Add a zeal mode to check nursery integrity

RESOLVED FIXED in Firefox 50

Status

()

Product:
Core
Component:
JavaScript: GC
Type:
defect
Status:
RESOLVED FIXED
Opened:
3 years ago
Updated:
3 years ago

People

(Reporter: jonco, Assigned: jonco)

Tracking

Version:
unspecified
Target:
mozilla50
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox50 fixed)

Details

Attachments

(1 attachment)

bug1287869-nursery-canaries
8.23 KB, patch
terrence
: review+
Details | Diff | Splinter Review 
We can put canaries between nursery allocations and check them on collection to ensure nothing writes past the end of an object.  This would have caught at least one bug I know of.
As discussed.

We don't use take the fast path to allocate in compiled code when any zeal mode is active, so there were no Ion changes necessary.
Attachment #8772943 - Flags: review?(terrence)
Comment on attachment 8772943 [details] [diff] [review]
bug1287869-nursery-canaries

Review of attachment 8772943 [details] [diff] [review]:
-----------------------------------------------------------------

Nice!
Attachment #8772943 - Flags: review?(terrence) → review+
Pushed by jcoppeard@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/bdbb5822afe1
Add zeal mode to check nursery integrity r=terrence
https://hg.mozilla.org/mozilla-central/rev/bdbb5822afe1
Status: NEW → RESOLVED
Closed: 3 years ago
status-firefox50: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla50
Depends on: 1291646
You need to log in before you can comment on or make changes to this bug.