Lower the boom on cross-compartment pointers

RESOLVED FIXED in mozilla9

Status

()

Core
JavaScript Engine
RESOLVED FIXED
6 years ago
6 years ago

People

(Reporter: billm, Assigned: billm)

Tracking

(Blocks: 1 bug)

Trunk
mozilla9
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Assignee)

Description

6 years ago
Created attachment 554971 [details] [diff] [review]
patch

There's evidence in bug 670702 that we still have problems with pointers that cross into other compartments without the right wrappers. Right now we check for this during Mark. This patch adds new assertions so that hopefully we can catch these problems right away. These checks will be expensive so I'll probably back them out after a week. They shouldn't affect our benchmarking of development builds because they'll only be enabled in actual nightly builds.

I also found a stupid bug in my instrumentation that caused some asserts and poisoning to be disabled in debug builds. This fixes that.
Attachment #554971 - Flags: review?(dmandelin)
(Assignee)

Updated

6 years ago
Blocks: 670702
Comment on attachment 554971 [details] [diff] [review]
patch

Review of attachment 554971 [details] [diff] [review]:
-----------------------------------------------------------------

Just be sure to coordinate with TI landing if this might affect that.
Attachment #554971 - Flags: review?(dmandelin) → review+
(Assignee)

Comment 2

6 years ago
I checked with Brian; he says it shouldn't be a problem.
Whiteboard: [inbound]

Comment 3

6 years ago
http://hg.mozilla.org/mozilla-central/rev/d4003f345b24
Status: NEW → RESOLVED
Last Resolved: 6 years ago
OS: Linux → All
Hardware: x86 → All
Resolution: --- → FIXED
Whiteboard: [inbound]
Target Milestone: --- → mozilla9
Version: unspecified → Trunk
You need to log in before you can comment on or make changes to this bug.