Closed Bug 909526 Opened 9 years ago Closed 8 years ago

Suppress GetGlobalJSObject, which is virtual, but cannot GC

Categories

(Core :: JavaScript Engine, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla28

People

(Reporter: terrence, Assigned: terrence)

References

Details

(Whiteboard: [qa-])

Attachments

(1 file)

I could not find a great way to re-organize CheckForOutdatedParent that would fix this false positive and not unconditionally add a new root, or worse, UnmarkGray twice. Since this function looks like it may be hot, I think we should annotate the analysis instead.
Attachment #795672 - Flags: review?(sphink)
Comment on attachment 795672 [details] [diff] [review]
suppress_GetGlobalJSObject-v0.diff

Review of attachment 795672 [details] [diff] [review]:
-----------------------------------------------------------------

I've been sitting on this one because I thought it was the one where I was supposed to do fancy analysis tricks to make it see the virtual. But this is a field call, not a true virtual call, so it seems like the annotation is the only option here.
Attachment #795672 - Flags: review?(sphink) → review+
I revisited this today. My initial analysis still holds. The reason this is a field call is that it is a COM implementation. This means that in theory a C++ browser extension could replace the implementation of GetGlobalJSObject with one that could GC. Given that this would be insane, however, I don't think it's really an issue in practice.

https://hg.mozilla.org/integration/mozilla-inbound/rev/7da0450f5157
https://hg.mozilla.org/mozilla-central/rev/7da0450f5157
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla28
Whiteboard: [qa-]
You need to log in before you can comment on or make changes to this bug.