Closed Bug 487240 Opened 15 years ago Closed 15 years ago

GC hazard when calling arbitrary JSFastNative from trace, deep-bailing

Categories

(Core :: JavaScript Engine, defect, P2)

Other Branch
defect

Tracking

()

RESOLVED FIXED

People

(Reporter: jorendorff, Assigned: jorendorff)

References

Details

(Keywords: fixed1.9.1)

Spun off from bug 463238 comment 40:

I think this has a GC hazard.  The JSFastNative being called can modify vp in
place, deep-bail, and then GC.
Flags: blocking1.9.1?
Bug 487134 has a patch that fixes this by slowing down calls to JSFastNatives and JSNatives by 3 stores to cx.  This is a little better than your average TVR; can we do better still?
Assignee: general → jorendorff
Flags: blocking1.9.1? → blocking1.9.1+
Priority: -- → P2
Bug 487134 fixes this problem, but it might not land on branch. I think we need a risk discussion for 487134 and if that comes back negative I will try to split off the fix from 487134 and attach a patch here.
Depends on: 492693
We took Bug 487134.
Status: NEW → RESOLVED
Closed: 15 years ago
Depends on: 487134
Keywords: fixed1.9.1
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.