Bug 854503 - Rename JS unwrapping functions. r=bholley
authorJacek Szpot <maligree@gmail.com>
Thu, 11 Apr 2013 11:50:18 -0700
changeset 135266 4add88d3db6959db49c8f1c47b0d8537539fa969
parent 135265 f556245d6da1f6edf50fbbea4180d2d22d1a3a63
child 135267 dbf9ab7dec313fbe76fafcc8fcaaa7b146bbecf0
push idunknown
push userunknown
push dateunknown
reviewersbholley
bugs854503
milestone23.0a1
Bug 854503 - Rename JS unwrapping functions. r=bholley
content/base/src/nsObjectLoadingContent.cpp
content/xbl/src/nsXBLProtoImplField.cpp
dom/base/nsDOMClassInfo.cpp
dom/base/nsGlobalWindow.cpp
dom/bindings/BindingUtils.cpp
dom/bindings/BindingUtils.h
dom/bindings/CallbackObject.cpp
dom/bindings/CallbackObject.h
dom/bindings/Codegen.py
dom/plugins/base/nsJSNPRuntime.cpp
dom/src/jsurl/nsJSProtocolHandler.cpp
extensions/pref/autoconfig/src/nsJSConfigTriggers.cpp
js/src/builtin/TestingFunctions.cpp
js/src/jsboolinlines.h
js/src/jsclone.cpp
js/src/jscompartment.cpp
js/src/jsdbgapi.cpp
js/src/jsfriendapi.cpp
js/src/jsproxy.cpp
js/src/jstypedarray.cpp
js/src/jsweakmap.cpp
js/src/jswrapper.cpp
js/src/jswrapper.h
js/src/shell/js.cpp
js/src/vm/Debugger.cpp
js/xpconnect/src/XPCCallContext.cpp
js/xpconnect/src/XPCComponents.cpp
js/xpconnect/src/XPCConvert.cpp
js/xpconnect/src/XPCJSID.cpp
js/xpconnect/src/XPCJSRuntime.cpp
js/xpconnect/src/XPCQuickStubs.cpp
js/xpconnect/src/XPCVariant.cpp
js/xpconnect/src/XPCWrappedJSClass.cpp
js/xpconnect/src/XPCWrappedNative.cpp
js/xpconnect/src/XPCWrappedNativeInfo.cpp
js/xpconnect/src/XPCWrappedNativeJSOps.cpp
js/xpconnect/src/XPCWrappedNativeScope.cpp
js/xpconnect/src/XPCWrapper.cpp
js/xpconnect/src/nsXPConnect.cpp
js/xpconnect/src/xpcprivate.h
js/xpconnect/wrappers/AccessCheck.cpp
js/xpconnect/wrappers/ChromeObjectWrapper.cpp
js/xpconnect/wrappers/WrapperFactory.cpp
js/xpconnect/wrappers/WrapperFactory.h
js/xpconnect/wrappers/XrayWrapper.cpp
--- a/content/base/src/nsObjectLoadingContent.cpp
+++ b/content/base/src/nsObjectLoadingContent.cpp
@@ -3082,17 +3082,17 @@ nsObjectLoadingContent::TeardownProtoCha
     if (!::JS_GetPrototype(cx, obj, &proto)) {
       return;
     }
     if (!proto) {
       break;
     }
     // Unwrap while checking the jsclass - if the prototype is a wrapper for
     // an NP object, that counts too.
-    if (JS_GetClass(js::UnwrapObject(proto)) == &sNPObjectJSWrapperClass) {
+    if (JS_GetClass(js::UncheckedUnwrap(proto)) == &sNPObjectJSWrapperClass) {
       // We found an NPObject on the proto chain, get its prototype...
       if (!::JS_GetPrototype(cx, proto, &proto)) {
         return;
       }
 
       MOZ_ASSERT(!removed, "more than one NPObject in prototype chain");
       removed = true;
 
--- a/content/xbl/src/nsXBLProtoImplField.cpp
+++ b/content/xbl/src/nsXBLProtoImplField.cpp
@@ -178,17 +178,17 @@ InstallXBLField(JSContext* cx,
     JS::Rooted<JS::Value> name(cx, js::GetFunctionNativeReserved(callee, FIELD_SLOT));
     JSFlatString* fieldStr = JS_ASSERT_STRING_IS_FLAT(name.toString());
     fieldName.init(fieldStr);
 
     MOZ_ALWAYS_TRUE(JS_ValueToId(cx, name, idp.address()));
 
     // If a separate XBL scope is being used, the callee is not same-compartment
     // with the xbl prototype, and the object is a cross-compartment wrapper.
-    xblProto = js::UnwrapObject(xblProto);
+    xblProto = js::UncheckedUnwrap(xblProto);
     JSAutoCompartment ac2(cx, xblProto);
     JS::Value slotVal = ::JS_GetReservedSlot(xblProto, 0);
     protoBinding = static_cast<nsXBLPrototypeBinding*>(slotVal.toPrivate());
     MOZ_ASSERT(protoBinding);
   }
 
   nsXBLProtoImplField* field = protoBinding->FindField(fieldName);
   MOZ_ASSERT(field);
@@ -225,17 +225,17 @@ FieldGetterImpl(JSContext *cx, JS::CallA
   JS::Rooted<JSObject*> thisObj(cx, &thisv.toObject());
 
   // We should be in the compartment of |this|. If we got here via nativeCall,
   // |this| is not same-compartment with |callee|, and it's possible via
   // asymmetric security semantics that |args.calleev()| is actually a security
   // wrapper. In this case, we know we want to do an unsafe unwrap, and
   // InstallXBLField knows how to handle cross-compartment pointers.
   bool installed = false;
-  JS::Rooted<JSObject*> callee(cx, js::UnwrapObject(&args.calleev().toObject()));
+  JS::Rooted<JSObject*> callee(cx, js::UncheckedUnwrap(&args.calleev().toObject()));
   JS::Rooted<jsid> id(cx);
   if (!InstallXBLField(cx, callee, thisObj, &id, &installed)) {
     return false;
   }
 
   if (!installed) {
     args.rval().setUndefined();
     return true;
@@ -294,17 +294,17 @@ FieldSetterImpl(JSContext *cx, JS::CallA
   JS::Rooted<JSObject*> thisObj(cx, &thisv.toObject());
 
   // We should be in the compartment of |this|. If we got here via nativeCall,
   // |this| is not same-compartment with |callee|, and it's possible via
   // asymmetric security semantics that |args.calleev()| is actually a security
   // wrapper. In this case, we know we want to do an unsafe unwrap, and
   // InstallXBLField knows how to handle cross-compartment pointers.
   bool installed = false;
-  JS::Rooted<JSObject*> callee(cx, js::UnwrapObject(&args.calleev().toObject()));
+  JS::Rooted<JSObject*> callee(cx, js::UncheckedUnwrap(&args.calleev().toObject()));
   JS::Rooted<jsid> id(cx);
   if (!InstallXBLField(cx, callee, thisObj, &id, &installed)) {
     return false;
   }
 
   if (installed) {
     JS::Rooted<JS::Value> v(cx,
                             args.length() > 0 ? args[0] : JS::UndefinedValue());
--- a/dom/base/nsDOMClassInfo.cpp
+++ b/dom/base/nsDOMClassInfo.cpp
@@ -4164,17 +4164,17 @@ nsDOMConstructor::HasInstance(nsIXPConne
   if (JSVAL_IS_PRIMITIVE(v)) {
     return NS_OK;
   }
 
   JSObject *dom_obj = JSVAL_TO_OBJECT(v);
   NS_ASSERTION(dom_obj, "nsDOMConstructor::HasInstance couldn't get object");
 
   // This might not be the right object, if there are wrappers. Unwrap if we can.
-  JSObject *wrapped_obj = js::UnwrapObjectChecked(dom_obj, /* stopAtOuter = */ false);
+  JSObject *wrapped_obj = js::CheckedUnwrap(dom_obj, /* stopAtOuter = */ false);
   if (wrapped_obj)
       dom_obj = wrapped_obj;
 
   JSClass *dom_class = JS_GetClass(dom_obj);
   if (!dom_class) {
     NS_ERROR("nsDOMConstructor::HasInstance can't get class.");
     return NS_ERROR_UNEXPECTED;
   }
@@ -4679,17 +4679,17 @@ nsWindowSH::GlobalResolve(nsGlobalWindow
       if (name_struct->mPrefEnabled && !(*name_struct->mPrefEnabled)()) {
         return NS_OK;
       }
 
       Maybe<JSAutoCompartment> ac;
       JSObject* global;
       bool defineOnXray = ObjectIsNativeWrapper(cx, obj);
       if (defineOnXray) {
-        global = js::UnwrapObjectChecked(obj, /* stopAtOuter = */ false);
+        global = js::CheckedUnwrap(obj, /* stopAtOuter = */ false);
         if (!global) {
           return NS_ERROR_DOM_SECURITY_ERR;
         }
         ac.construct(cx, global);
       } else {
         global = obj;
       }
 
@@ -4927,17 +4927,17 @@ ContentWindowGetter(JSContext *cx, unsig
   return ::JS_GetProperty(cx, obj, "content", vp);
 }
 
 template<class Interface>
 static nsresult
 LocationSetterGuts(JSContext *cx, JSObject *obj, jsval *vp)
 {
   // This function duplicates some of the logic in XPC_WN_HelperSetProperty
-  obj = js::UnwrapObjectChecked(obj, /* stopAtOuter = */ false);
+  obj = js::CheckedUnwrap(obj, /* stopAtOuter = */ false);
   if (!IS_WN_WRAPPER(obj))
       return NS_ERROR_XPC_BAD_CONVERT_JS;
   XPCWrappedNative *wrapper = XPCWrappedNative::Get(obj);
 
   // The error checks duplicate code in THROW_AND_RETURN_IF_BAD_WRAPPER
   NS_ENSURE_TRUE(!wrapper || wrapper->IsValid(), NS_ERROR_XPC_HAS_BEEN_SHUTDOWN);
 
   nsCOMPtr<Interface> xpcomObj = do_QueryWrappedNative(wrapper, obj);
--- a/dom/base/nsGlobalWindow.cpp
+++ b/dom/base/nsGlobalWindow.cpp
@@ -6535,17 +6535,17 @@ nsGlobalWindow::CallerInnerWindow()
   // sandboxPrototype. This used to work incidentally for unrelated reasons, but
   // now we need to do some special handling to support it.
   {
     JSAutoCompartment ac(cx, scope);
     JSObject *scopeProto;
     bool ok = JS_GetPrototype(cx, scope, &scopeProto);
     NS_ENSURE_TRUE(ok, nullptr);
     if (scopeProto && xpc::IsSandboxPrototypeProxy(scopeProto) &&
-        (scopeProto = js::UnwrapObjectChecked(scopeProto, /* stopAtOuter = */ false)))
+        (scopeProto = js::CheckedUnwrap(scopeProto, /* stopAtOuter = */ false)))
     {
       scope = scopeProto;
     }
   }
   JSAutoCompartment ac(cx, scope);
 
   nsCOMPtr<nsIXPConnectWrappedNative> wrapper;
   nsContentUtils::XPConnect()->
--- a/dom/bindings/BindingUtils.cpp
+++ b/dom/bindings/BindingUtils.cpp
@@ -666,17 +666,17 @@ QueryInterface(JSContext* cx, unsigned a
 {
   JS::Value thisv = JS_THIS(cx, vp);
   if (thisv == JSVAL_NULL)
     return false;
 
   // Get the object. It might be a security wrapper, in which case we do a checked
   // unwrap.
   JSObject* origObj = JSVAL_TO_OBJECT(thisv);
-  JSObject* obj = js::UnwrapObjectChecked(origObj);
+  JSObject* obj = js::CheckedUnwrap(origObj);
   if (!obj) {
       JS_ReportError(cx, "Permission denied to access object");
       return false;
   }
 
   nsISupports* native;
   if (!UnwrapDOMObjectToISupports(obj, native)) {
     return Throw<true>(cx, NS_ERROR_FAILURE);
@@ -1244,17 +1244,17 @@ GetPropertyOnPrototype(JSContext* cx, JS
 }
 
 bool
 HasPropertyOnPrototype(JSContext* cx, JSObject* proxy, DOMProxyHandler* handler,
                        jsid id)
 {
   Maybe<JSAutoCompartment> ac;
   if (xpc::WrapperFactory::IsXrayWrapper(proxy)) {
-    proxy = js::UnwrapObject(proxy);
+    proxy = js::UncheckedUnwrap(proxy);
     ac.construct(cx, proxy);
   }
   MOZ_ASSERT(js::IsProxy(proxy) && js::GetProxyHandler(proxy) == handler);
 
   bool found;
   // We ignore an error from GetPropertyOnPrototype.
   return !GetPropertyOnPrototype(cx, proxy, id, &found, NULL) || found;
 }
@@ -1587,17 +1587,17 @@ ReparentWrapper(JSContext* aCx, JSObject
 }
 
 template<bool mainThread>
 inline JSObject*
 GetGlobalObject(JSContext* aCx, JSObject* aObject,
                 Maybe<JSAutoCompartment>& aAutoCompartment)
 {
   if (js::IsWrapper(aObject)) {
-    aObject = js::UnwrapObjectChecked(aObject, /* stopAtOuter = */ false);
+    aObject = js::CheckedUnwrap(aObject, /* stopAtOuter = */ false);
     if (!aObject) {
       Throw<mainThread>(aCx, NS_ERROR_XPC_SECURITY_MANAGER_VETO);
       return nullptr;
     }
     aAutoCompartment.construct(aCx, aObject);
   }
 
   return JS_GetGlobalForObject(aCx, aObject);
@@ -1636,17 +1636,17 @@ WorkerGlobalObject::WorkerGlobalObject(J
 
 JSBool
 InterfaceHasInstance(JSContext* cx, JSHandleObject obj, JSObject* instance,
                      JSBool* bp)
 {
   const DOMIfaceAndProtoJSClass* clasp =
     DOMIfaceAndProtoJSClass::FromJSClass(js::GetObjectClass(obj));
 
-  const DOMClass* domClass = GetDOMClass(js::UnwrapObject(instance));
+  const DOMClass* domClass = GetDOMClass(js::UncheckedUnwrap(instance));
 
   MOZ_ASSERT(!domClass || clasp->mPrototypeID != prototypes::id::_ID_Count,
              "Why do we have a hasInstance hook if we don't have a prototype "
              "ID?");
 
   if (domClass &&
       domClass->mInterfaceChain[clasp->mDepth] == clasp->mPrototypeID) {
     *bp = true;
--- a/dom/bindings/BindingUtils.h
+++ b/dom/bindings/BindingUtils.h
@@ -155,17 +155,17 @@ UnwrapObject(JSContext* cx, JSObject* ob
   const DOMClass* domClass = GetDOMClass(obj);
   if (!domClass) {
     /* Maybe we have a security wrapper or outer window? */
     if (!js::IsWrapper(obj)) {
       /* Not a DOM object, not a wrapper, just bail */
       return NS_ERROR_XPC_BAD_CONVERT_JS;
     }
 
-    obj = js::UnwrapObjectChecked(obj, /* stopAtOuter = */ false);
+    obj = js::CheckedUnwrap(obj, /* stopAtOuter = */ false);
     if (!obj) {
       return NS_ERROR_XPC_SECURITY_MANAGER_VETO;
     }
     MOZ_ASSERT(!js::IsWrapper(obj));
     domClass = GetDOMClass(obj);
     if (!domClass) {
       /* We don't have a DOM object */
       return NS_ERROR_XPC_BAD_CONVERT_JS;
@@ -616,17 +616,17 @@ WrapNewBindingNonWrapperCachedObject(JSC
 {
   // We try to wrap in the compartment of the underlying object of "scope"
   JSObject* obj;
   {
     // scope for the JSAutoCompartment so that we restore the compartment
     // before we call JS_WrapValue.
     Maybe<JSAutoCompartment> ac;
     if (js::IsWrapper(scope)) {
-      scope = js::UnwrapObjectChecked(scope, /* stopAtOuter = */ false);
+      scope = js::CheckedUnwrap(scope, /* stopAtOuter = */ false);
       if (!scope)
         return false;
       ac.construct(cx, scope);
     }
 
     obj = value->WrapObject(cx, scope);
   }
 
--- a/dom/bindings/CallbackObject.cpp
+++ b/dom/bindings/CallbackObject.cpp
@@ -45,17 +45,17 @@ CallbackObject::CallSetup::CallSetup(JSO
 
   // We need to produce a useful JSContext here.  Ideally one that the callback
   // is in some sense associated with, so that we can sort of treat it as a
   // "script entry point".  Though once we actually have script entry points,
   // we'll need to do the script entry point bits once we have an actual
   // callable.
 
   // First, find the real underlying callback.
-  JSObject* realCallback = js::UnwrapObject(aCallback);
+  JSObject* realCallback = js::UncheckedUnwrap(aCallback);
 
   // Now get the nsIScriptGlobalObject for this callback.
   JSContext* cx = nullptr;
   nsIScriptContext* ctx = nullptr;
   nsIScriptGlobalObject* sgo = nsJSUtils::GetStaticScriptGlobal(realCallback);
   if (sgo) {
     // Make sure that if this is a window it's the current inner, since the
     // nsIScriptContext and hence JSContext are associated with the outer
@@ -101,17 +101,17 @@ CallbackObject::CallSetup::CallSetup(JSO
   // FIXME: Bug 807369.
   mCtx = ctx;
 
   // Check that it's ok to run this callback at all.
   // FIXME: Bug 807371: we want a less silly check here.
   // Make sure to unwrap aCallback before passing it in, because
   // getting principals from wrappers is silly.
   nsresult rv = nsContentUtils::GetSecurityManager()->
-    CheckFunctionAccess(cx, js::UnwrapObject(aCallback), nullptr);
+    CheckFunctionAccess(cx, js::UncheckedUnwrap(aCallback), nullptr);
 
   // Construct a termination func holder even if we're not planning to
   // run any script.  We need this because we're going to call
   // ScriptEvaluated even if we don't run the script...  See XXX
   // comment above.
   if (ctx) {
     mTerminationFuncHolder.construct(static_cast<nsJSContext*>(ctx));
   }
--- a/dom/bindings/CallbackObject.h
+++ b/dom/bindings/CallbackObject.h
@@ -49,17 +49,17 @@ public:
    */
   CallbackObject(JSContext* cx, JSObject* aOwner, JSObject* aCallback,
                  bool* aInited)
     : mCallback(nullptr)
   {
     // If aOwner is not null, enter the compartment of aOwner's
     // underlying object.
     if (aOwner) {
-      aOwner = js::UnwrapObject(aOwner);
+      aOwner = js::UncheckedUnwrap(aOwner);
       JSAutoCompartment ac(cx, aOwner);
       if (!JS_WrapObject(cx, &aCallback)) {
         *aInited = false;
         return;
       }
     }
 
     Init(aCallback);
@@ -277,19 +277,19 @@ public:
 
     if (!HasWebIDLCallback() || !GetWebIDLCallback()) {
       // If other is non-null, then we can't be equal if we have a
       // non-WebIDL callback or a null callback.
       return false;
     }
 
     JSObject* thisObj =
-      js::UnwrapObject(GetWebIDLCallback()->CallbackPreserveColor());
+      js::UncheckedUnwrap(GetWebIDLCallback()->CallbackPreserveColor());
     JSObject* otherObj =
-      js::UnwrapObject(aOtherCallback->CallbackPreserveColor());
+      js::UncheckedUnwrap(aOtherCallback->CallbackPreserveColor());
     return thisObj == otherObj;
   }
 
   bool operator==(XPCOMCallbackT* aOtherCallback) const
   {
     return (!aOtherCallback && !GetISupports()) ||
       (!HasWebIDLCallback() && GetXPCOMCallback() == aOtherCallback);
   }
--- a/dom/bindings/Codegen.py
+++ b/dom/bindings/Codegen.py
@@ -1106,24 +1106,24 @@ class CGClassHasInstanceHook(CGAbstractS
   bool ok = InterfaceHasInstance(cx, obj, instance, bp);
   if (!ok || *bp) {
     return ok;
   }
 
   // FIXME Limit this to chrome by checking xpc::AccessCheck::isChrome(obj).
   nsISupports* native =
     nsContentUtils::XPConnect()->GetNativeOfWrapper(cx,
-                                                    js::UnwrapObject(instance));
+                                                    js::UncheckedUnwrap(instance));
   nsCOMPtr<nsIDOM%s> qiResult = do_QueryInterface(native);
   *bp = !!qiResult;
   return true;
          """ % self.descriptor.interface.identifier.name
 
         hasInstanceCode = """
-  const DOMClass* domClass = GetDOMClass(js::UnwrapObject(instance));
+  const DOMClass* domClass = GetDOMClass(js::UncheckedUnwrap(instance));
   *bp = false;
   if (!domClass) {
     // Not a DOM object, so certainly not an instance of this interface
     return true;
   }
   """
         # Sort interaces implementing self by name so we get stable output.
         for iface in sorted(self.descriptor.interface.interfacesImplementingSelf,
@@ -6085,17 +6085,17 @@ class CGProxyUnwrap(CGAbstractMethod):
         args = [Argument('JSObject*', 'obj')]
         CGAbstractMethod.__init__(self, descriptor, "UnwrapProxy", descriptor.nativeType + '*', args, alwaysInline=True)
     def declare(self):
         return ""
     def definition_body(self):
         return """  MOZ_ASSERT(js::IsProxy(obj));
   if (js::GetProxyHandler(obj) != DOMProxyHandler::getInstance()) {
     MOZ_ASSERT(xpc::WrapperFactory::IsXrayWrapper(obj));
-    obj = js::UnwrapObject(obj);
+    obj = js::UncheckedUnwrap(obj);
   }
   MOZ_ASSERT(IsProxy(obj));
   return static_cast<%s*>(js::GetProxyPrivate(obj).toPrivate());""" % (self.descriptor.nativeType)
 
 class CGDOMJSProxyHandlerDOMClass(CGThing):
     def __init__(self, descriptor):
         CGThing.__init__(self)
         self.descriptor = descriptor
--- a/dom/plugins/base/nsJSNPRuntime.cpp
+++ b/dom/plugins/base/nsJSNPRuntime.cpp
@@ -460,17 +460,17 @@ JSValToNPVariant(NPP npp, JSContext *cx,
   // The reflected plugin object may be in another compartment if the plugin
   // element has since been adopted into a new document. We don't bother
   // transplanting the plugin objects, and just do a unwrap with security
   // checks if we encounter one of them as an argument. If the unwrap fails,
   // we run with the original wrapped object, since sometimes there are
   // legitimate cases where a security wrapper ends up here (for example,
   // Location objects, which are _always_ behind security wrappers).
   JSObject *obj = JSVAL_TO_OBJECT(val);
-  obj = js::UnwrapObjectChecked(obj);
+  obj = js::CheckedUnwrap(obj);
   if (!obj) {
     obj = JSVAL_TO_OBJECT(val);
   }
 
   NPObject *npobj = nsJSObjWrapper::GetNewOrUsed(npp, cx, obj);
   if (!npobj) {
     return false;
   }
@@ -1122,17 +1122,17 @@ nsJSObjWrapper::GetNewOrUsed(NPP npp, JS
 // wrapper.
 //
 // Because this function unwraps, its return value must be wrapped for the cx
 // compartment for callers that plan to hold onto the result or do anything
 // substantial with it.
 static JSObject *
 GetNPObjectWrapper(JSContext *cx, JSObject *obj, bool wrapResult = true)
 {
-  while (obj && (obj = js::UnwrapObjectChecked(obj))) {
+  while (obj && (obj = js::CheckedUnwrap(obj))) {
     if (JS_GetClass(obj) == &sNPObjectJSWrapperClass) {
       if (wrapResult && !JS_WrapObject(cx, &obj)) {
         return NULL;
       }
       return obj;
     }
     if (!::JS_GetPrototype(cx, obj, &obj)) {
       return NULL;
--- a/dom/src/jsurl/nsJSProtocolHandler.cpp
+++ b/dom/src/jsurl/nsJSProtocolHandler.cpp
@@ -289,17 +289,17 @@ nsresult nsJSThunk::EvaluateScript(nsICh
 
