1249448 - Handled unified (C4) constructors

Status: RESOLVED FIXED

(Core :: JavaScript: GC, defect)

Description

[Steve Fink [:sfink] [:s:]]

Here's a fun one. Due to a bug in the analysis's RAII handling, the analysis was missing some legitimate hazards because the scope of an AutoSuppressGC variable was seen as larger than it should have been. Fixing that bug exposed thousands of hazards using gcc 4.7.3.

I've also been working on rewriting all of the analysis jobs to run under taskcluster, which is a much much nicer environment. Unfortunately, the new analyses did not report the newly uncovered hazards.

It turns out that it is because when switching to taskcluster, I also upgraded to gcc 4.9.3. GCC now generates an internal type of constructor (a C4 aka unified constructor) and then calls it from the other constructors. Unfortunately, the plugin somehow doesn't see these calls. (I don't know how that even makes sense, but I guess it's probably something to do with when the plugin sees stuff?)

Comment 1

[Steve Fink [:sfink] [:s:]]

Attachment: Handled unified (C4) constructors

So now whenever we see a C4 constructor, we assume that it is being called from C1, C2, and C3 constructors. That will manufacture some of these out of thin air (particular C3, which is no longer used in current gcc), but they won't have any callers so they won't hurt anything.

Comment 2

[Terrence Cole [:terrence]]

Comment on attachment 8721038 [details] [diff] [review]
Handled unified (C4) constructors

Review of attachment 8721038 [details] [diff] [review]:
-----------------------------------------------------------------

Uhhh huhhhh.

Comment 3

[Pulsebot]

https://hg.mozilla.org/integration/mozilla-inbound/rev/db74575315ac

Comment 4

[Phil Ringnalda (:philor)]

https://hg.mozilla.org/mozilla-central/rev/db74575315ac