| author | Bobby Holley <bobbyholley@gmail.com> |
| Mon, 18 Aug 2014 10:57:30 -0700 | |
| changeset 200182 | 2a2883202fff196ab1f139d83fee51172b6893ec |
| parent 200181 | c4f5dcb57924229c10ac89a6f9c2ae33dcd2f447 |
| child 200183 | 621470d025e717313e6e0645258cd0330694c779 |
| push id | 27337 |
| push user | emorley@mozilla.com |
| push date | Tue, 19 Aug 2014 12:40:34 +0000 |
| treeherder | mozilla-central@a38daccaa557 [default view] [failures only] |
| perfherder | [talos] [build metrics] [platform microbench] (compared to previous push) |
| reviewers | billm |
| bugs | 1052089 |
| milestone | 34.0a1 |
| first release with | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
| last release without | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
--- a/content/base/src/nsDOMFileReader.cpp +++ b/content/base/src/nsDOMFileReader.cpp @@ -102,19 +102,17 @@ nsDOMFileReader::~nsDOMFileReader() * This Init method is called from the factory constructor. */ nsresult nsDOMFileReader::Init() { // Instead of grabbing some random global from the context stack, // let's use the default one (junk scope) for now. // We should move away from this Init... - nsCOMPtr<nsIGlobalObject> global = xpc::GetJunkScopeGlobal(); - NS_ENSURE_TRUE(global, NS_ERROR_FAILURE); - BindToOwner(global); + BindToOwner(xpc::GetNativeForGlobal(xpc::PrivilegedJunkScope())); return NS_OK; } /* static */ already_AddRefed<nsDOMFileReader> nsDOMFileReader::Constructor(const GlobalObject& aGlobal, ErrorResult& aRv) { nsRefPtr<nsDOMFileReader> fileReader = new nsDOMFileReader();
--- a/content/base/src/nsDocument.cpp +++ b/content/base/src/nsDocument.cpp @@ -2137,17 +2137,17 @@ nsDocument::Init() "Bad NodeType in aNodeInfo"); NS_ASSERTION(OwnerDoc() == this, "Our nodeinfo is busted!"); // If after creation the owner js global is not set for a document // we use the default compartment for this document, instead of creating // wrapper in some random compartment when the document is exposed to js // via some events. - nsCOMPtr<nsIGlobalObject> global = xpc::GetJunkScopeGlobal(); + nsCOMPtr<nsIGlobalObject> global = xpc::GetNativeForGlobal(xpc::PrivilegedJunkScope()); NS_ENSURE_TRUE(global, NS_ERROR_FAILURE); mScopeObject = do_GetWeakReference(global); MOZ_ASSERT(mScopeObject); mScriptLoader = new nsScriptLoader(this); mozilla::HoldJSObjects(this);
--- a/content/base/src/nsXMLHttpRequest.cpp +++ b/content/base/src/nsXMLHttpRequest.cpp @@ -347,19 +347,17 @@ nsXMLHttpRequest::Init() if (secMan) { secMan->GetSystemPrincipal(getter_AddRefs(subjectPrincipal)); } NS_ENSURE_STATE(subjectPrincipal); // Instead of grabbing some random global from the context stack, // let's use the default one (junk scope) for now. // We should move away from this Init... - nsCOMPtr<nsIGlobalObject> global = xpc::GetJunkScopeGlobal(); - NS_ENSURE_TRUE(global, NS_ERROR_FAILURE); - Construct(subjectPrincipal, global); + Construct(subjectPrincipal, xpc::GetNativeForGlobal(xpc::PrivilegedJunkScope())); return NS_OK; } /** * This Init method should only be called by C++ consumers. */ NS_IMETHODIMP nsXMLHttpRequest::Init(nsIPrincipal* aPrincipal,
