JavaScriptBench
diff --git a/‎LayoutTests/ChangeLog‎
Lines changed: 12 additions & 0 deletions b/‎LayoutTests/ChangeLog‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎LayoutTests/fast/dom/navigator-property-gc-after-frame-detach-expected.txt‎
Lines changed: 23 additions & 0 deletions b/‎LayoutTests/fast/dom/navigator-property-gc-after-frame-detach-expected.txt‎
Lines changed: 23 additions & 0 deletions
diff --git a/‎LayoutTests/fast/dom/navigator-property-gc-after-frame-detach.html‎
Lines changed: 34 additions & 0 deletions b/‎LayoutTests/fast/dom/navigator-property-gc-after-frame-detach.html‎
Lines changed: 34 additions & 0 deletions
diff --git a/‎LayoutTests/platform/mac-wk1/fast/dom/navigator-property-gc-after-frame-detach-expected.txt‎
Lines changed: 20 additions & 0 deletions b/‎LayoutTests/platform/mac-wk1/fast/dom/navigator-property-gc-after-frame-detach-expected.txt‎
Lines changed: 20 additions & 0 deletions
diff --git a/‎LayoutTests/platform/win/fast/dom/navigator-property-gc-after-frame-detach-expected.txt‎
Lines changed: 20 additions & 0 deletions b/‎LayoutTests/platform/win/fast/dom/navigator-property-gc-after-frame-detach-expected.txt‎
Lines changed: 20 additions & 0 deletions
diff --git a/‎LayoutTests/platform/wk2/TestExpectations‎
Lines changed: 0 additions & 2 deletions b/‎LayoutTests/platform/wk2/TestExpectations‎
Lines changed: 0 additions & 2 deletions
diff --git a/‎Source/WebCore/ChangeLog‎
Lines changed: 48 additions & 0 deletions b/‎Source/WebCore/ChangeLog‎
Lines changed: 48 additions & 0 deletions
diff --git a/‎Source/WebCore/Modules/geolocation/Geolocation.cpp‎
Lines changed: 16 additions & 7 deletions b/‎Source/WebCore/Modules/geolocation/Geolocation.cpp‎
Lines changed: 16 additions & 7 deletions
diff --git a/‎Source/WebCore/Modules/geolocation/Geolocation.h‎
Lines changed: 13 additions & 15 deletions b/‎Source/WebCore/Modules/geolocation/Geolocation.h‎
Lines changed: 13 additions & 15 deletions
diff --git a/‎Source/WebCore/Modules/geolocation/Geolocation.idl‎
Lines changed: 1 addition & 1 deletion b/‎Source/WebCore/Modules/geolocation/Geolocation.idl‎
Lines changed: 1 addition & 1 deletion
@@ -1,3 +1,15 @@
+2019-08-05  Chris Dumez  <[email protected]>
+
+        navigator.geolocation wrapper should not become GC-collectable once its frame is detached
+        https://bugs.webkit.org/show_bug.cgi?id=200436
+
+        Reviewed by Darin Adler.
+
+        Add layout test coverage.
+
+        * fast/dom/navigator-property-gc-after-frame-detach-expected.txt: Added.
+        * fast/dom/navigator-property-gc-after-frame-detach.html: Added.
+
 2019-08-05  Devin Rousso  <[email protected]>
 
