Closed
Bug 418561
Opened 16 years ago
Closed 16 years ago
MakeArraySlow() does thread-unsafe set of JSClass slot.
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
DUPLICATE
of bug 419537
mozilla1.9
People
(Reporter: jst, Assigned: crowderbt)
Details
Attachments
(1 file)
1.51 KB,
patch
|
shaver
:
review+
jst
:
approval1.9+
|
Details | Diff | Splinter Review |
http://lxr.mozilla.org/mozilla/source/js/src/jsarray.c#1081 Link pretty much says it all, multi-instruction set of obj->fslots[JSSLOT_CLASS], a racing thread could end up getting a null class, which is supposed to be impossible. Shaver gets this one per discussion on irc.
Flags: blocking1.9+
Reporter | ||
Updated•16 years ago
|
Assignee: general → shaver
Assignee | ||
Comment 1•16 years ago
|
||
Updated•16 years ago
|
Version: unspecified → Trunk
Comment on attachment 304401 [details] [diff] [review] coherent class flags at all times r=shaver
Attachment #304401 -
Flags: review?(brendan)
Attachment #304401 -
Flags: review+
Attachment #304401 -
Flags: approval1.9?
Reporter | ||
Updated•16 years ago
|
Attachment #304401 -
Flags: approval1.9? → approval1.9+
Comment 3•16 years ago
|
||
Comment on attachment 304401 [details] [diff] [review] coherent class flags at all times This still isn't thread-safe -- you want the ensemble change to obj to be atomic. /be
Not sure how to make that whole transition atomic WRT racing STOBJ_GET_CLASS, off-hand, but I'll sleep on it some more. We definitely need to sprinkle some threadsafety dust on arrays, which will include locking around the bulk of MakeArraySlow, so maybe it's not worth fixing this independently? Even with that, though, STOBJ_GET_CLASS explicitly doesn't participate in the locking protocol, so it will still race. We need the atomic update of JSSLOT_CLASS to keep STOBJ_GET_CLASS from seeing NULL, but any more involved use of the clasp will require that the caller do the right thing with title locking...
Comment 5•16 years ago
|
||
Moving bugs that aren't beta 4 blockers to target final release.
Target Milestone: mozilla1.9beta4 → mozilla1.9
Comment 6•16 years ago
|
||
taking this off the blocking the list. There are bigger bugs tracking the general problem.
Flags: tracking1.9+
Assignee | ||
Comment 7•16 years ago
|
||
Going to just dupe this forward to bug 419537, which is the meta shavarray thread-safety bug.
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•