Closed Bug 681071 Opened 13 years ago Closed 13 years ago

Lower the boom on cross-compartment pointers

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla9

People

(Reporter: billm, Assigned: billm)

References

Details

Attachments

(1 file)

patch
5.60 KB, patch
dmandelin
: review+
Details | Diff | Splinter Review
Attached patch patchSplinter Review 
There's evidence in bug 670702 that we still have problems with pointers that cross into other compartments without the right wrappers. Right now we check for this during Mark. This patch adds new assertions so that hopefully we can catch these problems right away. These checks will be expensive so I'll probably back them out after a week. They shouldn't affect our benchmarking of development builds because they'll only be enabled in actual nightly builds.

I also found a stupid bug in my instrumentation that caused some asserts and poisoning to be disabled in debug builds. This fixes that.
Attachment #554971 - Flags: review?(dmandelin)
Comment on attachment 554971 [details] [diff] [review]
patch

Review of attachment 554971 [details] [diff] [review]:
-----------------------------------------------------------------

Just be sure to coordinate with TI landing if this might affect that.
Attachment #554971 - Flags: review?(dmandelin) → review+
I checked with Brian; he says it shouldn't be a problem.
Whiteboard: [inbound]
http://hg.mozilla.org/mozilla-central/rev/d4003f345b24
Status: NEW → RESOLVED
Closed: 13 years ago
OS: Linux → All
Hardware: x86 → All
Resolution: --- → FIXED
Whiteboard: [inbound]
Target Milestone: --- → mozilla9
Version: unspecified → Trunk
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: