1/* 2 * Copyright (C) 2004, 2006 Apple Computer, Inc. All rights reserved. 3 * Copyright (C) 2007-2009 Google, Inc. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY 15 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 17 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE COMPUTER, INC. OR 18 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 19 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 20 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 21 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 22 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 24 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 */ 26 27#include "config.h" 28 29#include "NPV8Object.h" 30#include "npruntime_impl.h" 31#include "npruntime_priv.h" 32#include "V8NPObject.h" 33 34#include <wtf/HashMap.h> 35#include <wtf/HashSet.h> 36#include <wtf/Assertions.h> 37 38using namespace WebCore; 39 40// FIXME: Consider removing locks if we're singlethreaded already. 41// The static initializer here should work okay, but we want to avoid 42// static initialization in general. 43 44namespace npruntime { 45 46// We use StringKey here as the key-type to avoid a string copy to 47// construct the map key and for faster comparisons than strcmp. 48class StringKey { 49public: 50 explicit StringKey(const char* str) : m_string(str), m_length(strlen(str)) { } 51 StringKey() : m_string(0), m_length(0) { } 52 explicit StringKey(WTF::HashTableDeletedValueType) : m_string(hashTableDeletedValue()), m_length(0) { } 53 54 StringKey& operator=(const StringKey& other) 55 { 56 this->m_string = other.m_string; 57 this->m_length = other.m_length; 58 return *this; 59 } 60 61 bool isHashTableDeletedValue() const 62 { 63 return m_string == hashTableDeletedValue(); 64 } 65 66 const char* m_string; 67 size_t m_length; 68 69private: 70 const char* hashTableDeletedValue() const 71 { 72 return reinterpret_cast<const char*>(-1); 73 } 74}; 75 76inline bool operator==(const StringKey& x, const StringKey& y) 77{ 78 if (x.m_length != y.m_length) 79 return false; 80 if (x.m_string == y.m_string) 81 return true; 82 83 ASSERT(!x.isHashTableDeletedValue() && !y.isHashTableDeletedValue()); 84 return !memcmp(x.m_string, y.m_string, y.m_length); 85} 86 87// Implement WTF::DefaultHash<StringKey>::Hash interface. 88struct StringKeyHash { 89 static unsigned hash(const StringKey& key) 90 { 91 // Compute string hash. 92 unsigned hash = 0; 93 size_t len = key.m_length; 94 const char* str = key.m_string; 95 for (size_t i = 0; i < len; i++) { 96 char c = str[i]; 97 hash += c; 98 hash += (hash << 10); 99 hash ^= (hash >> 6); 100 } 101 hash += (hash << 3); 102 hash ^= (hash >> 11); 103 hash += (hash << 15); 104 if (hash == 0) 105 hash = 27; 106 return hash; 107 } 108 109 static bool equal(const StringKey& x, const StringKey& y) 110 { 111 return x == y; 112 } 113 114 static const bool safeToCompareToEmptyOrDeleted = true; 115}; 116 117} // namespace npruntime 118 119using npruntime::StringKey; 120using npruntime::StringKeyHash; 121 122// Implement HashTraits<StringKey> 123struct StringKeyHashTraits : WTF::GenericHashTraits<StringKey> { 124 static void constructDeletedValue(StringKey& slot) 125 { 126 new (&slot) StringKey(WTF::HashTableDeletedValue); 127 } 128 129 static bool isDeletedValue(const StringKey& value) 130 { 131 return value.isHashTableDeletedValue(); 132 } 133}; 134 135typedef WTF::HashMap<StringKey, PrivateIdentifier*, StringKeyHash, StringKeyHashTraits> StringIdentifierMap; 