Hacker News new | ask | show | jobs
by bholley 1650 days ago
I believe the implementation in Firefox masks off the high bits of pointers and adds the result to the base address before performing a load/store. This requires us to reserve a power-of-two-sized region of address space, but we can lazily/incrementally commit the pages as the sandboxed code invokes sbrk.
1 comments
azakai 1650 days ago
Thanks for the details bholley!

Do you plan to use the signal handler trick eventually? Less portable but in my tests it shrinks the total overhead by half (from masking's 29% to 14%).

link
bholley 1650 days ago
Sorry, I should have been more clear. I believe we use the masking on 32-bit platforms, which is faster than explicit bounds checks. On 64-bit platforms we use guard pages. We don't actually need a signal handler, because we don't need to gracefully recover from a fault like we do on the Web — we can just crash.
link
azakai 1650 days ago
Nice, yeah, just crashing is even simpler, and sounds good enough...
link