Closed Bug 1652719 Opened 4 years ago Closed 4 years ago

Stop allowing JS helper thread access to CHECK_THREAD APIs

Categories

(Core :: JavaScript Engine, task, P3)

Product:
Core
Component:
JavaScript Engine
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
83 Branch
Tracking Flags:
Tracking Status
firefox83 --- fixed

People

(Reporter: tcampbell, Assigned: tcampbell)

Details

Attachments

(1 file)

Bug 1652719 - Stop allowing JS helper thread access to CHECK_THREAD APIs
47 bytes, text/x-phabricator-request
Details | Review

For JSAPI entry points, we often AssertHeapIsIdle() and CHECK_THREAD(). This is a bit of a footgun on helper-threads (eg off-thread parse) since the heap my intermittently be not idle, but CHECK_THREAD has a blanket allow for helper-threads.

To prevent intermittent issues from being introduced, we should disallow helper-threads for APIs that CHECK_THREAD. Currently the only violation is Atomize/AtomizeChars which I propose just removing the CHECK_THREAD from for now.

SpiderMonkey APIs often use CHECK_THREAD and AssertHeapIsIdle, but this can
be a footgun when they are called from helper-threads since often nothing
ensures the heap is idle. Instead, this patch updates the CHECK_THREAD assert
to disallow helper-thread access to prevent misuses. The checks in Atomize
and AtomizeChars are removed since those are (currently) allowed on helper
threads.

Severity: -- → N/A
Pushed by tcampbell@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/f4c6aeca6e2f
Stop allowing JS helper thread access to CHECK_THREAD APIs r=jandem

https://hg.mozilla.org/mozilla-central/rev/f4c6aeca6e2f

Status: NEW → RESOLVED
Closed: 4 years ago
status-firefox83: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 83 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: