Closed
Bug 716176
Opened 13 years ago
Closed 13 years ago
GC: missing barriers in BaseShape::operator=
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla12
People
(Reporter: terrence, Assigned: terrence)
Details
Attachments
(1 file, 1 obsolete file)
|
2.53 KB,
patch
|
billm
:
review+
|
Details | Diff | Splinter Review |
When we copy shapes in adoptUnknown, barriers on getterObj and setterObj need to be triggered.
|
Assignee | |
Comment 1•13 years ago
|
||
This overrides BaseShape::operator= to manually trigger barriers on {g|s}etterObj. They are not automatically barriered because they are behind a union.
Attachment #587151 -
Flags: review?(wmccloskey)
Comment on attachment 587151 [details] [diff] [review] v0: the general solution Couldn't you just assign the fields individually, rather than using a memcpy? That would invoke most of the write barriers automatically.
|
|
Assignee | |
Comment 3•13 years ago
|
||
Attachment #587151 -
Attachment is obsolete: true
Attachment #587151 -
Flags: review?(wmccloskey)
Attachment #587182 -
Flags: review?(wmccloskey)
Attachment #587182 -
Flags: review?(wmccloskey) → review+
|
|
Assignee | |
Comment 4•13 years ago
|
||
http://hg.mozilla.org/integration/mozilla-inbound/rev/6a0de913a042
|
|
Assignee | |
Comment 5•13 years ago
|
||
Bill, is there a missing pre-barrier here? I didn't add it because it wasn't there already, but it occurs to me that this gets called out of putProperty, where all sorts of weird stuff is going on.
|
||
Comment 6•13 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/6a0de913a042
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla12
You need to log in
before you can comment on or make changes to this bug.
Description
•