Adopt more smart pointers in WebCore/

cdumez · cdumez · commit 9e25f5119e3b · 2023-10-18T08:15:22.000-07:00
https://bugs.webkit.org/show_bug.cgi?id=263268 Reviewed by Ryosuke Niwa. * Source/WebCore/dom/ContainerNode.h: (WebCore::ContainerNode::protectedRootNode const): * Source/WebCore/dom/CurrentScriptIncrementer.h: (WebCore::CurrentScriptIncrementer::CurrentScriptIncrementer): (WebCore::CurrentScriptIncrementer::~CurrentScriptIncrementer): (WebCore::CurrentScriptIncrementer::protectedDocument const): * Source/WebCore/dom/CustomElementDefaultARIA.cpp: (WebCore::isElementVisible): (WebCore::CustomElementDefaultARIA::valueForAttribute const): (WebCore::CustomElementDefaultARIA::setElementsForAttribute): * Source/WebCore/dom/CustomElementReactionQueue.cpp: (WebCore::CustomElementReactionQueue::tryToUpgradeElement): (WebCore::CustomElementQueue::invokeAll): (WebCore::CustomElementReactionQueue::enqueueElementOnAppropriateElementQueue): (WebCore::CustomElementReactionStack::processQueue): (WebCore::CustomElementReactionStack::takeElements): * Source/WebCore/dom/CustomElementReactionQueue.h: * Source/WebCore/dom/CustomElementRegistry.cpp: (WebCore::CustomElementRegistry::document const): (WebCore::enqueueUpgradeInShadowIncludingTreeOrder): (WebCore::CustomElementRegistry::addElementDefinition): (WebCore::CustomElementRegistry::get): (WebCore::CustomElementRegistry::getName): (WebCore::upgradeElementsInShadowIncludingDescendants): * Source/WebCore/dom/CustomElementRegistry.h: * Source/WebCore/dom/DatasetDOMStringMap.cpp: (WebCore::DatasetDOMStringMap::ref): (WebCore::DatasetDOMStringMap::deref): (WebCore::DatasetDOMStringMap::isSupportedPropertyName const): (WebCore::DatasetDOMStringMap::supportedPropertyNames const): (WebCore::DatasetDOMStringMap::item const): (WebCore::DatasetDOMStringMap::setNamedItem): (WebCore::DatasetDOMStringMap::deleteNamedProperty): (WebCore::DatasetDOMStringMap::protectedElement const): * Source/WebCore/dom/DatasetDOMStringMap.h: Canonical link: https://commits.webkit.org/269465@main
diff --git a/Source/WebCore/bindings/js/JSHTMLElementCustom.cpp b/Source/WebCore/bindings/js/JSHTMLElementCustom.cpp
@@ -65,36 +65,33 @@ EncodedJSValue constructJSHTMLElement(JSGlobalObject* lexicalGlobalObject, CallF
     if (newTarget == htmlElementConstructorValue)
         return throwVMTypeError(lexicalGlobalObject, scope, "new.target is not a valid custom element constructor"_s);
 
-    auto& document = downcast<Document>(*context);
+    Ref document = downcast<Document>(*context);
 
-    auto* window = document.domWindow();
+    RefPtr window = document->domWindow();
     if (!window)
         return throwVMTypeError(lexicalGlobalObject, scope, "new.target is not a valid custom element constructor"_s);
 
-    auto* registry = window->customElementRegistry();
+    RefPtr registry = window->customElementRegistry();
     if (!registry)
         return throwVMTypeError(lexicalGlobalObject, scope, "new.target is not a valid custom element constructor"_s);
 
-    auto* elementInterface = registry->findInterface(newTarget);
+    RefPtr elementInterface = registry->findInterface(newTarget);
     if (!elementInterface)
         return throwVMTypeError(lexicalGlobalObject, scope, "new.target does not define a custom element"_s);
 
     if (!elementInterface->isUpgradingElement()) {
-        Ref<Document> protectedDocument(document);
-        Ref<JSCustomElementInterface> protectedElementInterface(*elementInterface);
-
         Structure* baseStructure = getDOMStructure<JSHTMLElement>(vm, *newTargetGlobalObject);
         auto* newElementStructure = InternalFunction::createSubclassStructure(lexicalGlobalObject, newTarget, baseStructure);
         RETURN_IF_EXCEPTION(scope, { });
 
-        Ref<HTMLElement> element = elementInterface->createElement(document);
+        Ref element = elementInterface->createElement(document);
         element->setIsDefinedCustomElement(*elementInterface);
         auto* jsElement = JSHTMLElement::create(newElementStructure, newTargetGlobalObject, element.get());
         cacheWrapper(newTargetGlobalObject->world(), element.ptr(), jsElement);
         return JSValue::encode(jsElement);
     }
 
-    Element* elementToUpgrade = elementInterface->lastElementInConstructionStack();
+    RefPtr elementToUpgrade = elementInterface->lastElementInConstructionStack();
     if (!elementToUpgrade) {
         throwTypeError(lexicalGlobalObject, scope, "Cannot instantiate a custom element inside its own constructor during upgrades"_s);
         return JSValue::encode(jsUndefined());
diff --git a/Source/WebCore/dom/ContainerNode.h b/Source/WebCore/dom/ContainerNode.h
@@ -63,6 +63,7 @@ class ContainerNode : public Node {
     void replaceAll(Node*);
 
     ContainerNode& rootNode() const { return downcast<ContainerNode>(Node::rootNode()); }
+    Ref<ContainerNode> protectedRootNode() const { return downcast<ContainerNode>(Node::rootNode()); }
 
     // These methods are only used during parsing.
     // They don't send DOM mutation events or handle reparenting.
diff --git a/Source/WebCore/dom/CurrentScriptIncrementer.h b/Source/WebCore/dom/CurrentScriptIncrementer.h
@@ -28,6 +28,7 @@
 
 #pragma once
 
+#include <wtf/CheckedRef.h>
 #include "Document.h"
 #include "ScriptElement.h"
 
@@ -40,16 +41,18 @@ class CurrentScriptIncrementer {
         : m_document(document)
     {
         bool shouldPushNullForCurrentScript = scriptElement.element().isInShadowTree() || scriptElement.scriptType() != ScriptType::Classic;
-        m_document.pushCurrentScript(shouldPushNullForCurrentScript ? nullptr : &scriptElement.element());
+        protectedDocument()->pushCurrentScript(shouldPushNullForCurrentScript ? nullptr : &scriptElement.element());
     }
 
     ~CurrentScriptIncrementer()
     {
-        m_document.popCurrentScript();
+        protectedDocument()->popCurrentScript();
     }
 
 private:
-    Document& m_document;
+    Ref<Document> protectedDocument() const { return m_document.get(); }
+
+    CheckedRef<Document> m_document;
 };
 
 } // namespace WebCore
diff --git a/Source/WebCore/dom/CustomElementDefaultARIA.cpp b/Source/WebCore/dom/CustomElementDefaultARIA.cpp
@@ -47,7 +47,7 @@ void CustomElementDefaultARIA::setValueForAttribute(const QualifiedName& name, c
 
 static bool isElementVisible(const Element& element, const Element& thisElement)
 {
-    return !element.isConnected() || element.isInDocumentTree() || thisElement.isDescendantOrShadowDescendantOf(element.rootNode());
+    return !element.isConnected() || element.isInDocumentTree() || thisElement.isDescendantOrShadowDescendantOf(element.protectedRootNode());
 }
 
 const AtomString& CustomElementDefaultARIA::valueForAttribute(const Element& thisElement, const QualifiedName& name) const
@@ -56,14 +56,14 @@ const AtomString& CustomElementDefaultARIA::valueForAttribute(const Element& thi
     if (it == m_map.end())
         return nullAtom();
 
-    const AtomString* result = &nullAtom();
-    std::visit(WTF::makeVisitor([&](const AtomString& stringValue) {
-        result = &stringValue;
-    }, [&](const WeakPtr<Element, WeakPtrImplWithEventTargetData>& weakElementValue) {
+    return std::visit(WTF::makeVisitor([&](const AtomString& stringValue) -> const AtomString& {
+        return stringValue;
+    }, [&](const WeakPtr<Element, WeakPtrImplWithEventTargetData>& weakElementValue) -> const AtomString& {
         RefPtr elementValue = weakElementValue.get();
         if (elementValue && isElementVisible(*elementValue, thisElement))
-            result = &elementValue->attributeWithoutSynchronization(HTMLNames::idAttr);
-    }, [&](const Vector<WeakPtr<Element, WeakPtrImplWithEventTargetData>>& elements) {
+            return elementValue->attributeWithoutSynchronization(HTMLNames::idAttr);
+        return nullAtom();
+    }, [&](const Vector<WeakPtr<Element, WeakPtrImplWithEventTargetData>>& elements) -> const AtomString& {
         StringBuilder idList;
         for (auto& weakElement : elements) {
             RefPtr element = weakElement.get();
@@ -73,9 +73,9 @@ const AtomString& CustomElementDefaultARIA::valueForAttribute(const Element& thi
                 idList.append(element->attributeWithoutSynchronization(HTMLNames::idAttr));
             }
         }
+        // FIXME: This should probably be using the idList we just built.
+        return nullAtom();
     }), it->value);
-
-    return *result;
 }
 
 bool CustomElementDefaultARIA::hasAttribute(const QualifiedName& name) const
@@ -144,7 +144,7 @@ void CustomElementDefaultARIA::setElementsForAttribute(const QualifiedName& name
             elements.append(WeakPtr<Element, WeakPtrImplWithEventTargetData> { *element });
         }
     }
-    m_map.set(name, elements);
+    m_map.set(name, WTFMove(elements));
 }
 
-}; // namespace WebCore
+} // namespace WebCore
diff --git a/Source/WebCore/dom/CustomElementReactionQueue.cpp b/Source/WebCore/dom/CustomElementReactionQueue.cpp
@@ -142,15 +142,15 @@ void CustomElementReactionQueue::tryToUpgradeElement(Element& element)
 {
     ASSERT(CustomElementReactionDisallowedScope::isReactionAllowed());
     ASSERT(element.isCustomElementUpgradeCandidate());
-    auto* window = element.document().domWindow();
+    RefPtr window = element.document().domWindow();
     if (!window)
         return;
 
-    auto* registry = window->customElementRegistry();
+    RefPtr registry = window->customElementRegistry();
     if (!registry)
         return;
 
-    auto* elementInterface = registry->findInterface(element);
+    RefPtr elementInterface = registry->findInterface(element);
     if (!elementInterface)
         return;
 
@@ -337,8 +337,8 @@ inline void CustomElementQueue::invokeAll()
     // It's possible for more elements to be enqueued if some IDL attributes were missing CEReactions.
     // Invoke callbacks slightly later here instead of crashing / ignoring those cases.
     for (unsigned i = 0; i < m_elements.size(); ++i) {
-        auto& element = m_elements[i].get();
-        auto* queue = element.reactionQueue();
+        Ref element = m_elements[i].get();
+        auto* queue = element->reactionQueue();
         ASSERT(queue);
         queue->invokeAll(element);
     }
@@ -393,9 +393,9 @@ void CustomElementReactionQueue::enqueueElementOnAppropriateElementQueue(Element
         return;
     }
 
-    auto*& queue = CustomElementReactionStack::s_currentProcessingStack->m_queue;
-    if (!queue) // We use a raw pointer to avoid genearing code to delete it in ~CustomElementReactionStack.
-        queue = new CustomElementQueue;
+    auto& queue = CustomElementReactionStack::s_currentProcessingStack->m_queue;
+    if (!queue)
+        queue = makeUnique<CustomElementQueue>();
     queue->add(element);
 }
 
@@ -409,7 +409,6 @@ void CustomElementReactionStack::processQueue(JSC::JSGlobalObject* state)
 {
     ASSERT(m_queue);
     m_queue->processQueue(state);
-    delete m_queue;
     m_queue = nullptr;
 }
 
@@ -418,7 +417,6 @@ Vector<GCReachableRef<Element>, 4> CustomElementReactionStack::takeElements()
     if (!m_queue)
         return { };
     auto elements = m_queue->takeElements();
-    delete m_queue;
     m_queue = nullptr;
     return elements;
 }
diff --git a/Source/WebCore/dom/CustomElementReactionQueue.h b/Source/WebCore/dom/CustomElementReactionQueue.h
@@ -99,7 +99,7 @@ class CustomElementQueue {
     WTF_MAKE_NONCOPYABLE(CustomElementQueue);
 public:
     CustomElementQueue();
-    ~CustomElementQueue();
+    WEBCORE_EXPORT ~CustomElementQueue();
 
     void add(Element&);
     void processQueue(JSC::JSGlobalObject*);
@@ -233,7 +233,7 @@ class CustomElementReactionStack : public CustomElementReactionDisallowedScope::
 private:
     WEBCORE_EXPORT void processQueue(JSC::JSGlobalObject*);
 
-    CustomElementQueue* m_queue { nullptr }; // Use raw pointer to avoid generating delete in the destructor.
+    std::unique_ptr<CustomElementQueue> m_queue;
     CustomElementReactionStack* const m_previousProcessingStack;
     JSC::JSGlobalObject* const m_state;
 
diff --git a/Source/WebCore/dom/CustomElementRegistry.cpp b/Source/WebCore/dom/CustomElementRegistry.cpp
@@ -58,16 +58,16 @@ CustomElementRegistry::~CustomElementRegistry() = default;
 
 Document* CustomElementRegistry::document() const
 {
-    return m_window.document();
+    return m_window ? m_window->document() : nullptr;
 }
 