136 137static StringIdentifierMap* getStringIdentifierMap() 138{ 139 static StringIdentifierMap* stringIdentifierMap = 0; 140 if (!stringIdentifierMap) 141 stringIdentifierMap = new StringIdentifierMap(); 142 return stringIdentifierMap; 143} 144 145typedef WTF::HashMap<int, PrivateIdentifier*> IntIdentifierMap; 146 147static IntIdentifierMap* getIntIdentifierMap() 148{ 149 static IntIdentifierMap* intIdentifierMap = 0; 150 if (!intIdentifierMap) 151 intIdentifierMap = new IntIdentifierMap(); 152 return intIdentifierMap; 153} 154 155extern "C" { 156 157NPIdentifier _NPN_GetStringIdentifier(const NPUTF8* name) 158{ 159 ASSERT(name); 160 161 if (name) { 162 163 StringKey key(name); 164 StringIdentifierMap* identMap = getStringIdentifierMap(); 165 StringIdentifierMap::iterator iter = identMap->find(key); 166 if (iter != identMap->end()) 167 return static_cast<NPIdentifier>(iter->second); 168 169 size_t nameLen = key.m_length; 170 171 // We never release identifiers, so this dictionary will grow. 172 PrivateIdentifier* identifier = static_cast<PrivateIdentifier*>(malloc(sizeof(PrivateIdentifier) + nameLen + 1)); 173 char* nameStorage = reinterpret_cast<char*>(identifier + 1); 174 memcpy(nameStorage, name, nameLen + 1); 175 identifier->isString = true; 176 identifier->value.string = reinterpret_cast<NPUTF8*>(nameStorage); 177 key.m_string = nameStorage; 178 identMap->set(key, identifier); 179 return (NPIdentifier)identifier; 180 } 181 182 return 0; 183} 184 185void _NPN_GetStringIdentifiers(const NPUTF8** names, int32_t nameCount, NPIdentifier* identifiers) 186{ 187 ASSERT(names); 188 ASSERT(identifiers); 189 190 if (names && identifiers) { 191 for (int i = 0; i < nameCount; i++) 192 identifiers[i] = _NPN_GetStringIdentifier(names[i]); 193 } 194} 195 196NPIdentifier _NPN_GetIntIdentifier(int32_t intId) 197{ 198 // Special case for -1 and 0, both cannot be used as key in HashMap. 199 if (!intId || intId == -1) { 200 static PrivateIdentifier* minusOneOrZeroIds[2]; 201 PrivateIdentifier* id = minusOneOrZeroIds[intId + 1]; 202 if (!id) { 203 id = reinterpret_cast<PrivateIdentifier*>(malloc(sizeof(PrivateIdentifier))); 204 id->isString = false; 205 id->value.number = intId; 206 minusOneOrZeroIds[intId + 1] = id; 207 } 208 return (NPIdentifier) id; 209 } 210 211 IntIdentifierMap* identMap = getIntIdentifierMap(); 212 IntIdentifierMap::iterator iter = identMap->find(intId); 213 if (iter != identMap->end()) 214 return static_cast<NPIdentifier>(iter->second); 215 216 // We never release identifiers, so this dictionary will grow. 217 PrivateIdentifier* identifier = reinterpret_cast<PrivateIdentifier*>(malloc(sizeof(PrivateIdentifier))); 218 identifier->isString = false; 219 identifier->value.number = intId; 220 identMap->set(intId, identifier); 221 return (NPIdentifier)identifier; 222} 223 224bool _NPN_IdentifierIsString(NPIdentifier identifier) 225{ 226 PrivateIdentifier* privateIdentifier = reinterpret_cast<PrivateIdentifier*>(identifier); 227 return privateIdentifier->isString; 228} 229 230NPUTF8 *_NPN_UTF8FromIdentifier(NPIdentifier identifier) 231{ 232 PrivateIdentifier* privateIdentifier = reinterpret_cast<PrivateIdentifier*>(identifier); 233 if (!privateIdentifier->isString || !privateIdentifier->value.string) 234 return 0; 235 236 return (NPUTF8*) strdup(privateIdentifier->value.string); 237} 238 239int32_t _NPN_IntFromIdentifier(NPIdentifier identifier) 240{ 241 PrivateIdentifier* privateIdentifier = reinterpret_cast<PrivateIdentifier*>(identifier); 242 if (privateIdentifier->isString) 243 return 0; 244 return privateIdentifier->value.number; 245} 246 247void _NPN_ReleaseVariantValue(NPVariant* variant) 248{ 249 ASSERT(variant); 250 251 if (variant->type == NPVariantType_Object) { 252 _NPN_ReleaseObject(variant->value.objectValue); 253 variant->value.objectValue = 0; 254 } else if (variant->type == NPVariantType_String) { 255 free((void*)variant->value.stringValue.UTF8Characters); 256 variant->value.stringValue.UTF8Characters = 0; 257 variant->value.stringValue.UTF8Length = 0; 258 } 259 260 variant->type = NPVariantType_Void; 261} 262 263NPObject *_NPN_CreateObject(NPP npp, NPClass* npClass) 264{ 265 ASSERT(npClass); 266 267 if (npClass) { 268 NPObject* npObject; 269 if (npClass->allocate != 0) 270 npObject = npClass->allocate(npp, npClass); 271 else 272 npObject = reinterpret_cast<NPObject*>(malloc(sizeof(NPObject))); 273 274 npObject->_class = npClass; 275 npObject->referenceCount = 1; 276 return npObject; 277 } 278 279 return 0; 280} 281 282NPObject* _NPN_RetainObject(NPObject* npObject) 283{ 284 ASSERT(npObject); 285 ASSERT(npObject->referenceCount > 0); 286 287 if (npObject) 288 npObject->referenceCount++; 289 290 return npObject; 291} 292 293// _NPN_DeallocateObject actually deletes the object. Technically, 294// callers should use _NPN_ReleaseObject. Webkit exposes this function 295// to kill objects which plugins may not have properly released. 296void _NPN_DeallocateObject(NPObject* npObject) 297{ 298 ASSERT(npObject); 299 300 if (npObject) { 301 // NPObjects that remain in pure C++ may never have wrappers. 302 // Hence, if it's not already alive, don't unregister it. 303 // If it is alive, unregister it as the *last* thing we do 304 // so that it can do as much cleanup as possible on its own. 305 if (_NPN_IsAlive(npObject)) 306 _NPN_UnregisterObject(npObject); 307 308 npObject->referenceCount = -1; 309 if (npObject->_class->deallocate) 310 npObject->_class->deallocate(npObject); 311 else 312 free(npObject); 313 } 314} 315 316#if PLATFORM(ANDROID) 317// Android uses NPN_ReleaseObject (the 'public' version of _NPN_ReleaseObject) 318// in WebCoreFrameBridge.cpp. See http://trac.webkit.org/changeset/47021. 319// TODO: Upstream this to webkit.org. 320void NPN_ReleaseObject(NPObject *obj) 321{ 322 _NPN_ReleaseObject(obj); 323} 324#endif 325void _NPN_ReleaseObject(NPObject* npObject) 326{ 327 ASSERT(npObject); 328 ASSERT(npObject->referenceCount >= 1); 329 330 if (npObject && npObject->referenceCount >= 1) { 331 if (!--npObject->referenceCount) 332 _NPN_DeallocateObject(npObject); 333 } 334} 335 336void _NPN_InitializeVariantWithStringCopy(NPVariant* variant, const NPString* value) 337{ 338 variant->type = NPVariantType_String; 339 variant->value.stringValue.UTF8Length = value->UTF8Length; 340 variant->value.stringValue.UTF8Characters = reinterpret_cast<NPUTF8*>(malloc(sizeof(NPUTF8) * value->UTF8Length)); 341 memcpy((void*)variant->value.stringValue.UTF8Characters, value->UTF8Characters, sizeof(NPUTF8) * value->UTF8Length); 342} 343 344 345// NPN_Registry 346// 347// The registry is designed for quick lookup of NPObjects. 348// JS needs to be able to quickly lookup a given NPObject to determine 349// if it is alive or not. 350// The browser needs to be able to quickly lookup all NPObjects which are 351// "owned" by an object. 352// 353// The liveObjectMap is a hash table of all live objects to their owner 354// objects. Presence in this table is used primarily to determine if 355// objects are live or not. 356// 357// The rootObjectMap is a hash table of root objects to a set of 358// objects that should be deactivated in sync with the root. A 359// root is defined as a top-level owner object. This is used on 360// Frame teardown to deactivate all objects associated 361// with a particular plugin. 362 363typedef WTF::HashSet<NPObject*> NPObjectSet; 364typedef WTF::HashMap<NPObject*, NPObject*> NPObjectMap; 365typedef WTF::HashMap<NPObject*, NPObjectSet*> NPRootObjectMap; 366 367// A map of live NPObjects with pointers to their Roots. 368NPObjectMap liveObjectMap; 369 370// A map of the root objects and the list of NPObjects 371// associated with that object. 372NPRootObjectMap rootObjectMap; 373 374void _NPN_RegisterObject(NPObject* npObject, NPObject* owner) 375{ 376 ASSERT(npObject); 377 378 // Check if already registered. 379 if (liveObjectMap.find(npObject) != liveObjectMap.end()) 380 return; 381 382 if (!owner) { 383 // Registering a new owner object. 384 ASSERT(rootObjectMap.find(npObject) == rootObjectMap.end()); 385 rootObjectMap.set(npObject, new NPObjectSet()); 386 } else { 387 // Always associate this object with it's top-most parent. 388 // Since we always flatten, we only have to look up one level. 389 NPObjectMap::iterator ownerEntry = liveObjectMap.find(owner); 390 NPObject* parent = 0; 391 if (liveObjectMap.end() != ownerEntry) 392 parent = ownerEntry->second; 393 394 if (parent) 395 owner = parent; 396 ASSERT(rootObjectMap.find(npObject) == rootObjectMap.end()); 397 if (rootObjectMap.find(owner) != rootObjectMap.end()) 398 rootObjectMap.get(owner)->add(npObject); 399 } 400 401 ASSERT(liveObjectMap.find(npObject) == liveObjectMap.end()); 402 liveObjectMap.set(npObject, owner); 403} 404 405void _NPN_UnregisterObject(NPObject* npObject) 406{ 407 ASSERT(npObject); 408 ASSERT(liveObjectMap.find(npObject) != liveObjectMap.end()); 409 410 NPObject* owner = 0; 411 if (liveObjectMap.find(npObject) != liveObjectMap.end()) 412 owner = liveObjectMap.find(npObject)->second; 413 414 if (!owner) { 415 // Unregistering a owner object; also unregister it's descendants. 416 ASSERT(rootObjectMap.find(npObject) != rootObjectMap.end()); 417 NPObjectSet* set = rootObjectMap.get(npObject); 418 while (set->size() > 0) { 419#ifndef NDEBUG 420 int size = set->size(); 421#endif 422 NPObject* sub_object = *(set->begin()); 423 // The sub-object should not be a owner! 424 ASSERT(rootObjectMap.find(sub_object) == rootObjectMap.end()); 425 426 // First, unregister the object. 427 set->remove(sub_object); 428 liveObjectMap.remove(sub_object); 429 430 // Remove the JS references to the object. 431 forgetV8ObjectForNPObject(sub_object); 432 433 ASSERT(set->size() < size); 434 } 435 delete set; 436 rootObjectMap.remove(npObject); 437 } else { 438 NPRootObjectMap::iterator ownerEntry = rootObjectMap.find(owner); 439 if (ownerEntry != rootObjectMap.end()) { 440 NPObjectSet* list = ownerEntry->second; 441 ASSERT(list->find(npObject) != list->end()); 442 list->remove(npObject); 443 } 444 } 445 446 liveObjectMap.remove(npObject); 447 forgetV8ObjectForNPObject(npObject); 448} 449 450bool _NPN_IsAlive(NPObject* npObject) 451{ 452 return liveObjectMap.find(npObject) != liveObjectMap.end(); 453} 454 455} // extern "C" 456