JS_ClearScope is very dangerous, especially for JM+TI. With bug 637099 fixed, we should be able to remove the API entirely. According to MXR, it's used in a few test shells, and there is one use in Gecko at js/xpconnect/loader/mozJSComponentLoader.h:137. http://mxr.mozilla.org/mozilla-central/ident?i=JS_ClearScope
And http://mxr.mozilla.org/mozilla-central/source/js/xpconnect/src/dom_quickstubs.qsconf#565 for localStorage.clear().
In case anyone tries this and immediately sees xpcshell leaks (which I suspect is somewhat likely), we could add a semantically-much-less-scary function (outside js/src even) to set undefined to all properties.
Let's try having JS_ClearScope just assign UndefinedValue to all non-reserved slots: https://tbpl.mozilla.org/?tree=Try&rev=1e1e19282c2b Fun fact: ObjectOps::clear is totally unused.
Well, improvement from comment 2, there are only two individual test failures. One of them is in an xpcshell test: TypeError: Ci is undefined which is exactly what would happen if you tried to run code on a cleared global (which previously reported an error but not with my dinky patch). I'll try to tweak the tests not to run code on a cleared global.
(Also, no leaks reported!)
Awesome. Two simple reasons for the two test failures. Let's try again: https://tbpl.mozilla.org/?tree=Try&rev=33f4ddf29a4a
Sweet, now for a real patch.
Created attachment 655175 [details] [diff] [review] replace JS_ClearScope with not-bad functions The patch also takes the liberty of inlining js_NativeClear b/c this is the only use, and a gross one at that.
Created attachment 655176 [details] [diff] [review] clear JS-internal clear-scope remnants Let me know if I missed anything else you can think of.
Comment on attachment 655176 [details] [diff] [review] clear JS-internal clear-scope remnants Review of attachment 655176 [details] [diff] [review]: ----------------------------------------------------------------- Yay! This catches everything I could think of.
I found 249 /* 250 * Calling a function from a cleared global triggers this (yeah, I know). 251 * Uncomment this once bug 470510 is fixed (if that bug doesn't remove 252 * isCleared entirely). 253 */ 254 // JS_ASSERT(!isCleared()); in GlobalObject::initFunctionAndObjectClasses, want to remove that too? :)
Comment on attachment 655175 [details] [diff] [review] replace JS_ClearScope with not-bad functions Nice.
https://hg.mozilla.org/integration/mozilla-inbound/rev/104671eaadb8 https://hg.mozilla.org/integration/mozilla-inbound/rev/e208bf8354c9 Arg, I saw comment 10 too late! I'll remove it in another patch.