Open Bug 1531955 Opened 6 years ago Updated 2 years ago

[hazards] unable to prove nsIXPCScriptable::GetJSClass() cannot GC

Categories

(Core :: JavaScript: GC, defect, P3)

Product:
Core
Component:
JavaScript: GC
Type:
defect

Tracking

()

People

(Reporter: sfink, Unassigned)

References

Details

tl;dr - respect the JS_HAZ_CAN_RUN_SCRIPT attribute, aka attribute((annotate("Can run script"))).

This is causing hazards to be reported that appear to be false positives,

I'm assuming that what ends up getting invoked is https://searchfox.org/mozilla-central/rev/00f3836a87b844b5e4bc82f698c559b9966e4be2/js/xpconnect/public/xpc_map_end.h#45 and that seems to call the GetClass defined just above, which returns a static pointer.

These are defined on the nsIXPCScriptable interface, which is marked [builtinclass]. I think that means that it's safe to do normal devirtualization in the analysis, which will see that none of them GC. If that is true, then this bug is for observing [builtinclass]. And bz implemented that in bug 1347999 and so I just need to make use of it now.

Looks like the same thing would fix nsCOMPtr<nsIFileURL>::~nsCOMPtr() now that nsIURI is [builtinclass].

Priority: -- → P3
Summary: [hazard] unable to prove nsIXPCScriptable::GetJSClass() cannot GC → [hazards] unable to prove nsIXPCScriptable::GetJSClass() cannot GC
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.