Closed
Bug 1472130
Opened 6 years ago
Closed 6 years ago
Enable same-compartment-realms in the JS shell with --fuzzing-safe
Categories
(Core :: JavaScript Engine, enhancement)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla63
Tracking | Status | |
---|---|---|
firefox63 | --- | fixed |
People
(Reporter: jandem, Assigned: jandem)
References
Details
Attachments
(2 files)
(deleted),
patch
|
luke
:
review+
|
Details | Diff | Splinter Review |
(deleted),
patch
|
luke
:
review+
|
Details | Diff | Splinter Review |
newGlobal's sameCompartmentAs option is a no-op if --fuzzing-safe is used, this was done to avoid breaking the world: https://searchfox.org/mozilla-central/rev/d2966246905102b36ef5221b0e3cbccf7ea15a86/js/src/shell/js.cpp#5270 There's still a lot more work to do, but I think once bug 1466133 is fixed things should be in a fuzzable state (famous last words).
Assignee | ||
Comment 1•6 years ago
|
||
This fixes one obvious issue with cross-realm protos. This + bug 1463163 are the only failures I get when I change the test262 harness in the JS shell to use same-compartment realms for $262.createRealm(). Bug 1463163 is a correctness issue though and doesn't block fuzzing.
Attachment #8988692 -
Flags: review?(luke)
Assignee | ||
Comment 2•6 years ago
|
||
The Array test actually fails with --ion-eager --no-threads but that's a pre-existing and unrelated issue, filed bug 1472132. I'll change the test to use a different constructor that's unaffected.
Assignee | ||
Comment 3•6 years ago
|
||
Worst case this breaks the world and we can just back out this one-liner.
Attachment #8988696 -
Flags: review?(luke)
Updated•6 years ago
|
Attachment #8988692 -
Flags: review?(luke) → review+
Comment 4•6 years ago
|
||
Comment on attachment 8988696 [details] [diff] [review] Part 2 - Allow creating same-compartment realms in the shell with --fuzzing-safe Review of attachment 8988696 [details] [diff] [review]: ----------------------------------------------------------------- \o/
Attachment #8988696 -
Flags: review?(luke) → review+
Pushed by jandemooij@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/da03ca62424b part 1 - Fix a bogus assert in GetInitialShapeProtoKey with same-compartment realms. r=luke https://hg.mozilla.org/integration/mozilla-inbound/rev/d473e8b25db6 part 2 - Allow creating same-compartment realms in the shell with --fuzzing-safe. r=luke
Comment 6•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/da03ca62424b https://hg.mozilla.org/mozilla-central/rev/d473e8b25db6
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
status-firefox63:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla63
You need to log in
before you can comment on or make changes to this bug.
Description
•