Suppress GC in debug-only call

RESOLVED FIXED in mozilla27

Status

()

defect
RESOLVED FIXED
6 years ago
6 years ago

People

(Reporter: sfink, Assigned: sfink)

Tracking

unspecified
mozilla27
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

Hazard:

Function 'uint8 js::ExecuteKernel(JSContext*, const class JS::Handle<JSScript*>, JSObject*, JS::Value*, uint32, js::AbstractFramePtr, JS::Value*)' has unrooted 'scopeChainArg' of type 'JSObject*' live across GC call 'JSObject* GetOuterObject(JSContext*, class JS::Handle<JSObject*>)' at js/src/vm/Interpreter.cpp:596

Code:

bool
js::ExecuteKernel(JSContext *cx, HandleScript script, JSObject &scopeChainArg, ...)
{
    ...
#ifdef DEBUG
    if (thisv.isObject()) {
        RootedObject thisObj(cx, &thisv.toObject());
        JS_ASSERT(GetOuterObject(cx, thisObj) == thisObj);
    }
#endif
I stuck in an AutoSuppressGC in the debug-only section.
Attachment #815615 - Flags: review?(terrence)
Blocks: 898606
Comment on attachment 815615 [details] [diff] [review]
Suppress GC in debug-only call

Review of attachment 815615 [details] [diff] [review]:
-----------------------------------------------------------------

r=me
Attachment #815615 - Flags: review?(terrence) → review+
https://hg.mozilla.org/mozilla-central/rev/09b4e50f4b2f
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla27
You need to log in before you can comment on or make changes to this bug.