Closed Bug 352855 Opened 19 years ago Closed 19 years ago

JS_New(UC)?String allows easy mixing of allocators

Categories

(Developer Documentation Graveyard :: General, defect)

Product:
Developer Documentation Graveyard
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: bzbarsky, Assigned: endico)

Details

JS_New(UC)?String takes ownership of the buffer and then later uses free() to free it. But nowhere is it documented what allocator will be used to deallocate and whether there is a way to control it. As a result, we have various Gecko code that uses nsMemory (so the NSPR allocator) to allocate buffers and then passes them to JS_NewUCString. Which crashes if NSPR does anything interesting allocator-wise (and this last part is not really under Gecko's control). The solution is probably either to allow specifying a deallocator, or to document that JS_New(UC)?String should only get passed buffers allocated by malloc...
JS always uses malloc, period. If you want a JSString whose storage is allocated otherwise, use JS_NewExternalString, after registering an external string GC-thing type with JS_AddExternalStringFinalizer. Those APIs let the embedding client of SpiderMonkey control allocation. Doc bugs don't go in b.m.o, AFAIK. There's no code bug to fix unless you want more comments in jsapi.h. Deb, who might be the best person to edit MDC? /be
More comments in jsapi.h would be great if we're doing that nowadays, yes...
Likely Nickolay or Sheppy. Cc'ing them.
I am not sure more jsapi.h comments are helpful. Last night on IRC, you noted how the file is big (2201 lines at my count), and it was clear no one was reading the relevant comments for the growable/dependent vs. immutable/independent string API (not saying anyone should have -- in fact that's my point ;-). Making the .h bigger is not going to help people as much as fixing and completing the API docs on MDC. So I think this is a doc bug, which does not belong in b.m.o AFAIK (someone please correct me if I'm wrong). /be
We do actually like doc bugs to be filed in Bugzilla. At least I do. :)
OK. I'm willing to buy that it's a doc bug. Over to the Documentation product. ;) I guess I should file separate bugs on existing allocator abuses, right?
Assignee: general → endico
Component: JavaScript Engine → Mozilla Developer
OS: Linux → All
Product: Core → Documentation
QA Contact: general → imajes
Hardware: PC → All
Version: Trunk → unspecified
On Windows, is malloc in one library always equivalent to malloc in another? I thought that it wasn't was one of the reasons we have interesting mixed-allocator bugs.
> On Windows, is malloc in one library always equivalent to malloc in another? No. It's not, last I checked.
You guys are not Windows users. But neither am I. FWIW: The only different I know of is debug vs. release built DLLs. "Don't do that" is the prescribed cure. Any real Windows(tm) hackers know more? /be
(comment #1) > Deb, who might be the best person to edit MDC? I think someone familiar with spidermonkey would do a better job editing the docs. Anyways, http://developer.mozilla.org/en/docs/JS_NewString currently says that "the char array, |bytes|, *must* be allocated on the heap using JS_malloc". Is that true (or the caller may simply use malloc)? Would adding the same sentence to http://developer.mozilla.org/en/docs/JS_NewUCString fix this bug?
malloc is per library each library can and easily may get its own. do *not* require people to use malloc or free to pass data across libraries because they in general can *not* do so. that's the entire story. each compiler (vc42, 5, 6, 7, 71, 8), digital mars, borland (...), will link libraries with its own crt (that's ignoring the fact that each compiler can choose a debug or release crt).
> Would adding the same sentence > to http://developer.mozilla.org/en/docs/JS_NewUCString fix this bug? I believe so, yes. Then we'll need to file bugs on the existing JS_NewUCString callers in Gecko code -- most of them don't do that.
I made the proposed change: http://developer.mozilla.org/en/docs/index.php?title=JS_NewUCString&diff=39967&oldid=19883
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Filed bug 353107, bug 353108, bug 353109. The fourth and last caller of JS_NewUCString was OK. It looks like all JS_NewString callers are in the JS engine itself.
Component: Mozilla Developer → Documentation Requests
Product: Documentation → Mozilla Developer Center
Component: Documentation Requests → Documentation
Component: Documentation → General
Product: Mozilla Developer Network → Developer Documentation
You need to log in before you can comment on or make changes to this bug.