Closed
Bug 532906
Opened 15 years ago
Closed 15 years ago
VTable::resolveImtSlot calls itself recursively, only bounded by inheritance depth
Categories
(Tamarin Graveyard :: Baseline JIT (CodegenLIR), defect, P2)
Tamarin Graveyard
Baseline JIT (CodegenLIR)
Tracking
(Not tracked)
VERIFIED
FIXED
flash10.1
People
(Reporter: edwsmith, Assigned: tierney)
References
Details
Attachments
(1 file)
|
6.00 KB,
patch
|
stejohns
:
review+
edwsmith
:
superreview+
|
Details | Diff | Splinter Review |
Code in VTable::resolveImtSlot() calls base->resolveImtSlot() to get the IMT entry from the base class to copy down. This is unchecked recursion that is only bounded by inheritance depth.
|
Reporter | |
Updated•15 years ago
|
Priority: -- → P2
Target Milestone: --- → flash10.1
Assignee: nobody → tierney
Status: NEW → ASSIGNED
Flags: flashplayer-triage+
|
Assignee | |
Comment 1•15 years ago
|
||
When we need to copy the imt thunk from the base VTable, walk up the inheritance chain, pushing each base onto a stack. Then, walk through the stack backwards, copying the imt thunk down.
Attachment #416445 -
Flags: review?(stejohns)
|
|
Reporter | |
Comment 2•15 years ago
|
||
see also: the code in Traits::resolveSignatures() builds a list of base classes and interfaces in top-down order.
|
||
Comment 3•15 years ago
|
||
Comment on attachment 416445 [details] [diff] [review]
Eliminate recursion in VTable::resolveImtSlot
Looks right, but we should probably run thru some Flex tests to torture-test it before landing... the avmshell acceptance tests don't exercise this code as much as it should.
Attachment #416445 -
Flags: review?(stejohns) → review+
|
|
Assignee | |
Comment 4•15 years ago
|
||
I will do that - do we have a list of flex apps for testing somewhere?
|
|
Assignee | |
Comment 5•15 years ago
|
||
(In reply to comment #2)
> see also: the code in Traits::resolveSignatures() builds a list of base classes
> and interfaces in top-down order.
I saw that. This case is a simpler one, as we only have to walk up the base classes, so we don't need to insert the interfaces into the stack.
|
|
Assignee | |
Updated•15 years ago
|
Attachment #416445 -
Flags: superreview?(edwsmith)
|
|
Assignee | |
Comment 6•15 years ago
|
||
I ran Phosphate, DataGridScroll, Insurance App, and TextInputForm_Load for flex tests - everything worked ok, and there was no performance impact from these changes.
|
|
Reporter | |
Comment 7•15 years ago
|
||
nothing is obviously wrong. We probably could reduce the allocation overhead of top-down traversal both here, and in Traits::resolveSignatures but its not a clear problem yet.
small nit to clean up before submitting: in VTable.cpp:227-232, this code:
ImtThunkEnv* ite;
// copy down imt stub from base class
AvmAssert(base->imt[slot] != NULL);
ite = base->imt[slot];
could be simplified to:
// copy down imt stub from base class
ImtThunkEnv* ite = base->imt[slot];
AvmAssert(ite != NULL);
|
|
Reporter | |
Updated•15 years ago
|
Attachment #416445 -
Flags: superreview?(edwsmith) → superreview+
|
|
Assignee | |
Comment 8•15 years ago
|
||
Cleaned up the part ed was talking about.
pushed:
http://hg.mozilla.org/tamarin-redux/rev/294937a422f8
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•