Closed
Bug 807458
Opened 12 years ago
Closed 12 years ago
Eliminate a SkipRoot from NewDenseCopiedArray
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla19
People
(Reporter: sfink, Assigned: sfink)
Details
Attachments
(1 file)
|
10.45 KB,
patch
|
terrence
:
review+
sfink
:
checkin+
|
Details | Diff | Splinter Review |
The values being copied need to be rooted.
|
Assignee | |
Comment 1•12 years ago
|
||
The parameter ordering is pretty wonky, but fixing that is a much larger patch. If you think I should do it, that's fine -- I had to generate that patch first to verify that all callers of the already-rooted version really are already rooted.
Attachment #677151 -
Flags: review?(terrence)
|
||
Comment 2•12 years ago
|
||
Comment on attachment 677151 [details] [diff] [review] Eliminate a SkipRoot from NewDenseCopiedArray Review of attachment 677151 [details] [diff] [review]: ----------------------------------------------------------------- Nice! ::: js/src/jsapi.cpp @@ +4707,5 @@ > > JS_PUBLIC_API(JSObject *) > JS_NewArrayObject(JSContext *cx, int length, jsval *vector) > { > + AutoArrayRooter tvr(cx, length, vector); Effectively we just moved the SkipRoot forward to here. :-) Still a win though. ::: js/src/jsstr.cpp @@ +2757,5 @@ > > /* Step 10. */ > if (!sepDefined) { > + RootedValue v(cx, StringValue(str)); > + JSObject *aobj = NewDenseCopiedArray(cx, 1, v.address()); That's going to fix one of our fuzz bugs as well.
Attachment #677151 -
Flags: review?(terrence) → review+
|
|
Assignee | |
Updated•12 years ago
|
Attachment #677151 -
Flags: checkin+
|
|
Assignee | |
Comment 3•12 years ago
|
||
http://hg.mozilla.org/integration/mozilla-inbound/rev/8fd8e9243788
|
||
Comment 4•12 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/8fd8e9243788
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla19
You need to log in
before you can comment on or make changes to this bug.
Description
•