Bugzilla
Quick Search
Browse
Advanced Search
Reports
Quick Search Help
Documentation
New Account
Log In
Login with GitHub
Remember
Forgot Password
Mozilla Home
Privacy
Cookies
Legal
Attachment 8956500 Details for
Bug 1442804
[patch]
heap write analysis: whitelist GetAutoArrayBuffer, which returns a pointer into |this|
base-8f7fe545a8e2 (text/plain), 2.25 KB, created by
Steve Fink [:sfink] [:s:]
(
hide
)
Description:
heap write analysis: whitelist GetAutoArrayBuffer, which returns a pointer into |this|
Filename:
MIME Type:
Creator:
Steve Fink [:sfink] [:s:]
Size:
2.25 KB
patch
obsolete
># HG changeset patch ># User Steve Fink <sfink@mozilla.com> ># Date 1520354756 28800 ># Tue Mar 06 08:45:56 2018 -0800 ># Node ID a9edac2f8f4e9c8bb60216c239ddd4a65ac9eb1a ># Parent 546f8adae17e05a2cf6677269c2232f17a070e41 >heap write analysis: whitelist GetAutoArrayBuffer, which returns a pointer into |this| > >diff --git a/js/src/devtools/rootAnalysis/analyzeHeapWrites.js b/js/src/devtools/rootAnalysis/analyzeHeapWrites.js >--- a/js/src/devtools/rootAnalysis/analyzeHeapWrites.js >+++ b/js/src/devtools/rootAnalysis/analyzeHeapWrites.js >@@ -1194,16 +1194,26 @@ function expressionValueEdge(exp) { > return null; > const assign = singleAssignment(variableName(exp.Variable)); > if (!assign) > return null; > const [body, edge] = assign; > return edge; > } > >+// Examples: >+// >+// void foo(type* aSafe) { >+// type* safeBecauseNew = new type(...); >+// type* unsafeBecauseMultipleAssignments = new type(...); >+// if (rand()) >+// unsafeBecauseMultipleAssignments = bar(); >+// type* safeBecauseSingleAssignmentOfSafe = aSafe; >+// } >+// > function isSafeVariable(entry, variable) > { > var index = safeArgumentIndex(variable); > if (index >= 0) > return entry.isSafeArgument(index); > > if (variable.Kind != "Temp" && variable.Kind != "Local") > return false; >@@ -1240,17 +1250,18 @@ function isSafeLocalVariable(entry, name > return true; > } > > if ("PEdgeCallInstance" in edge) { > // References to the contents of an array are threadsafe if the array > // itself is threadsafe. > if ((isDirectCall(edge, /operator\[\]/) || > isDirectCall(edge, /nsTArray.*?::InsertElementAt\b/) || >- isDirectCall(edge, /nsStyleContent::ContentAt/)) && >+ isDirectCall(edge, /nsStyleContent::ContentAt/) || >+ isDirectCall(edge, /nsTArray_base.*?::GetAutoArrayBuffer\b/)) && > isEdgeSafeArgument(entry, edge.PEdgeCallInstance.Exp)) > { > return true; > } > > // Watch for the coerced result of a getter_AddRefs or getter_Copies call. > if (isDirectCall(edge, /operator /)) { > var otherEdge = expressionValueEdge(edge.PEdgeCallInstance.Exp);
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
Flags:
bholley
: review+
Actions:
View
|
Diff
|
Review
Attachments on
bug 1442804
:
8955702
|
8955721
|
8956498
|
8956499
| 8956500 |
8956502