         Web Inspector: rename "Stylesheet" to "Style Sheet" to match spec text
 
@@ -0,0 +1,23 @@
+Tests that Navigator properties do not get GC'd before their Navigator object.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS frameNavigator.geolocation.foo is 1
+PASS frameNavigator.mimeTypes.foo is 1
+PASS frameNavigator.plugins.foo is 1
+PASS frameNavigator.serviceWorker.foo is 1
+
+PASS frameNavigator.geolocation.foo is 1
+PASS frameNavigator.mimeTypes.foo is 1
+PASS frameNavigator.plugins.foo is 1
+PASS frameNavigator.serviceWorker.foo is 1
+
+PASS frameNavigator.geolocation.foo is 1
+PASS frameNavigator.mimeTypes.foo is 1
+PASS frameNavigator.plugins.foo is 1
+PASS frameNavigator.serviceWorker.foo is 1
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
@@ -0,0 +1,34 @@
+<!DOCTYPE html>
+<html>
+<body>
+<script src="../../resources/js-test.js"></script>
+<iframe id="testFrame" src="about:blank"></iframe>
+<script>
+description("Tests that Navigator properties do not get GC'd before their Navigator object.");
+jsTestIsAsync = true;
+
+var navigatorProperties = [ "geolocation", "mimeTypes", "plugins" ];
+if (navigator.serviceWorker)
+    navigatorProperties.push("serviceWorker");
+
+onload = function() {
+    frameNavigator = document.getElementById("testFrame").contentWindow.navigator;
+    for (let navigatorProperty of navigatorProperties)
+        eval("frameNavigator." + navigatorProperty + ".foo = 1;");
+    document.getElementById("testFrame").remove();
+    for (let navigatorProperty of navigatorProperties)
+        shouldBe("frameNavigator." + navigatorProperty + ".foo", "1");
+    debug("");
+    gc();
+    for (let navigatorProperty of navigatorProperties)
+        shouldBe("frameNavigator." + navigatorProperty + ".foo", "1");
+    debug("");
+    setTimeout(() => {
+        gc();
+        for (let navigatorProperty of navigatorProperties)
+            shouldBe("frameNavigator." + navigatorProperty + ".foo", "1");
+        finishJSTest();
+    }, 10);
+}
+</script>
+</body>
@@ -0,0 +1,20 @@
+Tests that Navigator properties do not get GC'd before their Navigator object.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS frameNavigator.geolocation.foo is 1
+PASS frameNavigator.mimeTypes.foo is 1
+PASS frameNavigator.plugins.foo is 1
+
+PASS frameNavigator.geolocation.foo is 1
+PASS frameNavigator.mimeTypes.foo is 1
+PASS frameNavigator.plugins.foo is 1
+
+PASS frameNavigator.geolocation.foo is 1
+PASS frameNavigator.mimeTypes.foo is 1
+PASS frameNavigator.plugins.foo is 1
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
@@ -0,0 +1,20 @@
+Tests that Navigator properties do not get GC'd before their Navigator object.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS frameNavigator.geolocation.foo is 1
+PASS frameNavigator.mimeTypes.foo is 1
+PASS frameNavigator.plugins.foo is 1
+
+PASS frameNavigator.geolocation.foo is 1
+PASS frameNavigator.mimeTypes.foo is 1
+PASS frameNavigator.plugins.foo is 1
+
+PASS frameNavigator.geolocation.foo is 1
+PASS frameNavigator.mimeTypes.foo is 1
+PASS frameNavigator.plugins.foo is 1
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
@@ -160,8 +160,6 @@ plugins/npruntime/embed-property-iframe-equality.html
 
 webkit.org/b/105952 fast/loader/submit-form-while-parsing-2.html [ Pass Failure ]
 
-webkit.org/b/141122 editing/selection/programmatic-selection-on-mac-is-directionless.html [ Pass Failure ]
-
 webkit.org/b/149087 http/tests/cache/disk-cache/disk-cache-cancel.html [ Pass Failure ]
 
 http/tests/appcache/decide-navigation-policy-after-delay.html [ Pass ]
 
