Attachment 8956500 Details for Bug 1442804

[patch] heap write analysis: whitelist GetAutoArrayBuffer, which returns a pointer into |this|

base-8f7fe545a8e2 (text/plain), 2.25 KB, created by Steve Fink [:sfink] [:s:]

(hide)

Description:

Filename:

MIME Type:

Creator: Steve Fink [:sfink] [:s:]

Size: 2.25 KB

patch

obsolete

># HG changeset patch
># User Steve Fink <sfink@mozilla.com>
># Date 1520354756 28800
>#      Tue Mar 06 08:45:56 2018 -0800
># Node ID a9edac2f8f4e9c8bb60216c239ddd4a65ac9eb1a
># Parent  546f8adae17e05a2cf6677269c2232f17a070e41
>heap write analysis: whitelist GetAutoArrayBuffer, which returns a pointer into |this|
>
>diff --git a/js/src/devtools/rootAnalysis/analyzeHeapWrites.js b/js/src/devtools/rootAnalysis/analyzeHeapWrites.js
>--- a/js/src/devtools/rootAnalysis/analyzeHeapWrites.js
>+++ b/js/src/devtools/rootAnalysis/analyzeHeapWrites.js
>@@ -1194,16 +1194,26 @@ function expressionValueEdge(exp) {
>         return null;
>     const assign = singleAssignment(variableName(exp.Variable));
>     if (!assign)
>         return null;
>     const [body, edge] = assign;
>     return edge;
> }
> 
>+// Examples:
>+//
>+//   void foo(type* aSafe) {
>+//     type* safeBecauseNew = new type(...);
>+//     type* unsafeBecauseMultipleAssignments = new type(...);
>+//     if (rand())
>+//       unsafeBecauseMultipleAssignments = bar();
>+//     type* safeBecauseSingleAssignmentOfSafe = aSafe;
>+//   }
>+//
> function isSafeVariable(entry, variable)
> {
>     var index = safeArgumentIndex(variable);
>     if (index >= 0)
>         return entry.isSafeArgument(index);
> 
>     if (variable.Kind != "Temp" && variable.Kind != "Local")
>         return false;
>@@ -1240,17 +1250,18 @@ function isSafeLocalVariable(entry, name
>             return true;
>         }
> 
>         if ("PEdgeCallInstance" in edge) {
>             // References to the contents of an array are threadsafe if the array
>             // itself is threadsafe.
>             if ((isDirectCall(edge, /operator\[\]/) ||
>                  isDirectCall(edge, /nsTArray.*?::InsertElementAt\b/) ||
>-                 isDirectCall(edge, /nsStyleContent::ContentAt/)) &&
>+                 isDirectCall(edge, /nsStyleContent::ContentAt/) ||
>+                 isDirectCall(edge, /nsTArray_base.*?::GetAutoArrayBuffer\b/)) &&
>                 isEdgeSafeArgument(entry, edge.PEdgeCallInstance.Exp))
>             {
>                 return true;
>             }
> 
>             // Watch for the coerced result of a getter_AddRefs or getter_Copies call.
>             if (isDirectCall(edge, /operator /)) {
>                 var otherEdge = expressionValueEdge(edge.PEdgeCallInstance.Exp);

Flags:

bholley: review+

Actions: View | Diff | Review

Attachments on bug 1442804: 8955702 | 8955721 | 8956498 | 8956499 | 8956500 | 8956502

Bugzilla

Quick Search

Attachment 8956500 Details for Bug 1442804