Closed Bug 998377 Opened 11 years ago Closed 11 years ago

Stop explicitly nulling out nsInProcessTabChildGlobal::mGlobal during DelayedDisconnect()

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla31

People

(Reporter: bholley, Assigned: bholley)

References

Details

Attachments

(3 files)

Part 1 - Stop nulling out nsInProcessTabChildGlobal::mGlobal during DelayedDisconnect. v1
(deleted), patch
smaug
: review+
Details | Diff | Splinter Review
Part 2 - Stop calling ReleaseWrapper in DelayedDisconnect(). v1
(deleted), patch
smaug
: review+
Details | Diff | Splinter Review
Part 3 - Remove mDelayedDisconnect and friends. v1
(deleted), patch
smaug
: review+
Details | Diff | Splinter Review 
Currently, we explicitly cut the edge from nsInProcessTabChildGlobal (inheriting from nsFrameScriptExecutor) during DelayedDisconnect(). This is problematic for AutoEntryScript, because it means that a strong stack reference to an nsIGlobalObject doesn't keep the JS global alive. So GetGlobalJSObject() can return non-null in AutoEntryScript(), but null in ~AutoEntryScript(), causing us to crash.

I talked about it with smaug, and we think that we can probably just move this work to Unlink. I'm going to try that.
https://tbpl.mozilla.org/?tree=Try&rev=9834a0a30188
This is already cycle-collected, so no extra work needs to happen.
Attachment #8409107 - Flags: review?(bugs)
AFAICT, nobody ever calls PreserveWrapper. Presumably, the CC machinery should
take care of us here.
Attachment #8409108 - Flags: review?(bugs)

  

  



        Attachment #8409109 -
        Flags: review?(bugs)

    
    

    
  
So you're still ok GetGlobalJSObject() returning null in some cases, just no change to the
return value between AutoEntryScript ctor and dtor?

  

  



        Attachment #8409107 -
        Flags: review?(bugs) → review+

    
    

    
  
Comment on attachment 8409108 [details] [diff] [review]
Part 2 - Stop calling ReleaseWrapper in DelayedDisconnect(). v1

This patch as such wouldn't get r+, but with the next one this is ok.

  

  



        Attachment #8409108 -
        Flags: review?(bugs) → review+

        Attachment #8409109 -
        Flags: review?(bugs) → review+

    
    

    
  
(In reply to Olli Pettay [:smaug] from comment #5)
> So you're still ok GetGlobalJSObject() returning null in some cases, just no
> change to the
> return value between AutoEntryScript ctor and dtor?

I think so. My sense is that, if we've been unlinked, we're not likely to be holding onto a script or function living in it. We'll notice the crashes if we do.

remote:   https://hg.mozilla.org/integration/mozilla-inbound/rev/e5b5eed30c6e
remote:   https://hg.mozilla.org/integration/mozilla-inbound/rev/d8c4225f799f
remote:   https://hg.mozilla.org/integration/mozilla-inbound/rev/1af6111edd49

  

  



    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/e5b5eed30c6e
https://hg.mozilla.org/mozilla-central/rev/d8c4225f799f
https://hg.mozilla.org/mozilla-central/rev/1af6111edd49

  

  


Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla31
Component: DOM → DOM: Core & HTML

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: