LibJS+LibWeb: Remove remaining use and reference to SafeFunction

Author: https://github.com/shannonbooth Commit: https://github.com/LadybirdBrowser/ladybird/commit/797b0d0f438 Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/2062 Reviewed-by: https://github.com/kalenikaliaksandr ✅
2024-11-22 07:30:19 +00:00 · 2024-10-31 06:26:26 +13:00 · 2024-10-31 06:26:26 +13:00 · 797b0d0f43 · 2024-10-30 19:56:42 +00:00
commit 797b0d0f43
parent 716e86f042
26 changed files with 10 additions and 335 deletions
--- a/Meta/Lagom/ClangPlugins/LibJSGCPluginAction.cpp
+++ b/Meta/Lagom/ClangPlugins/LibJSGCPluginAction.cpp
@ -63,7 +63,6 @@ static std::vector<clang::QualType> get_all_qualified_types(clang::QualType cons
            "JS::RawGCPtr",
            "JS::MarkedVector",
            "JS::Handle",
            "JS::SafeFunction",
        };
        if (gc_relevant_type_names.contains(specialization_name)) {
@ -88,7 +87,6 @@ enum class OuterType {
    GCPtr,
    RawGCPtr,
    Handle,
    SafeFunction,
    Ptr,
    Ref,
 };
@ -116,8 +114,6 @@ static std::optional<QualTypeGCInfo> validate_qualified_type(clang::QualType con
            outer_type = OuterType::RawGCPtr;
        } else if (template_type_name == "JS::Handle") {
            outer_type = OuterType::Handle;
        } else if (template_type_name == "JS::SafeFunction") {
            return QualTypeGCInfo { OuterType::SafeFunction, false };
        } else {
            return {};
        }
@ -212,12 +208,12 @@ bool LibJSGCVisitor::VisitCXXRecordDecl(clang::CXXRecordDecl* record)
            } else if (outer_type == OuterType::GCPtr) {
                fields_that_need_visiting.push_back(field);
            }
-        } else if (outer_type == OuterType::Handle || outer_type == OuterType::SafeFunction) {
+        } else if (outer_type == OuterType::Handle) {
            if (record_is_cell && m_detect_invalid_function_members) {
                // FIXME: Change this to an Error when all of the use cases get addressed and remove the plugin argument
                auto diag_id = diag_engine.getCustomDiagID(clang::DiagnosticsEngine::Warning, "Types inheriting from JS::Cell should not have %0 fields");
                auto builder = diag_engine.Report(field->getLocation(), diag_id);
-                builder << (outer_type == OuterType::Handle ? "JS::Handle" : "JS::SafeFunction");
+                builder << "JS::Handle";
            }
        }
    }
--- a/Meta/check-style.py
+++ b/Meta/check-style.py
@ -23,7 +23,6 @@ GOOD_LICENSE_HEADER_PATTERN = re.compile(
 LICENSE_HEADER_CHECK_EXCLUDES = {
    'AK/Checked.h',
    'AK/Function.h',
    'Userland/Libraries/LibJS/SafeFunction.h',
 }
 # We check that "#pragma once" is present
--- a/Tests/ClangPlugins/LibJSGCTests/strong_root_fields_in_gc_allocated_types.cpp
+++ b/Tests/ClangPlugins/LibJSGCTests/strong_root_fields_in_gc_allocated_types.cpp
@ -10,19 +10,14 @@
 #include <LibJS/Heap/Cell.h>
 #include <LibJS/Heap/Handle.h>
 #include <LibJS/SafeFunction.h>
 class CellClass : JS::Cell {
    JS_CELL(CellClass, JS::Cell);
    // expected-warning@+1 {{Types inheriting from JS::Cell should not have JS::SafeFunction fields}}
    JS::SafeFunction<void()> m_func;
    // expected-warning@+1 {{Types inheriting from JS::Cell should not have JS::Handle fields}}
    JS::Handle<JS::Cell> m_handle;
 };
 class NonCellClass {
    JS::SafeFunction<void()> m_func;
    JS::Handle<JS::Cell> m_handle;
 };
--- a/Userland/Libraries/LibJS/Heap/Heap.cpp
+++ b/Userland/Libraries/LibJS/Heap/Heap.cpp
@ -21,7 +21,6 @@
 #include <LibJS/Heap/HeapBlock.h>
 #include <LibJS/Runtime/Object.h>
 #include <LibJS/Runtime/WeakContainer.h>
 #include <LibJS/SafeFunction.h>
 #include <setjmp.h>
 #ifdef HAS_ADDRESS_SANITIZER
@ -30,10 +29,6 @@
 namespace JS {
 // NOTE: We keep a per-thread list of custom ranges. This hinges on the assumption that there is one JS VM per thread.