 // https://dom.spec.whatwg.org/#concept-shadow-including-tree-order
 static void enqueueUpgradeInShadowIncludingTreeOrder(ContainerNode& node, JSCustomElementInterface& elementInterface)
 {
-    for (Element* element = ElementTraversal::firstWithin(node); element; element = ElementTraversal::next(*element)) {
+    for (RefPtr element = ElementTraversal::firstWithin(node); element; element = ElementTraversal::next(*element)) {
         if (element->isCustomElementUpgradeCandidate() && element->tagQName().matches(elementInterface.name()))
             element->enqueueToUpgrade(elementInterface);
-        if (auto* shadowRoot = element->shadowRoot()) {
+        if (RefPtr shadowRoot = element->shadowRoot()) {
             if (shadowRoot->mode() != ShadowRootMode::UserAgent)
                 enqueueUpgradeInShadowIncludingTreeOrder(*shadowRoot, elementInterface);
         }
@@ -89,7 +89,7 @@ RefPtr<DeferredPromise> CustomElementRegistry::addElementDefinition(Ref<JSCustom
     if (elementInterface->isShadowDisabled())
         m_disabledShadowSet.add(localName);
 
-    if (auto* document = m_window.document()) {
+    if (RefPtr document = this->document()) {
         // ungap/@custom-elements detection for quirk (rdar://problem/111008826).
         if (localName == extendsLi.get())
             document->quirks().setNeedsConfigurableIndexedPropertiesQuirk();
@@ -116,7 +116,7 @@ JSCustomElementInterface* CustomElementRegistry::findInterface(const AtomString&
     return m_nameMap.get(name);
 }
 
-JSCustomElementInterface* CustomElementRegistry::findInterface(const JSC::JSObject* constructor) const
+RefPtr<JSCustomElementInterface> CustomElementRegistry::findInterface(const JSC::JSObject* constructor) const
 {
     Locker locker { m_constructorMapLock };
     return m_constructorMap.get(constructor);
@@ -130,7 +130,7 @@ bool CustomElementRegistry::containsConstructor(const JSC::JSObject* constructor
 
 JSC::JSValue CustomElementRegistry::get(const AtomString& name)
 {
-    if (auto* elementInterface = m_nameMap.get(name))
+    if (RefPtr elementInterface = m_nameMap.get(name))
         return elementInterface->constructor();
     return JSC::jsUndefined();
 }
@@ -140,18 +140,18 @@ String CustomElementRegistry::getName(JSC::JSValue constructorValue)
     auto* constructor = constructorValue.getObject();
     if (!constructor)
         return String { };
-    auto* elementInterface = findInterface(constructor);
+    RefPtr elementInterface = findInterface(constructor);
     if (!elementInterface)
         return String { };
     return elementInterface->name().localName();
 }
 
 static void upgradeElementsInShadowIncludingDescendants(ContainerNode& root)
 {
-    for (auto& element : descendantsOfType<Element>(root)) {
-        if (element.isCustomElementUpgradeCandidate())
+    for (Ref element : descendantsOfType<Element>(root)) {
+        if (element->isCustomElementUpgradeCandidate())
             CustomElementReactionQueue::tryToUpgradeElement(element);
-        if (auto* shadowRoot = element.shadowRoot())
+        if (RefPtr shadowRoot = element->shadowRoot())
             upgradeElementsInShadowIncludingDescendants(*shadowRoot);
     }
 }
diff --git a/Source/WebCore/dom/CustomElementRegistry.h b/Source/WebCore/dom/CustomElementRegistry.h
@@ -30,6 +30,7 @@
 #include <wtf/Lock.h>
 #include <wtf/RobinHoodHashMap.h>
 #include <wtf/RobinHoodHashSet.h>
+#include <wtf/WeakPtr.h>
 #include <wtf/text/AtomString.h>
 #include <wtf/text/AtomStringHash.h>
 
@@ -66,7 +67,7 @@ class CustomElementRegistry : public RefCounted<CustomElementRegistry>, public C
     JSCustomElementInterface* findInterface(const Element&) const;
     JSCustomElementInterface* findInterface(const QualifiedName&) const;
     JSCustomElementInterface* findInterface(const AtomString&) const;
-    JSCustomElementInterface* findInterface(const JSC::JSObject*) const;
+    RefPtr<JSCustomElementInterface> findInterface(const JSC::JSObject*) const;
     bool containsConstructor(const JSC::JSObject*) const;
 
     JSC::JSValue get(const AtomString&);
@@ -80,7 +81,7 @@ class CustomElementRegistry : public RefCounted<CustomElementRegistry>, public C
 private:
     CustomElementRegistry(LocalDOMWindow&, ScriptExecutionContext*);
 
-    LocalDOMWindow& m_window;
+    WeakPtr<LocalDOMWindow, WeakPtrImplWithEventTargetData> m_window;
     HashMap<AtomString, Ref<JSCustomElementInterface>> m_nameMap;
     HashMap<const JSC::JSObject*, JSCustomElementInterface*> m_constructorMap WTF_GUARDED_BY_LOCK(m_constructorMapLock);
     MemoryCompactRobinHoodHashMap<AtomString, Ref<DeferredPromise>> m_promiseMap;
diff --git a/Source/WebCore/dom/DatasetDOMStringMap.cpp b/Source/WebCore/dom/DatasetDOMStringMap.cpp
@@ -118,20 +118,21 @@ static AtomString convertPropertyNameToAttributeName(const String& name)
 
 void DatasetDOMStringMap::ref()
 {
-    m_element.ref();
+    m_element->ref();
 }
 
 void DatasetDOMStringMap::deref()
 {
-    m_element.deref();
+    m_element->deref();
 }
 
 bool DatasetDOMStringMap::isSupportedPropertyName(const String& propertyName) const
 {
-    if (!m_element.hasAttributes())
+    Ref element = m_element.get();
+    if (!element->hasAttributes())
         return false;
 
-    auto attributeIteratorAccessor = m_element.attributesIterator();
+    auto attributeIteratorAccessor = element->attributesIterator();
     if (attributeIteratorAccessor.attributeCount() == 1) {
         // Avoid creating AtomString when there is only one attribute.
         const auto& attribute = *attributeIteratorAccessor.begin();
@@ -152,10 +153,11 @@ Vector<String> DatasetDOMStringMap::supportedPropertyNames() const
 {
     Vector<String> names;
 
-    if (!m_element.hasAttributes())
+    Ref element = m_element.get();
+    if (!element->hasAttributes())
         return names;
 
-    for (auto& attribute : m_element.attributesIterator()) {
+    for (auto& attribute : element->attributesIterator()) {
         if (isValidAttributeName(attribute.localName()))
             names.append(convertAttributeNameToPropertyName(attribute.localName()));
     }
@@ -165,8 +167,9 @@ Vector<String> DatasetDOMStringMap::supportedPropertyNames() const
 
 const AtomString* DatasetDOMStringMap::item(const String& propertyName) const
 {
-    if (m_element.hasAttributes()) {
-        AttributeIteratorAccessor attributeIteratorAccessor = m_element.attributesIterator();
+    Ref element = m_element.get();
+    if (element->hasAttributes()) {
+        AttributeIteratorAccessor attributeIteratorAccessor = element->attributesIterator();
 
         if (attributeIteratorAccessor.attributeCount() == 1) {
             // Avoid creating AtomString when there is only one attribute.
@@ -196,12 +199,17 @@ ExceptionOr<void> DatasetDOMStringMap::setNamedItem(const String& name, const At
 {
     if (!isValidPropertyName(name))
         return Exception { SyntaxError };
-    return m_element.setAttribute(convertPropertyNameToAttributeName(name), value);
+    return protectedElement()->setAttribute(convertPropertyNameToAttributeName(name), value);
 }
 
 bool DatasetDOMStringMap::deleteNamedProperty(const String& name)
 {
-    return m_element.removeAttribute(convertPropertyNameToAttributeName(name));
+    return protectedElement()->removeAttribute(convertPropertyNameToAttributeName(name));
+}
+
+Ref<Element> DatasetDOMStringMap::protectedElement() const
+{
+    return m_element.get();
 }
 
 } // namespace WebCore
diff --git a/Source/WebCore/dom/DatasetDOMStringMap.h b/Source/WebCore/dom/DatasetDOMStringMap.h

