Closed
Bug 916988
Opened 11 years ago
Closed 11 years ago
Various analysis updates
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla27
People
(Reporter: sfink, Assigned: sfink)
Details
Attachments
(4 files)
|
1.45 KB,
patch
|
terrence
:
review+
sfink
:
checkin+
|
Details | Diff | Splinter Review |
|
1.12 KB,
patch
|
terrence
:
review+
sfink
:
checkin+
|
Details | Diff | Splinter Review |
|
1.64 KB,
patch
|
sfink
:
checkin+
|
Details | Diff | Splinter Review |
|
2.46 KB,
patch
|
terrence
:
review+
sfink
:
checkin+
|
Details | Diff | Splinter Review |
Laundry list of analysis changes
|
Assignee | |
Comment 1•11 years ago
|
||
If an exception is pending when we enter an AutoCompartment scope, it could get wrapped, which could trigger GC. But treating that as a cangc function introduces false positives in the common places where no exception will ever be set. So for now, I'm just annotating the AutoCompartment constructor overload that is causing issues.
Attachment #805564 -
Flags: review?(terrence)
|
|
Assignee | |
Comment 2•11 years ago
|
||
bz is now using things like mozilla::dom::RootedTypedArray..., which should be considered Rooted. They inherit from AutoGCRooter (or maybe CustomAutoRooter; doesn't matter which) and so should theoretically be automatically handled. But the analysis currently can't distinguish inheritance from just having an initial data member of the superclass, and the current processing is order-dependent, and it's a heuristic snarl to begin with (because it's unclear what an AutoRooter is rooting.) RootedTypedArray uses multiple inheritance, which makes it even harder. So punt for now and just key off of the type name the same way we are doing it in spidermonkey.
Attachment #805569 -
Flags: review?(terrence)
|
|
Assignee | |
Comment 3•11 years ago
|
||
|
|
Assignee | |
Comment 4•11 years ago
|
||
NS_IsMainThread causes nearly 200 false positive hazards. NS_IsMainThread is considered a GC function because it calls nsIThreadManager.GetIsMainThread, but annotating just that reveals that it's also a gc function because:
GC Function: uint8 NS_IsMainThread()
nsCOMPtr<T>::nsCOMPtr(nsGetServiceByContractID) [with T = nsIThreadManager]
void nsCOMPtr<T>::assign_from_gs_contractid(nsGetServiceByContractID, const nsIID&) [with T = nsIThreadManager; nsIID = nsID]
uint32 nsGetServiceByContractID::operator(nsID*, void**)(const nsIID&, void**) const
uint32 CallGetService(int8*, nsID*, void**)
FieldCall: nsIServiceManager.GetServiceByContractID
Those sound kind of scary to whitelist, so it seems simplest to just annotate NS_IsMainThread.
Attachment #805572 -
Flags: review?(terrence)
|
||
Comment 5•11 years ago
|
||
Comment on attachment 805564 [details] [diff] [review] AutoCompartment constructor leads to too many false positives Review of attachment 805564 [details] [diff] [review]: ----------------------------------------------------------------- r=me
Attachment #805564 -
Flags: review?(terrence) → review+
|
|
||
Comment 6•11 years ago
|
||
Comment on attachment 805569 [details] [diff] [review] Treat mozilla::dom::Rooted* as a rooted type Review of attachment 805569 [details] [diff] [review]: ----------------------------------------------------------------- r=me
Attachment #805569 -
Flags: review?(terrence) → review+
|
|
||
Comment 7•11 years ago
|
||
Comment on attachment 805572 [details] [diff] [review] NS_IsMainThread does not GC Review of attachment 805572 [details] [diff] [review]: ----------------------------------------------------------------- r=me. Hopefully, one day we'll have C++11 [[annotation]] support and can at least put all these in the source.
Attachment #805572 -
Flags: review?(terrence) → review+
|
|
Assignee | |
Updated•11 years ago
|
Attachment #805564 -
Flags: checkin+
|
|
Assignee | |
Updated•11 years ago
|
Attachment #805569 -
Flags: checkin+
|
|
Assignee | |
Updated•11 years ago
|
Attachment #805570 -
Flags: checkin+
|
|
Assignee | |
Updated•11 years ago
|
Attachment #805572 -
Flags: checkin+
|
|
Assignee | |
Comment 8•11 years ago
|
||
Whoops, just noticed that I never checked these in. It was hard to tell because the automation box already has these changes, and I've been pushing the try hazards builds with these patches applied. But I just looked at my first successful end-to-end JS shell hazards build on try -- https://tbpl.mozilla.org/php/getParsedLog.php?id=28172991&tree=Try&full=1 producing http://ftp.mozilla.org//pub/mozilla.org/firefox/try-builds/sfink@mozilla.com-962b0d2dec87186a0220a7e552855802a20693e8/try-linux64-sh-haz -- and it was complaining about NoGC functions again! https://hg.mozilla.org/integration/mozilla-inbound/rev/3b075021285f https://hg.mozilla.org/integration/mozilla-inbound/rev/e6e24a63ca36 https://hg.mozilla.org/integration/mozilla-inbound/rev/1ec5c70efd2e https://hg.mozilla.org/integration/mozilla-inbound/rev/4df586670d2a Btw, if you push to try with -p linux64-sh-haz, you'll now get a build that uploads hazards.txt and gcFunctions.txt to the ftp server. The full-browser version still isn't quite working.
|
||
Comment 9•11 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/3b075021285f https://hg.mozilla.org/mozilla-central/rev/e6e24a63ca36 https://hg.mozilla.org/mozilla-central/rev/1ec5c70efd2e https://hg.mozilla.org/mozilla-central/rev/4df586670d2a
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla27
You need to log in
before you can comment on or make changes to this bug.
Description
•