Last Comment Bug 681071 - Lower the boom on cross-compartment pointers
: Lower the boom on cross-compartment pointers
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: Trunk
: All All
-- normal (vote)
: mozilla9
Assigned To: Bill McCloskey (:billm)
: Jason Orendorff [:jorendorff]
Depends on:
Blocks: 670702
  Show dependency treegraph
Reported: 2011-08-22 14:45 PDT by Bill McCloskey (:billm)
Modified: 2011-08-25 18:34 PDT (History)
6 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

patch (5.60 KB, patch)
2011-08-22 14:45 PDT, Bill McCloskey (:billm)
dmandelin: review+
Details | Diff | Splinter Review

Description User image Bill McCloskey (:billm) 2011-08-22 14:45:44 PDT
Created attachment 554971 [details] [diff] [review]

There's evidence in bug 670702 that we still have problems with pointers that cross into other compartments without the right wrappers. Right now we check for this during Mark. This patch adds new assertions so that hopefully we can catch these problems right away. These checks will be expensive so I'll probably back them out after a week. They shouldn't affect our benchmarking of development builds because they'll only be enabled in actual nightly builds.

I also found a stupid bug in my instrumentation that caused some asserts and poisoning to be disabled in debug builds. This fixes that.
Comment 1 User image David Mandelin [:dmandelin] 2011-08-22 18:28:23 PDT
Comment on attachment 554971 [details] [diff] [review]

Review of attachment 554971 [details] [diff] [review]:

Just be sure to coordinate with TI landing if this might affect that.
Comment 2 User image Bill McCloskey (:billm) 2011-08-25 10:10:28 PDT
I checked with Brian; he says it shouldn't be a problem.
Comment 3 User image Ed Morley [:emorley] 2011-08-25 18:34:29 PDT

Note You need to log in before you can comment on or make changes to this bug.