GC hazard when calling arbitrary JSFastNative from trace, deep-bailing

RESOLVED FIXED

Status

()

P2
normal
RESOLVED FIXED
10 years ago
10 years ago

People

(Reporter: jorendorff, Assigned: jorendorff)

Tracking

({fixed1.9.1})

Other Branch
fixed1.9.1
Points:
---
Dependency tree / graph
Bug Flags:
blocking1.9.1 +

Firefox Tracking Flags

(Not tracked)

Details

(Assignee)

Description

10 years ago
Spun off from bug 463238 comment 40:

I think this has a GC hazard.  The JSFastNative being called can modify vp in
place, deep-bail, and then GC.
Flags: blocking1.9.1?
(Assignee)

Comment 1

10 years ago
Bug 487134 has a patch that fixes this by slowing down calls to JSFastNatives and JSNatives by 3 stores to cx.  This is a little better than your average TVR; can we do better still?
Assignee: general → jorendorff

Updated

10 years ago
Flags: blocking1.9.1? → blocking1.9.1+
Priority: -- → P2

Comment 2

10 years ago
Bug 487134 fixes this problem, but it might not land on branch. I think we need a risk discussion for 487134 and if that comes back negative I will try to split off the fix from 487134 and attach a patch here.

Updated

10 years ago
Depends on: 492693

Updated

10 years ago
Duplicate of this bug: 492487

Comment 4

10 years ago
We took Bug 487134.
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Depends on: 487134
Keywords: fixed1.9.1
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.