--- a/content/xul/content/src/nsXULElement.cpp +++ b/content/xul/content/src/nsXULElement.cpp @@ -2526,17 +2526,17 @@ nsXULPrototypeScript::~nsXULPrototypeScr nsresult nsXULPrototypeScript::Serialize(nsIObjectOutputStream* aStream, nsXULPrototypeDocument* aProtoDoc, const nsTArray<nsRefPtr<mozilla::dom::NodeInfo>> *aNodeInfos) { NS_ENSURE_TRUE(aProtoDoc, NS_ERROR_UNEXPECTED); AutoSafeJSContext cx; - JS::Rooted<JSObject*> global(cx, xpc::GetCompilationScope()); + JS::Rooted<JSObject*> global(cx, xpc::CompilationScope()); NS_ENSURE_TRUE(global, NS_ERROR_UNEXPECTED); JSAutoCompartment ac(cx, global); NS_ASSERTION(!mSrcLoading || mSrcLoadWaiters != nullptr || !mScriptObject, "script source still loading when serializing?!"); if (!mScriptObject) return NS_ERROR_FAILURE; @@ -2548,18 +2548,17 @@ nsXULPrototypeScript::Serialize(nsIObjec rv = aStream->Write32(mLangVersion); if (NS_FAILED(rv)) return rv; // Calling fromMarkedLocation() is safe because we trace mScriptObject in // TraceScriptObject() and because its value is never changed after it has // been set. JS::Handle<JSScript*> script = JS::Handle<JSScript*>::fromMarkedLocation(mScriptObject.address()); - // Note - Inverting the order of these operands is a rooting hazard. - MOZ_ASSERT(xpc::GetCompilationScope() == JS::CurrentGlobalOrNull(cx)); + MOZ_ASSERT(xpc::CompilationScope() == JS::CurrentGlobalOrNull(cx)); return nsContentUtils::XPConnect()->WriteScript(aStream, cx, xpc_UnmarkGrayScript(script)); } nsresult nsXULPrototypeScript::SerializeOutOfLine(nsIObjectOutputStream* aStream, nsXULPrototypeDocument* aProtoDoc) { @@ -2616,17 +2615,17 @@ nsXULPrototypeScript::Deserialize(nsIObj !mScriptObject, "prototype script not well-initialized when deserializing?!"); // Read basic prototype data aStream->Read32(&mLineNo); aStream->Read32(&mLangVersion); AutoSafeJSContext cx; - JS::Rooted<JSObject*> global(cx, xpc::GetCompilationScope()); + JS::Rooted<JSObject*> global(cx, xpc::CompilationScope()); NS_ENSURE_TRUE(global, NS_ERROR_UNEXPECTED); JSAutoCompartment ac(cx, global); JS::Rooted<JSScript*> newScriptObject(cx); nsresult rv = nsContentUtils::XPConnect()->ReadScript(aStream, cx, newScriptObject.address()); NS_ENSURE_SUCCESS(rv, rv); Set(newScriptObject); @@ -2726,17 +2725,17 @@ NotifyOffThreadScriptCompletedRunnable:: // JS GC. The receiver needs to root the script before performing a call that // could GC. nsCOMPtr<nsIJSRuntimeService> svc = do_GetService("@mozilla.org/js/xpc/RuntimeService;1"); NS_ENSURE_TRUE(svc, NS_ERROR_FAILURE); JSScript *script; { AutoSafeJSContext cx; - JSAutoCompartment ac(cx, xpc::GetCompilationScope()); + JSAutoCompartment ac(cx, xpc::CompilationScope()); script = JS::FinishOffThreadScript(cx, JS_GetRuntime(cx), mToken); } return mReceiver->OnScriptCompileComplete(script, script ? NS_OK : NS_ERROR_FAILURE); } static void OffThreadScriptReceiverCallback(void *aToken, void *aCallbackData) @@ -2752,19 +2751,18 @@ OffThreadScriptReceiverCallback(void *aT nsresult nsXULPrototypeScript::Compile(JS::SourceBufferHolder& aSrcBuf, nsIURI* aURI, uint32_t aLineNo, nsIDocument* aDocument, nsIOffThreadScriptReceiver *aOffThreadReceiver /* = nullptr */) { // We'll compile the script in the compilation scope. - NS_ENSURE_TRUE(xpc::GetCompilationScope(), NS_ERROR_UNEXPECTED); AutoSafeJSContext cx; - JSAutoCompartment ac(cx, xpc::GetCompilationScope()); + JSAutoCompartment ac(cx, xpc::CompilationScope()); nsAutoCString urlspec; nsContentUtils::GetWrapperSafeScriptFilename(aDocument, aURI, urlspec); // Ok, compile it to create a prototype script object! NS_ENSURE_TRUE(JSVersion(mLangVersion) != JSVERSION_UNKNOWN, NS_OK); JS::CompileOptions options(cx); options.setIntroductionType("scriptElement")
--- a/dom/base/Console.cpp +++ b/dom/base/Console.cpp @@ -1108,17 +1108,17 @@ Console::ProcessCallData(ConsoleCallData // properties on this object, and those will need to keep an nsIStackFrame // alive. But nsIStackFrame cannot be wrapped in an untrusted scope. And // further, passing untrusted objects to system code is likely to run afoul of // Object Xrays. So we want to wrap in a system-principal scope here. But // which one? We could cheat and try to get the underlying JSObject* of // mStorage, but that's a bit fragile. Instead, we just use the junk scope, // with explicit permission from the XPConnect module owner. If you're // tempted to do that anywhere else, talk to said module owner first. - JSAutoCompartment ac2(cx, xpc::GetJunkScope()); + JSAutoCompartment ac2(cx, xpc::PrivilegedJunkScope()); JS::Rooted<JS::Value> eventValue(cx); if (!ToJSValue(cx, event, &eventValue)) { return; } JS::Rooted<JSObject*> eventObj(cx, &eventValue.toObject()); MOZ_ASSERT(eventObj);
--- a/dom/mobilemessage/src/ipc/SmsParent.cpp +++ b/dom/mobilemessage/src/ipc/SmsParent.cpp @@ -490,17 +490,17 @@ SmsRequestParent::DoRequest(const SendMe nsCOMPtr<nsIMmsService> mmsService = do_GetService(MMS_SERVICE_CONTRACTID); NS_ENSURE_TRUE(mmsService, true); // There are cases (see bug 981202) where this is called with no JS on the // stack. And since mmsService might be JS-Implemented, we need to pass a // jsval to ::Send. Only system code should be looking at the result here, // so we just create it in the System-Principaled Junk Scope. AutoJSContext cx; - JSAutoCompartment ac(cx, xpc::GetJunkScope()); + JSAutoCompartment ac(cx, xpc::PrivilegedJunkScope()); JS::Rooted<JS::Value> params(cx); const SendMmsMessageRequest &req = aRequest.get_SendMmsMessageRequest(); if (!GetParamsFromSendMmsMessageRequest(cx, req, params.address())) { NS_WARNING("SmsRequestParent: Fail to build MMS params."); return true; }
--- a/dom/xbl/nsXBLDocumentInfo.cpp +++ b/dom/xbl/nsXBLDocumentInfo.cpp @@ -354,12 +354,11 @@ nsXBLDocumentInfo::FlushSkinStylesheets( } } #ifdef DEBUG void AssertInCompilationScope() { AutoJSContext cx; - // Note - Inverting the order of these operands is a rooting hazard. - MOZ_ASSERT(xpc::GetCompilationScope() == JS::CurrentGlobalOrNull(cx)); + MOZ_ASSERT(xpc::CompilationScope() == JS::CurrentGlobalOrNull(cx)); } #endif
--- a/dom/xbl/nsXBLProtoImpl.cpp +++ b/dom/xbl/nsXBLProtoImpl.cpp @@ -235,18 +235,17 @@ nsXBLProtoImpl::InitTargetObjects(nsXBLP nsresult nsXBLProtoImpl::CompilePrototypeMembers(nsXBLPrototypeBinding* aBinding) { // We want to pre-compile our implementation's members against a "prototype context". Then when we actually // bind the prototype to a real xbl instance, we'll clone the pre-compiled JS into the real instance's // context. AutoSafeJSContext cx; - JS::Rooted<JSObject*> compilationGlobal(cx, xpc::GetCompilationScope()); - NS_ENSURE_TRUE(compilationGlobal, NS_ERROR_UNEXPECTED); + JS::Rooted<JSObject*> compilationGlobal(cx, xpc::CompilationScope()); JSAutoCompartment ac(cx, compilationGlobal); mPrecompiledMemberHolder = JS_NewObjectWithGivenProto(cx, nullptr, JS::NullPtr(), compilationGlobal); if (!mPrecompiledMemberHolder) return NS_ERROR_OUT_OF_MEMORY; // Now that we have a class object installed, we walk our member list and compile each of our // properties and methods in turn.
--- a/dom/xbl/nsXBLPrototypeBinding.cpp +++ b/dom/xbl/nsXBLPrototypeBinding.cpp @@ -906,18 +906,17 @@ nsXBLPrototypeBinding::Read(nsIObjectInp for (; interfaceCount > 0; interfaceCount--) { nsIID iid; aStream->ReadID(&iid); mInterfaceTable.Put(iid, mBinding); } AutoSafeJSContext cx; - JS::Rooted<JSObject*> compilationGlobal(cx, xpc::GetCompilationScope()); - NS_ENSURE_TRUE(compilationGlobal, NS_ERROR_UNEXPECTED); + JS::Rooted<JSObject*> compilationGlobal(cx, xpc::CompilationScope()); JSAutoCompartment ac(cx, compilationGlobal); bool isFirstBinding = aFlags & XBLBinding_Serialize_IsFirstBinding; rv = Init(id, aDocInfo, nullptr, isFirstBinding); NS_ENSURE_SUCCESS(rv, rv); // We need to set the prototype binding before reading the nsXBLProtoImpl, // as it may be retrieved within. @@ -1059,18 +1058,17 @@ WriteInterfaceID(const nsIID& aKey, nsIC nsresult nsXBLPrototypeBinding::Write(nsIObjectOutputStream* aStream) { // This writes out the binding. Note that mCheckedBaseProto, // mKeyHandlersRegistered and mKeyHandlers are not serialized as they are // computed on demand. AutoSafeJSContext cx; - JS::Rooted<JSObject*> compilationGlobal(cx, xpc::GetCompilationScope()); - NS_ENSURE_TRUE(compilationGlobal, NS_ERROR_UNEXPECTED); + JS::Rooted<JSObject*> compilationGlobal(cx, xpc::CompilationScope()); JSAutoCompartment ac(cx, compilationGlobal); uint8_t flags = mInheritStyle ? XBLBinding_Serialize_InheritStyle : 0; // mAlternateBindingURI is only set on the first binding. if (mAlternateBindingURI) { flags |= XBLBinding_Serialize_IsFirstBinding; }
--- a/js/ipc/JavaScriptShared.cpp +++ b/js/ipc/JavaScriptShared.cpp @@ -390,17 +390,17 @@ JavaScriptShared::findObjectById(JSConte JSAutoCompartment ac(cx, tabChildGlobal); if (!JS_WrapObject(cx, &obj)) return nullptr; return obj; } } // If there's no TabChildGlobal, we use the junk scope. - JSAutoCompartment ac(cx, xpc::GetJunkScope()); + JSAutoCompartment ac(cx, xpc::PrivilegedJunkScope()); if (!JS_WrapObject(cx, &obj)) return nullptr; return obj; } static const uint64_t DefaultPropertyOp = 1; static const uint64_t GetterOnlyPropertyStub = 2; static const uint64_t UnknownPropertyOp = 3;
--- a/js/xpconnect/src/XPCJSRuntime.cpp +++ b/js/xpconnect/src/XPCJSRuntime.cpp @@ -556,40 +556,25 @@ EnableUniversalXPConnect(JSContext *cx) XPCWrappedNativeScope *scope = priv->scope; if (!scope) return true; scope->ForcePrivilegedComponents(); return scope->AttachComponentsObject(cx); } JSObject * -GetJunkScope() +PrivilegedJunkScope() { - XPCJSRuntime *self = nsXPConnect::GetRuntimeInstance(); - NS_ENSURE_TRUE(self, nullptr); - return self->JunkScope(); -} - -nsIGlobalObject * -GetJunkScopeGlobal() -{ - JSObject *junkScope = GetJunkScope(); - // GetJunkScope would ideally never fail, currently it is not yet the case - // unfortunately...