On 11/28/2017 06:33 AM, Boris Zbarsky wrote:
On 11/27/17 7:45 PM, Eric Rescorla wrote:
As for the lifetime question, can you elaborate on the scenario you are
concerned about.
Olli may have a different concern, but I'm thinking something like this:
for (auto foo : myFoos) {
foo->bar();
}
That was pretty much what I had in mind.
Though, using auto without range-for, so just
auto foo = getFoo();
foo->bar(); // is this safe?
where bar() can run arbitrary script. Is "foo" held alive across that call?
Who knows; you have to go read the definition of the iterators on the
type of myFoos to find out.
One possible answer is that the right solution for this type of issue is the
MOZ_CAN_RUN_SCRIPT static analysis annotation on bar(), which will make
this code not compile if the type of "foo" is a raw pointer.... But this
annotation is only added to a few functions in our codebase so far, and we'll
see how well we manage at adding it to more. We have a _lot_ of stuff in our
codebase that can run random script. :(
-Boris
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
