Closed
Bug 712488
Opened 13 years ago
Closed 13 years ago
GC: missing barrier in JSFunction clone
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla12
People
(Reporter: terrence, Assigned: terrence)
References
Details
Attachments
(1 file, 1 obsolete file)
|
(deleted),
patch
|
billm
:
review+
|
Details | Diff | Splinter Review |
When we clone a function, we need post barriers after assigning the internal JSScript and JSObject pointers into the new object.
Attachment #583328 -
Flags: review?(wmccloskey)
|
Assignee | |
Comment 1•13 years ago
|
||
Much more elegant with Bill's IRL feedback.
Assignee: general → terrence
Attachment #583328 -
Attachment is obsolete: true
Status: NEW → ASSIGNED
Attachment #583328 -
Flags: review?(wmccloskey)
Attachment #583343 -
Flags: review?(wmccloskey)
Comment on attachment 583343 [details] [diff] [review]
v2
Review of attachment 583343 [details] [diff] [review]:
-----------------------------------------------------------------
::: js/src/jsfun.cpp
@@ +2199,5 @@
>
> clone->nargs = fun->nargs;
> clone->flags = fun->flags & ~JSFUN_EXTENDED;
> + if (fun->isInterpreted()) {
> + clone->initScript(fun->u.i.script_);
Please change fun->u.i.script_ to fun->script(). Otherwise it looks good.
Attachment #583343 -
Flags: review?(wmccloskey) → review+
|
|
Assignee | |
Comment 3•13 years ago
|
||
|
||
Comment 4•13 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla12
You need to log in
before you can comment on or make changes to this bug.
Description
•