Closed
Bug 636044
Opened 14 years ago
Closed 12 years ago
Don't mark scripts of another compartment during per-compartment GC
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: gwagner, Assigned: gwagner)
References
Details
Attachments
(1 file, 2 obsolete files)
960 bytes,
patch
|
Details | Diff | Splinter Review |
No description provided.
Assignee | ||
Updated•14 years ago
|
Assignee: general → anygregor
Assignee | ||
Comment 1•14 years ago
|
||
Seen in bug 635873:
1 mozjs.dll!js::Shape::trace(JSTracer *) [jsscope.cpp : 1488 + 0x30]
eip = 0x0081a045 esp = 0x0012abe8 ebp = 0x0012abfc
Found by: call frame info
2 mozjs.dll!js::Bindings::trace(JSTracer *) [jsscript.cpp : 294 + 0xb]
eip = 0x0081c380 esp = 0x0012ac04 ebp = 0x0012ac10
Found by: call frame info
3 mozjs.dll!js_TraceScript(JSTracer *,JSScript *) [jsscript.cpp : 1709 + 0xe]
eip = 0x0082036a esp = 0x0012ac18 ebp = 0x0012ac34
Found by: call frame info
4 mozjs.dll!js_TraceStackFrame(JSTracer *,JSStackFrame *) [jsgc.cpp : 1489 +
0x11]
eip = 0x0073d124 esp = 0x0012ac3c ebp = 0x0012ac44
Found by: call frame info
5 mozjs.dll!js::StackSpace::mark(JSTracer *) [jscntxt.cpp : 242 + 0xc]
Assignee | ||
Updated•14 years ago
|
Attachment #514356 -
Flags: review?(gal)
Comment 2•14 years ago
|
||
Comment on attachment 514356 [details] [diff] [review]
patch
I don't like this. The script object should not be found either. Why do we even arrive at js_TraceScript? We are coming through an object or do we scan JSScript* directly through the conservative scanner?
Assignee | ||
Comment 3•14 years ago
|
||
Not from the conservative stack scanner. It comes from the JS stack:
3 mozjs.dll!js_TraceScript(JSTracer *,JSScript *) [jsscript.cpp : 1709 + 0xe]
eip = 0x0082036a esp = 0x0012ac18 ebp = 0x0012ac34
Found by: call frame info
4 mozjs.dll!js_TraceStackFrame(JSTracer *,JSStackFrame *) [jsgc.cpp : 1489 +
0x11]
eip = 0x0073d124 esp = 0x0012ac3c ebp = 0x0012ac44
Found by: call frame info
5 mozjs.dll!js::StackSpace::mark(JSTracer *) [jscntxt.cpp : 242 + 0xc]
eip = 0x006e46eb esp = 0x0012ac4c ebp = 0x0012ac6c
Found by: call frame info
6 mozjs.dll!JSThreadData::mark(JSTracer *) [jscntxt.cpp : 536 + 0xe]
eip = 0x006e6116 esp = 0x0012ac74 ebp = 0x0012ac7c
Found by: call frame info
7 mozjs.dll!js::MarkRuntime(JSTracer *) [jsgc.cpp : 1739 + 0x12]
eip = 0x0073e08b esp = 0x0012ac84 ebp = 0x0012acd0
Found by: call frame info
8 mozjs.dll!MarkAndSweepCompartment [jsgc.cpp : 2292 + 0x8]
Comment 4•14 years ago
|
||
I see. So we find a stack frame with a script thats in the wrong compartment. We should abort right there inside the script since all parts of the script are same compartment. No need to scan any of it.
Assignee | ||
Comment 5•14 years ago
|
||
Move the check to js_TraceStackFrame
Attachment #514356 -
Attachment is obsolete: true
Attachment #514356 -
Flags: review?(gal)
Assignee | ||
Comment 6•14 years ago
|
||
Attachment #514553 -
Attachment is obsolete: true
Assignee | ||
Updated•14 years ago
|
Attachment #514831 -
Flags: review?(gal)
Updated•12 years ago
|
Attachment #514831 -
Flags: review?(gal)
Comment 7•12 years ago
|
||
Seems like this bug must be obsolete by now.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•