@@ -1,3 +1,51 @@
+2019-08-05  Chris Dumez  <[email protected]>
+
+        navigator.geolocation wrapper should not become GC-collectable once its frame is detached
+        https://bugs.webkit.org/show_bug.cgi?id=200436
+
+        Reviewed by Darin Adler.
+
+        navigator.geolocation wrapper should not become GC-collectable once its frame is detached, given
+        that it can outlive the frame. Instead, tie the navigator.geolocation wrapper's lifetime to its
+        Navigator's.
+
+        Test: fast/dom/navigator-property-gc-after-frame-detach.html
+
+        * Modules/geolocation/Geolocation.cpp:
+        (WebCore::Geolocation::create):
+        (WebCore::Geolocation::Geolocation):
+        (WebCore::Geolocation::navigator):
+        (WebCore::Geolocation::frame const):
+        * Modules/geolocation/Geolocation.h:
+        * Modules/geolocation/Geolocation.idl:
+        * Modules/geolocation/NavigatorGeolocation.cpp:
+        (WebCore::NavigatorGeolocation::NavigatorGeolocation):
+        (WebCore::NavigatorGeolocation::from):
+        (WebCore::NavigatorGeolocation::geolocation):
+        (WebCore::NavigatorGeolocation::geolocation const):
+        * Modules/geolocation/NavigatorGeolocation.h:
+        * bindings/js/JSNavigatorCustom.cpp:
+        (WebCore::JSNavigator::visitAdditionalChildren):
+        * bindings/js/JSWorkerNavigatorCustom.cpp:
+        (WebCore::JSWorkerNavigator::visitAdditionalChildren):
+        * bindings/scripts/CodeGeneratorJS.pm:
+        (GenerateImplementation):
+        * bindings/scripts/IDLAttributes.json:
+        * page/Navigator.cpp:
+        (WebCore::Navigator::plugins):
+        (WebCore::Navigator::mimeTypes):
+        * page/NavigatorBase.h:
+        * plugins/DOMMimeTypeArray.cpp:
+        (WebCore::DOMMimeTypeArray::DOMMimeTypeArray):
+        * plugins/DOMMimeTypeArray.h:
+        * plugins/DOMMimeTypeArray.idl:
+        * plugins/DOMPluginArray.cpp:
+        (WebCore::DOMPluginArray::DOMPluginArray):
+        * plugins/DOMPluginArray.h:
+        * plugins/DOMPluginArray.idl:
+        * workers/service/ServiceWorkerContainer.h:
+        * workers/service/ServiceWorkerContainer.idl:
+
 2019-08-05  Andy Estes  <[email protected]>
 
         [WebIDL] Support partial dictionaries and conditional dictionary members
 
@@ -38,6 +38,7 @@
 #include "GeolocationError.h"
 #include "GeolocationPosition.h"
 #include "Geoposition.h"
+#include "Navigator.h"
 #include "Page.h"
 #include "PositionError.h"
 #include "RuntimeApplicationChecks.h"
@@ -129,18 +130,16 @@ void Geolocation::Watchers::getNotifiersVector(GeoNotifierVector& copy) const
     copy = copyToVector(m_idToNotifierMap.values());
 }
 
-Ref<Geolocation> Geolocation::create(ScriptExecutionContext* context)
+Ref<Geolocation> Geolocation::create(Navigator& navigator)
 {
-    auto geolocation = adoptRef(*new Geolocation(context));
+    auto geolocation = adoptRef(*new Geolocation(navigator));
     geolocation.get().suspendIfNeeded();
     return geolocation;
 }
 
-Geolocation::Geolocation(ScriptExecutionContext* context)
-    : ActiveDOMObject(context)
-    , m_allowGeolocation(Unknown)
-    , m_isSuspended(false)
-    , m_hasChangedPosition(false)
+Geolocation::Geolocation(Navigator& navigator)
+    : ActiveDOMObject(navigator.scriptExecutionContext())
+    , m_navigator(makeWeakPtr(navigator))
     , m_resumeTimer(*this, &Geolocation::resumeTimerFired)
 {
 }
@@ -731,6 +730,16 @@ void Geolocation::handlePendingPermissionNotifiers()
     }
 }
 
+Navigator* Geolocation::navigator()
+{
+    return m_navigator.get();
+}
+
+Frame* Geolocation::frame() const
+{
+    return m_navigator ? m_navigator->frame() : nullptr;
+}
+
 } // namespace WebCore
 
