On Tue, Sep 28, 2010 at 11:02 PM, Maciej Stachowiak <[email protected]> wrote: >> And what I have written for this is like following: >> >> if (!exec->argument(1).isNull() && !exec->argument(1).isUndefined() && >> exec->argument(1).isObject() && >> !exec->argument(1).inherits(&JSFlags::s_info)) { >> JSObject* object = exec->argument(1).getObject(); >> flags = Flags::create(); >> JSValue jsCreate = object->get(exec, Identifier(exec, "create")); >> flags->setCreate(jsCreate.toBoolean(exec)); >> JSValue jsExclusive = object->get(exec, Identifier(exec, >> "exclusive")); >> flags->setExclusive(jsExclusive.toBoolean(exec)); >> } >> >> Basically the code calls JSObject::get() to get values for the given >> property names. >> This looked straightforward, but I was told that the get(exec) >> re-enters Javascript and could do any arbitrary thing. > > This much is true. In principle, any property can be a getter, so get() could > re-enter into arbitrary JS code. > >> This means that during the get() even the parameter object or the >> calling object (imp) may get deallocated. > > This part, I think not. As long as they are referenced by currently executing > code (either by JS or by the machine stack via a local variable) they won't > get deallocated.
Ah... that sounds right. They must be referenced by the executing code/context. > That being said, others may have suggestions for better ways to code this. > Perhaps Geoff or Oliver have suggestions. I'll try digging this a bit more (for myself) and will upload a patch like that, but if anyone has suggestions for better ways I'd be very glad to change/improve it. >> So here I have two questions: >> >> 1) How can I write a safe binding code that reads JSON-format >> parameters? Is there some recommended way or any good idea? >> >> 2) I saw several other code doing the same/similar thing as I do >> (calling JSObject::get()) to get arbitrary parameter values. >> Are they safe? Is there a guarantee that the code executed during >> get() doesn't deallocate some objects? > > Nothing that has a live reference to it will get collected, and there's no > such thing as explicit deallocation in JS. Makes sense, all the objects must be deallocated in that way. Thanks very much! Kinuko _______________________________________________ webkit-dev mailing list [email protected] http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