Original file line number	Diff line number	Diff line change
`@@ -28,6 +28,7 @@`
`28`	`28`
`29`	`29`	`#pragma once`
`30`	`30`
	`31`	`+#include <wtf/CheckedRef.h>`
`31`	`32`	`#include "Document.h"`
`32`	`33`	`#include "ScriptElement.h"`
`33`	`34`
`@@ -40,16 +41,18 @@ class CurrentScriptIncrementer {`
`40`	`41`	`: m_document(document)`
`41`	`42`	`{`
`42`	`43`	`bool shouldPushNullForCurrentScript = scriptElement.element().isInShadowTree() \|\| scriptElement.scriptType() != ScriptType::Classic;`
`43`		`- m_document.pushCurrentScript(shouldPushNullForCurrentScript ? nullptr : &scriptElement.element());`
	`44`	`+ protectedDocument()->pushCurrentScript(shouldPushNullForCurrentScript ? nullptr : &scriptElement.element());`
`44`	`45`	`}`
`45`	`46`
`46`	`47`	`~CurrentScriptIncrementer()`
`47`	`48`	`{`
`48`		`- m_document.popCurrentScript();`
	`49`	`+ protectedDocument()->popCurrentScript();`
`49`	`50`	`}`
`50`	`51`
`51`	`52`	`private:`
`52`		`- Document& m_document;`
	`53`	`+ Ref<Document> protectedDocument() const { return m_document.get(); }`
	`54`	`+`
	`55`	`+ CheckedRef<Document> m_document;`
`53`	`56`	`};`
`54`	`57`
`55`	`58`	`} // namespace WebCore`
Original file line number	Diff line number	Diff line change
`@@ -47,7 +47,7 @@ void CustomElementDefaultARIA::setValueForAttribute(const QualifiedName& name, c`
`47`	`47`
`48`	`48`	`static bool isElementVisible(const Element& element, const Element& thisElement)`
`49`	`49`	`{`
`50`		`- return !element.isConnected() \|\| element.isInDocumentTree() \|\| thisElement.isDescendantOrShadowDescendantOf(element.rootNode());`
	`50`	`+ return !element.isConnected() \|\| element.isInDocumentTree() \|\| thisElement.isDescendantOrShadowDescendantOf(element.protectedRootNode());`
`51`	`51`	`}`
`52`	`52`
`53`	`53`	`const AtomString& CustomElementDefaultARIA::valueForAttribute(const Element& thisElement, const QualifiedName& name) const`
`@@ -56,14 +56,14 @@ const AtomString& CustomElementDefaultARIA::valueForAttribute(const Element& thi`
`56`	`56`	`if (it == m_map.end())`
`57`	`57`	`return nullAtom();`
`58`	`58`
`59`		`- const AtomString* result = &nullAtom();`
`60`		`- std::visit(WTF::makeVisitor([&](const AtomString& stringValue) {`
`61`		`- result = &stringValue;`
`62`		`- }, [&](const WeakPtr<Element, WeakPtrImplWithEventTargetData>& weakElementValue) {`
	`59`	`+ return std::visit(WTF::makeVisitor([&](const AtomString& stringValue) -> const AtomString& {`
	`60`	`+ return stringValue;`
	`61`	`+ }, [&](const WeakPtr<Element, WeakPtrImplWithEventTargetData>& weakElementValue) -> const AtomString& {`
`63`	`62`	`RefPtr elementValue = weakElementValue.get();`
`64`	`63`	`if (elementValue && isElementVisible(*elementValue, thisElement))`
`65`		`- result = &elementValue->attributeWithoutSynchronization(HTMLNames::idAttr);`
`66`		`- }, [&](const Vector<WeakPtr<Element, WeakPtrImplWithEventTargetData>>& elements) {`
	`64`	`+ return elementValue->attributeWithoutSynchronization(HTMLNames::idAttr);`
	`65`	`+ return nullAtom();`
	`66`	`+ }, [&](const Vector<WeakPtr<Element, WeakPtrImplWithEventTargetData>>& elements) -> const AtomString& {`
`67`	`67`	`StringBuilder idList;`
`68`	`68`	`for (auto& weakElement : elements) {`
`69`	`69`	`RefPtr element = weakElement.get();`
`@@ -73,9 +73,9 @@ const AtomString& CustomElementDefaultARIA::valueForAttribute(const Element& thi`
`73`	`73`	`idList.append(element->attributeWithoutSynchronization(HTMLNames::idAttr));`
`74`	`74`	`}`
`75`	`75`	`}`
	`76`	`+ // FIXME: This should probably be using the idList we just built.`
	`77`	`+ return nullAtom();`
`76`	`78`	`}), it->value);`
`77`		`-`
`78`		`- return *result;`
`79`	`79`	`}`
`80`	`80`
`81`	`81`	`bool CustomElementDefaultARIA::hasAttribute(const QualifiedName& name) const`
`@@ -144,7 +144,7 @@ void CustomElementDefaultARIA::setElementsForAttribute(const QualifiedName& name`
