Closed
Bug 998377
Opened 11 years ago
Closed 11 years ago
Stop explicitly nulling out nsInProcessTabChildGlobal::mGlobal during DelayedDisconnect()
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
FIXED
mozilla31
People
(Reporter: bholley, Assigned: bholley)
References
Details
Attachments
(3 files)
(deleted),
patch
|
smaug
:
review+
|
Details | Diff | Splinter Review |
(deleted),
patch
|
smaug
:
review+
|
Details | Diff | Splinter Review |
(deleted),
patch
|
smaug
:
review+
|
Details | Diff | Splinter Review |
Currently, we explicitly cut the edge from nsInProcessTabChildGlobal (inheriting from nsFrameScriptExecutor) during DelayedDisconnect(). This is problematic for AutoEntryScript, because it means that a strong stack reference to an nsIGlobalObject doesn't keep the JS global alive. So GetGlobalJSObject() can return non-null in AutoEntryScript(), but null in ~AutoEntryScript(), causing us to crash. I talked about it with smaug, and we think that we can probably just move this work to Unlink. I'm going to try that.
Assignee | ||
Comment 2•11 years ago
|
||
This is already cycle-collected, so no extra work needs to happen.
Attachment #8409107 -
Flags: review?(bugs)
Assignee | ||
Comment 3•11 years ago
|
||
AFAICT, nobody ever calls PreserveWrapper. Presumably, the CC machinery should take care of us here.
Attachment #8409108 -
Flags: review?(bugs)
Comment 5•11 years ago
|
||
So you're still ok GetGlobalJSObject() returning null in some cases, just no change to the return value between AutoEntryScript ctor and dtor?
Updated•11 years ago
|
Attachment #8409107 -
Flags: review?(bugs) → review+
Comment 6•11 years ago
|
||
Comment on attachment 8409108 [details] [diff] [review] Part 2 - Stop calling ReleaseWrapper in DelayedDisconnect(). v1 This patch as such wouldn't get r+, but with the next one this is ok.
Attachment #8409108 -
Flags: review?(bugs) → review+
Updated•11 years ago
|
Attachment #8409109 -
Flags: review?(bugs) → review+
Assignee | ||
Comment 7•11 years ago
|
||
(In reply to Olli Pettay [:smaug] from comment #5) > So you're still ok GetGlobalJSObject() returning null in some cases, just no > change to the > return value between AutoEntryScript ctor and dtor? I think so. My sense is that, if we've been unlinked, we're not likely to be holding onto a script or function living in it. We'll notice the crashes if we do. remote: https://hg.mozilla.org/integration/mozilla-inbound/rev/e5b5eed30c6e remote: https://hg.mozilla.org/integration/mozilla-inbound/rev/d8c4225f799f remote: https://hg.mozilla.org/integration/mozilla-inbound/rev/1af6111edd49
Comment 8•11 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/e5b5eed30c6e https://hg.mozilla.org/mozilla-central/rev/d8c4225f799f https://hg.mozilla.org/mozilla-central/rev/1af6111edd49
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla31
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•