Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign upSanitize Heap::handle(_mut) functions #20399
Merged
Conversation
highfive
commented
Mar 23, 2018
|
Heads up! This PR modifies the following files:
|
highfive
commented
Mar 23, 2018
|
|
|
r? @jdm |
| // Returning Handles directly from Heap values is inherently unsafe, but here it's | ||
| // always done via rooted JsTimers, which is safe. | ||
| #[allow(unsafe_code)] | ||
| fn collect_heap_args(&self, args: &[Heap<JSVal>]) -> Vec<HandleValue> { |
This comment has been minimized.
This comment has been minimized.
Xanewok
Mar 23, 2018
Author
Contributor
Separated into another function, since I couldn't use the inline unsafe { ... } block due to #[deny(unsafe_code)] in script (and &self to tie it symbolically to JsTimerTask, which can only receive the Heap-wrapped arguments, which are rooted)
|
@bors-servo r+ |
|
|
bors-servo
added a commit
that referenced
this pull request
Mar 23, 2018
Sanitize Heap::handle(_mut) functions <!-- Please describe your changes on the following line: --> Complementary to servo/rust-mozjs#404. Removing `Heap::handle_mut` didn't warrant any changes on Servo side, and so the changes here are only to fix compilation with `Heap::handle` being now marked as `unsafe`. The main idea is that we can't hand out handles to heap values themselves, since they're not guaranteed to be rooted, but it's safe to do when we are - hence why the safe impl on `RootedTraceableBox<Heap<T>>` and why it's safe to use inside structs that hold a Heap and are `#[must_root]`. --- <!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `__` with appropriate data: --> - [X] `./mach build -d` does not report any errors - [X] `./mach test-tidy` does not report any errors - [ ] These changes fix #__ (github issue number if applicable). <!-- Either: --> - [ ] There are tests for these changes OR - [X] These changes do not require tests because the compiler forces correctness here. <!-- Also, please make sure that "Allow edits from maintainers" checkbox is checked, so that we can help you if you get stuck somewhere along the way.--> <!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. --> <!-- Reviewable:start --> --- This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/20399) <!-- Reviewable:end -->
|
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Xanewok commentedMar 23, 2018
•
edited by SimonSapin
Complementary to servo/rust-mozjs#404.
Removing
Heap::handle_mutdidn't warrant any changes on Servo side, and so the changes here are only to fix compilation withHeap::handlebeing now marked asunsafe.The main idea is that we can't hand out handles to heap values themselves, since they're not guaranteed to be rooted, but it's safe to do when we are - hence why the safe impl on
RootedTraceableBox<Heap<T>>and why it's safe to use inside structs that hold a Heap and are#[must_root]../mach build -ddoes not report any errors./mach test-tidydoes not report any errorsThis change is