Issue 1153613007: bindings: Use CreateDataProperty() instead of ForceSet()

Issue 1153613007: bindings: Use CreateDataProperty() instead of ForceSet() (Closed)

Created:
5 years, 6 months ago by bashi

Modified:
5 years, 6 months ago

Reviewers:
haraken, jochen (gone - plz use gerrit), jsbell, Toon Verwaest

CC:
arv+blink, blink-reviews, blink-reviews-bindings_chromium.org, blink-reviews-html_chromium.org, dglazkov+blink, vivekg_samsung, vivekg

Base URL:
https://chromium.googlesource.com/chromium/blink.git@master

Target Ref:
refs/heads/master

Project:
blink

Visibility:
Public.

More Reviews

Description

bindings: Use CreateDataProperty() instead of ForceSet() We use ForceSet() to avoid executing user-provided JS while running callbacks, but ForceSet() is deprecated because it is difficult to use properly. Use CreateDataProperty() instead. It is a safer way to do that. BUG=475206 Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=197156

Patch Set 1 #

Total comments: 2

Patch Set 2 : #

Total comments: 3

Patch Set 3 : #

Total comments: 2

Patch Set 4 : DefineOwnProperty() doesn't work in V8InjectedScriptHost::setNonEnumPropertyMethodCustom #

Total comments: 4

Patch Set 5 : #

Patch Set 6 : #

Patch Set 7 : Fix uninitialized error #

Created: 5 years, 6 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+119 lines, -121 lines)			Patch
M	Source/bindings/core/v8/CustomElementConstructorBuilder.cpp	View	1 2	2 chunks	+3 lines, -3 lines	0 comments	Download
M	Source/bindings/core/v8/ScriptValueSerializer.cpp	View	1 2 3 4 5 6	2 chunks	+9 lines, -5 lines	0 comments	Download
M	Source/bindings/core/v8/V8LazyEventListener.cpp	View		1 chunk	+3 lines, -3 lines	0 comments	Download
M	Source/bindings/core/v8/V8ObjectBuilder.cpp	View		1 chunk	+1 line, -1 line	0 comments	Download
M	Source/bindings/core/v8/WindowProxy.cpp	View	1 2 3 4 5	1 chunk	+2 lines, -0 lines	0 comments	Download
M	Source/bindings/core/v8/inspector/V8InjectedScriptHost.cpp	View	1 2 3 4 5	1 chunk	+1 line, -0 lines	0 comments	Download
M	Source/bindings/modules/v8/V8BindingForModules.cpp	View	1 2 3 4 5	4 chunks	+4 lines, -8 lines	0 comments	Download
M	Source/bindings/scripts/v8_attributes.py	View	1 2 3 4 5	1 chunk	+1 line, -1 line	0 comments	Download
M	Source/bindings/templates/dictionary_v8.cpp	View		1 chunk	+2 lines, -3 lines	0 comments	Download
M	Source/bindings/templates/interface.cpp	View	1 2 3 4	1 chunk	+2 lines, -2 lines	0 comments	Download
M	Source/bindings/templates/interface_base.cpp	View	1 2 3 4	3 chunks	+4 lines, -4 lines	0 comments	Download
M	Source/bindings/tests/results/core/V8TestDictionary.cpp	View	1 2	1 chunk	+44 lines, -45 lines	0 comments	Download
M	Source/bindings/tests/results/core/V8TestDictionaryDerived.cpp	View		1 chunk	+4 lines, -5 lines	0 comments	Download
M	Source/bindings/tests/results/core/V8TestInterface.cpp	View	1 2 3 4 5	3 chunks	+4 lines, -4 lines	0 comments	Download
M	Source/bindings/tests/results/core/V8TestInterfaceCheckSecurity.cpp	View	1 2 3 4 5	3 chunks	+5 lines, -5 lines	0 comments	Download
M	Source/bindings/tests/results/core/V8TestInterfaceEventInit.cpp	View	1 2 3 4	1 chunk	+1 line, -2 lines	0 comments	Download
M	Source/bindings/tests/results/core/V8TestInterfaceNamedConstructor.cpp	View	1 2	3 chunks	+4 lines, -4 lines	0 comments	Download
M	Source/bindings/tests/results/core/V8TestObject.cpp	View	1 2 3 4 5	8 chunks	+13 lines, -13 lines	0 comments	Download
M	Source/bindings/tests/results/core/V8TestPermissiveDictionary.cpp	View		1 chunk	+1 line, -2 lines	0 comments	Download
M	Source/bindings/tests/results/core/V8TestTypedefs.cpp	View	1 2 3 4 5	3 chunks	+4 lines, -4 lines	0 comments	Download
M	Source/bindings/tests/results/modules/V8TestInterface5.cpp	View	1 2 3 4 5	3 chunks	+4 lines, -4 lines	0 comments	Download
M	Source/bindings/tests/results/modules/V8TestInterfacePartial.cpp	View		1 chunk	+2 lines, -2 lines	0 comments	Download
M	Source/core/html/ImageData.cpp	View	1 2	1 chunk	+1 line, -1 line	0 comments	Download

Messages

Total messages: 22 (4 generated)

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages

bashi

PTAL? I added some TODO comments where I'm not sure how I can replace ForceSet() ...

5 years, 6 months ago (2015-05-29 05:46:33 UTC) #2

jsbell

lgtm on the actual code changes; I didn't review the TODOs closely, though.

5 years, 6 months ago (2015-05-29 16:39:23 UTC) #3

jsbell

https://codereview.chromium.org/1153613007/diff/1/Source/bindings/templates/interface_base.cpp File Source/bindings/templates/interface_base.cpp (right): https://codereview.chromium.org/1153613007/diff/1/Source/bindings/templates/interface_base.cpp#newcode51 Source/bindings/templates/interface_base.cpp:51: static void {{cpp_class}}ForceSetAttributeOnThis(v8::Local<v8::Name> name, v8::Local<v8::Value> v8Value, const CallbackInfo& info) ...

5 years, 6 months ago (2015-05-29 16:57:21 UTC) #4

bashi

jochen@ added DefineOwnProperty. Once it is rolled into chromium, we can replace all ForceSet with ...

5 years, 6 months ago (2015-06-02 00:12:54 UTC) #5

jochen (gone - plz use gerrit)

there are a bunch of ForceSet() calls where it's not immediately obvious why you can't ...

5 years, 6 months ago (2015-06-02 16:14:48 UTC) #6

bashi

DefineOwnProperty is rolled in. PTAL? https://codereview.chromium.org/1153613007/diff/20001/Source/bindings/core/v8/custom/V8MessageEventCustom.cpp File Source/bindings/core/v8/custom/V8MessageEventCustom.cpp (right): https://codereview.chromium.org/1153613007/diff/20001/Source/bindings/core/v8/custom/V8MessageEventCustom.cpp#newcode95 Source/bindings/core/v8/custom/V8MessageEventCustom.cpp:95: if (!v8CallBoolean(info.Holder()->ForceSet(info.GetIsolate()->GetCurrentContext(), v8AtomicString(info.GetIsolate(), "data"), ...

5 years, 6 months ago (2015-06-03 00:16:37 UTC) #7

bashi

https://codereview.chromium.org/1153613007/diff/40001/Source/bindings/core/v8/custom/V8InjectedScriptHostCustom.cpp File Source/bindings/core/v8/custom/V8InjectedScriptHostCustom.cpp (right): https://codereview.chromium.org/1153613007/diff/40001/Source/bindings/core/v8/custom/V8InjectedScriptHostCustom.cpp#newcode569 Source/bindings/core/v8/custom/V8InjectedScriptHostCustom.cpp:569: auto unused = object->DefineOwnProperty(info.GetIsolate()->GetCurrentContext(), key, info[2], v8::DontEnum); This causes ...

5 years, 6 months ago (2015-06-03 03:05:31 UTC) #8

jochen (gone - plz use gerrit)

https://codereview.chromium.org/1153613007/diff/60001/Source/bindings/core/v8/WindowProxy.cpp File Source/bindings/core/v8/WindowProxy.cpp (right): https://codereview.chromium.org/1153613007/diff/60001/Source/bindings/core/v8/WindowProxy.cpp#newcode378 Source/bindings/core/v8/WindowProxy.cpp:378: // global proxy objects. why? https://codereview.chromium.org/1153613007/diff/60001/Source/bindings/core/v8/custom/V8InjectedScriptHostCustom.cpp File Source/bindings/core/v8/custom/V8InjectedScriptHostCustom.cpp (right): ...

