Make DOMArrayBuffer::Transfer neuter v8::ArrayBuffers

third_party/WebKit/Source/bindings/core/v8/SerializedScriptValue.cpp

 /*
  * Copyright (C) 2010 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
@@ skipping 252 matching lines @@
   size_t result_size = (data_buffer_size_ + 1) & ~1;
   result.Resize(result_size);
   memcpy(result.Data(), data_buffer_.get(), data_buffer_size_);
 
   if (result_size > data_buffer_size_) {
     DCHECK_EQ(result_size, data_buffer_size_ + 1);
     result[data_buffer_size_] = 0;
   }
 }
 
-static void AccumulateArrayBuffersForAllWorlds(
-    v8::Isolate* isolate,
-    DOMArrayBuffer* object,
-    Vector<v8::Local<v8::ArrayBuffer>, 4>& buffers) {
-  Vector<RefPtr<DOMWrapperWorld>> worlds;
-  DOMWrapperWorld::AllWorldsInCurrentThread(worlds);
-  for (const auto& world : worlds) {
-    v8::Local<v8::Object> wrapper = world->DomDataStore().Get(object, isolate);
-    if (!wrapper.IsEmpty())
-      buffers.push_back(v8::Local<v8::ArrayBuffer>::Cast(wrapper));
-  }
-}
-
 std::unique_ptr<SerializedScriptValue::ImageBitmapContentsArray>
 SerializedScriptValue::TransferImageBitmapContents(
     v8::Isolate* isolate,
     const ImageBitmapArray& image_bitmaps,
     ExceptionState& exception_state) {
   if (!image_bitmaps.size())
     return nullptr;
 
   for (size_t i = 0; i < image_bitmaps.size(); ++i) {
     if (image_bitmaps[i]->IsNeutered()) {
@@ skipping 184 matching lines @@
                                " is already neutered.");
       return nullptr;
     }
   }
 
   std::unique_ptr<ArrayBufferContentsArray> contents =
       WTF::WrapUnique(new ArrayBufferContentsArray(array_buffers.size()));
 
   HeapHashSet<Member<DOMArrayBufferBase>> visited;
   for (auto it = array_buffers.begin(); it != array_buffers.end(); ++it) {
-    DOMArrayBufferBase* array_buffer = *it;
-    if (visited.Contains(array_buffer))
+    DOMArrayBufferBase* array_buffer_base = *it;
+    if (visited.Contains(array_buffer_base))
       continue;
-    visited.insert(array_buffer);
+    visited.insert(array_buffer_base);
 
     size_t index = std::distance(array_buffers.begin(), it);
-    if (array_buffer->IsShared()) {
-      if (!array_buffer->ShareContentsWith(contents->at(index))) {
+    if (array_buffer_base->IsShared()) {
+      DOMSharedArrayBuffer* shared_array_buffer =
+          static_cast<DOMSharedArrayBuffer*>(array_buffer_base);
+      if (!shared_array_buffer->ShareContentsWith(contents->at(index))) {
         exception_state.ThrowDOMException(kDataCloneError,
                                           "SharedArrayBuffer at index " +
                                               String::Number(index) +
                                               " could not be transferred.");
         return nullptr;
       }
     } else {
-      Vector<v8::Local<v8::ArrayBuffer>, 4> buffer_handles;
-      v8::HandleScope handle_scope(isolate);
-      AccumulateArrayBuffersForAllWorlds(
-          isolate, static_cast<DOMArrayBuffer*>(it->Get()), buffer_handles);
-      bool is_neuterable = true;
-      for (const auto& buffer_handle : buffer_handles)
-        is_neuterable &= buffer_handle->IsNeuterable();
+      DOMArrayBuffer* array_buffer =
+          static_cast<DOMArrayBuffer*>(array_buffer_base);
 
-      DOMArrayBufferBase* to_transfer = array_buffer;
-      if (!is_neuterable) {
+      DOMArrayBuffer* to_transfer = array_buffer;
+      if (!array_buffer->IsNeuterable(isolate)) {
         to_transfer =
             DOMArrayBuffer::Create(array_buffer->Buffer()->Data(),
                                    array_buffer->Buffer()->ByteLength());
       }
-      if (!to_transfer->Transfer(contents->at(index))) {
+
+      if (!to_transfer->Transfer(isolate, contents->at(index))) {
         exception_state.ThrowDOMException(

[haraken, 2017/04/20 20:07:01]

We're checking IsNeuterable twice. (Transfer calls another IsNeuterable.) Can we
avoid calling it twice?

[binji, 2017/04/21 00:00:23]

I made a separate method DOMArrayBuffer::TransferOrCopy. What do you think?

             kDataCloneError, "ArrayBuffer at index " + String::Number(index) +
                                  " could not be transferred.");
         return nullptr;
       }
-
-      if (is_neuterable) {
-        for (const auto& buffer_handle : buffer_handles)
-          buffer_handle->Neuter();
-      }
     }
   }
   return contents;
 }
 
 void SerializedScriptValue::
     UnregisterMemoryAllocatedWithCurrentScriptContext() {
   if (has_registered_external_allocation_) {
     v8::Isolate::GetCurrent()->AdjustAmountOfExternalAllocatedMemory(
         -static_cast<int64_t>(DataLengthInBytes()));
@@ skipping 22 matching lines @@
   // Only (re)register allocation cost for transferables if this
   // SerializedScriptValue has explicitly unregistered them before.
   if (array_buffer_contents_array_ &&
       transferables_need_external_allocation_registration_) {
     for (auto& buffer : *array_buffer_contents_array_)
       buffer.RegisterExternalAllocationWithCurrentContext();
   }
 }
 
 }  // namespace blink