Closed Bug 639954 Opened 13 years ago Closed 13 years ago

TM: calling SwitchToCompartment(NULL) does nothing

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: bhackett1024, Assigned: billm)

Details

(Whiteboard: fixed-in-tracemonkey)

Attachments

(1 file)

fix
1.84 KB, patch
luke
: review+
Details | Diff | Splinter Review 
For this code in GCUntilDone:

    /*
     * We should not be depending on cx->compartment in the GC, so set it to
     * NULL to look for violations.
     */
    SwitchToCompartment(cx, (JSCompartment *)NULL);

SwitchToCompartment is a class, and when class constructors are called as functions the destructor is called immediately afterwards (thanks, C++!), so the original context's usually-bogus compartment is restored for the GC.
Oops. We have checks to ensure that this doesn't happen, but I guess they aren't called by SwitchCompartment. We should fix that.
Hmm, this was the only hit for SwitchCompartment being called as a function.  Unfortunately, doing the obvious fix for this case broke some jit-tests in non-obvious ways, going to disown.
Assignee: bhackett1024 → general
Assignee: general → wmccloskey
Wow, nice. Ok, we need an owner and fixing. Gregor? Bill? Anyone?
I've only looked at one failure so far, but here's what I think is happening. In MarkRuntime, we iterate over all contexts cx and mark cx->compartment. NULLing-out cx->compartment during GC causes us to miss a compartment.

Once bug 639270 lands, this shouldn't be a problem. Let's wait for that and then fix this.
If you add the idiomatic JS_GUARD_OBJECT_NOTIFIER* magic (grep for examples), then you will get a debug assert running the statement in comment 0.  (In theory, we should be sprinkling this magic on all guard objects to prevent this category of errors.)
The verb-style name fooled me into thinking this was an overloaded function, not a class. Use noun phrases for classes and structs, please!

/be
I didn't really like it at first, but the pattern seems to be an Auto* prefix.
Attached patch fixSplinter Review 
This fixes the GC case and adds the necessary guards to SwitchToCompartment. Now that bug 639270 has landed, there are no more test failures.

I didn't do any renaming. Should I?
Attachment #518562 - Flags: review?(luke)
Attachment #518562 - Flags: review?(luke) → review+
http://hg.mozilla.org/mozilla-central/rev/655c1169d04b
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: