Javascript:Hazard Builds: Difference between revisions

Javascript:Hazard Builds (view source)

653 bytes added , 15 November 2013

Confirmed users

328

edits

@@ Line 9: / Line 9: @@
 == Static Rooting Analysis ==
-Tbpl can run two static analysis builds, one for the full browser (linux64-br-haz) and one for just the JS shell (linux64-sh-haz).
+Tbpl can run two static analysis builds, one for the full browser (linux64-br-haz) and one for just the JS shell (linux64-sh-haz). The former shows up on tbpl as SM(Hf), the latter as SM(Hs) (f=firefox, s=shell. We intend to have an Hb in the future for B2G builds.)
 These builds are performed as follows:
@@ Line 69: / Line 69: @@
 * during the resulting garbage collection, the object pointed to by ed.obj is moved to a different location. All pointers stored in the JS heap are updated automatically, as are all rooted pointers. ed.obj is not, because the GC doesn't know about it.
 * after decompilePC returns, something accesses ed.obj. This is now a stale pointer, and may refer to just about anything -- the wrong object, an invalid object, or whatever. Badness 10000, as TeX would say.
+=== So you broke the analysis by adding a hazard. Now what? ===
+Backout, fix the hazard, or (final resort) update the expected number of hazards in js/src/devtools/rootAnalysis/expect.browser.json.
+The most common way to fix a hazard is to change the variable to be a Rooted type, as described in http://dxr.mozilla.org/mozilla-central/source/js/public/RootingAPI.h#l21
+For more complicated cases, ask on #jsapi. If you don't get a response, ping sfink, terrence, or jonco, and for the really hairy stuff, billm.