Closed
Bug 487240
Opened 14 years ago
Closed 14 years ago
GC hazard when calling arbitrary JSFastNative from trace, deep-bailing
Categories
(Core :: JavaScript Engine, defect, P2)
Tracking
()
RESOLVED
FIXED
People
(Reporter: jorendorff, Assigned: jorendorff)
References
Details
(Keywords: fixed1.9.1)
Spun off from bug 463238 comment 40: I think this has a GC hazard. The JSFastNative being called can modify vp in place, deep-bail, and then GC.
Flags: blocking1.9.1?
|
Assignee | |
Comment 1•14 years ago
|
||
Bug 487134 has a patch that fixes this by slowing down calls to JSFastNatives and JSNatives by 3 stores to cx. This is a little better than your average TVR; can we do better still?
Assignee: general → jorendorff
|
||
Updated•14 years ago
|
Flags: blocking1.9.1? → blocking1.9.1+
Priority: -- → P2
|
||
Comment 2•14 years ago
|
||
Bug 487134 fixes this problem, but it might not land on branch. I think we need a risk discussion for 487134 and if that comes back negative I will try to split off the fix from 487134 and attach a patch here.
|
|
||
Comment 4•14 years ago
|
||
We took Bug 487134.
Status: NEW → RESOLVED
Closed: 14 years ago
Depends on: 487134
Keywords: fixed1.9.1
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•