         // The nsXPConnect sandbox API gives us a wrapper to the sandbox for
         // our current compartment. Because our current context doesn't necessarily
         // subsume that of the sandbox, we want to unwrap and enter the sandbox's
         // compartment. It's a shame that the APIs here are so clunkly. :-(
         JSObject *sandboxObj;
         rv = sandbox->GetJSObject(&sandboxObj);
         NS_ENSURE_SUCCESS(rv, rv);
-        sandboxObj = js::UnwrapObject(sandboxObj);
+        sandboxObj = js::UncheckedUnwrap(sandboxObj);
         JSAutoCompartment ac(cx, sandboxObj);
 
         // Push our JSContext on the context stack so the JS_ValueToString call (and
         // JS_ReportPendingException, if relevant) will use the principal of cx.
         // Note that we do this as late as possible to make popping simpler.
         nsCOMPtr<nsIJSContextStack> stack =
             do_GetService("@mozilla.org/js/xpc/ContextStack;1", &rv);
         if (NS_SUCCEEDED(rv)) {
--- a/extensions/pref/autoconfig/src/nsJSConfigTriggers.cpp
+++ b/extensions/pref/autoconfig/src/nsJSConfigTriggers.cpp
@@ -55,17 +55,17 @@ nsresult CentralizedAdminPrefManagerInit
     JSAutoRequest ar(cx);
     nsCOMPtr<nsIXPConnectJSObjectHolder> sandbox;
     rv = xpc->CreateSandbox(cx, principal, getter_AddRefs(sandbox));
     NS_ENSURE_SUCCESS(rv, rv);
 
     // Unwrap, store and root the sandbox.
     rv = sandbox->GetJSObject(&autoconfigSb);
     NS_ENSURE_SUCCESS(rv, rv);
-    autoconfigSb = js::UnwrapObject(autoconfigSb);
+    autoconfigSb = js::UncheckedUnwrap(autoconfigSb);
     JSAutoCompartment ac(cx, autoconfigSb);
     if (!JS_AddNamedObjectRoot(cx, &autoconfigSb, "AutoConfig Sandbox"))
         return NS_ERROR_FAILURE;
 
     return NS_OK;
 }
 
 nsresult CentralizedAdminPrefManagerFinish()
--- a/js/src/builtin/TestingFunctions.cpp
+++ b/js/src/builtin/TestingFunctions.cpp
@@ -200,17 +200,17 @@ GC(JSContext *cx, unsigned argc, jsval *
      */
     JSBool compartment = false;
     if (argc == 1) {
         Value arg = vp[2];
         if (arg.isString()) {
             if (!JS_StringEqualsAscii(cx, arg.toString(), "compartment", &compartment))
                 return false;
         } else if (arg.isObject()) {
-            PrepareZoneForGC(UnwrapObject(&arg.toObject())->zone());
+            PrepareZoneForGC(UncheckedUnwrap(&arg.toObject())->zone());
             compartment = true;
         }
     }
 
 #ifndef JS_MORE_DETERMINISTIC
     size_t preBytes = cx->runtime->gcBytes;
 #endif
 
@@ -403,17 +403,17 @@ ScheduleGC(JSContext *cx, unsigned argc,
         return JS_FALSE;
     }
 
     if (args[0].isInt32()) {
         /* Schedule a GC to happen after |arg| allocations. */
         JS_ScheduleGC(cx, args[0].toInt32());
     } else if (args[0].isObject()) {
         /* Ensure that |zone| is collected during the next GC. */
-        Zone *zone = UnwrapObject(&args[0].toObject())->zone();
+        Zone *zone = UncheckedUnwrap(&args[0].toObject())->zone();
         PrepareZoneForGC(zone);
     } else if (args[0].isString()) {
         /* This allows us to schedule atomsCompartment for GC. */
         PrepareZoneForGC(args[0].toString()->zone());
     }
 
     *vp = JSVAL_VOID;
     return JS_TRUE;
--- a/js/src/jsboolinlines.h
+++ b/js/src/jsboolinlines.h
@@ -29,17 +29,17 @@ BooleanGetPrimitiveValue(JSContext *cx, 
     }
 
     return BooleanGetPrimitiveValueSlow(cx, obj, vp);
 }
 
 inline bool
 EmulatesUndefined(RawObject obj)
 {
-    RawObject actual = MOZ_LIKELY(!obj->isWrapper()) ? obj : UnwrapObject(obj);
+    RawObject actual = MOZ_LIKELY(!obj->isWrapper()) ? obj : UncheckedUnwrap(obj);
     bool emulatesUndefined = actual->getClass()->emulatesUndefined();
     MOZ_ASSERT_IF(emulatesUndefined, obj->type()->flags & types::OBJECT_FLAG_EMULATES_UNDEFINED);
     return emulatesUndefined;
 }
 
 } /* namespace js */
 
 #endif /* jsboolinlines_h___ */
--- a/js/src/jsclone.cpp
+++ b/js/src/jsclone.cpp
@@ -456,17 +456,17 @@ JSStructuredCloneWriter::parseTransferab
             return false;
         }
 
         if (!v.isObject()) {
             reportErrorTransferable();
             return false;
         }
 
-        JSObject* tObj = UnwrapObjectChecked(&v.toObject());
+        JSObject* tObj = CheckedUnwrap(&v.toObject());
         if (!tObj) {
             JS_ReportError(context(), "Permission denied to access object");
             return false;
         }
         if (!tObj->isArrayBuffer()) {
             reportErrorTransferable();
             return false;
         }
@@ -539,17 +539,17 @@ JS_PUBLIC_API(JSBool)
 JS_WriteTypedArray(JSStructuredCloneWriter *w, jsval v)
 {
     JS_ASSERT(v.isObject());
     RootedObject obj(w->context(), &v.toObject());
 
     // If the object is a security wrapper, see if we're allowed to unwrap it.
     // If we aren't, throw.
     if (obj->isWrapper())
-        obj = UnwrapObjectChecked(obj);
+        obj = CheckedUnwrap(obj);
     if (!obj) {
         JS_ReportError(w->context(), "Permission denied to access object");
         return false;
     }
     return w->writeTypedArray(obj);
 }
 
 bool
@@ -643,17 +643,17 @@ JSStructuredCloneWriter::startWrite(cons
         return out.writePair(SCTAG_NULL, 0);
     } else if (v.isUndefined()) {
         return out.writePair(SCTAG_UNDEFINED, 0);
     } else if (v.isObject()) {
         RootedObject obj(context(), &v.toObject());
 
         // The object might be a security wrapper. See if we can clone what's
         // behind it. If we can, unwrap the object.
-        obj = UnwrapObjectChecked(obj);
+        obj = CheckedUnwrap(obj);
         if (!obj) {
             JS_ReportError(context(), "Permission denied to access object");
             return false;
         }
 
         AutoCompartment ac(context(), obj);
 
         bool backref;
--- a/js/src/jscompartment.cpp
+++ b/js/src/jscompartment.cpp
@@ -258,17 +258,17 @@ JSCompartment::wrap(JSContext *cx, Mutab
         if (obj->compartment() == this)
             return WrapForSameCompartment(cx, obj, vp);
 
         /* Translate StopIteration singleton. */
         if (obj->isStopIteration())
             return js_FindClassObject(cx, JSProto_StopIteration, vp);
 
         /* Unwrap the object, but don't unwrap outer windows. */
-        obj = UnwrapObject(obj, /* stopAtOuter = */ true, &flags);
+        obj = UncheckedUnwrap(obj, /* stopAtOuter = */ true, &flags);
 
         if (obj->compartment() == this)
             return WrapForSameCompartment(cx, obj, vp);
 
         if (cx->runtime->preWrapObjectCallback) {
             obj = cx->runtime->preWrapObjectCallback(cx, global, obj, flags);
             if (!obj)
                 return false;
--- a/js/src/jsdbgapi.cpp
+++ b/js/src/jsdbgapi.cpp
@@ -918,23 +918,23 @@ JS_DumpCompartmentPCCounts(JSContext *cx
         if (script->hasScriptCounts && script->enclosingScriptsCompiledSuccessfully())
             JS_DumpPCCounts(cx, script);
     }
 }
 
 JS_PUBLIC_API(JSObject *)
 JS_UnwrapObject(JSObject *obj)
 {
-    return UnwrapObject(obj);
+    return UncheckedUnwrap(obj);
 }
 
 JS_PUBLIC_API(JSObject *)
 JS_UnwrapObjectAndInnerize(JSObject *obj)
 {
-    return UnwrapObject(obj, /* stopAtOuter = */ false);
+    return UncheckedUnwrap(obj, /* stopAtOuter = */ false);
 }
 
 JS_FRIEND_API(JSBool)
 js_CallContextDebugHandler(JSContext *cx)
 {
     NonBuiltinScriptFrameIter iter(cx);
     JS_ASSERT(!iter.done());
 
--- a/js/src/jsfriendapi.cpp
+++ b/js/src/jsfriendapi.cpp
@@ -66,17 +66,17 @@ JS_FindCompilationScope(JSContext *cx, R
 {
     RootedObject obj(cx, objArg);
 
     /*
      * We unwrap wrappers here. This is a little weird, but it's what's being
      * asked of us.
      */
     if (obj->isWrapper())
-        obj = UnwrapObject(obj);
+        obj = UncheckedUnwrap(obj);
 
     /*
      * Innerize the target_obj so that we compile in the correct (inner)
      * scope.
      */
     if (JSObjectOp op = obj->getClass()->ext.innerObject)
         obj = op(cx, obj);
     return obj;
--- a/js/src/jsproxy.cpp
+++ b/js/src/jsproxy.cpp
@@ -558,17 +558,17 @@ DirectProxyHandler::defaultValue(JSConte
     if (hint == JSTYPE_VOID)
         return ToPrimitive(cx, vp);
     return ToPrimitive(cx, hint, vp);
 }
 
 JSObject *
 DirectProxyHandler::weakmapKeyDelegate(JSObject *proxy)
 {
-    return UnwrapObject(proxy);
+    return UncheckedUnwrap(proxy);
 }
 
 DirectProxyHandler::DirectProxyHandler(void *family)
   : BaseProxyHandler(family)
 {
 }
 
 bool
--- a/js/src/jstypedarray.cpp
+++ b/js/src/jstypedarray.cpp
@@ -1834,17 +1834,17 @@ class TypedArrayTemplate
         /*
          * (typedArray)
          * (type[] array)
          *
          * Otherwise create a new typed array and copy elements 0..len-1
          * properties from the object, treating it as some sort of array.
          * Note that offset and length will be ignored
          */
-        if (!UnwrapObject(dataObj)->isArrayBuffer())
+        if (!UncheckedUnwrap(dataObj)->isArrayBuffer())
             return fromArray(cx, dataObj);
 
         /* (ArrayBuffer, [byteOffset, [length]]) */
         int32_t byteOffset = -1;
         int32_t length = -1;
 
         if (argc > 1) {
             if (!ToInt32(cx, argv[1], &byteOffset))
@@ -2117,17 +2117,17 @@ class TypedArrayTemplate
              * construct the new typed array in the compartment of the buffer,
              * so that the typed array can point directly at their buffer's
              * data without crossing compartment boundaries. So we use the
              * machinery underlying NonGenericMethodGuard directly to proxy the
              * native call. We will end up with a wrapper in the origin
              * compartment for a view in the target compartment referencing the
              * ArrayBuffer in that same compartment.
              */
-            JSObject *wrapped = UnwrapObjectChecked(bufobj);
+            JSObject *wrapped = CheckedUnwrap(bufobj);
             if (!wrapped) {
                 JS_ReportError(cx, "Permission denied to access object");
                 return NULL;
             }
             if (wrapped->isArrayBuffer()) {
                 /*
                  * And for even more fun, the new view's prototype should be
                  * set to the origin compartment's prototype object, not the
@@ -2740,17 +2740,17 @@ JSBool
 DataViewObject::class_constructor(JSContext *cx, unsigned argc, Value *vp)
 {
     CallArgs args = CallArgsFromVp(argc, vp);
 