 #endif // ENABLE(GEOLOCATION)
@@ -45,6 +45,7 @@ namespace WebCore {
 class Frame;
 class GeoNotifier;
 class GeolocationError;
+class Navigator;
 class Page;
 class ScriptExecutionContext;
 class SecurityOrigin;
@@ -54,12 +55,11 @@ class Geolocation final : public ScriptWrappable, public RefCounted<Geolocation>
     WTF_MAKE_ISO_ALLOCATED(Geolocation);
     friend class GeoNotifier;
 public:
-    static Ref<Geolocation> create(ScriptExecutionContext*);
+    static Ref<Geolocation> create(Navigator&);
     WEBCORE_EXPORT ~Geolocation();
 
     WEBCORE_EXPORT void resetAllGeolocationPermission();
     Document* document() const { return downcast<Document>(scriptExecutionContext()); }
-    Frame* frame() const { return document() ? document()->frame() : nullptr; }
 
     void getCurrentPosition(Ref<PositionCallback>&&, RefPtr<PositionErrorCallback>&&, PositionOptions&&);
     int watchPosition(Ref<PositionCallback>&&, RefPtr<PositionErrorCallback>&&, PositionOptions&&);
@@ -73,8 +73,11 @@ class Geolocation final : public ScriptWrappable, public RefCounted<Geolocation>
     void setError(GeolocationError&);
     bool shouldBlockGeolocationRequests();
 
+    Navigator* navigator();
+    WEBCORE_EXPORT Frame* frame() const;
+
 private:
-    explicit Geolocation(ScriptExecutionContext*);
+    explicit Geolocation(Navigator&);
 
     Geoposition* lastPosition();
 
@@ -144,25 +147,20 @@ class Geolocation final : public ScriptWrappable, public RefCounted<Geolocation>
     bool haveSuitableCachedPosition(const PositionOptions&);
     void makeCachedPositionCallbacks();
 
+    void resumeTimerFired();
+
+    WeakPtr<Navigator> m_navigator;
     GeoNotifierSet m_oneShots;
     Watchers m_watchers;
     GeoNotifierSet m_pendingForPermissionNotifiers;
     RefPtr<Geoposition> m_lastPosition;
 
-    enum {
-        Unknown,
-        InProgress,
-        Yes,
-        No
-    } m_allowGeolocation;
-    bool m_isSuspended;
-    bool m_resetOnResume;
-    bool m_hasChangedPosition;
+    enum { Unknown, InProgress, Yes, No } m_allowGeolocation { Unknown };
+    bool m_isSuspended { false };
+    bool m_resetOnResume { false };
+    bool m_hasChangedPosition { false };
     RefPtr<PositionError> m_errorWaitingForResume;
-
-    void resumeTimerFired();
     Timer m_resumeTimer;
-
     GeoNotifierSet m_requestsAwaitingCachedPosition;
 };
 
 
@@ -27,7 +27,7 @@
 [
     NoInterfaceObject,
     Conditional=GEOLOCATION, 
-    GenerateIsReachable=ImplFrame,
+    GenerateIsReachable=ReachableFromNavigator,
 ] interface Geolocation {
     // FIXME: PositionErrorCallback should not be nullable
     void getCurrentPosition(PositionCallback successCallback,
Original file line number	Diff line number	Diff line change
`@@ -27,7 +27,7 @@`
`27`	`27`	`[`
`28`	`28`	`NoInterfaceObject,`
`29`	`29`	`Conditional=GEOLOCATION,`
`30`		`- GenerateIsReachable=ImplFrame,`
	`30`	`+ GenerateIsReachable=ReachableFromNavigator,`
`31`	`31`	`] interface Geolocation {`
`32`	`32`	`// FIXME: PositionErrorCallback should not be nullable`
`33`	`33`	`void getCurrentPosition(PositionCallback successCallback,`