Bug 1114987 - Add MOZ_UNSAFE_REF and mark GlobalObject::mGlobalObject as such; r=smaug
authorEhsan Akhgari <ehsan@mozilla.com>
Mon, 05 Jan 2015 15:46:37 -0500
changeset 222176 67b3ac5b553ad88f7d1c4ba968da2042cd28ff83
parent 222175 d07e602fd38520da2cdbce963ff4d5b7ccce63e6
child 222177 ed186e5af4a148cf7a336d1f55e51a036d5c23a4
push id28059
push userryanvm@gmail.com
push dateTue, 06 Jan 2015 15:53:01 +0000
treeherdermozilla-central@4d91c33b351c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssmaug
bugs1114987
milestone37.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1114987 - Add MOZ_UNSAFE_REF and mark GlobalObject::mGlobalObject as such; r=smaug
dom/bindings/BindingDeclarations.h
mfbt/Attributes.h
--- a/dom/bindings/BindingDeclarations.h
+++ b/dom/bindings/BindingDeclarations.h
@@ -87,17 +87,20 @@ public:
   bool Failed() const
   {
     return !Get();
   }
 
 protected:
   JS::Rooted<JSObject*> mGlobalJSObject;
   JSContext* mCx;
-  mutable nsISupports* mGlobalObject;
+  mutable nsISupports* MOZ_UNSAFE_REF("Valid because GlobalObject is a stack "
+                                      "class, and mGlobalObject points to the "
+                                      "global, so it won't be destroyed as long "
+                                      "as GlobalObject lives on the stack") mGlobalObject;
 };
 
 // Class for representing optional arguments.
 template<typename T, typename InternalType>
 class Optional_base
 {
 public:
   Optional_base()
--- a/mfbt/Attributes.h
+++ b/mfbt/Attributes.h
@@ -515,16 +515,20 @@
  * MOZ_OWNING_REF: Applies to declarations of pointer types.  This attribute
  *   tells the compiler that the raw pointer is a strong reference, and that
  *   property is somehow enforced by the code.  This can make the compiler
  *   ignore these pointers when validating the usage of pointers otherwise.
  * MOZ_NON_OWNING_REF: Applies to declarations of pointer types.  This attribute
  *   tells the compiler that the raw pointer is a weak reference, and that
  *   property is somehow enforced by the code.  This can make the compiler
  *   ignore these pointers when validating the usage of pointers otherwise.
+ * MOZ_UNSAFE_REF: Applies to declarations of pointer types.  This attribute
+ *   should be used for non-owning references that can be unsafe, and their
+ *   safety needs to be validated through code inspection.  The string argument
+ *   passed to this macro documents the safety conditions.
  */
 #ifdef MOZ_CLANG_PLUGIN
 #  define MOZ_MUST_OVERRIDE __attribute__((annotate("moz_must_override")))
 #  define MOZ_STACK_CLASS __attribute__((annotate("moz_stack_class")))
 #  define MOZ_NONHEAP_CLASS __attribute__((annotate("moz_nonheap_class")))
 #  define MOZ_TRIVIAL_CTOR_DTOR __attribute__((annotate("moz_trivial_ctor_dtor")))
 #  ifdef DEBUG
      /* in debug builds, these classes do have non-trivial constructors. */
@@ -532,16 +536,17 @@
 #  else
 #    define MOZ_ONLY_USED_TO_AVOID_STATIC_CONSTRUCTORS __attribute__((annotate("moz_global_class"))) \
             MOZ_TRIVIAL_CTOR_DTOR
 #  endif
 #  define MOZ_IMPLICIT __attribute__((annotate("moz_implicit")))
 #  define MOZ_NO_ARITHMETIC_EXPR_IN_ARGUMENT __attribute__((annotate("moz_no_arith_expr_in_arg")))
 #  define MOZ_OWNING_REF __attribute__((annotate("moz_strong_ref")))
 #  define MOZ_NON_OWNING_REF __attribute__((annotate("moz_weak_ref")))
+#  define MOZ_UNSAFE_REF(reason) __attribute__((annotate("moz_strong_ref")))
 /*
  * It turns out that clang doesn't like void func() __attribute__ {} without a
  * warning, so use pragmas to disable the warning. This code won't work on GCC
  * anyways, so the warning is safe to ignore.
  */
 #  define MOZ_HEAP_ALLOCATOR \
     _Pragma("clang diagnostic push") \
     _Pragma("clang diagnostic ignored \"-Wgcc-compat\"") \
@@ -553,16 +558,17 @@
 #  define MOZ_NONHEAP_CLASS /* nothing */
 #  define MOZ_TRIVIAL_CTOR_DTOR /* nothing */
 #  define MOZ_ONLY_USED_TO_AVOID_STATIC_CONSTRUCTORS /* nothing */
 #  define MOZ_IMPLICIT /* nothing */
 #  define MOZ_NO_ARITHMETIC_EXPR_IN_ARGUMENT /* nothing */
 #  define MOZ_HEAP_ALLOCATOR /* nothing */
 #  define MOZ_OWNING_REF /* nothing */
 #  define MOZ_NON_OWNING_REF /* nothing */
+#  define MOZ_UNSAFE_REF(reason) /* nothing */
 #endif /* MOZ_CLANG_PLUGIN */
 
 /*
  * MOZ_THIS_IN_INITIALIZER_LIST is used to avoid a warning when we know that
  * it's safe to use 'this' in an initializer list.
  */
 #ifdef _MSC_VER
 #  define MOZ_THIS_IN_INITIALIZER_LIST() \