Closed Bug 1254439 Opened 8 years ago Closed 4 years ago

[jsdbg2] js::Debugger::FrameRange is terrifyingly unsafe in the name of unnecessary perf

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: jimb, Unassigned)

Details

js::Debugger::FrameRange should be replaced by a function that populates a provided Handle<GCVector<NativeObject*>> with the Debugger.Frame objects referring to a given AbstractFramePtr.

js::Debugger::FrameRange holds pointers into random Debuggers' frame hash tables and iterates over a GlobalObject's DebuggerVector. If a FrameRange lives while anything causes the hash table or the debuggees to change, all hell will break loose. And the amount of laziness it provides isn't even valuable; in almost all cases, there will be exactly one Debugger to look through anyway.

See 1252464 for an example of the sort of chaos this encourages.

Producing a rooted vector would be easy to use, and much more robust.

This does not appear to exist anymore.

Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.