Closed
Bug 841054
Opened 12 years ago
Closed 12 years ago
GC: Exactly root ScriptFrameIter
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla21
People
(Reporter: terrence, Assigned: terrence)
References
Details
Attachments
(1 file)
(deleted),
patch
|
terrence
:
review+
|
Details | Diff | Splinter Review |
From our exact rooting notes:
* Debugger.cpp uses ScriptFrameIter all over the place
- inherits from StackIter, contains ion::InlineFrameIter, contains a pair of SnapshotIters which have an IonScript*
- many uses of these are in hot code that can't GC during the iter's lifetime, and I'm not sure they all have convenient access to a cx
- StackIter also contains a CallArgs, which contains a Value array (may not be live across GC?)
Assignee | ||
Comment 1•12 years ago
|
||
Nicolas r+ed this on IRC.
If the static analysis is using a debug build, this could be the cause of the failures. Or there may be other stuff triggering it. I'll wait for a build tomorrow morning to find out.
Attachment #713757 -
Flags: review+
Comment 2•12 years ago
|
||
The static analysis does use a debug build.
By my reckoning (see https://etherpad.mozilla.org/m5VbrA00YP for details) fixing StackIter will fix 33 of the remaining 97 hazards.
Assignee | ||
Comment 3•12 years ago
|
||
Comment 4•12 years ago
|
||
> By my reckoning (see https://etherpad.mozilla.org/m5VbrA00YP for details)
> fixing StackIter will fix 33 of the remaining 97 hazards.
Holy crap, I was exactly right. We're down to 64. What do I win?
Comment 5•12 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla21
You need to log in
before you can comment on or make changes to this bug.
Description
•