`144`	`144`	`elements.append(WeakPtr<Element, WeakPtrImplWithEventTargetData> { *element });`
`145`	`145`	`}`
`146`	`146`	`}`
`147`		`- m_map.set(name, elements);`
	`147`	`+ m_map.set(name, WTFMove(elements));`
`148`	`148`	`}`
`149`	`149`
`150`		`-}; // namespace WebCore`
	`150`	`+} // namespace WebCore`
Original file line number	Diff line number	Diff line change
`@@ -58,16 +58,16 @@ CustomElementRegistry::~CustomElementRegistry() = default;`
`58`	`58`
`59`	`59`	`Document* CustomElementRegistry::document() const`
`60`	`60`	`{`
`61`		`- return m_window.document();`
	`61`	`+ return m_window ? m_window->document() : nullptr;`
`62`	`62`	`}`
`63`	`63`
`64`	`64`	`// https://dom.spec.whatwg.org/#concept-shadow-including-tree-order`
`65`	`65`	`static void enqueueUpgradeInShadowIncludingTreeOrder(ContainerNode& node, JSCustomElementInterface& elementInterface)`
`66`	`66`	`{`
`67`		`- for (Element* element = ElementTraversal::firstWithin(node); element; element = ElementTraversal::next(*element)) {`
	`67`	`+ for (RefPtr element = ElementTraversal::firstWithin(node); element; element = ElementTraversal::next(*element)) {`
`68`	`68`	`if (element->isCustomElementUpgradeCandidate() && element->tagQName().matches(elementInterface.name()))`
`69`	`69`	`element->enqueueToUpgrade(elementInterface);`
`70`		`- if (auto* shadowRoot = element->shadowRoot()) {`
	`70`	`+ if (RefPtr shadowRoot = element->shadowRoot()) {`
`71`	`71`	`if (shadowRoot->mode() != ShadowRootMode::UserAgent)`
`72`	`72`	`enqueueUpgradeInShadowIncludingTreeOrder(*shadowRoot, elementInterface);`
`73`	`73`	`}`
`@@ -89,7 +89,7 @@ RefPtr<DeferredPromise> CustomElementRegistry::addElementDefinition(Ref<JSCustom`
`89`	`89`	`if (elementInterface->isShadowDisabled())`
`90`	`90`	`m_disabledShadowSet.add(localName);`
`91`	`91`
`92`		`- if (auto* document = m_window.document()) {`
	`92`	`+ if (RefPtr document = this->document()) {`
`93`	`93`	`// ungap/@custom-elements detection for quirk (rdar://problem/111008826).`
`94`	`94`	`if (localName == extendsLi.get())`
`95`	`95`	`document->quirks().setNeedsConfigurableIndexedPropertiesQuirk();`
`@@ -116,7 +116,7 @@ JSCustomElementInterface* CustomElementRegistry::findInterface(const AtomString&`
`116`	`116`	`return m_nameMap.get(name);`
`117`	`117`	`}`
`118`	`118`
`119`		`-JSCustomElementInterface* CustomElementRegistry::findInterface(const JSC::JSObject* constructor) const`
	`119`	`+RefPtr<JSCustomElementInterface> CustomElementRegistry::findInterface(const JSC::JSObject* constructor) const`
`120`	`120`	`{`
`121`	`121`	`Locker locker { m_constructorMapLock };`
`122`	`122`	`return m_constructorMap.get(constructor);`
`@@ -130,7 +130,7 @@ bool CustomElementRegistry::containsConstructor(const JSC::JSObject* constructor`
`130`	`130`
`131`	`131`	`JSC::JSValue CustomElementRegistry::get(const AtomString& name)`
`132`	`132`	`{`
`133`		`- if (auto* elementInterface = m_nameMap.get(name))`
	`133`	`+ if (RefPtr elementInterface = m_nameMap.get(name))`
`134`	`134`	`return elementInterface->constructor();`
`135`	`135`	`return JSC::jsUndefined();`
`136`	`136`	`}`
`@@ -140,18 +140,18 @@ String CustomElementRegistry::getName(JSC::JSValue constructorValue)`
`140`	`140`	`auto* constructor = constructorValue.getObject();`
`141`	`141`	`if (!constructor)`
`142`	`142`	`return String { };`
`143`		`- auto* elementInterface = findInterface(constructor);`
	`143`	`+ RefPtr elementInterface = findInterface(constructor);`
`144`	`144`	`if (!elementInterface)`
`145`	`145`	`return String { };`
`146`	`146`	`return elementInterface->name().localName();`
`147`	`147`	`}`
`148`	`148`
`149`	`149`	`static void upgradeElementsInShadowIncludingDescendants(ContainerNode& root)`
`150`	`150`	`{`
`151`		`- for (auto& element : descendantsOfType<Element>(root)) {`
