Fix broken code passing typed data from Dart to V8. Attempted to match patterns in SerializeScriptValue.cpp Fix JS interop to properly set set a hidden value when passing a Dart function to JS so that JS interop behavior is more consistent on dart2js and dartium. BUG= patch from issue 1724593002 at patchset 20001 (http://crrev.com/1724593002#ps20001)
diff --git a/Source/bindings/core/dart/DartJsInterop.cpp b/Source/bindings/core/dart/DartJsInterop.cpp index 7478ca2..afad3c2 100644 --- a/Source/bindings/core/dart/DartJsInterop.cpp +++ b/Source/bindings/core/dart/DartJsInterop.cpp
@@ -337,6 +337,7 @@ v8::Local<v8::Value> JsInterop::fromDart(DartDOMData* domData, Dart_Handle handle, Dart_Handle& exception) { + v8::Isolate* v8Isolate = v8::Isolate::GetCurrent(); v8::Handle<v8::Value> value = V8Converter::toV8IfPrimitive(domData, handle, exception); if (!value.IsEmpty() || exception) return value; @@ -359,7 +360,13 @@ DartHandleProxy::writePointerToProxy(functionProxy, handle); // The raw functionProxy doesn't behave enough like a true JS function // so we wrap it in a true JS function. - return domData->jsInteropData()->wrapDartFunction()->Call(functionProxy, 0, 0); + v8::Local<v8::Function> object = domData->jsInteropData()->wrapDartFunction()->Call(functionProxy, 0, 0).As<v8::Function>(); + + v8::Local<v8::String> existingDartWrapperKey = domData->jsInteropData()->existingDartWrapperHiddenField(v8Isolate); + v8::Local<v8::Object> containerForDartHandle = dartObjectTemplate()->InstanceTemplate()->NewInstance(); + DartHandleProxy::writePointerToProxy(containerForDartHandle, handle); + object->SetHiddenValue(existingDartWrapperKey, containerForDartHandle); + return object; } v8::Local<v8::Object> proxy; @@ -377,7 +384,6 @@ proxy = dartObjectTemplate()->InstanceTemplate()->NewInstance(); } DartHandleProxy::writePointerToProxy(proxy, handle); - v8::Isolate* v8Isolate = v8::Isolate::GetCurrent(); proxy->SetHiddenValue(v8::String::NewFromUtf8(v8Isolate, "dartProxy"), v8::Boolean::New(v8Isolate, true)); return proxy; @@ -466,9 +472,6 @@ DartDOMData* domData = DartDOMData::current(); DartJsInteropData* interopData = domData->jsInteropData(); v8::Local<v8::String> existingDartWrapperKey = interopData->existingDartWrapperHiddenField(v8Isolate); - - // TODO(alanknight): This will fail for multiple isolates referencing the same JS object. - // We probably need to use a different property name for different isolates. v8::Local<v8::Value> hiddenValue = object->GetHiddenValue(existingDartWrapperKey); if (*hiddenValue && hiddenValue->IsObject()) { diff --git a/Source/bindings/core/dart/V8Converter.cpp b/Source/bindings/core/dart/V8Converter.cpp index 2200818..d51ac57 100644 --- a/Source/bindings/core/dart/V8Converter.cpp +++ b/Source/bindings/core/dart/V8Converter.cpp
@@ -513,7 +513,10 @@ v8::Handle<v8::Value> V8Converter::arrayBufferToV8(Dart_Handle value, Dart_Handle& exception) { ScriptState* state = DartUtilities::v8ScriptStateForCurrentIsolate(); - return blink::toV8(DartUtilities::dartToExternalizedArrayBuffer(value, exception).get(), state->context()->Global(), state->isolate()); + RefPtr<DOMArrayBuffer> arrayBuffer = DOMArrayBuffer::create(DartUtilities::dartToExternalizedArrayBuffer(value, exception)); + v8::Handle<v8::Object> global = state->context()->Global(); + v8::Isolate* v8Isolate = state->isolate(); + return blink::toV8(arrayBuffer.get(), global, v8Isolate); } Dart_Handle V8Converter::arrayBufferToDart(v8::Handle<v8::Object> object, Dart_Handle& exception) @@ -525,31 +528,71 @@ { RefPtr<ArrayBufferView> view = DartUtilities::dartToExternalizedArrayBufferView(value, exception); ScriptState* state = DartUtilities::v8ScriptStateForCurrentIsolate(); + unsigned byteOffset = view->byteOffset(); + // this is copied from ScriptValueSerializer. + int elementByteSize = 1; + ArrayBuffer* data = view->buffer().get(); switch (view->type()) { case ArrayBufferView::TypeInt8: - return blink::toV8(static_cast<Int8Array*>(view.get()), state->context()->Global(), state->isolate()); + elementByteSize = sizeof(DOMInt8Array::ValueType); + break; case ArrayBufferView::TypeUint8: - return blink::toV8(static_cast<Uint8Array*>(view.get()), state->context()->Global(), state->isolate()); + elementByteSize = sizeof(DOMUint8Array::ValueType); + break; case ArrayBufferView::TypeUint8Clamped: - return blink::toV8(static_cast<Uint8ClampedArray*>(view.get()), state->context()->Global(), state->isolate()); + elementByteSize = sizeof(DOMUint8ClampedArray::ValueType); + break; case ArrayBufferView::TypeInt16: - return blink::toV8(static_cast<Int16Array*>(view.get()), state->context()->Global(), state->isolate()); + elementByteSize = sizeof(DOMInt16Array::ValueType); + break; case ArrayBufferView::TypeUint16: - return blink::toV8(static_cast<Uint16Array*>(view.get()), state->context()->Global(), state->isolate()); + elementByteSize = sizeof(DOMUint16Array::ValueType); + break; case ArrayBufferView::TypeInt32: - return blink::toV8(static_cast<Int32Array*>(view.get()), state->context()->Global(), state->isolate()); + elementByteSize = sizeof(DOMInt32Array::ValueType); + break; case ArrayBufferView::TypeUint32: - return blink::toV8(static_cast<Uint32Array*>(view.get()), state->context()->Global(), state->isolate()); + elementByteSize = sizeof(DOMUint32Array::ValueType); + break; case ArrayBufferView::TypeFloat32: - return blink::toV8(static_cast<Float32Array*>(view.get()), state->context()->Global(), state->isolate()); + elementByteSize = sizeof(DOMFloat32Array::ValueType); + break; case ArrayBufferView::TypeFloat64: - return blink::toV8(static_cast<Float64Array*>(view.get()), state->context()->Global(), state->isolate()); + elementByteSize = sizeof(DOMFloat64Array::ValueType); + break; + case ArrayBufferView::TypeDataView: + elementByteSize = sizeof(DOMDataView::ValueType); + break; + default: + ASSERT_NOT_REACHED(); + } + unsigned numElements = view->byteLength() / elementByteSize; + + switch (view->type()) { + case ArrayBufferView::TypeInt8: + return blink::toV8(DOMInt8Array::create(data, byteOffset, numElements), state->context()->Global(), state->isolate()); + case ArrayBufferView::TypeUint8: + return blink::toV8(DOMUint8Array::create(data, byteOffset, numElements), state->context()->Global(), state->isolate()); + case ArrayBufferView::TypeUint8Clamped: + return blink::toV8(DOMUint8ClampedArray::create(data, byteOffset, numElements), state->context()->Global(), state->isolate()); + case ArrayBufferView::TypeInt16: + return blink::toV8(DOMInt16Array::create(data, byteOffset, numElements), state->context()->Global(), state->isolate()); + case ArrayBufferView::TypeUint16: + return blink::toV8(DOMUint16Array::create(data, byteOffset, numElements), state->context()->Global(), state->isolate()); + case ArrayBufferView::TypeInt32: + return blink::toV8(DOMInt32Array::create(data, byteOffset, numElements), state->context()->Global(), state->isolate()); + case ArrayBufferView::TypeUint32: + return blink::toV8(DOMUint32Array::create(data, byteOffset, numElements), state->context()->Global(), state->isolate()); + case ArrayBufferView::TypeFloat32: + return blink::toV8(DOMFloat32Array::create(data, byteOffset, numElements), state->context()->Global(), state->isolate()); + case ArrayBufferView::TypeFloat64: + return blink::toV8(DOMFloat64Array::create(data, byteOffset, numElements), state->context()->Global(), state->isolate()); case ArrayBufferView::TypeDataView: { + RefPtr<DOMArrayBufferView> domArrayBuffView = adoptRef(new DOMArrayBufferView(view.get())); // TODO(terry): Had to move protected constructor to public in // core/dom/DOMArrayBufferView.h - RefPtr<DOMArrayBufferView> domArrayBuffView = new DOMArrayBufferView(view.get()); return blink::toV8(DOMDataView::create(domArrayBuffView->bufferBase(), domArrayBuffView->byteOffset(), domArrayBuffView->byteLength()), 