Closed Bug 1736083 Opened 3 years ago Closed 2 years ago

Analysis for DOM iterator invalidation

Categories

(Developer Infrastructure :: Source Code Analysis, enhancement, P5)

enhancement

Tracking

(Not tracked)

RESOLVED WORKSFORME

People

(Reporter: sfink, Unassigned)

References

(Blocks 1 open bug)

Details

mccr8 was looking at this once. The idea is to use the hazard analysis framework to check for cases where we're iterating over a list of nodes and doing something that could mutate that list.

We need more details about this in order to be able to understand it.

Severity: -- → S4
Flags: needinfo?(sphink)
Priority: -- → P5

Hm, I think the MOZ_CAN_RUN_SCRIPT analysis may have replaced the need for this analysis, if I'm understanding it correctly. Specifically, I think that right now if you are iterating over DOM nodes and calling anything marked MOZ_CAN_RUN_SCRIPT, then you are required (via static analysis) to hold onto a reference to them.

mccr8, is that correct? Is there still a use for an additional analysis here?

Flags: needinfo?(sphink) → needinfo?(continuation)

I don't think MOZ_CAN_RUN_SCRIPT understands iterator invalidation. An individual DOM node can be rooted, but the question is whether the array we're iterating over is resized.

I don't think I had any more than a vague idea for how to do this, so feel free to close it.

Flags: needinfo?(continuation)
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → WORKSFORME
Product: Firefox Build System → Developer Infrastructure
You need to log in before you can comment on or make changes to this bug.