Closed Bug 488458 Opened 12 years ago Closed 3 years ago

avoiding slot update after a getter call in js_NativeGet

Categories

(Core :: JavaScript Engine, enhancement)

enhancement
Not set
normal

Tracking

()

RESOLVED INCOMPLETE

People

(Reporter: igor, Unassigned)

References

Details

Currently js_NativeGet from js/src/jsobj.cpp locks the object after executing the getter to set property's slot with the getter's result (when the getter is non-shared). For API compatibility this is done even when the getter comes from the prototype with the result stored also in the prototype.

We should consider removing this compatibility feature (which is a known source of unexpected leaks) and optimize away the need for double-locking.
Group: core-security
CC list accessible: false
Not accessible to reporter
Summary: js_FillPropertyCache is called with garbage-collected pobj → avoiding slot update after a getter call in js_NativeGet
The changes from the bug 490666 allows to have simpler patch for this bug.
Depends on: 490666
Assignee: igor → general
Assignee: general → nobody
js_NativeGet is no longer present, therefore closing as INCOMPLETE.
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.