Closed
Bug 637054
Opened 9 years ago
Closed 9 years ago
proxies finalize on clear, don't do anything on finalize
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Not set
Tracking
()
RESOLVED
FIXED
People
(Reporter: gal, Assigned: gal)
Details
(Whiteboard: fixed-in-tracemonkey)
Attachments
(1 file)
|
2.67 KB,
patch
|
brendan
:
review+
|
Details | Diff | Splinter Review |
No description provided.
|
Assignee | |
Comment 2•9 years ago
|
||
Assignee: general → gal
|
|
Assignee | |
Updated•9 years ago
|
Attachment #515386 -
Flags: review?(brendan)
|
|
Assignee | |
Comment 3•9 years ago
|
||
Removing b?. It seems this has currently no ill effects (we don't rely on the finalize hook anywhere as far as I can tell).
blocking2.0: ? → ---
|
|
Assignee | |
Updated•9 years ago
|
Attachment #515386 -
Flags: approval2.0?
|
|
Assignee | |
Updated•9 years ago
|
Summary: proxies leak memory, finalize on clear, don't do anything on finalize → proxies finalize on clear, don't do anything on finalize
|
||
Comment 4•9 years ago
|
||
Comment on attachment 515386 [details] [diff] [review] patch Did I really review this? static void proxy_Finalize(JSContext *cx, JSObject *obj) { JS_ASSERT(obj->isProxy()); if (!obj->getSlot(JSSLOT_PROXY_HANDLER).isUndefined()) obj->getProxyHandler()->finalize(cx, obj); } It's up to the GC whether the handler is garbage and should be finalized. This code cannot assume the proxy's JSSLOT_PROXY_HANDLER slot holds the last ref. /be
Attachment #515386 -
Flags: review?(brendan) → review-
|
|
Assignee | |
Comment 5•9 years ago
|
||
The proxy handler is a singleton C++ class without any internal state. We dispatch over the handler's VMT to finalize any handler-specific state in _obj_. obj is garbage, since its finalize hook was just invoked by the GC.
|
|
Assignee | |
Updated•9 years ago
|
Attachment #515386 -
Flags: review- → review?
|
|
||
Comment 6•9 years ago
|
||
Comment on attachment 515386 [details] [diff] [review] patch Duh, sorry for not reading harder -- and finalize (the JSProxyHandler method, not a JSClass hook) is empty. The finalize name is confusing. But it is empty so I can't suggest a better one at the moment. Bleah. This bug, although zero risk, is not exactly blocking material. /be
Attachment #515386 -
Flags: review? → review+
|
|
Assignee | |
Comment 7•9 years ago
|
||
It would be blocking if via clear you can premature cause finalization to happen, but all finalizer handlers are empty, so its a noop in essence, which is why I didn't ask for blocking.
|
||
Comment 8•9 years ago
|
||
Comment on attachment 515386 [details] [diff] [review] patch a=beltzner
Attachment #515386 -
Flags: approval2.0? → approval2.0+
|
|
Assignee | |
Updated•9 years ago
|
Attachment #515386 -
Flags: approval2.0+
|
|
Assignee | |
Comment 9•9 years ago
|
||
I just land this on TM.
|
|
Assignee | |
Comment 10•9 years ago
|
||
http://hg.mozilla.org/tracemonkey/rev/1c8e91b2e3a4
Whiteboard: fixed-in-tracemonkey
|
||
Comment 11•9 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/1c8e91b2e3a4
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•