5 years, 6 months ago (2015-06-03 10:55:17 UTC) #9

bashi

5 years, 6 months ago (2015-06-05 01:10:27 UTC) #10

jochen (gone - plz use gerrit)

Toon, what should we do about the remaining ForceSet(). Apparently we can't DefineOwnProperty on the ...

5 years, 6 months ago (2015-06-05 12:12:58 UTC) #12

jochen (gone - plz use gerrit)

bashi@ after talking to Toon I still thing defineOwnProperty() *should* work. Can you post a ...

5 years, 6 months ago (2015-06-08 11:36:06 UTC) #13

bashi

On 2015/06/08 11:36:06, jochen wrote: > bashi@ after talking to Toon I still thing defineOwnProperty() ...

5 years, 6 months ago (2015-06-08 23:38:40 UTC) #14

On 2015/06/08 11:36:06, jochen wrote:
> bashi@ after talking to Toon I still thing defineOwnProperty() *should* work.
> 
> Can you post a full stack trace where you've hit the assertion?

Sure.

--- Stack trace ---
#0  v8::base::OS::Abort () at ../../v8/src/base/platform/platform-posix.cc:229
#1  0x0000000002146edc in V8_Fatal (file=<optimized out>, line=0,
    format=<optimized out>) at ../../v8/src/base/logging.cc:116
#2  0x0000000001d4056a in v8::internal::JSObject::MigrateFastToSlow (
    object=..., new_map=..., expected_additional_properties=0)
    at ../../v8/src/objects.cc:4429
#3  0x0000000001d3e45b in v8::internal::JSObject::MigrateToMap (object=...,
    new_map=..., expected_additional_properties=0)
    at ../../v8/src/objects.cc:1881
#4  0x0000000001d53fe8 in v8::internal::JSObject::SetPropertyCallback (
    object=..., name=..., structure=..., attributes=FROZEN)
    at ../../v8/src/objects.cc:6352
#5  0x0000000001d4f729 in v8::internal::JSObject::SetOwnPropertyIgnoreAttributes
    (object=..., name=..., value=..., attributes=FROZEN,
    handling=<optimized out>) at ../../v8/src/objects.cc:4210
#6  0x0000000001e10613 in __RT_impl_Runtime_DefineDataPropertyUnchecked (
    isolate=<optimized out>, args=...)
    at ../../v8/src/runtime/runtime-object.cc:1384
#7  v8::internal::Runtime_DefineDataPropertyUnchecked (
    args_length=<optimized out>, args_object=<optimized out>,
    isolate=0x920c6e38020) at ../../v8/src/runtime/runtime-object.cc:1362

--- V8 stack trace ---
Security context: 0xbeda03a43d9 <JS Object>
    1: DefineObjectProperty(aka DefineObjectProperty) [native v8natives.js:577]
(this=0xbeda0304179 <undefined>,H=0xb770e004391 <JS Global
Object>,U=0xbeda0383119 <String[8]: doc\
ument>,D=0xb770e0d9509 <a PropertyDescriptor with map
0x6619cc077a9>,X=0xbeda0304251 <false>)
    2: DefineOwnProperty(aka DefineOwnProperty) [native v8natives.js:693]
(this=0xbeda0304179 <undefined>,H=0xb770e004391 <JS Global
Object>,U=0xbeda0383119 <String[8]: document>\
,D=0xb770e0d9509 <a PropertyDescriptor with map 0x6619cc077a9>,X=0xbeda0304251
<false>)
    3: DefineOwnPropertyFromAPI(aka DefineOwnPropertyFromAPI) [native
v8natives.js:697] (this=0xbeda0304179 <undefined>,H=0xb770e004391 <JS Global
Object>,U=0xbeda0383119 <String\
[8]: document>,L=0xb770e0d9229 <an HTMLDocument with map
0x6619cc07179>,D=0xb770e0d9331 <JS Array[3]>)