 static __thread HashMap<FlatPtr*, size_t>* s_custom_ranges_for_conservative_scan = nullptr;
 static __thread HashMap<FlatPtr*, SourceLocation*>* s_safe_function_locations = nullptr;
 Heap::Heap(VM& vm)
    : HeapBase(vm)
 {
@ -205,9 +200,6 @@ public:
                case HeapRoot::Type::VM:
                    node.set("root"sv, "VM");
                    break;
                case HeapRoot::Type::SafeFunction:
                    node.set("root"sv, ByteString::formatted("SafeFunction {} {}:{}", location->function_name(), location->filename(), location->line_number()));
                    break;
                default:
                    VERIFY_NOT_REACHED();
                }
@ -336,17 +328,6 @@ NO_SANITIZE_ADDRESS void Heap::gather_conservative_roots(HashMap<Cell*, HeapRoot
        gather_asan_fake_stack_roots(possible_pointers, data, min_block_address, max_block_address);
    }
    // NOTE: If we have any custom ranges registered, scan those as well.
    //       This is where JS::SafeFunction closures get marked.
    if (s_custom_ranges_for_conservative_scan) {
        for (auto& custom_range : *s_custom_ranges_for_conservative_scan) {
            for (size_t i = 0; i < (custom_range.value / sizeof(FlatPtr)); ++i) {
                auto safe_function_location = s_safe_function_locations->get(custom_range.key);
                add_possible_value(possible_pointers, custom_range.key[i], HeapRoot { .type = HeapRoot::Type::SafeFunction, .location = *safe_function_location }, min_block_address, max_block_address);
            }
        }
    }
    for (auto& vector : m_conservative_vectors) {
        for (auto possible_value : vector.possible_values()) {
            add_possible_value(possible_pointers, possible_value, HeapRoot { .type = HeapRoot::Type::ConservativeVector }, min_block_address, max_block_address);
@ -557,28 +538,4 @@ void Heap::uproot_cell(Cell* cell)
    m_uprooted_cells.append(cell);
 }
 void register_safe_function_closure(void* base, size_t size, SourceLocation* location)
 {
    if (!s_custom_ranges_for_conservative_scan) {
        // FIXME: This per-thread HashMap is currently leaked on thread exit.
        s_custom_ranges_for_conservative_scan = new HashMap<FlatPtr*, size_t>;
    }
    if (!s_safe_function_locations) {
        s_safe_function_locations = new HashMap<FlatPtr*, SourceLocation*>;
    }
    auto result = s_custom_ranges_for_conservative_scan->set(reinterpret_cast<FlatPtr*>(base), size);
    VERIFY(result == AK::HashSetResult::InsertedNewEntry);
    result = s_safe_function_locations->set(reinterpret_cast<FlatPtr*>(base), location);
    VERIFY(result == AK::HashSetResult::InsertedNewEntry);
 }
 void unregister_safe_function_closure(void* base, size_t, SourceLocation*)
 {
    VERIFY(s_custom_ranges_for_conservative_scan);
    bool did_remove_range = s_custom_ranges_for_conservative_scan->remove(reinterpret_cast<FlatPtr*>(base));
    VERIFY(did_remove_range);
    bool did_remove_location = s_safe_function_locations->remove(reinterpret_cast<FlatPtr*>(base));
    VERIFY(did_remove_location);
 }
 }
--- a/Userland/Libraries/LibJS/Heap/HeapRoot.h
+++ b/Userland/Libraries/LibJS/Heap/HeapRoot.h
@ -17,7 +17,6 @@ struct HeapRoot {
        MarkedVector,
        ConservativeVector,
        RegisterPointer,
        SafeFunction,
        StackPointer,
        VM,
    };
--- a/Userland/Libraries/LibJS/Runtime/Object.h
+++ b/Userland/Libraries/LibJS/Runtime/Object.h
@ -22,7 +22,6 @@
 #include <LibJS/Runtime/PropertyKey.h>
 #include <LibJS/Runtime/Shape.h>
 #include <LibJS/Runtime/Value.h>
 #include <LibJS/SafeFunction.h>
 namespace JS {
--- a/Userland/Libraries/LibJS/SafeFunction.h
+++ b/Userland/Libraries/LibJS/SafeFunction.h
@ -1,255 +0,0 @@
 /*
 * Copyright (c) 2016 Apple Inc. All rights reserved.
