/3rdparty/webkit/WebCore/ChangeLog +++ b/src/3rdparty/webkit/WebCore/ChangeLog @@ -1,3 +1,50 @@ +2009-07-23 Simon Hausmann <simon.hausmann@nokia.com> + + Reviewed by Holger Freyther. + + Fix crashes with the QObject bindings after garbage collection. + + There is one QtInstance per wrapped QObject, and that QtInstance keeps + references to cached JSObjects for slots. When those objects get + deleted due to GC, then they becoming dangling pointers. + + When a cached member dies, it is now removed from the QtInstance's + cache. + + As we cannot track the lifetime of the children, we have to remove + them from QtInstance alltogether. They are not cached and were + only used for mark(), but we _want_ them to be subject to gc. + + * bridge/qt/qt_instance.cpp: + (JSC::Bindings::QtInstance::~QtInstance): Minor coding style cleanup, + use qDeleteAll(). + (JSC::Bindings::QtInstance::removeCachedMethod): New function, to + clean m_methods and m_defaultMethod. + (JSC::Bindings::QtInstance::mark): Avoid marking already marked objects. + (JSC::Bindings::QtField::valueFromInstance): Don't save children for + marking. + * bridge/qt/qt_instance.h: Declare removeCachedMethod. + * bridge/qt/qt_runtime.cpp: + (JSC::Bindings::QtRuntimeMethod::~QtRuntimeMethod): Call removeCachedMethod + with this on the instance. + +2009-05-04 Jakub Wieczorek <faw217@gmail.com> + + Reviewed by Simon Hausmann. + + As Qtish implementation of MIMETypeRegistry::getMIMETypeForExtension() + returns the application/octet-stream mimetype when it can't associate + extension with any mimetype, it can happen that the application/octet-stream + mimetype will hit the list of supported image formats. For instance, + it is possible when QImageReader or QImageWriter support an extension + that is not in the extensions map. + + Make sure that this mimetype is not treated as displayable image type. + + * platform/MIMETypeRegistry.cpp: + (WebCore::initializeSupportedImageMIMETypes): + (WebCore::initializeSupportedImageMIMETypesForEncoding): + 2009-06-18 Chris Evans <scarybeasts@gmail.com> Reviewed by Adam Barth. diff --git a/src/3rdparty/webkit/WebCore/bridge/qt/qt_instance.cpp b/src/3rdparty/webkit/WebCore/bridge/qt/qt_instance.cpp index 4b94a94..4fc95fa 100644 --- a/src/3rdparty/webkit/WebCore/bridge/qt/qt_instance.cpp +++ b/src/3rdparty/webkit/WebCore/bridge/qt/qt_instance.cpp @@ -110,9 +110,7 @@ QtInstance::~QtInstance() // clean up (unprotect from gc) the JSValues we've created m_methods.clear(); - foreach(QtField* f, m_fields.values()) { - delete f; - } + qDeleteAll(m_fields); m_fields.clear(); if (m_object) { @@ -158,6 +156,19 @@ RuntimeObjectImp* QtInstance::getRuntimeObject(ExecState* exec, PassRefPtr<QtIns return ret; } +void QtInstance::removeCachedMethod(JSObject* method) +{ + if (m_defaultMethod == method) + m_defaultMethod = 0; + + for(QHash<QByteArray, JSObject*>::Iterator it = m_methods.begin(), + end = m_methods.end(); it != end; ++it) + if (it.value() == method) { + m_methods.erase(it); + return; + } +} + Class* QtInstance::getClass() const { if (!m_class) @@ -167,16 +178,12 @@ Class* QtInstance::getClass() const void QtInstance::mark() { - if (m_defaultMethod) + if (m_defaultMethod && !m_defaultMethod->marked()) m_defaultMethod->mark(); foreach(JSObject* val, m_methods.values()) { if (val && !val->marked()) val->mark(); } - foreach(JSValuePtr val, m_children.values()) { - if (val && !val->marked()) - val->mark(); - } } void QtInstance::begin() @@ -329,13 +336,7 @@ JSValuePtr QtField::valueFromInstance(ExecState* exec, const Instance* inst) con else if (m_type == DynamicProperty) val = obj->property(m_dynamicProperty); - JSValuePtr ret = convertQVariantToValue(exec, inst->rootObject(), val); - - // Need to save children so we can mark them - if (m_type == ChildObject) - instance->m_children.insert(ret); - - return ret; + return convertQVariantToValue(exec, inst->rootObject(), val); } else { QString msg = QString(QLatin1String("cannot access member `%1' of deleted QObject")).arg(QLatin1String(name())); return throwError(exec, GeneralError, msg.toLatin1().constData()); diff --git a/src/3rdparty/webkit/WebCore/bridge/qt/qt_instance.h b/src/3rdparty/webkit/WebCore/bridge/qt/qt_instance.h index 50d4cf1..bc22725 100644 --- a/src/3rdparty/webkit/WebCore/bridge/qt/qt_instance.h +++ b/src/3rdparty/webkit/WebCore/bridge/qt/qt_instance.h @@ -64,6 +64,8 @@ public: static PassRefPtr<QtInstance> getQtInstance(QObject*, PassRefPtr<RootObject>, QScriptEngine::ValueOwnership ownership); static RuntimeObjectImp* getRuntimeObject(ExecState* exec, PassRefPtr<QtInstance>); + void removeCachedMethod(JSObject*); + private: static PassRefPtr<QtInstance> create(QObject *instance, PassRefPtr<RootObject> rootObject, QScriptEngine::ValueOwnership ownership) { @@ -78,7 +80,6 @@ private: QObject* m_hashkey; mutable QHash<QByteArray, JSObject*> m_methods; mutable QHash<QString, QtField*> m_fields; - mutable QSet<JSValuePtr> m_children; mutable QtRuntimeMetaMethod* m_defaultMethod; QScriptEngine::ValueOwnership m_ownership; }; diff --git a/src/3rdparty/webkit/WebCore/bridge/qt/qt_runtime.cpp b/src/3rdparty/webkit/WebCore/bridge/qt/qt_runtime.cpp index c7ba6c2..c0883a9 100644 --- a/src/3rdparty/webkit/WebCore/bridge/qt/qt_runtime.cpp +++ b/src/3rdparty/webkit/WebCore/bridge/qt/qt_runtime.cpp @@ -913,6 +913,8 @@ QtRuntimeMethod::QtRuntimeMethod(QtRuntimeMethodData* dd, ExecState* exec, const QtRuntimeMethod::~QtRuntimeMethod() { + QW_D(QtRuntimeMethod); + d->m_instance->removeCachedMethod(this); delete d_ptr; } diff --git a/src/3rdparty/webkit/WebCore/platform/MIMETypeRegistry.cpp b/src/3rdparty/webkit/WebCore/platform/MIMETypeRegistry.cpp index 8f98735..a85d706 100644 --- a/src/3rdparty/webkit/WebCore/platform/MIMETypeRegistry.cpp +++ b/src/3rdparty/webkit/WebCore/platform/MIMETypeRegistry.cpp @@ -100,6 +100,9 @@ static void initializeSupportedImageMIMETypes() supportedImageMIMETypes->add(mimeType); supportedImageResourceMIMETypes->add(mimeType); } + + supportedImageMIMETypes->remove("application/octet-stream"); + supportedImageResourceMIMETypes->remove("application/octet-stream"); #else // assume that all implementations at least support the following standard // image types: @@ -145,6 +148,8 @@ static void initializeSupportedImageMIMETypesForEncoding() String mimeType = MIMETypeRegistry::getMIMETypeForExtension(formats.at(i).constData()); supportedImageMIMETypesForEncoding->add(mimeType); } + + supportedImageMIMETypesForEncoding->remove("application/octet-stream"); #elif PLATFORM(CAIRO) supportedImageMIMETypesForEncoding->add("image/png"); #endif diff --git a/src/3rdparty/webkit/WebKit/qt/Api/qwebframe.cpp b/src/3rdparty/webkit/WebKit/qt/Api/qwebframe.cpp index e565476..bd43ce3 100644 --- a/src/3rdparty/webkit/WebKit/qt/Api/qwebframe.cpp +++ b/src/3rdparty/webkit/WebKit/qt/Api/qwebframe.cpp @@ -32,6 +32,7 @@ #include "Frame.h" #include "FrameTree.h" #include "FrameView.h" +#include "GCController.h" #include "IconDatabase.h" #include "InspectorController.h" #include "Page.h" @@ -105,6 +106,11 @@ void QWEBKIT_EXPORT qt_drt_setJavaScriptProfilingEnabled(QWebFrame* qframe, bool controller->disableProfiler(); } +void QWEBKIT_EXPORT qt_drt_garbageCollector_collect() +{ + gcController().garbageCollectNow(); +} + void QWebFramePrivate::init(QWebFrame *qframe, WebCore::Page *webcorePage, QWebFrameData *frameData) { q = qframe; diff --git a/src/3rdparty/webkit/WebKit/qt/ChangeLog b/src/3rdparty/webkit/WebKit/qt/ChangeLog index a7e176d..125e556 100644 --- a/src/3rdparty/webkit/WebKit/qt/ChangeLog +++ b/src/3rdparty/webkit/WebKit/qt/ChangeLog @@ -1,3 +1,13 @@ +2009-07-23 Simon Hausmann <simon.hausmann@nokia.com> + + Reviewed by Holger Freyther. + + Added a testcase to verify that cached methods in the QOBject bindings + remain alife even after garbage collection. + + * tests/qwebpage/tst_qwebpage.cpp: + (tst_QWebPage::protectBindingsRuntimeObjectsFromCollector): + 2009-06-16 Morten Engvoldsen <morten.engvoldsen@nokia.com> Reviewed by Ariya Hidayat. diff --git a/src/3rdparty/webkit/WebKit/qt/tests/qwebpage/tst_qwebpage.cpp b/src/3rdparty/webkit/WebKit/qt/tests/qwebpage/tst_qwebpage.cpp index 620aa31..c3ed54c 100644 --- a/src/3rdparty/webkit/WebKit/qt/tests/qwebpage/tst_qwebpage.cpp +++ b/src/3rdparty/webkit/WebKit/qt/tests/qwebpage/tst_qwebpage.cpp @@ -107,6 +107,7 @@ private slots: void textEditing(); void requestCache(); + void protectBindingsRuntimeObjectsFromCollector(); private: @@ -1037,5 +1038,29 @@ void tst_QWebPage::requestCache() (int)QNetworkRequest::PreferCache); } +void QWEBKIT_EXPORT qt_drt_garbageCollector_collect(); + +void tst_QWebPage::protectBindingsRuntimeObjectsFromCollector() +{ + QSignalSpy loadSpy(m_view, SIGNAL(loadFinished(bool))); + + PluginPage* newPage = new PluginPage(m_view); + m_view->setPage(newPage); + + m_view->settings()->setAttribute(QWebSettings::PluginsEnabled, true); + + m_view->setHtml(QString("<html><body><object type='application/x-qt-plugin' classid='lineedit' id='mylineedit'/></body></html>")); + QTRY_COMPARE(loadSpy.count(), 1); + + newPage->mainFrame()->evaluateJavaScript("function testme(text) { var lineedit = document.getElementById('mylineedit'); lineedit.setText(text); lineedit.selectAll(); }"); + + newPage->mainFrame()->evaluateJavaScript("testme('foo')"); + + qt_drt_garbageCollector_collect(); + + // don't crash! + newPage->mainFrame()->evaluateJavaScript("testme('bar')"); +} + QTEST_MAIN(tst_QWebPage) #include "tst_qwebpage.moc" |