90 lines
3.1 KiB
Diff
90 lines
3.1 KiB
Diff
|
From 97ba04bf95606b409b1b3035504a41c274ecffe2 Mon Sep 17 00:00:00 2001
|
||
|
From: Shu-yu Guo <shu@rfrn.org>
|
||
|
Date: Mon, 26 Jan 2015 18:26:25 -0800
|
||
|
Subject: [PATCH] Bug 1119579 - Don't GC while iterating compartments in
|
||
|
findAllGlobals. r=sfink, a=abillings
|
||
|
|
||
|
---
|
||
|
js/src/vm/Debugger.cpp | 56 ++++++++++++++++++++++++++++++--------------------
|
||
|
1 file changed, 34 insertions(+), 22 deletions(-)
|
||
|
|
||
|
diff --git a/js/src/vm/Debugger.cpp b/js/src/vm/Debugger.cpp
|
||
|
index 27e993d..a8decef 100644
|
||
|
--- a/js/src/vm/Debugger.cpp
|
||
|
+++ b/js/src/vm/Debugger.cpp
|
||
|
@@ -2825,37 +2825,49 @@ Debugger::findAllGlobals(JSContext *cx, unsigned argc, Value *vp)
|
||
|
{
|
||
|
THIS_DEBUGGER(cx, argc, vp, "findAllGlobals", args, dbg);
|
||
|
|
||
|
- RootedObject result(cx, NewDenseEmptyArray(cx));
|
||
|
- if (!result)
|
||
|
- return false;
|
||
|
+ AutoObjectVector globals(cx);
|
||
|
|
||
|
- for (CompartmentsIter c(cx->runtime(), SkipAtoms); !c.done(); c.next()) {
|
||
|
- if (c->options().invisibleToDebugger())
|
||
|
- continue;
|
||
|
+ {
|
||
|
+ // Accumulate the list of globals before wrapping them, because
|
||
|
+ // wrapping can GC and collect compartments from under us, while
|
||
|
+ // iterating.
|
||
|
|
||
|
- c->zone()->scheduledForDestruction = false;
|
||
|
+ for (CompartmentsIter c(cx->runtime(), SkipAtoms); !c.done(); c.next()) {
|
||
|
+ if (c->options().invisibleToDebugger())
|
||
|
+ continue;
|
||
|
|
||
|
- GlobalObject *global = c->maybeGlobal();
|
||
|
+ c->zone()->scheduledForDestruction = false;
|
||
|
|
||
|
- if (cx->runtime()->isSelfHostingGlobal(global))
|
||
|
- continue;
|
||
|
+ GlobalObject *global = c->maybeGlobal();
|
||
|
|
||
|
- if (global) {
|
||
|
- /*
|
||
|
- * We pulled |global| out of nowhere, so it's possible that it was
|
||
|
- * marked gray by XPConnect. Since we're now exposing it to JS code,
|
||
|
- * we need to mark it black.
|
||
|
- */
|
||
|
- JS::ExposeGCThingToActiveJS(global, JSTRACE_OBJECT);
|
||
|
+ if (cx->runtime()->isSelfHostingGlobal(global))
|
||
|
+ continue;
|
||
|
|
||
|
- RootedValue globalValue(cx, ObjectValue(*global));
|
||
|
- if (!dbg->wrapDebuggeeValue(cx, &globalValue))
|
||
|
- return false;
|
||
|
- if (!NewbornArrayPush(cx, result, globalValue))
|
||
|
- return false;
|
||
|
+ if (global) {
|
||
|
+ /*
|
||
|
+ * We pulled |global| out of nowhere, so it's possible that it was
|
||
|
+ * marked gray by XPConnect. Since we're now exposing it to JS code,
|
||
|
+ * we need to mark it black.
|
||
|
+ */
|
||
|
+ JS::ExposeGCThingToActiveJS(global, JSTRACE_OBJECT);
|
||
|
+ if (!globals.append(global))
|
||
|
+ return false;
|
||
|
+ }
|
||
|
}
|
||
|
}
|
||
|
|
||
|
+ RootedObject result(cx, NewDenseEmptyArray(cx));
|
||
|
+ if (!result)
|
||
|
+ return false;
|
||
|
+
|
||
|
+ for (size_t i = 0; i < globals.length(); i++) {
|
||
|
+ RootedValue globalValue(cx, ObjectValue(*globals[i]));
|
||
|
+ if (!dbg->wrapDebuggeeValue(cx, &globalValue))
|
||
|
+ return false;
|
||
|
+ if (!NewbornArrayPush(cx, result, globalValue))
|
||
|
+ return false;
|
||
|
+ }
|
||
|
+
|
||
|
args.rval().setObject(*result);
|
||
|
return true;
|
||
|
}
|
||
|
--
|
||
|
2.2.1
|
||
|
|