Issue 16904002: Avoid leaking objects between isolated worlds via attribute event listeners

Issue 16904002: Avoid leaking objects between isolated worlds via attribute event listeners (Closed)

Created:
7 years, 6 months ago by adamk

Modified:
7 years, 6 months ago

Reviewers:
abarth-chromium

CC:
blink-reviews, eustas+blink_chromium.org, caseq+blink_chromium.org, aandrey+blink_chromium.org, loislo+blink_chromium.org, jsbell+bindings_chromium.org, pfeldman+blink_chromium.org, alph+blink_chromium.org, eae+blinkwatch, yurys+blink_chromium.org, lushnikov+blink_chromium.org, abarth-chromium, vsevik+blink_chromium.org, marja+watch_chromium.org, dglazkov+blink, apavlov+blink_chromium.org, adamk+blink_chromium.org, haraken, Nate Chapin

Base URL:
svn://svn.chromium.org/blink/trunk

Visibility:
Public.

More Reviews

Description

Avoid leaking objects between isolated worlds via attribute event listeners This patch adds an isolatedWorld argument to the setters and getters for attribute event listeners (e.g., document.onload). When called from the bindings, this is appropriately set to either the current isolated world or null (which can be the case for either the main world or a worker). When these methods are called from within Blink, we always default to the "normal" (main or worker) case. R=abarth BUG=87520 Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=152377

Patch Set 1 #

Total comments: 7

Patch Set 2 : Respond to review comments #

Patch Set 3 : Test a bit more #

Patch Set 4 : Patch for landing #

Created: 7 years, 6 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+111 lines, -48 lines)			Patch
A	LayoutTests/fast/dom/event-attrs-isolated-world.html	View	1 2	1 chunk	+33 lines, -0 lines	0 comments	Download
A	LayoutTests/fast/dom/event-attrs-isolated-world-expected.txt	View	1 2	1 chunk	+5 lines, -0 lines	0 comments	Download
M	Source/bindings/scripts/CodeGeneratorV8.pm	View	1 2 3	3 chunks	+10 lines, -12 lines	0 comments	Download
M	Source/bindings/v8/V8AbstractEventListener.h	View		1 chunk	+1 line, -1 line	0 comments	Download
M	Source/bindings/v8/V8Binding.h	View	1	1 chunk	+2 lines, -0 lines	0 comments	Download
M	Source/bindings/v8/V8Binding.cpp	View	1	1 chunk	+11 lines, -0 lines	0 comments	Download
M	Source/core/dom/Document.h	View	1 2 3	1 chunk	+2 lines, -2 lines	0 comments	Download
M	Source/core/dom/Document.cpp	View	1 2 3	1 chunk	+4 lines, -4 lines	0 comments	Download
M	Source/core/dom/EventListener.h	View		2 chunks	+3 lines, -1 line	0 comments	Download
M	Source/core/dom/EventTarget.h	View	1	2 chunks	+16 lines, -15 lines	0 comments	Download
M	Source/core/dom/EventTarget.cpp	View	1	2 chunks	+19 lines, -7 lines	0 comments	Download
M	Source/core/dom/MessagePort.h	View		1 chunk	+3 lines, -3 lines	0 comments	Download
M	Source/core/page/DOMWindow.h	View	1 2 3	1 chunk	+1 line, -1 line	0 comments	Download
M	Source/modules/notifications/Notification.h	View		1 chunk	+1 line, -2 lines	0 comments	Download

Messages

Total messages: 9 (0 generated)

Expand Messages | Collapse Messages

adamk

https://codereview.chromium.org/16904002/diff/1/Source/core/dom/EventTarget.cpp File Source/core/dom/EventTarget.cpp (right): https://codereview.chromium.org/16904002/diff/1/Source/core/dom/EventTarget.cpp#newcode122 Source/core/dom/EventTarget.cpp:122: if ((listenerWorld && listenerWorld->isMainWorld() && !world) This is the ...