(see Bug 874158) - if (!junkScope) - return nullptr; - return GetNativeForGlobal(junkScope); + return XPCJSRuntime::Get()->PrivilegedJunkScope(); } JSObject * -GetCompilationScope() +CompilationScope() { - XPCJSRuntime *self = nsXPConnect::GetRuntimeInstance(); - NS_ENSURE_TRUE(self, nullptr); - return self->CompilationScope(); + return XPCJSRuntime::Get()->CompilationScope(); } JSObject * GetSafeJSContextGlobal() { return XPCJSRuntime::Get()->GetJSContextStack()->GetSafeJSContextGlobal(); } @@ -3125,17 +3110,17 @@ XPCJSRuntime::XPCJSRuntime(nsXPConnect* mGCIsRunning(false), mWrappedJSToReleaseArray(), mNativesToReleaseArray(), mDoingFinalization(false), mVariantRoots(nullptr), mWrappedJSRoots(nullptr), mObjectHolderRoots(nullptr), mWatchdogManager(new WatchdogManager(MOZ_THIS_IN_INITIALIZER_LIST())), - mJunkScope(MOZ_THIS_IN_INITIALIZER_LIST()->Runtime(), nullptr), + mPrivilegedJunkScope(MOZ_THIS_IN_INITIALIZER_LIST()->Runtime(), nullptr), mCompilationScope(MOZ_THIS_IN_INITIALIZER_LIST()->Runtime(), nullptr), mAsyncSnowWhiteFreer(new AsyncFreeSnowWhite()) { DOM_InitInterfaces(); // these jsids filled in later when we have a JSContext to work with. mStrIDs[0] = JSID_VOID; @@ -3556,32 +3541,32 @@ XPCJSRuntime::InitSingletonScopes() { // This all happens very early, so we don't bother with cx pushing. JSContext *cx = GetJSContextStack()->GetSafeJSContext(); JSAutoRequest ar(cx); RootedValue v(cx); nsresult rv; // Create the Junk Scope. - SandboxOptions junkScopeOptions; - junkScopeOptions.sandboxName.AssignLiteral("XPConnect Junk Compartment"); - junkScopeOptions.invisibleToDebugger = true; - junkScopeOptions.wantComponents = false; - rv = CreateSandboxObject(cx, &v, nsXPConnect::SystemPrincipal(), junkScopeOptions); + SandboxOptions privilegedJunkScopeOptions; + privilegedJunkScopeOptions.sandboxName.AssignLiteral("XPConnect Privileged Junk Compartment"); + privilegedJunkScopeOptions.invisibleToDebugger = true; + privilegedJunkScopeOptions.wantComponents = false; + rv = CreateSandboxObject(cx, &v, nsXPConnect::SystemPrincipal(), privilegedJunkScopeOptions); MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv)); - mJunkScope = js::UncheckedUnwrap(&v.toObject()); + mPrivilegedJunkScope = js::UncheckedUnwrap(&v.toObject()); // Create the Compilation Scope. SandboxOptions compilationScopeOptions; compilationScopeOptions.sandboxName.AssignLiteral("XPConnect Compilation Compartment"); compilationScopeOptions.invisibleToDebugger = true; compilationScopeOptions.discardSource = ShouldDiscardSystemSource(); rv = CreateSandboxObject(cx, &v, /* principal = */ nullptr, compilationScopeOptions); MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv)); mCompilationScope = js::UncheckedUnwrap(&v.toObject()); } void XPCJSRuntime::DeleteSingletonScopes() { - mJunkScope = nullptr; + mPrivilegedJunkScope = nullptr; mCompilationScope = nullptr; }
--- a/js/xpconnect/src/nsXPConnect.cpp +++ b/js/xpconnect/src/nsXPConnect.cpp @@ -1463,17 +1463,17 @@ NewAddonId(JSContext *cx, const nsACStri bool SetAddonInterposition(const nsACString &addonIdStr, nsIAddonInterposition *interposition) { JSAddonId *addonId; { // We enter the junk scope just to allocate a string, which actually will go // in the system zone. AutoJSAPI jsapi; - jsapi.Init(xpc::GetJunkScopeGlobal()); + jsapi.Init(xpc::GetNativeForGlobal(xpc::PrivilegedJunkScope())); addonId = NewAddonId(jsapi.cx(), addonIdStr); if (!addonId) return false; } return XPCWrappedNativeScope::SetAddonInterposition(addonId, interposition); }
--- a/js/xpconnect/src/xpcprivate.h +++ b/js/xpconnect/src/xpcprivate.h @@ -614,17 +614,17 @@ public: static void CTypesActivityCallback(JSContext *cx, js::CTypesActivityType type); static bool InterruptCallback(JSContext *cx); size_t SizeOfIncludingThis(mozilla::MallocSizeOf mallocSizeOf); AutoMarkingPtr** GetAutoRootsAdr() {return &mAutoRoots;} - JSObject* JunkScope() { return mJunkScope; } + JSObject* PrivilegedJunkScope() { return mPrivilegedJunkScope; } JSObject* CompilationScope() { return mCompilationScope; } void InitSingletonScopes(); void DeleteSingletonScopes(); PRTime GetWatchdogTimestamp(WatchdogTimestampCategory aCategory); void OnAfterProcessNextEvent() { mSlowScriptCheckpoint = mozilla::TimeStamp(); } @@ -658,17 +658,17 @@ private: bool mDoingFinalization; XPCRootSetElem *mVariantRoots; XPCRootSetElem *mWrappedJSRoots; XPCRootSetElem *mObjectHolderRoots; nsTArray<xpcGCCallback> extraGCCallbacks; nsTArray<xpcContextCallback> extraContextCallbacks; nsRefPtr<WatchdogManager> mWatchdogManager; JS::GCSliceCallback mPrevGCSliceCallback; - JS::PersistentRootedObject mJunkScope; + JS::PersistentRootedObject mPrivilegedJunkScope; JS::PersistentRootedObject mCompilationScope; nsRefPtr<AsyncFreeSnowWhite> mAsyncSnowWhiteFreer; mozilla::TimeStamp mSlowScriptCheckpoint; friend class Watchdog; friend class AutoLockWatchdog; friend class XPCIncrementalReleaseRunnable;
--- a/js/xpconnect/src/xpcpublic.h +++ b/js/xpconnect/src/xpcpublic.h @@ -443,32 +443,25 @@ UnwrapReflectorToISupports(JSObject *ref * wrapping them into some random compartment we find on the context stack (like * we did previously) a default compartment is used. This function returns that * compartment's global. It is a singleton on the runtime. * If you find yourself wanting to use this compartment, you're probably doing * something wrong. Callers MUST consult with the XPConnect module owner before * using this compartment. If you don't, bholley will hunt you down. */ JSObject * -GetJunkScope(); - -/** - * Returns the native global of the junk scope. See comment of GetJunkScope - * about the conditions of using it. - */ -nsIGlobalObject * -GetJunkScopeGlobal(); +PrivilegedJunkScope(); /** * Shared compilation scope for XUL prototype documents and XBL * precompilation. This compartment has a null principal. No code may run, and * it is invisible to the debugger. */ JSObject * -GetCompilationScope(); +CompilationScope(); /** * If |aObj| is a window, returns the associated nsGlobalWindow. * Otherwise, returns null. */ nsGlobalWindow* WindowOrNull(JSObject *aObj);