Closed Bug 1304653 Opened 3 years ago Closed 3 years ago

Improve heap checking GC zeal mode

Categories

(Core :: JavaScript: GC, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla52
Tracking Status
firefox52 --- fixed

People

(Reporter: jonco, Assigned: jonco)

References

Details

Attachments

(1 file)

In bug 1304037 our heap checking zeal mode found a UAF bug.  It could be improved by:
 - running it after every GC, not just moving GCs (this bug was not caused by a moving GC)
 - making it check for broken pointers, not just unmoved GC things
Attachment #8793804 - Flags: review?(sphink)
Comment on attachment 8793804 [details] [diff] [review]
bug1304653-improve-heap-check

Review of attachment 8793804 [details] [diff] [review]:
-----------------------------------------------------------------

Works for me if it gives you what you want. I don't know when/how you run this -- I'd assume it's painfully slow with a period of 1, but now if you do eg the default period of 100 you might easily miss all compacting GCs and only check non-compacting ones (I'm assuming cgcs are in the minority.) If that's ok with you, then r=me.
Attachment #8793804 - Flags: review?(sphink) → review+
(In reply to Steve Fink [:sfink] [:s:] (PTO Sep23-28) from comment #2)
This one doesn't trigger any extra GCs, it just runs the check afterwards if it's enabled.  It ends up getting used by the fuzzers and has already caught a couple of errors, but with this change the it should print useful information rather than crashing if it hits a bad pointer (e.g. because of a UAF), which helps because these fuzz bugs are often very intermittent.
https://hg.mozilla.org/mozilla-central/rev/4720c5b3663c
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla52
You need to log in before you can comment on or make changes to this bug.