`152`		`- if (element.isCustomElementUpgradeCandidate())`
	`151`	`+ for (Ref element : descendantsOfType<Element>(root)) {`
	`152`	`+ if (element->isCustomElementUpgradeCandidate())`
`153`	`153`	`CustomElementReactionQueue::tryToUpgradeElement(element);`
`154`		`- if (auto* shadowRoot = element.shadowRoot())`
	`154`	`+ if (RefPtr shadowRoot = element->shadowRoot())`
`155`	`155`	`upgradeElementsInShadowIncludingDescendants(*shadowRoot);`
`156`	`156`	`}`
`157`	`157`	`}`
Original file line number	Diff line number	Diff line change
`@@ -118,20 +118,21 @@ static AtomString convertPropertyNameToAttributeName(const String& name)`
`118`	`118`
`119`	`119`	`void DatasetDOMStringMap::ref()`
`120`	`120`	`{`
`121`		`- m_element.ref();`
	`121`	`+ m_element->ref();`
`122`	`122`	`}`
`123`	`123`
`124`	`124`	`void DatasetDOMStringMap::deref()`
`125`	`125`	`{`
`126`		`- m_element.deref();`
	`126`	`+ m_element->deref();`
`127`	`127`	`}`
`128`	`128`
`129`	`129`	`bool DatasetDOMStringMap::isSupportedPropertyName(const String& propertyName) const`
`130`	`130`	`{`
`131`		`- if (!m_element.hasAttributes())`
	`131`	`+ Ref element = m_element.get();`
	`132`	`+ if (!element->hasAttributes())`
`132`	`133`	`return false;`
`133`	`134`
`134`		`- auto attributeIteratorAccessor = m_element.attributesIterator();`
	`135`	`+ auto attributeIteratorAccessor = element->attributesIterator();`
`135`	`136`	`if (attributeIteratorAccessor.attributeCount() == 1) {`
`136`	`137`	`// Avoid creating AtomString when there is only one attribute.`
`137`	`138`	`const auto& attribute = *attributeIteratorAccessor.begin();`
`@@ -152,10 +153,11 @@ Vector<String> DatasetDOMStringMap::supportedPropertyNames() const`
`152`	`153`	`{`
`153`	`154`	`Vector<String> names;`
`154`	`155`
`155`		`- if (!m_element.hasAttributes())`
	`156`	`+ Ref element = m_element.get();`
	`157`	`+ if (!element->hasAttributes())`
`156`	`158`	`return names;`
`157`	`159`
`158`		`- for (auto& attribute : m_element.attributesIterator()) {`
	`160`	`+ for (auto& attribute : element->attributesIterator()) {`
`159`	`161`	`if (isValidAttributeName(attribute.localName()))`
`160`	`162`	`names.append(convertAttributeNameToPropertyName(attribute.localName()));`
`161`	`163`	`}`
`@@ -165,8 +167,9 @@ Vector<String> DatasetDOMStringMap::supportedPropertyNames() const`
`165`	`167`
`166`	`168`	`const AtomString* DatasetDOMStringMap::item(const String& propertyName) const`
`167`	`169`	`{`
`168`		`- if (m_element.hasAttributes()) {`
`169`		`- AttributeIteratorAccessor attributeIteratorAccessor = m_element.attributesIterator();`
	`170`	`+ Ref element = m_element.get();`
	`171`	`+ if (element->hasAttributes()) {`
	`172`	`+ AttributeIteratorAccessor attributeIteratorAccessor = element->attributesIterator();`
`170`	`173`
`171`	`174`	`if (attributeIteratorAccessor.attributeCount() == 1) {`
`172`	`175`	`// Avoid creating AtomString when there is only one attribute.`
`@@ -196,12 +199,17 @@ ExceptionOr<void> DatasetDOMStringMap::setNamedItem(const String& name, const At`
`196`	`199`	`{`
`197`	`200`	`if (!isValidPropertyName(name))`
`198`	`201`	`return Exception { SyntaxError };`
`199`		`- return m_element.setAttribute(convertPropertyNameToAttributeName(name), value);`
	`202`	`+ return protectedElement()->setAttribute(convertPropertyNameToAttributeName(name), value);`
`200`	`203`	`}`
`201`	`204`
`202`	`205`	`bool DatasetDOMStringMap::deleteNamedProperty(const String& name)`
`203`	`206`	`{`
`204`		`- return m_element.removeAttribute(convertPropertyNameToAttributeName(name));`
	`207`	`+ return protectedElement()->removeAttribute(convertPropertyNameToAttributeName(name));`
	`208`	`+}`
	`209`	`+`
	`210`	`+Ref<Element> DatasetDOMStringMap::protectedElement() const`
	`211`	`+{`
	`212`	`+ return m_element.get();`
`205`	`213`	`}`
`206`	`214`
`207`	`215`	`} // namespace WebCore`