TraceMonkeySecurityReviewForm

The goal of the TraceMonkey project is to add a just-in-time (JIT) compiler to SpiderMonkey to speedup execution of chrome and web content JavaScript.

Background links

• feature-tracking bug links
• specs or design docs

• What security issues do you address in your project?
• Is system or subsystem security compromised in any way if your project's configuration files / prefs are corrupt or missing?
• Include a thorough description of the security assumptions, capabilities and any potential risks (possible attack points) being introduced by your project.

• Please provide a table of exported interfaces (APIs, ABIs, protocols, UI, etc.)
• Does it interoperate with a web service? How will it do so?
• Explain the significant file formats, names, syntax, and semantics.
• Are the externally visible interfaces documented clearly enough for a non-Mozilla developer to use them successfully?
• Does it change any existing interfaces?

• What other modules are used (REQUIRES in the makefile, interfaces)

• What data is read or parsed by this feature
• What is the output of this feature
• What storage formats are used

• What failure modes or decision points are presented to the user?
• Can its files be corrupted by failures? Does it clean up any locks/files after crashes?

• Can the end user configure settings, via a UI or about:config? Hidden prefs? Environment variables?
• Are there build options for developers? [#ifdefs, ac_add_options, etc.]
• What ranges for the tunable are appropriate? How are they determined?
• What are its on-going maintenance requirements (e.g. Web links, perishable data files)?

• If so, what is the proposal's relationship to their work? Do you depend on others' work, or vice-versa?
• Are you updating, copying or changing functional areas maintained by other groups? How are you coordinating and communicating with them? Do they "approve" of what you propose?