Closed
Bug 909526
Opened 11 years ago
Closed 11 years ago
Suppress GetGlobalJSObject, which is virtual, but cannot GC
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla28
People
(Reporter: terrence, Assigned: terrence)
References
Details
(Whiteboard: [qa-])
Attachments
(1 file)
(deleted),
patch
|
sfink
:
review+
|
Details | Diff | Splinter Review |
I could not find a great way to re-organize CheckForOutdatedParent that would fix this false positive and not unconditionally add a new root, or worse, UnmarkGray twice. Since this function looks like it may be hot, I think we should annotate the analysis instead.
Attachment #795672 -
Flags: review?(sphink)
Comment 1•11 years ago
|
||
Comment on attachment 795672 [details] [diff] [review]
suppress_GetGlobalJSObject-v0.diff
Review of attachment 795672 [details] [diff] [review]:
-----------------------------------------------------------------
I've been sitting on this one because I thought it was the one where I was supposed to do fancy analysis tricks to make it see the virtual. But this is a field call, not a true virtual call, so it seems like the annotation is the only option here.
Attachment #795672 -
Flags: review?(sphink) → review+
Assignee | ||
Comment 2•11 years ago
|
||
I revisited this today. My initial analysis still holds. The reason this is a field call is that it is a COM implementation. This means that in theory a C++ browser extension could replace the implementation of GetGlobalJSObject with one that could GC. Given that this would be insane, however, I don't think it's really an issue in practice.
https://hg.mozilla.org/integration/mozilla-inbound/rev/7da0450f5157
Comment 3•11 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla28
Updated•11 years ago
|
Whiteboard: [qa-]
You need to log in
before you can comment on or make changes to this bug.
Description
•