Closed
Bug 946898
Opened 11 years ago
Closed 11 years ago
Don't allow [Cached] values to randomly introduce COWs into the page
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
FIXED
mozilla29
People
(Reporter: bzbarsky, Assigned: bzbarsky)
References
Details
Attachments
(1 file)
|
(deleted),
patch
|
peterv
:
review+
|
Details | Diff | Splinter Review |
Currently when have a cache miss on a [Cached] value, we call the C++ getter, then JS-wrap into rval in the caller compartment, then make a copy of rval, JS_WrapValue into the reflector compartment, and store in the slot.
So if you have a [Cached] sequence-valued attribute that is first accessed via Xray, we will create rval in the xray compartment, then store a COW in the slot. Then when content gets the attribute later it gets a COW and needs to try to milk it.
Patch coming up that makes sure to always js-wrap in the reflector compartment in the [Cached] case, store that in the slot, then JS_WrapValue the rval into the caller compartment. This is a stopgap measure; I will be filing another bug on a more foolproof, but more complicated, setup.
|
Assignee | |
Comment 1•11 years ago
|
||
Attachment #8343264 -
Flags: review?(peterv)
|
||
Comment 3•11 years ago
|
||
Comment on attachment 8343264 [details] [diff] [review]
Make sure to not accidentally store COWs in the slot for [Cached] properties.
Review of attachment 8343264 [details] [diff] [review]:
-----------------------------------------------------------------
The do-while makes me a bit sad, but I don't see a clean way around it.
Attachment #8343264 -
Flags: review?(peterv) → review+
|
|
Assignee | |
Comment 4•11 years ago
|
||
Flags: in-testsuite?
Whiteboard: [need review]
Target Milestone: --- → mozilla29
|
||
Comment 5•11 years ago
|
||
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
|
||
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•