     RootedObject bufobj(cx);
     if (!GetFirstArgumentAsObject(cx, args, "DataView constructor", &bufobj))
         return false;
 
-    if (bufobj->isWrapper() && UnwrapObject(bufobj)->isArrayBuffer()) {
+    if (bufobj->isWrapper() && UncheckedUnwrap(bufobj)->isArrayBuffer()) {
         Rooted<GlobalObject*> global(cx, cx->compartment->maybeGlobal());
         Rooted<JSObject*> proto(cx, global->getOrCreateDataViewPrototype(cx));
         if (!proto)
             return false;
 
         InvokeArgsGuard ag;
         if (!cx->stack.pushInvokeArgs(cx, args.length() + 1, &ag))
             return false;
@@ -3387,17 +3387,17 @@ JSFunctionSpec _typedArray::jsfuncs[] = 
       MOZ_ASSERT(byteoffset <= INT32_MAX);                                                   \
       Rooted<JSObject*> arrayBuffer(cx, arrayBuffer_);                                       \
       Rooted<JSObject*> proto(cx, NULL);                                                     \
       return TypedArrayTemplate<NativeType>::fromBuffer(cx, arrayBuffer, byteoffset, length, \
                                                         proto);                              \
   }                                                                                          \
   JS_FRIEND_API(JSBool) JS_Is ## Name ## Array(JSObject *obj)                                \
   {                                                                                          \
-      if (!(obj = UnwrapObjectChecked(obj)))                                                 \
+      if (!(obj = CheckedUnwrap(obj)))                                                 \
           return false;                                                                      \
       Class *clasp = obj->getClass();                                                        \
       return (clasp == &TypedArray::classes[TypedArrayTemplate<NativeType>::ArrayTypeID()]); \
   }
 
 IMPL_TYPED_ARRAY_JSAPI_CONSTRUCTORS(Int8, int8_t)
 IMPL_TYPED_ARRAY_JSAPI_CONSTRUCTORS(Uint8, uint8_t)
 IMPL_TYPED_ARRAY_JSAPI_CONSTRUCTORS(Uint8Clamped, uint8_clamped)
@@ -3408,17 +3408,17 @@ IMPL_TYPED_ARRAY_JSAPI_CONSTRUCTORS(Uint
 IMPL_TYPED_ARRAY_JSAPI_CONSTRUCTORS(Float32, float)
 IMPL_TYPED_ARRAY_JSAPI_CONSTRUCTORS(Float64, double)
 
 #define IMPL_TYPED_ARRAY_COMBINED_UNWRAPPERS(Name, ExternalType, InternalType)              \
   JS_FRIEND_API(JSObject *) JS_GetObjectAs ## Name ## Array(JSObject *obj,                  \
                                                             uint32_t *length,               \
                                                             ExternalType **data)            \
   {                                                                                         \
-      if (!(obj = UnwrapObjectChecked(obj)))                                                \
+      if (!(obj = CheckedUnwrap(obj)))                                                \
           return NULL;                                                                      \
                                                                                             \
       Class *clasp = obj->getClass();                                                       \
       if (clasp != &TypedArray::classes[TypedArrayTemplate<InternalType>::ArrayTypeID()])   \
           return NULL;                                                                      \
                                                                                             \
       *length = TypedArray::length(obj);                                                    \
       *data = static_cast<ExternalType *>(TypedArray::viewData(obj));                       \
@@ -3856,45 +3856,45 @@ js::IsTypedArrayBuffer(const Value &v)
     return v.isObject() && v.toObject().isArrayBuffer();
 }
 
 /* JS Friend API */
 
 JS_FRIEND_API(JSBool)
 JS_IsArrayBufferObject(JSObject *obj)
 {
-    obj = UnwrapObjectChecked(obj);
+    obj = CheckedUnwrap(obj);
     return obj ? obj->isArrayBuffer() : false;
 }
 
 JS_FRIEND_API(JSBool)
 JS_IsTypedArrayObject(JSObject *obj)
 {
-    obj = UnwrapObjectChecked(obj);
+    obj = CheckedUnwrap(obj);
     return obj ? obj->isTypedArray() : false;
 }
 
 JS_FRIEND_API(JSBool)
 JS_IsArrayBufferViewObject(JSObject *obj)
 {
-    obj = UnwrapObjectChecked(obj);
+    obj = CheckedUnwrap(obj);
     return obj ? (obj->isTypedArray() || obj->isDataView()) : false;
 }
 
 JS_FRIEND_API(uint32_t)
 JS_GetArrayBufferByteLength(JSObject *obj)
 {
-    obj = UnwrapObjectChecked(obj);
+    obj = CheckedUnwrap(obj);
     return obj ? obj->asArrayBuffer().byteLength() : 0;
 }
 
 JS_FRIEND_API(uint8_t *)
 JS_GetArrayBufferData(JSObject *obj)
 {
-    obj = UnwrapObjectChecked(obj);
+    obj = CheckedUnwrap(obj);
     if (!obj)
         return NULL;
     ArrayBufferObject &buffer = obj->asArrayBuffer();
     if (!buffer.uninlineData(NULL))
         return NULL;
     return buffer.dataPointer();
 }
 
@@ -3930,262 +3930,262 @@ JS_AllocateArrayBufferContents(JSContext
     *data = reinterpret_cast<uint8_t*>(header->elements());
     return true;
 }
 
 JS_PUBLIC_API(JSBool)
 JS_StealArrayBufferContents(JSContext *cx, JSObject *obj, void **contents,
                             uint8_t **data)
 {
-    if (!(obj = UnwrapObjectChecked(obj)))
+    if (!(obj = CheckedUnwrap(obj)))
         return false;
 
     if (!obj->isArrayBuffer()) {
         JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL, JSMSG_TYPED_ARRAY_BAD_ARGS);
         return false;
     }
 
     if (!ArrayBufferObject::stealContents(cx, obj, contents, data))
         return false;
 
     return true;
 }
 
 JS_FRIEND_API(uint32_t)
 JS_GetTypedArrayLength(JSObject *obj)
 {
-    obj = UnwrapObjectChecked(obj);
+    obj = CheckedUnwrap(obj);
     if (!obj)
         return 0;
     JS_ASSERT(obj->isTypedArray());
     return TypedArray::length(obj);
 }
 
 JS_FRIEND_API(uint32_t)
 JS_GetTypedArrayByteOffset(JSObject *obj)
 {
-    obj = UnwrapObjectChecked(obj);
+    obj = CheckedUnwrap(obj);
     if (!obj)
         return 0;
     JS_ASSERT(obj->isTypedArray());
     return TypedArray::byteOffset(obj);
 }
 
 JS_FRIEND_API(uint32_t)
 JS_GetTypedArrayByteLength(JSObject *obj)
 {
-    obj = UnwrapObjectChecked(obj);
+    obj = CheckedUnwrap(obj);
     if (!obj)
         return 0;
     JS_ASSERT(obj->isTypedArray());
     return TypedArray::byteLength(obj);
 }
 
 JS_FRIEND_API(JSArrayBufferViewType)
 JS_GetArrayBufferViewType(JSObject *obj)
 {
-    obj = UnwrapObjectChecked(obj);
+    obj = CheckedUnwrap(obj);
     if (!obj)
         return ArrayBufferView::TYPE_MAX;
 
     if (obj->isTypedArray())
         return static_cast<JSArrayBufferViewType>(TypedArray::type(obj));
     else if (obj->isDataView())
         return ArrayBufferView::TYPE_DATAVIEW;
     JS_NOT_REACHED("invalid ArrayBufferView type");
     return ArrayBufferView::TYPE_MAX;
 }
 
 JS_FRIEND_API(int8_t *)
 JS_GetInt8ArrayData(JSObject *obj)
 {
-    obj = UnwrapObjectChecked(obj);
+    obj = CheckedUnwrap(obj);
     if (!obj)
         return NULL;
     JS_ASSERT(obj->isTypedArray());
     JS_ASSERT(TypedArray::type(obj) == ArrayBufferView::TYPE_INT8);
     return static_cast<int8_t *>(TypedArray::viewData(obj));
 }
 
 JS_FRIEND_API(uint8_t *)
 JS_GetUint8ArrayData(JSObject *obj)
 {
-    obj = UnwrapObjectChecked(obj);
+    obj = CheckedUnwrap(obj);
     if (!obj)
         return NULL;
     JS_ASSERT(obj->isTypedArray());
     JS_ASSERT(TypedArray::type(obj) == ArrayBufferView::TYPE_UINT8);
     return static_cast<uint8_t *>(TypedArray::viewData(obj));
 }
 
 JS_FRIEND_API(uint8_t *)
 JS_GetUint8ClampedArrayData(JSObject *obj)
 {
-    obj = UnwrapObjectChecked(obj);
+    obj = CheckedUnwrap(obj);
     if (!obj)
         return NULL;
     JS_ASSERT(obj->isTypedArray());
     JS_ASSERT(TypedArray::type(obj) == ArrayBufferView::TYPE_UINT8_CLAMPED);
     return static_cast<uint8_t *>(TypedArray::viewData(obj));
 }
 
 JS_FRIEND_API(int16_t *)
 JS_GetInt16ArrayData(JSObject *obj)
 {
-    obj = UnwrapObjectChecked(obj);
+    obj = CheckedUnwrap(obj);
     if (!obj)
         return NULL;
     JS_ASSERT(obj->isTypedArray());
     JS_ASSERT(TypedArray::type(obj) == ArrayBufferView::TYPE_INT16);
     return static_cast<int16_t *>(TypedArray::viewData(obj));
 }
 
 JS_FRIEND_API(uint16_t *)
 JS_GetUint16ArrayData(JSObject *obj)
 {
-    obj = UnwrapObjectChecked(obj);
+    obj = CheckedUnwrap(obj);
     if (!obj)
         return NULL;
     JS_ASSERT(obj->isTypedArray());
     JS_ASSERT(TypedArray::type(obj) == ArrayBufferView::TYPE_UINT16);
     return static_cast<uint16_t *>(TypedArray::viewData(obj));
 }
 
 JS_FRIEND_API(int32_t *)
 JS_GetInt32ArrayData(JSObject *obj)
 {
-    obj = UnwrapObjectChecked(obj);
+    obj = CheckedUnwrap(obj);
     if (!obj)
         return NULL;
     JS_ASSERT(obj->isTypedArray());
     JS_ASSERT(TypedArray::type(obj) == ArrayBufferView::TYPE_INT32);
     return static_cast<int32_t *>(TypedArray::viewData(obj));
 }
 
 JS_FRIEND_API(uint32_t *)
 JS_GetUint32ArrayData(JSObject *obj)
 {
-    obj = UnwrapObjectChecked(obj);
+    obj = CheckedUnwrap(obj);
     if (!obj)
         return NULL;
     JS_ASSERT(obj->isTypedArray());
     JS_ASSERT(TypedArray::type(obj) == ArrayBufferView::TYPE_UINT32);
     return static_cast<uint32_t *>(TypedArray::viewData(obj));
 }
 
 JS_FRIEND_API(float *)
 JS_GetFloat32ArrayData(JSObject *obj)
 {
-    obj = UnwrapObjectChecked(obj);
+    obj = CheckedUnwrap(obj);
     if (!obj)
         return NULL;
     JS_ASSERT(obj->isTypedArray());
     JS_ASSERT(TypedArray::type(obj) == ArrayBufferView::TYPE_FLOAT32);
     return static_cast<float *>(TypedArray::viewData(obj));
 }
 
 JS_FRIEND_API(double *)
 JS_GetFloat64ArrayData(JSObject *obj)
 {
-    obj = UnwrapObjectChecked(obj);
+    obj = CheckedUnwrap(obj);
     if (!obj)
         return NULL;
     JS_ASSERT(obj->isTypedArray());
     JS_ASSERT(TypedArray::type(obj) == ArrayBufferView::TYPE_FLOAT64);
     return static_cast<double *>(TypedArray::viewData(obj));
 }
 
 JS_FRIEND_API(JSBool)
 JS_IsDataViewObject(JSObject *obj)
 {
-    obj = UnwrapObjectChecked(obj);
+    obj = CheckedUnwrap(obj);
     return obj ? obj->isDataView() : false;
 }
 