--- V8 Entry point ---
#0  0x0000000001b57337 in v8::internal::Invoke (is_construct=<optimized out>,
    function=..., receiver=..., argc=<optimized out>, args=<optimized out>)
    at ../../v8/src/execution.cc:128
#1  0x0000000001a77226 in CallV8HeapFunction (recv=..., argc=4,
    isolate=<optimized out>, name=<optimized out>, argv=<optimized out>)
    at ../../v8/src/api.cc:2292
#2  v8::Object::DefineOwnProperty (this=<optimized out>, context=..., key=...,
    value=..., attributes=<optimized out>) at ../../v8/src/api.cc:3619
#3  0x0000000003627ba5 in blink::WindowProxy::updateDocumentProperty (
    this=0x920c6af53a0)
    at ../../third_party/WebKit/Source/bindings/core/v8/WindowProxy.cpp:379
#4  0x0000000003627193 in blink::WindowProxy::updateDocument (
    this=0x920c6af53a0)
    at ../../third_party/WebKit/Source/bindings/core/v8/WindowProxy.cpp:442
#5  0x00000000036264b8 in blink::WindowProxy::initialize (this=0x920c6af53a0)
    at ../../third_party/WebKit/Source/bindings/core/v8/WindowProxy.cpp:244
#6  0x00000000036261d0 in blink::WindowProxy::initializeIfNeeded (
    this=0x920c6af53a0)
    at ../../third_party/WebKit/Source/bindings/core/v8/WindowProxy.cpp:207
#7  0x00000000035b228a in blink::ScriptController::windowProxy (
    this=0x920c6af5480, world=...)
    at ../../third_party/WebKit/Source/bindings/core/v8/ScriptController.cpp:211
#8  0x0000000002f27f2f in blink::LocalFrame::windowProxy (this=0x2e95cfe44610,
    world=...) at ../../third_party/WebKit/Source/core/frame/LocalFrame.cpp:233
#9  0x00000000035e43ba in blink::toV8Context (frame=0x2e95cfe44610, world=...)
    at ../../third_party/WebKit/Source/bindings/core/v8/V8Binding.cpp:777
#10 0x000000000215a79a in blink::WebLocalFrameImpl::mainWorldScriptContext (
    this=0x2e95cfe50010)
    at ../../third_party/WebKit/Source/web/WebLocalFrameImpl.cpp:942
#11 0x00000000052d6580 in blink::WebTestingSupport::resetInternalsObject (
    frame=0x2e95cfe50010)
    at ../../third_party/WebKit/Source/web/WebTestingSupport.cpp:46
#12 0x00000000004b6531 in content::BlinkTestRunner::Reset (this=0x920c64a7e20)
    at ../../content/shell/renderer/layout_test/blink_test_runner.cc:766
#13 0x000000000047cb01 in
content::LayoutTestContentRendererClient::RenderViewCreated (this=0x920c60b0e60,
render_view=0x920c63d3428)
    at
../../content/shell/renderer/layout_test/layout_test_content_renderer_client.cc:103
#14 0x0000000004bb5efc in content::RenderViewImpl::Initialize (
    this=0x920c63d3020, params=..., compositor_deps=0x920c6342210,
    was_created_by_renderer=false)
    at ../../content/renderer/render_view_impl.cc:816
...

jochen (gone - plz use gerrit)

Ah, I guess what happens is that "document" is already defined in Window.idl as an ...

5 years, 6 months ago (2015-06-09 08:11:33 UTC) #15

Toon Verwaest

I've fixed the issue underlying the assert, so you will be able to try this ...

5 years, 6 months ago (2015-06-11 19:23:26 UTC) #16

bashi

I'm going to land this. We will address WindowProxy issue separately.

5 years, 6 months ago (2015-06-16 03:13:36 UTC) #18

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1153613007/120001

5 years, 6 months ago (2015-06-16 03:13:49 UTC) #21

commit-bot: I haz the power

5 years, 6 months ago (2015-06-16 03:20:33 UTC) #22

Message was sent while issue was closed.

Committed patchset #7 (id:120001) as
https://src.chromium.org/viewvc/blink?view=rev&revision=197156

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages