Closed Bug 476950 Opened 16 years ago Closed 12 years ago

Separate principals from scope chain, amortize via GC pages (with override)

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED WORKSFORME
Milestone:
mozilla1.9.2a1

People

(Reporter: brendan, Assigned: gwagner)

Details

Inducing principals from static scope is sound, but implementing the find-object-principals by walking the scope chain is inefficient, hazardous if you forget to "clone" a function object, and hostile to null- and flat-closure optimizations. Moreover, for information flow experiments in the VM we intend to run, we need better labeling. One idea is to boil all principals down into the GC's page structure. Then we would allocate GC-things with the same trust label from the same page. Sometimes a label changes. This would require a transparent proxy that acts like the thing it wraps but overrides that thing's page's label. /be
I tried to get mrbkap to do this last summer, but he resisted my charms. I remain in favour!
I am looking for a new owner. It may be that someone at UCI (Eric? Gregor, can you check) is working on this. Blake or Gregor could own. /be
Yeah, Gregor seems like a good owner.
Assignee: brendan → anygregor
Compartment-per-global.
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.