Add 'unrootables' to hazard analysis
Categories
(Core :: JavaScript: GC, enhancement, P5)
Tracking
()
People
(Reporter: sfink, Unassigned)
References
(Blocks 1 open bug)
Details
pbone suggested in bug 1519037 comment 43 that the analysis could catch cases like:
Rooted<GCVector<JSScript*>> mycells(cx);
for (auto iter = zone->cellIter<JSScript>(); !iter.done(); iter.next()) {
JSScript* script = iter;
mycells.append(script);
}
gc();
f(mycells[0]);
where ZoneAllCellIter returns a dead cell (but we're in the middle of an incremental sweep, so it's still around).
As I said in bug 1519037 comment 57, I think this is doable. ZoneAllCellIter would be annotated to return "unrootable" GC pointers. Any variable that these return values flow into would be treated as unrooted, whether put into a Rooted or not.
The tricky part would be to detect flow through things like mycells.append(). But to a first approximation, you could assume that a method call on a variable will keep a copy of any unrootable arguments it is given. It's imprecise and a little wonky -- consider (foo() ? arr1 : arr2).append(cell) or arrptr->append(cell) for example -- but it would probably catch most cases.
It would need to pay its way in order to be worth implementing, though.
|
||
Updated•5 years ago
|
|
||
Updated•2 years ago
|
Description
•