Re: [dev-servo] DOM rooting is live

Wed, 07 May 2014 11:17:37 -0700

In the worst case, you have a GC hazard that is conceivably exploitable if the stars are in alignment. 

Cheers,
Josh

On 05/06/2014 08:08 PM, Keegan McAllister wrote:

From js.rs:


     /// A rooted, JS-owned value. Must only be used as a field in other 
JS-owned types.
     pub struct JS<T> {

What happens if I break this rule and allocate a JS<T> on the stack, or return 
one from a function?  Is that a memory safety violation?

keegan

----- Original Message -----
From: "Josh Matthews" <j...@joshmatthews.net>
To: mozilla-dev-se...@lists.mozilla.org
Sent: Saturday, May 3, 2014 12:30:55 PM
Subject: [dev-servo] DOM rooting is live

https://github.com/mozilla/servo/pull/2101 has finally merged, so here's
what you need to know if you're writing DOM code now:

* members of DOM types that are themselves DOM types must use JS<T> (eg.
parent_node: Option<JS<Node>>)
* all WebIDL methods for type Foo must be declared in a public
FooMethods trait (except static Constructor methods, which still belong
to Foo proper)
* all FooMethods traits must be implemented on JSRef<'a, Foo>
* all non-WebIDL methods must be declared in a FooHelpers trait and
implemented on JSRef<'a, Foo>
* all functions that return a DOM type Foo must return Temporary<Foo>
* all functions taking a DOM type Foo argument must now take &JSRef<Foo>

In exchange for this slightly more complicated system of rules, we get
freedom from garbage collection hazards and safety from accidentally
breaking them. In particular, the following holds true:
* for any method called on a DOM type, the self pointer and any DOM
object reachable via self will be rooted for the duration of the method call
* for any method call that accepts DOM type arguments, they will be
rooted for the duration of the call
* for any DOM object returned from a function, it will remain rooted
until its Temporary value goes out of scope

The only remaining thing to know is that in order to obtain a JSRef<T>
value out of a JS<T> or Temporary<T> value is to call the root() method,
and then dereference it. As such, you will see lots of code like

  > let window = self.window.root();
  > do_something_with_window(&*window);

or

  > let something = Something::new().root();
  > something.do_something();

Learn to love it. When you find a type error where something is asking
for a JSRef and you're not providing it, that's a potential GC hazard
that the compiler is rejecting.

Cheers,
Josh
_______________________________________________
dev-servo mailing list
dev-servo@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-servo



_______________________________________________
dev-servo mailing list
dev-servo@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-servo

Reply via email to