Spun off from bug 463238 comment 40: I think this has a GC hazard. The JSFastNative being called can modify vp in place, deep-bail, and then GC.
Bug 487134 has a patch that fixes this by slowing down calls to JSFastNatives and JSNatives by 3 stores to cx. This is a little better than your average TVR; can we do better still?
Assignee: general → jorendorff
Bug 487134 fixes this problem, but it might not land on branch. I think we need a risk discussion for 487134 and if that comes back negative I will try to split off the fix from 487134 and attach a patch here.
We took Bug 487134.
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Depends on: 487134
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.