Closed Bug 938950 Opened 6 years ago Closed 6 years ago

Don't provide full access to compartment/zone/runtime when compiling off thread

Categories

(Core :: JavaScript Engine: JIT, defect)

x86
macOS
defect
Not set

Tracking

()

RESOLVED FIXED
mozilla28

People

(Reporter: bhackett, Unassigned)

References

Details

(Whiteboard: [qa-])

Attachments

(1 file)

Attached patch patchSplinter Review
When compiling off thread bare pointers to the compartment, zone and runtime can be obtained which could allow for non-threadsafe accesses to occur.  These accesses can happen through either the compartment member of MIRGenerator/IonBuilder, or through TLS with GetIonContext.  It would be nicer if these only provided interfaces for accessing the compartment/zone/runtime in threadsafe ways, mostly for obtaining the address of various internal bits of the system.  The attached patch adds Compile{Compartment,Zone,Runtime} classes for this purpose.
Attachment #832685 - Flags: review?(jdemooij)
Comment on attachment 832685 [details] [diff] [review]
patch

Review of attachment 832685 [details] [diff] [review]:
-----------------------------------------------------------------

Awesome!

::: js/src/jit/CompileWrappers.h
@@ +26,5 @@
> +{
> +    JSRuntime *runtime();
> +
> +public:
> +

Nit: indentation and extra blank line.
Attachment #832685 - Flags: review?(jdemooij) → review+
Ugh, using hg patch didn't actually hg add the new files in the patch.

https://hg.mozilla.org/integration/mozilla-inbound/rev/c848ede03acc
I guess our build system is now so stupid that adding new source files requires a clobber.

https://hg.mozilla.org/integration/mozilla-inbound/rev/4df4f9fff8c5
I filed bug 940404 for that clobber-needing.
https://hg.mozilla.org/mozilla-central/rev/4df4f9fff8c5
https://hg.mozilla.org/mozilla-central/rev/ddf925dab861
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla28
Whiteboard: [qa-]
You need to log in before you can comment on or make changes to this bug.