Last Comment Bug 681071 - Lower the boom on cross-compartment pointers
: Lower the boom on cross-compartment pointers
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: Trunk
: All All
: -- normal (vote)
: mozilla9
Assigned To: [PTO to Dec5] Bill McCloskey (:billm)
: Jason Orendorff [:jorendorff]
Depends on:
Blocks: 670702
  Show dependency treegraph
Reported: 2011-08-22 14:45 PDT by [PTO to Dec5] Bill McCloskey (:billm)
Modified: 2011-08-25 18:34 PDT (History)
6 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

patch (5.60 KB, patch)
2011-08-22 14:45 PDT, [PTO to Dec5] Bill McCloskey (:billm)
dmandelin: review+
Details | Diff | Splinter Review

Description [PTO to Dec5] Bill McCloskey (:billm) 2011-08-22 14:45:44 PDT
Created attachment 554971 [details] [diff] [review]

There's evidence in bug 670702 that we still have problems with pointers that cross into other compartments without the right wrappers. Right now we check for this during Mark. This patch adds new assertions so that hopefully we can catch these problems right away. These checks will be expensive so I'll probably back them out after a week. They shouldn't affect our benchmarking of development builds because they'll only be enabled in actual nightly builds.

I also found a stupid bug in my instrumentation that caused some asserts and poisoning to be disabled in debug builds. This fixes that.
Comment 1 David Mandelin [:dmandelin] 2011-08-22 18:28:23 PDT
Comment on attachment 554971 [details] [diff] [review]

Review of attachment 554971 [details] [diff] [review]:

Just be sure to coordinate with TI landing if this might affect that.
Comment 2 [PTO to Dec5] Bill McCloskey (:billm) 2011-08-25 10:10:28 PDT
I checked with Brian; he says it shouldn't be a problem.
Comment 3 Ed Morley [:emorley] 2011-08-25 18:34:29 PDT

Note You need to log in before you can comment on or make changes to this bug.