 * Copyright (c) 2021, Gunnar Beutner <gbeutner@serenityos.org>
 * Copyright (c) 2022, Andreas Kling <andreas@ladybird.org>
 *
 * SPDX-License-Identifier: BSD-2-Clause
 */
 #pragma once
 #include <AK/Function.h>
 #include <AK/SourceLocation.h>
 namespace JS {
 void register_safe_function_closure(void*, size_t, SourceLocation*);
 void unregister_safe_function_closure(void*, size_t, SourceLocation*);
 template<typename>
 class SafeFunction;
 template<typename Out, typename... In>
 class SafeFunction<Out(In...)> {
    AK_MAKE_NONCOPYABLE(SafeFunction);
 public:
    SafeFunction() = default;
    SafeFunction(nullptr_t)
    {
    }
    ~SafeFunction()
    {
        clear(false);
    }
    void register_closure()
    {
        if (!m_size)
            return;
        if (auto* wrapper = callable_wrapper())
            register_safe_function_closure(wrapper, m_size, &m_location);
    }
    void unregister_closure()
    {
        if (!m_size)
            return;
        if (auto* wrapper = callable_wrapper())
            unregister_safe_function_closure(wrapper, m_size, &m_location);
    }
    template<typename CallableType>
    SafeFunction(CallableType&& callable, SourceLocation location = SourceLocation::current())
    requires((AK::IsFunctionObject<CallableType> && IsCallableWithArguments<CallableType, Out, In...> && !IsSame<RemoveCVReference<CallableType>, SafeFunction>))
        : m_location(location)
    {
        init_with_callable(forward<CallableType>(callable), CallableKind::FunctionObject);
    }
    template<typename FunctionType>
    SafeFunction(FunctionType f, SourceLocation location = SourceLocation::current())
    requires((AK::IsFunctionPointer<FunctionType> && IsCallableWithArguments<RemovePointer<FunctionType>, Out, In...> && !IsSame<RemoveCVReference<FunctionType>, SafeFunction>))
        : m_location(location)
    {
        init_with_callable(move(f), CallableKind::FunctionPointer);
    }
    SafeFunction(SafeFunction&& other)
        : m_location(move(other.m_location))
    {
        move_from(move(other));
    }
    // Note: Despite this method being const, a mutable lambda _may_ modify its own captures.
    Out operator()(In... in) const
    {
        auto* wrapper = callable_wrapper();
        VERIFY(wrapper);
        ++m_call_nesting_level;
        ScopeGuard guard([this] {
            if (--m_call_nesting_level == 0 && m_deferred_clear)
                const_cast<SafeFunction*>(this)->clear(false);
        });
        return wrapper->call(forward<In>(in)...);
    }
    explicit operator bool() const { return !!callable_wrapper(); }
    SafeFunction& operator=(nullptr_t)
    {
        clear();
        return *this;
    }
    SafeFunction& operator=(SafeFunction&& other)
    {
        if (this != &other) {
            clear();
            move_from(move(other));
        }
        return *this;
    }
 private:
    enum class CallableKind {
        FunctionPointer,
        FunctionObject,
    };
    class CallableWrapperBase {
    public:
        virtual ~CallableWrapperBase() = default;
        // Note: This is not const to allow storing mutable lambdas.
        virtual Out call(In...) = 0;
        virtual void destroy() = 0;
        virtual void init_and_swap(u8*, size_t) = 0;
    };
    template<typename CallableType>
    class CallableWrapper final : public CallableWrapperBase {
        AK_MAKE_NONMOVABLE(CallableWrapper);
        AK_MAKE_NONCOPYABLE(CallableWrapper);
    public:
        explicit CallableWrapper(CallableType&& callable)
            : m_callable(move(callable))
        {
        }
        Out call(In... in) final override
        {
            return m_callable(forward<In>(in)...);
        }
        void destroy() final override
        {
            delete this;
        }
        // NOLINTNEXTLINE(readability-non-const-parameter) False positive; destination is used in a placement new expression
        void init_and_swap(u8* destination, size_t size) final override
        {
            VERIFY(size >= sizeof(CallableWrapper));
            new (destination) CallableWrapper { move(m_callable) };
        }
    private:
        CallableType m_callable;
    };
    enum class FunctionKind {
        NullPointer,
        Inline,
        Outline,
    };
    CallableWrapperBase* callable_wrapper() const
    {
        switch (m_kind) {
        case FunctionKind::NullPointer:
            return nullptr;
        case FunctionKind::Inline:
            return bit_cast<CallableWrapperBase*>(&m_storage);
        case FunctionKind::Outline:
            return *bit_cast<CallableWrapperBase**>(&m_storage);
        default:
            VERIFY_NOT_REACHED();
        }
    }
    void clear(bool may_defer = true)
    {
        bool called_from_inside_function = m_call_nesting_level > 0;
        // NOTE: This VERIFY could fail because a Function is destroyed from within itself.
        VERIFY(may_defer || !called_from_inside_function);
        if (called_from_inside_function && may_defer) {
            m_deferred_clear = true;
            return;
        }
        m_deferred_clear = false;
        auto* wrapper = callable_wrapper();
        if (m_kind == FunctionKind::Inline) {
            VERIFY(wrapper);
            wrapper->~CallableWrapperBase();
            unregister_closure();
        } else if (m_kind == FunctionKind::Outline) {
            VERIFY(wrapper);
            wrapper->destroy();
            unregister_closure();
        }
        m_kind = FunctionKind::NullPointer;
    }
    template<typename Callable>
    void init_with_callable(Callable&& callable, CallableKind kind)
    {
        VERIFY(m_call_nesting_level == 0);
        VERIFY(m_kind == FunctionKind::NullPointer);
        using WrapperType = CallableWrapper<Callable>;
        if constexpr (sizeof(WrapperType) > inline_capacity) {
            *bit_cast<CallableWrapperBase**>(&m_storage) = new WrapperType(forward<Callable>(callable));
            m_kind = FunctionKind::Outline;
        } else {
            new (m_storage) WrapperType(forward<Callable>(callable));
            m_kind = FunctionKind::Inline;
        }
        if (kind == CallableKind::FunctionObject)
            m_size = sizeof(WrapperType);
        else
            m_size = 0;
        register_closure();
    }
    void move_from(SafeFunction&& other)
    {
        VERIFY(m_call_nesting_level == 0);
        VERIFY(other.m_call_nesting_level == 0);
        VERIFY(m_kind == FunctionKind::NullPointer);
        auto* other_wrapper = other.callable_wrapper();
        m_size = other.m_size;
        AK::TypedTransfer<SourceLocation>::move(&m_location, &other.m_location, 1);
        switch (other.m_kind) {
        case FunctionKind::NullPointer:
            break;
        case FunctionKind::Inline:
            other.unregister_closure();
            other_wrapper->init_and_swap(m_storage, inline_capacity);
            m_kind = FunctionKind::Inline;
            register_closure();
            break;
        case FunctionKind::Outline:
            other.unregister_closure();
            *bit_cast<CallableWrapperBase**>(&m_storage) = other_wrapper;
            m_kind = FunctionKind::Outline;
            register_closure();
            break;
        default:
            VERIFY_NOT_REACHED();
        }
        other.m_kind = FunctionKind::NullPointer;
    }
    FunctionKind m_kind { FunctionKind::NullPointer };
    bool m_deferred_clear { false };
    mutable Atomic<u16> m_call_nesting_level { 0 };
    size_t m_size { 0 };
    SourceLocation m_location;
    // Empirically determined to fit most lambdas and functions.
