Whether |listener| is empty or not is checked in blink::V8EventListenerOrEventHandler::CallListenerFunction() here: https://cs.chromium.org/chromium/src/third_party/blink/renderer/bindings/core/v8/v8_event_listener_or_event_handler.cc?l=97&rcl=f3b67c85008a2de4e1146316974a0e2e15aa9207 |listener| should not be empty on calling it and thus we do not have to check that, but it could be empty in current implementation.
Whether |listener| is empty or not is checked in blink::V8EventListenerOrEventHandler::CallListenerFunction() here: https://cs.chromium.org/chromium/src/third_party/blink/renderer/bindings/core/v8/v8_event_listener_or_event_handler.cc?l=97&rcl=f3b67c85008a2de4e1146316974a0e2e15aa9207 |listener| should not be empty on calling it and thus we do not have to check that, but it could be empty in current implementation. This will be fixed after unified GC is launched, or wrapper-tracing is applied appropriately to all the EventTarget (some of EventTargets need to be ActiveScriptWrappable).
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/20a443ce6dd653ce3259782667598f9b87211e5d commit 20a443ce6dd653ce3259782667598f9b87211e5d Author: Yuki Yamada <yukiy@google.com> Date: Mon Sep 10 02:27:07 2018 Reland: Split implementation of EventListener and EventHandler This reverts commit 9f87a1ee823c8bf185dfdde265e457c2cc668191. https://chromium-review.googlesource.com/c/chromium/src/+/1212202 Regarding to crbug.com/881688 : This CL adds the check for if listener is empty or not before calling it, but it should not be empty at that time. This is because listener object could be collected prematurally by garbage collection. This will be fixed after unified GC is launched, or wrapper-tracing is applied appropriately to all the EventTarget (some of EventTargets need to be ActiveScriptWrappable). Bug: 872138 , 881688, 878658 , 606900 , 849236 Change-Id: I9b224e0d261e1567c4c4f7778bd0d6044b7f6202 Reviewed-on: https://chromium-review.googlesource.com/1212376 Reviewed-by: Kentaro Hara <haraken@chromium.org> Reviewed-by: Hayato Ito <hayato@chromium.org> Reviewed-by: Hitoshi Yoshida <peria@chromium.org> Reviewed-by: Yuki Shiino <yukishiino@chromium.org> Commit-Queue: Yuki Yamada <yukiy@google.com> Cr-Commit-Position: refs/heads/master@{#589820} [modify] https://crrev.com/20a443ce6dd653ce3259782667598f9b87211e5d/third_party/WebKit/LayoutTests/external/wpt/dom/events/event-global-extra.window-expected.txt [modify] https://crrev.com/20a443ce6dd653ce3259782667598f9b87211e5d/third_party/WebKit/LayoutTests/external/wpt/html/semantics/scripting-1/the-script-element/execution-timing/083-expected.txt [delete] https://crrev.com/8a2c335368664b66cbb29fc739bb864dfd37b4a6/third_party/WebKit/LayoutTests/external/wpt/html/semantics/scripting-1/the-script-element/execution-timing/084-expected.txt [delete] https://crrev.com/8a2c335368664b66cbb29fc739bb864dfd37b4a6/third_party/WebKit/LayoutTests/external/wpt/html/webappapis/scripting/processing-model-2/window-onerror-with-cross-frame-event-listeners-1-expected.txt [delete] https://crrev.com/8a2c335368664b66cbb29fc739bb864dfd37b4a6/third_party/WebKit/LayoutTests/external/wpt/html/webappapis/scripting/processing-model-2/window-onerror-with-cross-frame-event-listeners-2-expected.txt [modify] https://crrev.com/20a443ce6dd653ce3259782667598f9b87211e5d/third_party/WebKit/LayoutTests/fast/dom/margin-height-guarded-crash-expected.txt [modify] https://crrev.com/20a443ce6dd653ce3259782667598f9b87211e5d/third_party/WebKit/LayoutTests/fast/dom/margin-height-guarded-crash.html [modify] https://crrev.com/20a443ce6dd653ce3259782667598f9b87211e5d/third_party/WebKit/LayoutTests/fast/dom/ready-state-change-crash-expected.txt [modify] https://crrev.com/20a443ce6dd653ce3259782667598f9b87211e5d/third_party/WebKit/LayoutTests/fast/events/touch/gesture/gesture-tap-frame-removed-expected.txt [modify] https://crrev.com/20a443ce6dd653ce3259782667598f9b87211e5d/third_party/WebKit/LayoutTests/inspector-protocol/heap-profiler/heap-snapshot-merged-nodes-expected.txt [modify] https://crrev.com/20a443ce6dd653ce3259782667598f9b87211e5d/third_party/WebKit/LayoutTests/inspector-protocol/heap-profiler/heap-snapshot-with-event-listener-expected.txt [modify] https://crrev.com/20a443ce6dd653ce3259782667598f9b87211e5d/third_party/WebKit/LayoutTests/inspector-protocol/heap-profiler/heap-snapshot-with-multiple-retainers-expected.txt [modify] https://crrev.com/20a443ce6dd653ce3259782667598f9b87211e5d/third_party/WebKit/LayoutTests/inspector-protocol/heap-profiler/heap-snapshot-with-multiple-retainers.js [modify] https://crrev.com/20a443ce6dd653ce3259782667598f9b87211e5d/third_party/blink/renderer/bindings/bindings.gni [modify] https://crrev.com/20a443ce6dd653ce3259782667598f9b87211e5d/third_party/blink/renderer/bindings/core/v8/script_event_listener.cc [rename] https://crrev.com/20a443ce6dd653ce3259782667598f9b87211e5d/third_party/blink/renderer/bindings/core/v8/v8_abstract_event_handler.cc [rename] https://crrev.com/20a443ce6dd653ce3259782667598f9b87211e5d/third_party/blink/renderer/bindings/core/v8/v8_abstract_event_handler.h [modify] https://crrev.com/20a443ce6dd653ce3259782667598f9b87211e5d/third_party/blink/renderer/bindings/core/v8/v8_event_listener_helper.cc [add] https://crrev.com/20a443ce6dd653ce3259782667598f9b87211e5d/third_party/blink/renderer/bindings/core/v8/v8_event_listener_impl.cc [add] https://crrev.com/20a443ce6dd653ce3259782667598f9b87211e5d/third_party/blink/renderer/bindings/core/v8/v8_event_listener_impl.h [modify] https://crrev.com/20a443ce6dd653ce3259782667598f9b87211e5d/third_party/blink/renderer/bindings/core/v8/v8_event_listener_or_event_handler.cc [modify] https://crrev.com/20a443ce6dd653ce3259782667598f9b87211e5d/third_party/blink/renderer/bindings/core/v8/v8_event_listener_or_event_handler.h [modify] https://crrev.com/20a443ce6dd653ce3259782667598f9b87211e5d/third_party/blink/renderer/bindings/core/v8/v8_lazy_event_listener.cc [modify] https://crrev.com/20a443ce6dd653ce3259782667598f9b87211e5d/third_party/blink/renderer/bindings/core/v8/v8_lazy_event_listener.h [modify] https://crrev.com/20a443ce6dd653ce3259782667598f9b87211e5d/third_party/blink/renderer/bindings/scripts/v8_types.py [modify] https://crrev.com/20a443ce6dd653ce3259782667598f9b87211e5d/third_party/blink/renderer/bindings/tests/results/core/v8_test_interface.cc [modify] https://crrev.com/20a443ce6dd653ce3259782667598f9b87211e5d/third_party/blink/renderer/bindings/tests/results/core/v8_test_interface_node.cc [modify] https://crrev.com/20a443ce6dd653ce3259782667598f9b87211e5d/third_party/blink/renderer/bindings/tests/results/core/v8_test_object.cc [modify] https://crrev.com/20a443ce6dd653ce3259782667598f9b87211e5d/third_party/blink/renderer/core/core_idl_files.gni [modify] https://crrev.com/20a443ce6dd653ce3259782667598f9b87211e5d/third_party/blink/renderer/core/dom/events/event_listener.h [modify] https://crrev.com/20a443ce6dd653ce3259782667598f9b87211e5d/third_party/blink/renderer/core/dom/events/event_target.cc [modify] https://crrev.com/20a443ce6dd653ce3259782667598f9b87211e5d/third_party/blink/renderer/core/inspector/inspector_dom_debugger_agent.cc [modify] https://crrev.com/20a443ce6dd653ce3259782667598f9b87211e5d/third_party/blink/renderer/platform/bindings/callback_interface_base.h [modify] https://crrev.com/20a443ce6dd653ce3259782667598f9b87211e5d/third_party/blink/renderer/platform/bindings/trace_wrapper_v8_reference.h
Comment 1 by peria@chromium.org
, Sep 7Status: Started (was: Untriaged)