Get rid of usages of ScriptWrappable::wrapper().

Source/bindings/v8/ScriptWrappable.h

 /*
  * Copyright (C) 2010 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
@@ skipping 81 matching lines @@
         m_maskedStorage = reinterpret_cast<uintptr_t>(info);
         ASSERT(containsTypeInfo());
     }
 
     void reportMemoryUsage(MemoryObjectInfo* memoryObjectInfo) const
     {
         MemoryClassInfo info(memoryObjectInfo, this, WebCoreMemoryTypes::DOM);
         info.ignoreMember(m_maskedStorage);
     }
 
+    bool containsWrapper() const { return (m_maskedStorage & 1) == 1; }
+
     static bool wrapperCanBeStoredInObject(const void*) { return false; }
     static bool wrapperCanBeStoredInObject(const ScriptWrappable*) { return true; }
 
     static v8::Handle<v8::Object> getWrapperFromObject(void*)
     {
         ASSERT_NOT_REACHED();
         return v8::Handle<v8::Object>();
     }
 
     static v8::Handle<v8::Object> getWrapperFromObject(ScriptWrappable* object)
@@ skipping 33 matching lines @@
     }
 
 protected:
     ~ScriptWrappable()
     {
         ASSERT(m_maskedStorage);  // Assert initialization via init() even if not subsequently wrapped.
         m_maskedStorage = 0;      // Break UAF attempts to wrap.
     }
 
 private:
-    inline bool containsWrapper() const { return (m_maskedStorage & 1) == 1; }
+    friend class MinorGCWrapperVisitor;  // For calling rawWrapper().

[haraken, 2013/04/26 13:42:23]

Is this the only function we need to make a friend? If there are many other
functions we need to make friends, we might want to consider another solution.

[marja, 2013/04/26 13:48:17]

Afaics, the only other use of wrapper() is in
DOMDataStore::holderContainsWrapper.

+
+    v8::Object* rawWrapper() const
+    {
+        if (!containsWrapper())
+            return NULL;

[haraken, 2013/04/26 13:42:23]

NULL => 0

[marja, 2013/04/26 13:48:17]

Done.

+        return reinterpret_cast<v8::Object*>(maskOrUnmaskValue(m_maskedStorage));
+    }
+
     inline bool containsTypeInfo() const { return m_maskedStorage && ((m_maskedStorage & 1) == 0); }
 
     static inline uintptr_t maskOrUnmaskValue(uintptr_t value)
     {
         // Entropy via ASLR, bottom bit set to always toggle the bottom bit in the result. Since masking is only
         // applied to wrappers, not wrapper type infos, and these are aligned poitners with zeros in the bottom
         // bit(s), this automatically set the wrapper flag in the bottom bit upon encoding. Simiarlry,this
         // automatically zeros out the bit upon decoding. Additionally, since setWrapper() now performs an explicit
         // null test, and wrapper() requires the bottom bit to be set, there is no need to preserve null here.
         const uintptr_t randomMask = ~((reinterpret_cast<uintptr_t>(&WebCoreMemoryTypes::DOM) >> 13)) | 1;
@@ skipping 31 matching lines @@
     key->disposeWrapper(value, isolate, info);
     // FIXME: I noticed that 50%~ of minor GC cycle times can be consumed
     // inside key->deref(), which causes Node destructions. We should
     // make Node destructions incremental.
     info->derefObject(object);
 }
 
 } // namespace WebCore
 
 #endif // ScriptWrappable_h