    static constexpr size_t inline_capacity = 4 * sizeof(void*);
    alignas(max(alignof(CallableWrapperBase), alignof(CallableWrapperBase*))) u8 m_storage[inline_capacity];
 };
 }
--- a/Userland/Libraries/LibWeb/DOM/DocumentObserver.h
+++ b/Userland/Libraries/LibWeb/DOM/DocumentObserver.h
@ -8,7 +8,6 @@
 #include <LibJS/Forward.h>
 #include <LibJS/Heap/HeapFunction.h>
 #include <LibJS/SafeFunction.h>
 #include <LibWeb/Bindings/PlatformObject.h>
 #include <LibWeb/Forward.h>
 #include <LibWeb/HTML/DocumentReadyState.h>
--- a/Userland/Libraries/LibWeb/DOM/Element.cpp
+++ b/Userland/Libraries/LibWeb/DOM/Element.cpp
@ -2014,7 +2014,7 @@ void Element::enqueue_an_element_on_the_appropriate_element_queue()
        reactions_stack.processing_the_backup_element_queue = true;
        // 4. Queue a microtask to perform the following steps:
-        // NOTE: `this` is protected by JS::SafeFunction
+        // NOTE: `this` is protected by JS::HeapFunction
        HTML::queue_a_microtask(&document(), JS::create_heap_function(relevant_agent.heap(), [this]() {
            auto& relevant_agent = HTML::relevant_agent(*this);
            auto* custom_data = verify_cast<Bindings::WebEngineCustomData>(relevant_agent.custom_data());
--- a/Userland/Libraries/LibWeb/DOM/EventTarget.cpp
+++ b/Userland/Libraries/LibWeb/DOM/EventTarget.cpp
@ -197,7 +197,7 @@ void EventTarget::add_an_event_listener(DOMEventListener& listener)
    // 5. If listener’s signal is not null, then add the following abort steps to it:
    if (listener.signal) {
-        // NOTE: `this` and `listener` are protected by AbortSignal using JS::SafeFunction.
+        // NOTE: `this` and `listener` are protected by AbortSignal using JS::HeapFunction.
        listener.signal->add_abort_algorithm([this, &listener] {
            // 1. Remove an event listener with eventTarget and listener.
            remove_an_event_listener(listener);
--- a/Userland/Libraries/LibWeb/Fetch/Body.cpp
+++ b/Userland/Libraries/LibWeb/Fetch/Body.cpp
@ -187,7 +187,7 @@ WebIDL::ExceptionOr<JS::NonnullGCPtr<WebIDL::Promise>> consume_body(JS::Realm& r
    auto promise = WebIDL::create_promise(realm);
    // 3. Let errorSteps given error be to reject promise with error.
-    // NOTE: `promise` and `realm` is protected by JS::SafeFunction.
+    // NOTE: `promise` and `realm` is protected by JS::HeapFunction.
    auto error_steps = JS::create_heap_function(realm.heap(), [promise, &realm](JS::Value error) {
        // AD-HOC: An execution context is required for Promise's reject function.
        HTML::TemporaryExecutionContext execution_context { Bindings::host_defined_environment_settings_object(realm) };
@ -196,7 +196,7 @@ WebIDL::ExceptionOr<JS::NonnullGCPtr<WebIDL::Promise>> consume_body(JS::Realm& r
    // 4. Let successSteps given a byte sequence data be to resolve promise with the result of running convertBytesToJSValue
    //    with data. If that threw an exception, then run errorSteps with that exception.
-    // NOTE: `promise`, `realm` and `object` is protected by JS::SafeFunction.
+    // NOTE: `promise`, `realm` and `object` is protected by JS::HeapFunction.
    // FIXME: Refactor this to the new version of the spec introduced with https://github.com/whatwg/fetch/commit/464326e8eb6a602122c030cd40042480a3c0e265
    auto success_steps = JS::create_heap_function(realm.heap(), [promise, &realm, &object, type](ByteBuffer data) {
        auto& vm = realm.vm();
--- a/Userland/Libraries/LibWeb/Fetch/Fetching/PendingResponse.h
+++ b/Userland/Libraries/LibWeb/Fetch/Fetching/PendingResponse.h
@ -9,7 +9,6 @@
 #include <LibJS/Forward.h>
 #include <LibJS/Heap/Cell.h>
