Make using a String-owned jschar* after the string is dead impossible (or at least harder)
Categories
(Core :: JavaScript Engine, defect, P3)
Tracking
()
People
(Reporter: terrence, Unassigned)
References
(Blocks 1 open bug)
Details
Updated•2 years ago
|
Comment 1•10 months ago
|
||
Today this is mitigated by making the chars(const JS::AutoRequireNoGC& nogc)
to be in a NoGC scope.
However the problem persists as nothing prevents us from leaking the obtained chars outside the NoGC scope.
Maybe the returned type should capture the dependency on JS::AutoRequireNoGC
and prevent raw access to the characters.
Updated•10 months ago
|
Comment 2•10 months ago
|
||
(In reply to Nicolas B. Pierron [:nbp] from comment #1)
Maybe the returned type should capture the dependency on
JS::AutoRequireNoGC
and prevent raw access to the characters.
In actual usage scenarios, this has been found to pretty much not work because when you have char*
data, you are very very likely to want to pass it to something that takes a char*
. Which means extracting it from whatever CharsHolderThatDisallowsGC
struct you are using. You can push the special type a ways, but it's just too common to end up needing to use libc or other library functions.
Our main answer to this is AutoStableStringChars
, which will copy the chars if needed.
In another domain, we have ProcessData()
and ProcessFixedData()
. They both take lambdas that will be handed the data to process. ProcessData
also gives you an AutoCheckCannotGC&&
token so that the analysis will stop you from GCing (though you can nogc.reset()
once you're done using the data, and then you can GC all you want.) ProcessFixedData
is more similar to AutoStableStringChars
, in that it copies data if it is movable. We could consider providing a similar API for strings.
Comment 3•10 months ago
|
||
Having a lambda sounds like the nicest way to discourage aliasing the char*
, even if this does not prevent it.
Description
•