7 years, 6 months ago (2013-06-13 00:18:08 UTC) #2

abarth-chromium

LGTM https://codereview.chromium.org/16904002/diff/1/Source/core/dom/EventTarget.cpp File Source/core/dom/EventTarget.cpp (right): https://codereview.chromium.org/16904002/diff/1/Source/core/dom/EventTarget.cpp#newcode122 Source/core/dom/EventTarget.cpp:122: if ((listenerWorld && listenerWorld->isMainWorld() && !world) We talked ...

7 years, 6 months ago (2013-06-13 00:30:44 UTC) #3

abarth-chromium

(Please update the description with something more descriptive.)

7 years, 6 months ago (2013-06-13 00:31:00 UTC) #4

marja

https://codereview.chromium.org/16904002/diff/1/Source/bindings/v8/V8Binding.cpp File Source/bindings/v8/V8Binding.cpp (right): https://codereview.chromium.org/16904002/diff/1/Source/bindings/v8/V8Binding.cpp#newcode436 Source/bindings/v8/V8Binding.cpp:436: DOMWrapperWorld* worldForIsolate(v8::Isolate* isolate) The name is slightly confusing, since ...

7 years, 6 months ago (2013-06-13 13:56:29 UTC) #5

adamk

Thanks for the review, I've updated the change description and taken care of the comments ...

7 years, 6 months ago (2013-06-13 18:55:06 UTC) #6

Thanks for the review, I've updated the change description and taken care of the
comments from the first round.

https://codereview.chromium.org/16904002/diff/1/Source/bindings/v8/V8Binding.cpp
File Source/bindings/v8/V8Binding.cpp (right):

https://codereview.chromium.org/16904002/diff/1/Source/bindings/v8/V8Binding....
Source/bindings/v8/V8Binding.cpp:436: DOMWrapperWorld*
worldForIsolate(v8::Isolate* isolate)
On 2013/06/13 13:56:29, marja wrote:
> The name is slightly confusing, since this only returns non-NULL isolated
worlds
> but never the main world. isolateWorldForIsolate instead (there's also:
> DOMWrapperWorld::isolatedWorld(...) so it would fit).

Renamed to isolatedWorldForIsolate(). Also changed the argument passed
everywhere to EventTarget to be "isolatedWorld", which I think makes all the
code clearer (if more verbose).

https://codereview.chromium.org/16904002/diff/1/Source/bindings/v8/V8Binding....
Source/bindings/v8/V8Binding.cpp:444: if (DOMWrapperWorld* isolatedWorld =
DOMWrapperWorld::isolatedWorld(v8::Context::GetEntered()))
On 2013/06/13 13:56:29, marja wrote:
> Shorter (instead of these 3 lines):
> 
> return DOMWrapperWorld::isolatedWorld(v8::Context::GetEntered());

Fixed, this was an artifact of a previous version of the patch.

https://codereview.chromium.org/16904002/diff/1/Source/core/dom/EventTarget.cpp
File Source/core/dom/EventTarget.cpp (right):

https://codereview.chromium.org/16904002/diff/1/Source/core/dom/EventTarget.c...
Source/core/dom/EventTarget.cpp:122: if ((listenerWorld &&
listenerWorld->isMainWorld() && !world)
On 2013/06/13 00:30:44, abarth wrote:
> We talked a bit about this in person, and we realized that we don't want to
call
> mainThreadNormalWorld() all the time because we might be on a worker thread
and
> that's not going to be threadsafe.
> 
> I think you can rework this a bit to make it look prettier:
> 
> DOMWrapperWorld* listenerWorld = entry[i].listener->world();
> if (!listenerWorld)
>     continue;
> if (listenerWorld->isMainWorld() && !world)
>     world = mainThreadNormalWorld(); // We must be on the main thread, so blah
> blah
> if (listenerWorld == world)
>     return entry[i].listener.get();

Updated the logic somewhat, though not exactly as you requested. See what you
think, I feel it's pretty clear now.

abarth-chromium

LGTM yeah, your version of that stanza is better. :)

7 years, 6 months ago (2013-06-13 19:16:59 UTC) #7

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/adamk@chromium.org/16904002/25001

7 years, 6 months ago (2013-06-13 19:19:23 UTC) #8

Message was sent while issue was closed.

Change committed as 152377

Expand Messages | Collapse Messages