 #include <LibJS/Heap/GCPtr.h>
 #include <LibJS/SafeFunction.h>
 #include <LibWeb/Fetch/Infrastructure/HTTP/Responses.h>
 namespace Web::Fetch::Fetching {
--- a/Userland/Libraries/LibWeb/Fetch/Infrastructure/FetchAlgorithms.h
+++ b/Userland/Libraries/LibWeb/Fetch/Infrastructure/FetchAlgorithms.h
@ -10,7 +10,6 @@
 #include <LibJS/Heap/Cell.h>
 #include <LibJS/Heap/GCPtr.h>
 #include <LibJS/Heap/HeapFunction.h>
 #include <LibJS/SafeFunction.h>
 #include <LibWeb/Forward.h>
 namespace Web::Fetch::Infrastructure {
--- a/Userland/Libraries/LibWeb/Fetch/Infrastructure/FetchController.h
+++ b/Userland/Libraries/LibWeb/Fetch/Infrastructure/FetchController.h
@ -13,7 +13,6 @@
 #include <LibJS/Heap/GCPtr.h>
 #include <LibJS/Heap/HeapFunction.h>
 #include <LibJS/Runtime/VM.h>
 #include <LibJS/SafeFunction.h>
 #include <LibWeb/Fetch/Infrastructure/FetchTimingInfo.h>
 #include <LibWeb/Forward.h>
 #include <LibWeb/HTML/EventLoop/Task.h>
--- a/Userland/Libraries/LibWeb/Fetch/Infrastructure/Task.h
+++ b/Userland/Libraries/LibWeb/Fetch/Infrastructure/Task.h
@ -9,7 +9,6 @@
 #include <AK/Variant.h>
 #include <LibJS/Forward.h>
 #include <LibJS/Heap/GCPtr.h>
 #include <LibJS/SafeFunction.h>
 #include <LibWeb/Forward.h>
 #include <LibWeb/HTML/EventLoop/Task.h>
--- a/Userland/Libraries/LibWeb/HTML/EventLoop/Task.h
+++ b/Userland/Libraries/LibWeb/HTML/EventLoop/Task.h
@ -9,7 +9,6 @@
 #include <AK/DistinctNumeric.h>
 #include <LibJS/Heap/Cell.h>
 #include <LibJS/Heap/CellAllocator.h>
 #include <LibJS/SafeFunction.h>
 #include <LibWeb/Forward.h>
 namespace Web::HTML {
--- a/Userland/Libraries/LibWeb/HTML/HTMLFormElement.cpp
+++ b/Userland/Libraries/LibWeb/HTML/HTMLFormElement.cpp
@ -885,7 +885,7 @@ void HTMLFormElement::plan_to_navigate_to(URL::URL url, Variant<Empty, String, P
    }
    // 4. Queue an element task on the DOM manipulation task source given the form element and the following steps:
-    // NOTE: `this`, `actual_resource` and `target_navigable` are protected by JS::SafeFunction.
+    // NOTE: `this`, `actual_resource` and `target_navigable` are protected by JS::HeapFunction.
    queue_an_element_task(Task::Source::DOMManipulation, [this, url, post_resource, target_navigable, history_handling, referrer_policy, user_involvement]() {
        // 1. Set the form's planned navigation to null.
        m_planned_navigation = {};
--- a/Userland/Libraries/LibWeb/HTML/HTMLMediaElement.h
+++ b/Userland/Libraries/LibWeb/HTML/HTMLMediaElement.h
@ -13,7 +13,6 @@
 #include <AK/Variant.h>
 #include <LibGfx/Rect.h>
 #include <LibJS/Heap/MarkedVector.h>
 #include <LibJS/SafeFunction.h>
 #include <LibWeb/DOM/DocumentLoadEventDelayer.h>
 #include <LibWeb/HTML/CORSSettingAttribute.h>
 #include <LibWeb/HTML/EventLoop/Task.h>
--- a/Userland/Libraries/LibWeb/HTML/SessionHistoryTraversalQueue.h
+++ b/Userland/Libraries/LibWeb/HTML/SessionHistoryTraversalQueue.h
@ -13,7 +13,6 @@
 #include <LibJS/Heap/CellAllocator.h>
 #include <LibJS/Heap/GCPtr.h>
 #include <LibJS/Heap/HeapFunction.h>
 #include <LibJS/SafeFunction.h>
 #include <LibWeb/Forward.h>
 namespace Web::HTML {
--- a/Userland/Libraries/LibWeb/HTML/SharedResourceRequest.h
+++ b/Userland/Libraries/LibWeb/HTML/SharedResourceRequest.h
@ -11,7 +11,6 @@
 #include <LibGfx/Size.h>
 #include <LibJS/Heap/Handle.h>
 #include <LibJS/Heap/HeapFunction.h>
 #include <LibJS/SafeFunction.h>
 #include <LibURL/URL.h>
 #include <LibWeb/Forward.h>
--- a/Userland/Libraries/LibWeb/Loader/ResourceLoader.h
+++ b/Userland/Libraries/LibWeb/Loader/ResourceLoader.h
@ -11,7 +11,6 @@
 #include <AK/Function.h>
 #include <AK/HashTable.h>
 #include <LibCore/EventReceiver.h>
 #include <LibJS/SafeFunction.h>
 #include <LibRequests/Forward.h>
 #include <LibURL/URL.h>
 #include <LibWeb/Loader/Resource.h>
--- a/Userland/Libraries/LibWeb/Platform/EventLoopPlugin.h
+++ b/Userland/Libraries/LibWeb/Platform/EventLoopPlugin.h
@ -9,7 +9,6 @@
 #include <AK/Forward.h>
 #include <LibJS/Heap/GCPtr.h>
 #include <LibJS/Heap/HeapFunction.h>
 #include <LibJS/SafeFunction.h>
 #include <LibWeb/Forward.h>
 namespace Web::Platform {
--- a/Userland/Libraries/LibWeb/Platform/Timer.h
+++ b/Userland/Libraries/LibWeb/Platform/Timer.h
@ -8,7 +8,6 @@
 #include <AK/RefCounted.h>
 #include <LibJS/Heap/Cell.h>
 #include <LibJS/SafeFunction.h>
 namespace Web::Platform {
--- a/Userland/Libraries/LibWeb/Streams/ReadableStreamDefaultController.cpp
+++ b/Userland/Libraries/LibWeb/Streams/ReadableStreamDefaultController.cpp
@ -4,7 +4,6 @@
 * SPDX-License-Identifier: BSD-2-Clause
 */
 #include <LibJS/SafeFunction.h>
 #include <LibWeb/Bindings/Intrinsics.h>
 #include <LibWeb/Bindings/ReadableStreamDefaultControllerPrototype.h>
 #include <LibWeb/Streams/AbstractOperations.h>
--- a/Userland/Libraries/LibWeb/WebIDL/Promise.h
+++ b/Userland/Libraries/LibWeb/WebIDL/Promise.h
@ -10,13 +10,11 @@
 #include <LibJS/Forward.h>
 #include <LibJS/Runtime/PromiseCapability.h>
 #include <LibJS/Runtime/Value.h>
 #include <LibJS/SafeFunction.h>
 #include <LibWeb/Forward.h>
 #include <LibWeb/WebIDL/ExceptionOr.h>
 namespace Web::WebIDL {
 // NOTE: This is Function, not SafeFunction, because they get stored in a NativeFunction anyway, which will protect captures.
 using ReactionSteps = JS::HeapFunction<WebIDL::ExceptionOr<JS::Value>(JS::Value)>;
 // https://webidl.spec.whatwg.org/#es-promise
--- a/Userland/Libraries/LibWeb/XHR/XMLHttpRequest.cpp
+++ b/Userland/Libraries/LibWeb/XHR/XMLHttpRequest.cpp
@ -738,7 +738,7 @@ WebIDL::ExceptionOr<void> XMLHttpRequest::send(Optional<DocumentOrXMLHttpRequest
        // 7. Let processRequestBodyChunkLength, given a bytesLength, be these steps:
        // NOTE: request_body_length is captured by copy as to not UAF it when we leave `send()` and the callback gets called.
-        // NOTE: `this` is kept alive by FetchAlgorithms using JS::SafeFunction.
+        // NOTE: `this` is kept alive by FetchAlgorithms using JS::HeapFunction.
        auto process_request_body_chunk_length = [this, request_body_length](u64 bytes_length) {
            // 1. Increase requestBodyTransmitted by bytesLength.
            m_request_body_transmitted += bytes_length;
@ -752,7 +752,7 @@ WebIDL::ExceptionOr<void> XMLHttpRequest::send(Optional<DocumentOrXMLHttpRequest
        // 8. Let processRequestEndOfBody be these steps:
        // NOTE: request_body_length is captured by copy as to not UAF it when we leave `send()` and the callback gets called.
-        // NOTE: `this` is kept alive by FetchAlgorithms using JS::SafeFunction.
+        // NOTE: `this` is kept alive by FetchAlgorithms using JS::HeapFunction.
        auto process_request_end_of_body = [this, request_body_length]() {
            // 1. Set this’s upload complete flag.
            m_upload_complete = true;
@ -772,7 +772,7 @@ WebIDL::ExceptionOr<void> XMLHttpRequest::send(Optional<DocumentOrXMLHttpRequest
        };
        // 9. Let processResponse, given a response, be these steps:
-        // NOTE: `this` is kept alive by FetchAlgorithms using JS::SafeFunction.
+        // NOTE: `this` is kept alive by FetchAlgorithms using JS::HeapFunction.
        auto process_response = [this](JS::NonnullGCPtr<Fetch::Infrastructure::Response> response) {
            // 1. Set this’s response to response.
            m_response = response;