Closed Bug 841054 Opened 12 years ago Closed 12 years ago

GC: Exactly root ScriptFrameIter

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla21

People

(Reporter: terrence, Assigned: terrence)

References

Details

Attachments

(1 file)

v0
(deleted), patch
terrence
: review+
Details | Diff | Splinter Review
From our exact rooting notes: * Debugger.cpp uses ScriptFrameIter all over the place - inherits from StackIter, contains ion::InlineFrameIter, contains a pair of SnapshotIters which have an IonScript* - many uses of these are in hot code that can't GC during the iter's lifetime, and I'm not sure they all have convenient access to a cx - StackIter also contains a CallArgs, which contains a Value array (may not be live across GC?)
Attached patch v0 (deleted) — Splinter Review
Nicolas r+ed this on IRC. If the static analysis is using a debug build, this could be the cause of the failures. Or there may be other stuff triggering it. I'll wait for a build tomorrow morning to find out.
Attachment #713757 - Flags: review+
The static analysis does use a debug build. By my reckoning (see https://etherpad.mozilla.org/m5VbrA00YP for details) fixing StackIter will fix 33 of the remaining 97 hazards.
> By my reckoning (see https://etherpad.mozilla.org/m5VbrA00YP for details) > fixing StackIter will fix 33 of the remaining 97 hazards. Holy crap, I was exactly right. We're down to 64. What do I win?
https://hg.mozilla.org/mozilla-central/rev/9f1436e90783
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla21
Depends on: 842752
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: