Closed
Bug 797128
Opened 12 years ago
Closed 12 years ago
Justify SkipRoots in jstypedarray.cpp's copyFromArray()
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla18
People
(Reporter: sfink, Assigned: sfink)
References
Details
(Whiteboard: [rooting-horror-story])
Attachments
(1 file)
|
2.17 KB,
patch
|
terrence
:
review+
|
Details | Diff | Splinter Review |
The first valid SkipRoot I've found. copyFromArray was inexplicably discarding a handle, and with that fixed there are some unrooted internal pointers stored on the stack. But the only things that can trigger GC will also trigger an early exit, so all of the unrooted pointers are dead if a GC happens anyway.
|
Assignee | |
Comment 1•12 years ago
|
||
Attachment #667159 -
Flags: review?(terrence)
|
|
Assignee | |
Updated•12 years ago
|
Whiteboard: [rooting-example]
|
||
Comment 2•12 years ago
|
||
Comment on attachment 667159 [details] [diff] [review]
Minor rooting fix and SkipRoot justification.
Review of attachment 667159 [details] [diff] [review]:
-----------------------------------------------------------------
Hurm. This is annoying: the only reason we need the SkipRoots is the unconditional MaybeCheckStackRoots in ToNumber.
::: js/src/jstypedarray.cpp
@@ +2075,2 @@
> NativeType *dest = static_cast<NativeType*>(viewData(thisTypedArrayObj)) + offset;
> + SkipRoot skipDest(cx, &dest);
Lets hoist |src| so that we can have a common comment. Something like:
<code>
const Value *src = NULL;
NativeType *dest = static_cast<NativeType*>(viewData(thisTypedArrayObj)) + offset;
// The only way the code below can GC is if nativeFromValue fails, but
// in that case we return false immediately, so we do not need to root
// |src| and |dest|. These SkipRoots are to protect from the unconditional
// MaybeCheckStackRoots done by ToNumber.
SkipRoot skipSrc(cx, &src);
SkipRoot skipDest(cx, &dest);
</code>
I also changed the comment a little bit to say why we need the SkipRoots, because the existing comment strongly implies that they should *not* have SkipRoots. Feel free to clean this up more if you can express the idea more clearly.
Attachment #667159 -
Flags: review?(terrence) → review+
|
|
||
Updated•12 years ago
|
Whiteboard: [rooting-example] → [rooting-horror-story]
|
|
Assignee | |
Comment 3•12 years ago
|
||
|
||
Comment 4•12 years ago
|
||
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla18
You need to log in
before you can comment on or make changes to this bug.
Description
•