Bug 1652719 - Stop allowing JS helper thread access to CHECK_THREAD APIs r=jandem

SpiderMonkey APIs often use CHECK_THREAD and AssertHeapIsIdle, but this can be a footgun when they are called from helper-threads since often nothing ensures the heap is idle. Instead, this patch updates the CHECK_THREAD assert to disallow helper-thread access to prevent misuses. The checks in Atomize and AtomizeChars are removed since those are (currently) allowed on helper threads. Differential Revision: https://phabricator.services.mozilla.com/D83492
2020-09-28 10:30:36 +00:00 · 2020-09-28 10:30:36 +00:00 · a1364b5a96
--- a/js/src/vm/JSAtom.cpp
+++ b/js/src/vm/JSAtom.cpp
@ -1048,8 +1048,6 @@ void AtomsTable::maybePinExistingAtom(JSContext* cx, JSAtom* atom) {

 JSAtom* js::Atomize(JSContext* cx, const char* bytes, size_t length,
                    PinningBehavior pin, const Maybe<uint32_t>& indexValue) {
-  CHECK_THREAD(cx);
-
  const Latin1Char* chars = reinterpret_cast<const Latin1Char*>(bytes);
  return AtomizeAndCopyChars(cx, chars, length, pin, indexValue);
 }
@ -1057,7 +1055,6 @@ JSAtom* js::Atomize(JSContext* cx, const char* bytes, size_t length,
 template <typename CharT>
 JSAtom* js::AtomizeChars(JSContext* cx, const CharT* chars, size_t length,
                         PinningBehavior pin) {
-  CHECK_THREAD(cx);
  return AtomizeAndCopyChars(cx, chars, length, pin, Nothing());
 }

@ -1242,8 +1239,6 @@ template JSAtom* js::ToAtom<NoGC>(JSContext* cx, const Value& v);
 static JSAtom* AtomizeLittleEndianTwoByteChars(JSContext* cx,
                                               const uint8_t* leTwoByte,
                                               size_t length) {
-  CHECK_THREAD(cx);
-
  LittleEndianChars chars(leTwoByte);

  if (JSAtom* s = cx->staticStrings().lookup(chars, length)) {
--- a/js/src/vm/JSContext.h
+++ b/js/src/vm/JSContext.h
@ -1304,7 +1304,7 @@ class MOZ_RAII AutoSuppressNurseryCellAlloc {
 } /* namespace js */

 #define CHECK_THREAD(cx)                            \
-  MOZ_ASSERT_IF(cx && !cx->isHelperThreadContext(), \
-                js::CurrentThreadCanAccessRuntime(cx->runtime()))
+  MOZ_ASSERT_IF(cx, !cx->isHelperThreadContext() && \
+                        js::CurrentThreadCanAccessRuntime(cx->runtime()))

 #endif /* vm_JSContext_h */