Closed
Bug 1254439
Opened 9 years ago
Closed 5 years ago
[jsdbg2] js::Debugger::FrameRange is terrifyingly unsafe in the name of unnecessary perf
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
INVALID
People
(Reporter: jimb, Unassigned)
Details
js::Debugger::FrameRange should be replaced by a function that populates a provided Handle<GCVector<NativeObject*>> with the Debugger.Frame objects referring to a given AbstractFramePtr.
js::Debugger::FrameRange holds pointers into random Debuggers' frame hash tables and iterates over a GlobalObject's DebuggerVector. If a FrameRange lives while anything causes the hash table or the debuggees to change, all hell will break loose. And the amount of laziness it provides isn't even valuable; in almost all cases, there will be exactly one Debugger to look through anyway.
See 1252464 for an example of the sort of chaos this encourages.
Producing a rooted vector would be easy to use, and much more robust.
Comment 1•5 years ago
|
||
This does not appear to exist anymore.
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•