Bug 689269 - Don't read memory from other compartments in gc. r=wmccloskey.
authorRafael Ávila de Espíndola <respindola@mozilla.com>
Tue, 27 Sep 2011 15:44:26 -0400
changeset 77727 29897f5185bb650caae6cf429c154ab00532e036
parent 77726 7a98f72a49795ece752951d32445b75cf754bcb3
child 77728 45e745c780d7c68d8d450601b30340e9e95dd726
push id2212
push userrespindola@mozilla.com
push dateTue, 27 Sep 2011 19:45:13 +0000
treeherdermozilla-inbound@29897f5185bb [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerswmccloskey
bugs689269
milestone10.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 689269 - Don't read memory from other compartments in gc. r=wmccloskey.
js/src/jsgc.cpp
js/src/jsgcstats.cpp
js/src/jsgcstats.h
--- a/js/src/jsgc.cpp
+++ b/js/src/jsgc.cpp
@@ -793,16 +793,20 @@ MarkIfGCThingWord(JSTracer *trc, jsuword
     if (!Chunk::withinArenasRange(addr))
         return CGCT_NOTARENA;
 
     ArenaHeader *aheader = &chunk->arenas[Chunk::arenaIndex(addr)].aheader;
 
     if (!aheader->allocated())
         return CGCT_FREEARENA;
 
+    JSCompartment *curComp = trc->context->runtime->gcCurrentCompartment;
+    if (curComp && curComp != aheader->compartment)
+        return CGCT_OTHERCOMPARTMENT;
+
     AllocKind thingKind = aheader->getAllocKind();
     uintptr_t offset = addr & ArenaMask;
     uintptr_t minOffset = Arena::firstThingOffset(thingKind);
     if (offset < minOffset)
         return CGCT_NOTARENA;
 
     /* addr can point inside the thing so we must align the address. */
     uintptr_t shift = (offset - minOffset) % Arena::thingSize(thingKind);
--- a/js/src/jsgcstats.cpp
+++ b/js/src/jsgcstats.cpp
@@ -65,16 +65,17 @@ ConservativeGCStats::dump(FILE *fp)
         words += counter[i];
    
 #define ULSTAT(x)       ((unsigned long)(x))
     fprintf(fp, "CONSERVATIVE STACK SCANNING:\n");
     fprintf(fp, "      number of stack words: %lu\n", ULSTAT(words));
     fprintf(fp, "      excluded, low bit set: %lu\n", ULSTAT(counter[CGCT_LOWBITSET]));
     fprintf(fp, "        not withing a chunk: %lu\n", ULSTAT(counter[CGCT_NOTCHUNK]));
     fprintf(fp, "     not within arena range: %lu\n", ULSTAT(counter[CGCT_NOTARENA]));
+    fprintf(fp, "     in another compartment: %lu\n", ULSTAT(counter[CGCT_OTHERCOMPARTMENT]));
     fprintf(fp, "       points to free arena: %lu\n", ULSTAT(counter[CGCT_FREEARENA]));
     fprintf(fp, "         excluded, not live: %lu\n", ULSTAT(counter[CGCT_NOTLIVE]));
     fprintf(fp, "            valid GC things: %lu\n", ULSTAT(counter[CGCT_VALID]));
     fprintf(fp, "      valid but not aligned: %lu\n", ULSTAT(unaligned));
 #undef ULSTAT
 }
 #endif
 
--- a/js/src/jsgcstats.h
+++ b/js/src/jsgcstats.h
@@ -92,16 +92,17 @@ namespace gc {
  * The conservative GC test for a word shows that it is either a valid GC
  * thing or is not for one of the following reasons.
  */
 enum ConservativeGCTest
 {
     CGCT_VALID,
     CGCT_LOWBITSET, /* excluded because one of the low bits was set */
     CGCT_NOTARENA,  /* not within arena range in a chunk */
+    CGCT_OTHERCOMPARTMENT,  /* in another compartment */
     CGCT_NOTCHUNK,  /* not within a valid chunk */
     CGCT_FREEARENA, /* within arena containing only free things */
     CGCT_NOTLIVE,   /* gcthing is not allocated */
     CGCT_END
 };
 
 struct ConservativeGCStats
 {