 JS_FRIEND_API(uint32_t)
 JS_GetDataViewByteOffset(JSObject *obj)
 {
-    obj = UnwrapObjectChecked(obj);
+    obj = CheckedUnwrap(obj);
     if (!obj)
         return 0;
     return obj->asDataView().byteOffset();
 }
 
 JS_FRIEND_API(void *)
 JS_GetDataViewData(JSObject *obj)
 {
-    obj = UnwrapObjectChecked(obj);
+    obj = CheckedUnwrap(obj);
     if (!obj)
         return NULL;
     JS_ASSERT(obj->isDataView());
     return obj->asDataView().dataPointer();
 }
 
 JS_FRIEND_API(uint32_t)
 JS_GetDataViewByteLength(JSObject *obj)
 {
-    obj = UnwrapObjectChecked(obj);
+    obj = CheckedUnwrap(obj);
     if (!obj)
         return 0;
     JS_ASSERT(obj->isDataView());
     return obj->asDataView().byteLength();
 }
 
 JS_FRIEND_API(void *)
 JS_GetArrayBufferViewData(JSObject *obj)
 {
-    obj = UnwrapObjectChecked(obj);
+    obj = CheckedUnwrap(obj);
     if (!obj)
         return NULL;
     JS_ASSERT(obj->isTypedArray() || obj->isDataView());
     return obj->isDataView() ? obj->asDataView().dataPointer() : TypedArray::viewData(obj);
 }
 
 JS_FRIEND_API(JSObject *)
 JS_GetArrayBufferViewBuffer(JSObject *obj)
 {
-    obj = UnwrapObjectChecked(obj);
+    obj = CheckedUnwrap(obj);
     if (!obj)
         return NULL;
     JS_ASSERT(obj->isTypedArray() || obj->isDataView());
     return &obj->getFixedSlot(BufferView::BUFFER_SLOT).toObject();
 }
 
 JS_FRIEND_API(uint32_t)
 JS_GetArrayBufferViewByteLength(JSObject *obj)
 {
-    obj = UnwrapObjectChecked(obj);
+    obj = CheckedUnwrap(obj);
     if (!obj)
         return 0;
     JS_ASSERT(obj->isTypedArray() || obj->isDataView());
     return obj->isDataView()
            ? obj->asDataView().byteLength()
            : TypedArray::byteLengthValue(obj).toInt32();
 }
 
 JS_FRIEND_API(JSObject *)
 JS_GetObjectAsArrayBufferView(JSObject *obj, uint32_t *length, uint8_t **data)
 {
-    if (!(obj = UnwrapObjectChecked(obj)))
+    if (!(obj = CheckedUnwrap(obj)))
         return NULL;
     if (!(obj->isTypedArray() || obj->isDataView()))
         return NULL;
 
     *length = obj->isDataView() ? obj->asDataView().byteLength()
                                 : TypedArray::byteLengthValue(obj).toInt32();
 
     *data = static_cast<uint8_t *>(obj->isDataView() ? obj->asDataView().dataPointer()
                                                      : TypedArray::viewData(obj));
     return obj;
 }
 
 JS_FRIEND_API(JSObject *)
 JS_GetObjectAsArrayBuffer(JSObject *obj, uint32_t *length, uint8_t **data)
 {
-   if (!(obj = UnwrapObjectChecked(obj)))
+   if (!(obj = CheckedUnwrap(obj)))
        return NULL;
     if (!obj->isArrayBuffer())
         return NULL;
 
     *length = obj->asArrayBuffer().byteLength();
     *data = obj->asArrayBuffer().dataPointer();
 
     return obj;
--- a/js/src/jsweakmap.cpp
+++ b/js/src/jsweakmap.cpp
@@ -334,17 +334,17 @@ WeakMap_set(JSContext *cx, unsigned argc
     CallArgs args = CallArgsFromVp(argc, vp);
     return CallNonGenericMethod<IsWeakMap, WeakMap_set_impl>(cx, args);
 }
 
 JS_FRIEND_API(JSBool)
 JS_NondeterministicGetWeakMapKeys(JSContext *cx, JSObject *objArg, JSObject **ret)
 {
     RootedObject obj(cx, objArg);
-    obj = UnwrapObject(obj);
+    obj = UncheckedUnwrap(obj);
     if (!obj || !obj->isWeakMap()) {
         *ret = NULL;
         return true;
     }
     RootedObject arr(cx, NewDenseEmptyArray(cx));
     if (!arr)
         return false;
     ObjectValueMap *map = GetObjectMap(obj);
--- a/js/src/jswrapper.cpp
+++ b/js/src/jswrapper.cpp
@@ -66,31 +66,31 @@ Wrapper::wrapperHandler(RawObject wrappe
 JSObject *
 Wrapper::wrappedObject(RawObject wrapper)
 {
     JS_ASSERT(wrapper->isWrapper());
     return GetProxyTargetObject(wrapper);
 }
 
 JS_FRIEND_API(JSObject *)
-js::UnwrapObject(JSObject *wrapped, bool stopAtOuter, unsigned *flagsp)
+js::UncheckedUnwrap(JSObject *wrapped, bool stopAtOuter, unsigned *flagsp)
 {
     unsigned flags = 0;
     while (wrapped->isWrapper() &&
            !JS_UNLIKELY(stopAtOuter && wrapped->getClass()->ext.innerObject)) {
         flags |= Wrapper::wrapperHandler(wrapped)->flags();
         wrapped = GetProxyPrivate(wrapped).toObjectOrNull();
     }
     if (flagsp)
         *flagsp = flags;
     return wrapped;
 }
 
 JS_FRIEND_API(JSObject *)
-js::UnwrapObjectChecked(RawObject obj, bool stopAtOuter)
+js::CheckedUnwrap(RawObject obj, bool stopAtOuter)
 {
     while (true) {
         JSObject *wrapper = obj;
         obj = UnwrapOneChecked(obj, stopAtOuter);
         if (!obj || obj == wrapper)
             return obj;
     }
 }
@@ -480,17 +480,17 @@ CrossCompartmentWrapper::construct(JSCon
 }
 
 bool
 CrossCompartmentWrapper::nativeCall(JSContext *cx, IsAcceptableThis test, NativeImpl impl,
                                     CallArgs srcArgs)
 {
     RootedObject wrapper(cx, &srcArgs.thisv().toObject());
     JS_ASSERT(srcArgs.thisv().isMagic(JS_IS_CONSTRUCTING) ||
-              !UnwrapObject(wrapper)->isCrossCompartmentWrapper());
+              !UncheckedUnwrap(wrapper)->isCrossCompartmentWrapper());
 
     RootedObject wrapped(cx, wrappedObject(wrapper));
     {
         AutoCompartment call(cx, wrapped);
         InvokeArgsGuard dstArgs;
         if (!cx->stack.pushInvokeArgs(cx, srcArgs.length(), &dstArgs))
             return false;
 
@@ -921,17 +921,17 @@ js::NukeCrossCompartmentWrappers(JSConte
         for (JSCompartment::WrapperEnum e(c); !e.empty(); e.popFront()) {
             // Some cross-compartment wrappers are for strings.  We're not
             // interested in those.
             const CrossCompartmentKey &k = e.front().key;
             if (k.kind != CrossCompartmentKey::ObjectWrapper)
                 continue;
 
             AutoWrapperRooter wobj(cx, WrapperValue(e));
-            JSObject *wrapped = UnwrapObject(wobj);
+            JSObject *wrapped = UncheckedUnwrap(wobj);
 
             if (nukeReferencesToWindow == DontNukeWindowReferences &&
                 wrapped->getClass()->ext.innerObject)
                 continue;
 
             if (targetFilter.match(wrapped->compartment())) {
                 // We found a wrapper to nuke.
                 e.removeFront();
--- a/js/src/jswrapper.h
+++ b/js/src/jswrapper.h
@@ -38,17 +38,17 @@ class JS_FRIEND_API(Wrapper) : public Di
         CROSS_COMPARTMENT = 1 << 0,
         LAST_USED_FLAG = CROSS_COMPARTMENT
     };
 
     /*
      * Wrappers can explicitly specify that they are unsafe to unwrap from a
      * security perspective (as is the case for SecurityWrappers). If a wrapper
      * is not safe to unwrap, operations requiring full access to the underlying
-     * object (via UnwrapObjectChecked) will throw. Otherwise, they will succeed.
+     * object (via CheckedUnwrap) will throw. Otherwise, they will succeed.
      */
     void setSafeToUnwrap(bool safe) { mSafeToUnwrap = safe; }
     virtual bool isSafeToUnwrap() { return mSafeToUnwrap; }
 
     static JSObject *New(JSContext *cx, JSObject *obj, JSObject *proto,
                          JSObject *parent, Wrapper *handler);
 
     static JSObject *Renew(JSContext *cx, JSObject *existing, JSObject *obj, Wrapper *handler);
@@ -219,24 +219,24 @@ IsWrapper(RawObject obj)
     return IsProxy(obj) && GetProxyHandler(obj)->family() == &sWrapperFamily;
 }
 
 // Given a JSObject, returns that object stripped of wrappers. If
 // stopAtOuter is true, then this returns the outer window if it was
 // previously wrapped. Otherwise, this returns the first object for
 // which JSObject::isWrapper returns false.
 JS_FRIEND_API(JSObject *)
-UnwrapObject(JSObject *obj, bool stopAtOuter = true, unsigned *flagsp = NULL);
+UncheckedUnwrap(JSObject *obj, bool stopAtOuter = true, unsigned *flagsp = NULL);
 
 // Given a JSObject, returns that object stripped of wrappers. At each stage,
 // the security wrapper has the opportunity to veto the unwrap. Since checked
 // code should never be unwrapping outer window wrappers, we always stop at
 // outer windows.
 JS_FRIEND_API(JSObject *)
-UnwrapObjectChecked(RawObject obj, bool stopAtOuter = true);
+CheckedUnwrap(RawObject obj, bool stopAtOuter = true);
 
 // Unwrap only the outermost security wrapper, with the same semantics as
 // above. This is the checked version of Wrapper::wrappedObject.
 JS_FRIEND_API(JSObject *)
 UnwrapOneChecked(RawObject obj, bool stopAtOuter = true);
 
 JS_FRIEND_API(bool)
 IsCrossCompartmentWrapper(RawObject obj);
--- a/js/src/shell/js.cpp
+++ b/js/src/shell/js.cpp
@@ -2279,17 +2279,17 @@ Clone(JSContext *cx, unsigned argc, jsva
         return false;
     }
 
     {
         Maybe<JSAutoCompartment> ac;
         RootedObject obj(cx, JSVAL_IS_PRIMITIVE(args[0]) ? NULL : &args[0].toObject());
 
         if (obj && IsCrossCompartmentWrapper(obj)) {
-            obj = UnwrapObject(obj);
+            obj = UncheckedUnwrap(obj);
             ac.construct(cx, obj);
             args[0] = ObjectValue(*obj);
         }
         if (obj && obj->isFunction()) {
             funobj = obj;
         } else {
             JSFunction *fun = JS_ValueToFunction(cx, args[0]);
             if (!fun)
@@ -2515,17 +2515,17 @@ EvalInContext(JSContext *cx, unsigned ar
     RootedScript script(cx);
     unsigned lineno;
 
     JS_DescribeScriptedCaller(cx, script.address(), &lineno);
     RootedValue rval(cx);
     {
         Maybe<JSAutoCompartment> ac;
         unsigned flags;
-        JSObject *unwrapped = UnwrapObject(sobj, true, &flags);
+        JSObject *unwrapped = UncheckedUnwrap(sobj, true, &flags);
         if (flags & Wrapper::CROSS_COMPARTMENT) {
             sobj = unwrapped;
             ac.construct(cx, sobj);
         }
 
         sobj = GetInnerObject(cx, sobj);
         if (!sobj)
             return false;
@@ -3455,17 +3455,17 @@ Deserialize(JSContext *cx, unsigned argc
 static JSObject *
 NewGlobalObject(JSContext *cx, JSObject *sameZoneAs);
 
 static JSBool
 NewGlobal(JSContext *cx, unsigned argc, jsval *vp)
 {
     JSObject *sameZoneAs = NULL;
     if (argc == 1 && JS_ARGV(cx, vp)[0].isObject())
-        sameZoneAs = UnwrapObject(&JS_ARGV(cx, vp)[0].toObject());
+        sameZoneAs = UncheckedUnwrap(&JS_ARGV(cx, vp)[0].toObject());
 
     RootedObject global(cx, NewGlobalObject(cx, sameZoneAs));
     if (!global)
         return false;
 
     if (!JS_WrapObject(cx, global.address()))
         return false;
 
--- a/js/src/vm/Debugger.cpp
+++ b/js/src/vm/Debugger.cpp
@@ -1858,17 +1858,17 @@ Debugger::unwrapDebuggeeArgument(JSConte
     if (obj->getClass() == &DebuggerObject_class) {
         RootedValue rv(cx, v);
         if (!unwrapDebuggeeValue(cx, &rv))
             return NULL;
         obj = &rv.toObject();
     }
 
     /* If we have a cross-compartment wrapper, dereference as far as is secure. */
-    obj = UnwrapObjectChecked(obj);
+    obj = CheckedUnwrap(obj);
     if (!obj) {
         JS_ReportError(cx, "Permission denied to access object");
         return NULL;
     }
 
     /* If that produced an outer window, innerize it. */
     obj = GetInnerObject(cx, obj);
     if (!obj)
@@ -4716,17 +4716,17 @@ DebuggerObject_makeDebuggeeValue(JSConte
 }
 
 static bool
 RequireGlobalObject(JSContext *cx, HandleValue dbgobj, HandleObject obj)
 {
     if (!obj->isGlobal()) {
         /* Help the poor programmer by pointing out wrappers around globals. */
         if (obj->isWrapper()) {
-            JSObject *unwrapped = js::UnwrapObject(obj);
+            JSObject *unwrapped = js::UncheckedUnwrap(obj);
             if (unwrapped->isGlobal()) {
                 js_ReportValueErrorFlags(cx, JSREPORT_ERROR, JSMSG_DEBUG_WRAPPER_IN_WAY,
                                          JSDVG_SEARCH_STACK, dbgobj, NullPtr(),
                                          "a global object", NULL);
                 return false;
             }
         }
 
--- a/js/xpconnect/src/XPCCallContext.cpp
+++ b/js/xpconnect/src/XPCCallContext.cpp
@@ -147,17 +147,17 @@ XPCCallContext::Init(XPCContext::LangTyp
     mMethodIndex = 0xDEAD;
 
     mState = HAVE_OBJECT;
 
     mTearOff = nullptr;
     if (wrapperInitOptions == INIT_SHOULD_LOOKUP_WRAPPER) {
         // If the object is a security wrapper, GetWrappedNativeOfJSObject can't
         // handle it. Do special handling here to make cross-origin Xrays work.
-        JSObject *unwrapped = js::UnwrapObjectChecked(obj, /* stopAtOuter = */ false);
+        JSObject *unwrapped = js::CheckedUnwrap(obj, /* stopAtOuter = */ false);
         if (!unwrapped) {
             mWrapper = UnwrapThisIfAllowed(obj, funobj, argc);
             if (!mWrapper) {
                 JS_ReportError(mJSContext, "Permission denied to call method on |this|");
                 mState = INIT_FAILED;
                 return;
             }
         } else {
@@ -458,17 +458,17 @@ XPCLazyCallContext::AssertContextIsTopOf
 }
 #endif
 
 XPCWrappedNative*
 XPCCallContext::UnwrapThisIfAllowed(JSObject *object, JSObject *fun, unsigned argc)
 {
     JS::Rooted<JSObject *> obj(mJSContext, object);
     // We should only get here for objects that aren't safe to unwrap.
-    MOZ_ASSERT(!js::UnwrapObjectChecked(obj));
+    MOZ_ASSERT(!js::CheckedUnwrap(obj));
     MOZ_ASSERT(js::IsObjectInContextCompartment(obj, mJSContext));
 
     // We can't do anything here without a function.
     if (!fun)
         return nullptr;
 
     // Determine if we're allowed to unwrap the security wrapper to invoke the
     // method.
@@ -477,17 +477,17 @@ XPCCallContext::UnwrapThisIfAllowed(JSOb
     // unfortunately our access checks are based on the object class name and
     // property name. So we cheat a little bit here - we verify that the object
     // does indeed implement the method's Interface, and then just check that we
     // can successfully access property with method's name from the object.
 
     // First, get the XPCWN out of the underlying object. We should have a wrapper
     // here, potentially an outer window proxy, and then an XPCWN.
     MOZ_ASSERT(js::IsWrapper(obj));
-    JSObject *unwrapped = js::UnwrapObject(obj, /* stopAtOuter = */ false);
+    JSObject *unwrapped = js::UncheckedUnwrap(obj, /* stopAtOuter = */ false);
     MOZ_ASSERT(unwrapped == JS_ObjectToInnerObject(mJSContext, js::Wrapper::wrappedObject(obj)));
 
     // Make sure we have an XPCWN, and grab it.
     MOZ_ASSERT(!IS_SLIM_WRAPPER(unwrapped), "security wrapping morphs slim wrappers");
     if (!IS_WRAPPER_CLASS(js::GetObjectClass(unwrapped)))
         return nullptr;
     XPCWrappedNative *wn = (XPCWrappedNative*)js::GetObjectPrivate(unwrapped);
 
--- a/js/xpconnect/src/XPCComponents.cpp
+++ b/js/xpconnect/src/XPCComponents.cpp
@@ -2743,17 +2743,17 @@ nsXPCComponents_Utils::LookupMethod(cons
     if (!JSVAL_IS_STRING(name))
         return NS_ERROR_XPC_BAD_CONVERT_JS;
     JSString *methodName = name.toString();
     RootedId methodId(cx, INTERNED_STRING_TO_JSID(cx, JS_InternJSString(cx, methodName)));
 
     // If |obj| is a security wrapper, try to unwrap it. If this fails, we
     // don't have full acccess to the object, in which case we throw.
     // Otherwise, enter a compartment, since we may have just unwrapped a CCW.
-    obj = js::UnwrapObjectChecked(obj);
+    obj = js::CheckedUnwrap(obj);
     if (!obj) {
         JS_ReportError(cx, "Permission denied to unwrap object");
         return NS_ERROR_XPC_BAD_CONVERT_JS;
     }
     {
         // Enter the target compartment.
         JSAutoCompartment ac(cx, obj);
 
@@ -3346,17 +3346,17 @@ xpc_CreateSandboxObject(JSContext *cx, j
 
                 return rv;
             }
         }
         MOZ_ASSERT(principal);
     }
 
     JS::ZoneSpecifier zoneSpec = options.sameZoneAs
-                                 ? JS::SameZoneAs(js::UnwrapObject(options.sameZoneAs))
+                                 ? JS::SameZoneAs(js::UncheckedUnwrap(options.sameZoneAs))
                                  : JS::SystemZone;
     RootedObject sandbox(cx, xpc::CreateGlobalObject(cx, &SandboxClass, principal, zoneSpec));
     if (!sandbox)
         return NS_ERROR_FAILURE;
 
     // Set up the wantXrays flag, which indicates whether xrays are desired even
     // for same-origin access.
     //
@@ -3382,17 +3382,17 @@ xpc_CreateSandboxObject(JSContext *cx, j
             if (xpc::WrapperFactory::IsXrayWrapper(options.proto) && !options.wantXrays) {
                 RootedValue v(cx, ObjectValue(*options.proto));
                 if (!xpc::WrapperFactory::WaiveXrayAndWrap(cx, v.address()))
                     return NS_ERROR_FAILURE;
                 options.proto = &v.toObject();
             }
 
             // Now check what sort of thing we've got in |proto|
-            JSObject *unwrappedProto = js::UnwrapObject(options.proto, false);
+            JSObject *unwrappedProto = js::UncheckedUnwrap(options.proto, false);
             js::Class *unwrappedClass = js::GetObjectClass(unwrappedProto);
             if (IS_WRAPPER_CLASS(unwrappedClass) ||
                 mozilla::dom::IsDOMClass(Jsvalify(unwrappedClass))) {
                 // Wrap it up in a proxy that will do the right thing in terms
                 // of this-binding for methods.
                 options.proto = js::NewProxyObject(cx, &xpc::sandboxProxyHandler,
                                                    ObjectValue(*options.proto), nullptr,
                                                    sandbox);
@@ -3951,17 +3951,17 @@ xpc_EvalInSandbox(JSContext *cx, HandleO
                   const char *filename, int32_t lineNo,
                   JSVersion jsVersion, bool returnStringOnly, MutableHandleValue rval)
 {
     JS_AbortIfWrongThread(JS_GetRuntime(cx));
     JSAutoRequest ar(cx);
     rval.set(UndefinedValue());
 
     bool waiveXray = xpc::WrapperFactory::HasWaiveXrayFlag(sandboxArg);
-    RootedObject sandbox(cx, js::UnwrapObjectChecked(sandboxArg));
+    RootedObject sandbox(cx, js::CheckedUnwrap(sandboxArg));
     if (!sandbox || js::GetObjectJSClass(sandbox) != &SandboxClass) {
         return NS_ERROR_INVALID_ARG;
     }
 
     nsIScriptObjectPrincipal *sop =
         (nsIScriptObjectPrincipal*)xpc_GetJSPrivate(sandbox);
     NS_ASSERTION(sop, "Invalid sandbox passed");
     nsCOMPtr<nsIPrincipal> prin = sop->GetPrincipal();
@@ -4211,17 +4211,17 @@ nsXPCComponents_Utils::GetGlobalForObjec
     return NS_ERROR_XPC_BAD_CONVERT_JS;
 
   // Wrappers are parented to their the global in their home compartment. But
   // when getting the global for a cross-compartment wrapper, we really want
   // a wrapper for the foreign global. So we need to unwrap before getting the
   // parent, enter the compartment for the duration of the call, and wrap the
   // result.
   JS::Rooted<JSObject*> obj(cx, JSVAL_TO_OBJECT(object));
-  obj = js::UnwrapObject(obj);
+  obj = js::UncheckedUnwrap(obj);
   {
     JSAutoCompartment ac(cx, obj);
     obj = JS_GetGlobalForObject(cx, obj);
   }
   JS_WrapObject(cx, obj.address());
   *retval = OBJECT_TO_JSVAL(obj);
 
   // Outerize if necessary.
@@ -4237,17 +4237,17 @@ nsXPCComponents_Utils::CreateObjectIn(co
 {
     if (!cx)
         return NS_ERROR_FAILURE;
 
     // first argument must be an object
     if (vobj.isPrimitive())
         return NS_ERROR_XPC_BAD_CONVERT_JS;
 
-    RootedObject scope(cx, js::UnwrapObject(&vobj.toObject()));
+    RootedObject scope(cx, js::UncheckedUnwrap(&vobj.toObject()));
     RootedObject obj(cx);
     {
         JSAutoCompartment ac(cx, scope);
         obj = JS_NewObject(cx, nullptr, nullptr, scope);
         if (!obj)
             return NS_ERROR_FAILURE;
     }
 
@@ -4264,17 +4264,17 @@ nsXPCComponents_Utils::CreateArrayIn(con
 {
     if (!cx)
         return NS_ERROR_FAILURE;
 
     // first argument must be an object
     if (vobj.isPrimitive())
         return NS_ERROR_XPC_BAD_CONVERT_JS;
 
-    RootedObject scope(cx, js::UnwrapObject(&vobj.toObject()));
+    RootedObject scope(cx, js::UncheckedUnwrap(&vobj.toObject()));
     RootedObject obj(cx);
     {
         JSAutoCompartment ac(cx, scope);
         obj =  JS_NewArrayObject(cx, 0, NULL);
         if (!obj)
             return NS_ERROR_FAILURE;
     }
 
@@ -4291,17 +4291,17 @@ nsXPCComponents_Utils::CreateDateIn(cons
 {
     if (!cx)
         return NS_ERROR_FAILURE;
 
     // first argument must be an object
     if (JSVAL_IS_PRIMITIVE(vobj))
         return NS_ERROR_XPC_BAD_CONVERT_JS;
 
-    JSObject *scope = js::UnwrapObject(JSVAL_TO_OBJECT(vobj));
+    JSObject *scope = js::UncheckedUnwrap(JSVAL_TO_OBJECT(vobj));
     JSObject *obj;
     {
         JSAutoCompartment ac(cx, scope);
         obj =  JS_NewDateObjectMsec(cx, msec);
         if (!obj)
             return NS_ERROR_FAILURE;
     }
 
@@ -4347,18 +4347,17 @@ nsXPCComponents_Utils::MakeObjectPropsNo
 {
     if (!cx)
         return NS_ERROR_FAILURE;
 
     // first argument must be an object
     if (vobj.isPrimitive())
         return NS_ERROR_XPC_BAD_CONVERT_JS;
 
-    RootedObject obj(cx, js::UnwrapObject(&vobj.toObject()));
-
+    RootedObject obj(cx, js::UncheckedUnwrap(&vobj.toObject()));
     JSAutoCompartment ac(cx, obj);
     JS::AutoIdArray ida(cx, JS_Enumerate(cx, obj));
     if (!ida)
         return NS_ERROR_FAILURE;
 
     RootedId id(cx);
     RootedValue v(cx);
     for (size_t i = 0; i < ida.length(); ++i) {
@@ -4395,17 +4394,17 @@ nsXPCComponents_Utils::IsDeadWrapper(con
 }
 
 /* void recomputerWrappers(jsval vobj); */
 NS_IMETHODIMP
 nsXPCComponents_Utils::RecomputeWrappers(const jsval &vobj, JSContext *cx)
 {
     // Determine the compartment of the given object, if any.
     JSCompartment *c = vobj.isObject()
-                       ? js::GetObjectCompartment(js::UnwrapObject(&vobj.toObject()))
+                       ? js::GetObjectCompartment(js::UncheckedUnwrap(&vobj.toObject()))
                        : NULL;
 
     // If no compartment was given, recompute all.
     if (!c)
         js::RecomputeWrappers(cx, js::AllCompartments(), js::AllCompartments());
     // Otherwise, recompute wrappers for the given compartment.
     else
         js::RecomputeWrappers(cx, js::SingleCompartment(c), js::AllCompartments()) &&
@@ -4415,33 +4414,33 @@ nsXPCComponents_Utils::RecomputeWrappers
 }
 
 /* jsval setWantXrays(jsval vscope); */
 NS_IMETHODIMP
 nsXPCComponents_Utils::SetWantXrays(const jsval &vscope, JSContext *cx)
 {
     if (!vscope.isObject())
         return NS_ERROR_INVALID_ARG;
-    JSObject *scopeObj = js::UnwrapObject(&vscope.toObject());
+    JSObject *scopeObj = js::UncheckedUnwrap(&vscope.toObject());
     JSCompartment *compartment = js::GetObjectCompartment(scopeObj);
     EnsureCompartmentPrivate(scopeObj)->wantXrays = true;
     bool ok = js::RecomputeWrappers(cx, js::SingleCompartment(compartment),
                                     js::AllCompartments());
     NS_ENSURE_TRUE(ok, NS_ERROR_FAILURE);
     return NS_OK;
 }
 
 /* jsval getComponentsForScope(jsval vscope); */
 NS_IMETHODIMP
 nsXPCComponents_Utils::GetComponentsForScope(const jsval &vscope, JSContext *cx,
                                              jsval *rval)
 {
     if (!vscope.isObject())
         return NS_ERROR_INVALID_ARG;
-    JSObject *scopeObj = js::UnwrapObject(&vscope.toObject());
+    JSObject *scopeObj = js::UncheckedUnwrap(&vscope.toObject());
     XPCWrappedNativeScope *scope = GetObjectScope(scopeObj);
     XPCCallContext ccx(NATIVE_CALLER, cx);
     JSObject *components = scope->GetComponentsJSObject(ccx);
     if (!components)
         return NS_ERROR_FAILURE;
     *rval = ObjectValue(*components);
     if (!JS_WrapValue(cx, rval))
         return NS_ERROR_FAILURE;
@@ -4451,17 +4450,17 @@ nsXPCComponents_Utils::GetComponentsForS
 NS_IMETHODIMP
 nsXPCComponents_Utils::Dispatch(const jsval &runnable_, const jsval &scope,
                                 JSContext *cx)
 {
     // Enter the given compartment, if any, and rewrap runnable.
     Maybe<JSAutoCompartment> ac;
     RootedValue runnable(cx, runnable_);
     if (scope.isObject()) {
-        JSObject *scopeObj = js::UnwrapObject(&scope.toObject());
+        JSObject *scopeObj = js::UncheckedUnwrap(&scope.toObject());
         if (!scopeObj)
             return NS_ERROR_FAILURE;
         ac.construct(cx, scopeObj);
         if (!JS_WrapValue(cx, runnable.address()))
             return NS_ERROR_FAILURE;
     }
 
     // Get an XPCWrappedJS for |runnable|.
@@ -4565,17 +4564,17 @@ nsXPCComponents_Utils::SetGCZeal(int32_t
 }
 
 NS_IMETHODIMP
 nsXPCComponents_Utils::NukeSandbox(const JS::Value &obj, JSContext *cx)
 {
     NS_ENSURE_TRUE(obj.isObject(), NS_ERROR_INVALID_ARG);
     JSObject *wrapper = &obj.toObject();
     NS_ENSURE_TRUE(IsWrapper(wrapper), NS_ERROR_INVALID_ARG);
-    JSObject *sb = UnwrapObject(wrapper);
+    JSObject *sb = UncheckedUnwrap(wrapper);
     NS_ENSURE_TRUE(GetObjectJSClass(sb) == &SandboxClass, NS_ERROR_INVALID_ARG);
     NukeCrossCompartmentWrappers(cx, AllCompartments(),
                                  SingleCompartment(GetObjectCompartment(sb)),
                                  NukeWindowReferences);
     return NS_OK;
 }
 
 NS_IMETHODIMP
--- a/js/xpconnect/src/XPCConvert.cpp
+++ b/js/xpconnect/src/XPCConvert.cpp
@@ -1026,25 +1026,25 @@ XPCConvert::JSObject2NativeInterface(JSC
         // Note that if we have a non-null aOuter then it means that we are
         // forcing the creation of a wrapper even if the object *is* a
         // wrappedNative or other wise has 'nsISupportness'.
         // This allows wrapJSAggregatedToNative to work.
 
         // If we're looking at a security wrapper, see now if we're allowed to
         // pass it to C++. If we are, then fall through to the code below. If
         // we aren't, throw an exception eagerly.
-        JSObject* inner = js::UnwrapObjectChecked(src, /* stopAtOuter = */ false);
+        JSObject* inner = js::CheckedUnwrap(src, /* stopAtOuter = */ false);
 
         // Hack - For historical reasons, wrapped chrome JS objects have been
         // passable as native interfaces. We'd like to fix this, but it
         // involves fixing the contacts API and PeerConnection to stop using
         // COWs. This needs to happen, but for now just preserve the old
         // behavior.
         if (!inner && MOZ_UNLIKELY(xpc::WrapperFactory::IsCOW(src)))
-            inner = js::UnwrapObject(src);
+            inner = js::UncheckedUnwrap(src);
         if (!inner) {
             if (pErr)
                 *pErr = NS_ERROR_XPC_SECURITY_MANAGER_VETO;
             return false;
         }
 
         // Is this really a native xpcom object with a wrapper?
         XPCWrappedNative* wrappedNative = nullptr;
@@ -1171,17 +1171,17 @@ XPCConvert::JSValToXPCException(XPCCallC
         JSObject* obj = JSVAL_TO_OBJECT(s);
 
         if (!obj) {
             NS_ERROR("when is an object not an object?");
             return NS_ERROR_FAILURE;
         }
 
         // is this really a native xpcom object with a wrapper?
-        JSObject *unwrapped = js::UnwrapObjectChecked(obj, /* stopAtOuter = */ false);
+        JSObject *unwrapped = js::CheckedUnwrap(obj, /* stopAtOuter = */ false);
         if (!unwrapped)
             return NS_ERROR_XPC_SECURITY_MANAGER_VETO;
         XPCWrappedNative* wrapper = IS_WN_WRAPPER(unwrapped) ? XPCWrappedNative::Get(unwrapped)
                                                              : nullptr;
         if (wrapper) {
             nsISupports* supports = wrapper->GetIdentityObject();
             nsCOMPtr<nsIException> iface = do_QueryInterface(supports);
             if (iface) {
--- a/js/xpconnect/src/XPCJSID.cpp
+++ b/js/xpconnect/src/XPCJSID.cpp
@@ -452,17 +452,17 @@ nsJSIID::Enumerate(nsIXPConnectWrappedNa
 /*
  * HasInstance hooks need to find an appropriate reflector in order to function
  * properly. There are two complexities that we need to handle:
  *
  * 1 - Cross-compartment wrappers. Chrome uses over 100 compartments, all with
  *     system principal. The success of an instanceof check should not depend
  *     on which compartment an object comes from. At the same time, we want to
  *     make sure we don't unwrap important security wrappers.
- *     UnwrapObjectChecked does the right thing here.
+ *     CheckedUnwrap does the right thing here.
  *
  * 2 - Prototype chains. Suppose someone creates a vanilla JS object |a| and
  *     sets its __proto__ to some WN |b|. If |b instanceof nsIFoo| returns true,
  *     one would expect |a instanceof nsIFoo| to return true as well, since
  *     instanceof is transitive up the prototype chain in ECMAScript. Moreover,
  *     there's chrome code that relies on this.
  *
  * This static method handles both complexities, returning either an XPCWN, a
@@ -470,17 +470,17 @@ nsJSIID::Enumerate(nsIXPConnectWrappedNa
  * from |cx|.
  */
 static JSObject *
 FindObjectForHasInstance(JSContext *cx, JSObject *obj)
 {
     while (obj && !IS_WRAPPER_CLASS(js::GetObjectClass(obj)) && !IsDOMObject(obj))
     {
         if (js::IsWrapper(obj))
-            obj = js::UnwrapObjectChecked(obj, /* stopAtOuter = */ false);
+            obj = js::CheckedUnwrap(obj, /* stopAtOuter = */ false);
         else if (!js::GetObjectProto(cx, obj, &obj))
             return nullptr;
     }
     return obj;
 }
 
 
 /* bool hasInstance (in nsIXPConnectWrappedNative wrapper, in JSContextPtr cx, in JSObjectPtr obj, in jsval val, out bool bp); */
@@ -904,17 +904,17 @@ xpc_NewIDObject(JSContext *cx, JSObject*
 const nsID*
 xpc_JSObjectToID(JSContext *cx, JSObject* obj)
 {
     if (!cx || !obj)
         return nullptr;
 
     // NOTE: this call does NOT addref
     XPCWrappedNative* wrapper = nullptr;
-    obj = js::UnwrapObjectChecked(obj);
+    obj = js::CheckedUnwrap(obj);
     if (obj && IS_WN_WRAPPER(obj))
         wrapper = XPCWrappedNative::Get(obj);
     if (wrapper &&
         (wrapper->HasInterfaceNoQI(NS_GET_IID(nsIJSID))  ||
          wrapper->HasInterfaceNoQI(NS_GET_IID(nsIJSIID)) ||
          wrapper->HasInterfaceNoQI(NS_GET_IID(nsIJSCID)))) {
         return ((nsIJSID*)wrapper->GetIdentityObject())->GetID();
     }
@@ -922,17 +922,17 @@ xpc_JSObjectToID(JSContext *cx, JSObject
 }
 
 JSBool
 xpc_JSObjectIsID(JSContext *cx, JSObject* obj)
 {
     NS_ASSERTION(cx && obj, "bad param");
     // NOTE: this call does NOT addref
     XPCWrappedNative* wrapper = nullptr;
-    obj = js::UnwrapObjectChecked(obj);
+    obj = js::CheckedUnwrap(obj);
     if (obj && IS_WN_WRAPPER(obj))
         wrapper = XPCWrappedNative::Get(obj);
     return wrapper &&
            (wrapper->HasInterfaceNoQI(NS_GET_IID(nsIJSID))  ||
             wrapper->HasInterfaceNoQI(NS_GET_IID(nsIJSIID)) ||
             wrapper->HasInterfaceNoQI(NS_GET_IID(nsIJSCID)));
 }
 
--- a/js/xpconnect/src/XPCJSRuntime.cpp
+++ b/js/xpconnect/src/XPCJSRuntime.cpp
@@ -3025,17 +3025,17 @@ XPCJSRuntime::GetJunkScope()
         options.sandboxName.AssignASCII("XPConnect Junk Compartment");
         JSAutoRequest ac(cx);
         nsresult rv = xpc_CreateSandboxObject(cx, &v,
                                               nsContentUtils::GetSystemPrincipal(),
                                               options);
 
         NS_ENSURE_SUCCESS(rv, nullptr);
 
-        mJunkScope = js::UnwrapObject(&v.toObject());
+        mJunkScope = js::UncheckedUnwrap(&v.toObject());
         JS_AddNamedObjectRoot(cx, &mJunkScope, "XPConnect Junk Compartment");
     }
     return mJunkScope;
 }
 
 void
 XPCJSRuntime::DeleteJunkScope()
 {
--- a/js/xpconnect/src/XPCQuickStubs.cpp
+++ b/js/xpconnect/src/XPCQuickStubs.cpp
@@ -540,19 +540,19 @@ getWrapper(JSContext *cx,
            XPCWrappedNativeTearOff **tearoff)
 {
     // We can have at most three layers in need of unwrapping here:
     // * A (possible) security wrapper
     // * A (possible) Xray waiver
     // * A (possible) outer window
     //
     // If we pass stopAtOuter == false, we can handle all three with one call
-    // to js::UnwrapObjectChecked.
+    // to js::CheckedUnwrap.
     if (js::IsWrapper(obj)) {
-        obj = js::UnwrapObjectChecked(obj, /* stopAtOuter = */ false);
+        obj = js::CheckedUnwrap(obj, /* stopAtOuter = */ false);
 
         // The safe unwrap might have failed if we encountered an object that
         // we're not allowed to unwrap. If it didn't fail though, we should be
         // done with wrappers.
         if (!obj)
             return NS_ERROR_XPC_SECURITY_MANAGER_VETO;
         MOZ_ASSERT(!js::IsWrapper(obj));
     }
--- a/js/xpconnect/src/XPCVariant.cpp
+++ b/js/xpconnect/src/XPCVariant.cpp
@@ -35,17 +35,17 @@ XPCVariant::XPCVariant(JSContext* cx, js
         // some later point after teardown, which would crash. This is shouldn't
         // be a problem anymore because SetParentToWindow will do the right
         // thing, but I'm saving the cleanup here for another day. Blake thinks
         // that we should just not store the WN if we're creating a variant for
         // an outer window.
         JSObject *obj = JS_ObjectToInnerObject(cx, JSVAL_TO_OBJECT(mJSVal));
         mJSVal = OBJECT_TO_JSVAL(obj);
 
-        JSObject *unwrapped = js::UnwrapObjectChecked(obj, /* stopAtOuter = */ false);
+        JSObject *unwrapped = js::CheckedUnwrap(obj, /* stopAtOuter = */ false);
         mReturnRawObject = !(unwrapped && IS_WN_WRAPPER(unwrapped));
     } else
         mReturnRawObject = false;
 }
 
 XPCTraceableVariant::~XPCTraceableVariant()
 {
     jsval val = GetJSValPreserveColor();
--- a/js/xpconnect/src/XPCWrappedJSClass.cpp
+++ b/js/xpconnect/src/XPCWrappedJSClass.cpp
@@ -747,17 +747,17 @@ nsXPCWrappedJSClass::DelegatedQueryInter
 
 JSObject*
 nsXPCWrappedJSClass::GetRootJSObject(JSContext* cx, JSObject* aJSObj)
 {
     JSObject* result = CallQueryInterfaceOnJSObject(cx, aJSObj,
                                                     NS_GET_IID(nsISupports));
     if (!result)
         return aJSObj;
-    JSObject* inner = js::UnwrapObject(result);
+    JSObject* inner = js::UncheckedUnwrap(result);
     if (inner)
         return inner;
     return result;
 }
 
 void
 xpcWrappedJSErrorReporter(JSContext *cx, const char *message,
                           JSErrorReport *report)
--- a/js/xpconnect/src/XPCWrappedNative.cpp
+++ b/js/xpconnect/src/XPCWrappedNative.cpp
@@ -1680,17 +1680,17 @@ RescueOrphans(XPCCallContext& ccx, JSObj
     // compartment and fix it up there. We'll fix up |this| afterwards.
     //
     // NB: We pass stopAtOuter=false during the unwrap because Location objects
     // are parented to outer window proxies.
     nsresult rv;
     JSObject *parentObj = js::GetObjectParent(obj);
     if (!parentObj)
         return NS_OK; // Global object. We're done.
-    parentObj = js::UnwrapObject(parentObj, /* stopAtOuter = */ false);
+    parentObj = js::UncheckedUnwrap(parentObj, /* stopAtOuter = */ false);
 
     // PreCreate may touch dead compartments.
     js::AutoMaybeTouchDeadZones agc(parentObj);
 
     bool isWN = IS_WRAPPER_CLASS(js::GetObjectClass(obj));
 
     // There's one little nasty twist here. For reasons described in bug 752764,
     // we nuke SOW-ed objects after transplanting them. This means that nodes
@@ -1725,17 +1725,17 @@ RescueOrphans(XPCCallContext& ccx, JSObj
 
     // Now that we know our parent is in the right place, determine if we've
     // been orphaned. If not, we have nothing to do.
     if (!js::IsCrossCompartmentWrapper(parentObj))
         return NS_OK;
 
     // We've been orphaned. Find where our parent went, and follow it.
     if (isWN) {
-        JSObject *realParent = js::UnwrapObject(parentObj);
+        JSObject *realParent = js::UncheckedUnwrap(parentObj);
         XPCWrappedNative *wn =
             static_cast<XPCWrappedNative*>(js::GetObjectPrivate(obj));
         return wn->ReparentWrapperIfFound(ccx, GetObjectScope(parentObj),
                                           GetObjectScope(realParent),
                                           realParent, wn->GetIdentityObject());
     }
 
     return ReparentWrapper(ccx, obj);
--- a/js/xpconnect/src/XPCWrappedNativeInfo.cpp
+++ b/js/xpconnect/src/XPCWrappedNativeInfo.cpp
@@ -13,17 +13,17 @@
 // XPCNativeMember
 
 // static
 JSBool
 XPCNativeMember::GetCallInfo(JSObject* funobj,
                              XPCNativeInterface** pInterface,
                              XPCNativeMember**    pMember)
 {
-    funobj = js::UnwrapObject(funobj);
+    funobj = js::UncheckedUnwrap(funobj);
     jsval ifaceVal = js::GetFunctionNativeReserved(funobj, 0);
     jsval memberVal = js::GetFunctionNativeReserved(funobj, 1);
 
     *pInterface = (XPCNativeInterface*) JSVAL_TO_PRIVATE(ifaceVal);
     *pMember = (XPCNativeMember*) JSVAL_TO_PRIVATE(memberVal);
 
     return true;
 }
--- a/js/xpconnect/src/XPCWrappedNativeJSOps.cpp
+++ b/js/xpconnect/src/XPCWrappedNativeJSOps.cpp
@@ -845,17 +845,17 @@ XPC_WN_MaybeResolvingStrictPropertyStub(
         XPCWrappedNative::GetAndMorphWrappedNativeOfJSObject(cx, obj);        \
     THROW_AND_RETURN_IF_BAD_WRAPPER(cx, wrapper);                             \
     bool retval = true;                                                       \
     nsresult rv = wrapper->GetScriptableCallback()->
 
 #define PRE_HELPER_STUB                                                       \
     XPCWrappedNative* wrapper;                                                \
     nsIXPCScriptable* si;                                                     \
-    JSObject *unwrapped = js::UnwrapObjectChecked(obj, false);                \
+    JSObject *unwrapped = js::CheckedUnwrap(obj, false);                \
     if (!unwrapped) {                                                         \
         JS_ReportError(cx, "Permission denied to operate on object.");        \
         return false;                                                         \
     }                                                                         \
     if (!IS_WRAPPER_CLASS(js::GetObjectClass(unwrapped))) {                   \
         return Throw(NS_ERROR_XPC_BAD_OP_ON_WN_PROTO, cx);                    \
     }                                                                         \
     if (IS_SLIM_WRAPPER_OBJECT(unwrapped)) {                                  \
--- a/js/xpconnect/src/XPCWrappedNativeScope.cpp
+++ b/js/xpconnect/src/XPCWrappedNativeScope.cpp
@@ -256,30 +256,30 @@ XPCWrappedNativeScope::EnsureXBLScope(JS
     // Create the sandbox.
     JSAutoRequest ar(cx);
     JS::RootedValue v(cx, JS::UndefinedValue());
     nsresult rv = xpc_CreateSandboxObject(cx, v.address(), ep, options);
     NS_ENSURE_SUCCESS(rv, nullptr);
     mXBLScope = &v.toObject();
 
     // Tag it.
-    EnsureCompartmentPrivate(js::UnwrapObject(mXBLScope))->scope->mIsXBLScope = true;
+    EnsureCompartmentPrivate(js::UncheckedUnwrap(mXBLScope))->scope->mIsXBLScope = true;
 
     // Good to go!
     return mXBLScope;
 }
 
 namespace xpc {
 JSObject *GetXBLScope(JSContext *cx, JSObject *contentScope_)
 {
     JS::RootedObject contentScope(cx, contentScope_);
     JSAutoCompartment ac(cx, contentScope);
     JSObject *scope = EnsureCompartmentPrivate(contentScope)->scope->EnsureXBLScope(cx);
     NS_ENSURE_TRUE(scope, nullptr); // See bug 858642.
-    scope = js::UnwrapObject(scope);
+    scope = js::UncheckedUnwrap(scope);
     xpc_UnmarkGrayObject(scope);
     return scope;
 }
 
 bool AllowXBLScope(JSCompartment *c)
 {
   XPCWrappedNativeScope *scope = EnsureCompartmentPrivate(c)->scope;
   return scope && scope->AllowXBLScope();
--- a/js/xpconnect/src/XPCWrapper.cpp
+++ b/js/xpconnect/src/XPCWrapper.cpp
@@ -59,17 +59,17 @@ XrayWrapperConstructor(JSContext *cx, un
   }
 
   JSObject *obj = JSVAL_TO_OBJECT(vp[2]);
   if (!js::IsWrapper(obj)) {
     *vp = OBJECT_TO_JSVAL(obj);
     return true;
   }
 
-  obj = js::UnwrapObject(obj);
+  obj = js::UncheckedUnwrap(obj);
 
   *vp = OBJECT_TO_JSVAL(obj);
   return JS_WrapValue(cx, vp);
 }
 // static
 bool
 AttachNewConstructorObject(XPCCallContext &ccx, JSObject *aGlobalObject)
 {
@@ -87,15 +87,15 @@ AttachNewConstructorObject(XPCCallContex
 } // namespace XPCNativeWrapper
 
 namespace XPCWrapper {
 
 JSObject *
 UnsafeUnwrapSecurityWrapper(JSObject *obj)
 {
   if (js::IsProxy(obj)) {
-    return js::UnwrapObject(obj);
+    return js::UncheckedUnwrap(obj);
   }
 
   return obj;
 }
 
 } // namespace XPCWrapper
--- a/js/xpconnect/src/nsXPConnect.cpp
+++ b/js/xpconnect/src/nsXPConnect.cpp
@@ -1327,17 +1327,17 @@ nsXPConnect::GetNativeOfWrapper(JSContex
     NS_ASSERTION(aJSObj, "bad param");
 
     XPCCallContext ccx(NATIVE_CALLER, aJSContext);
     if (!ccx.IsValid()) {
         UnexpectedFailure(NS_ERROR_FAILURE);
         return nullptr;
     }
 
-    aJSObj = js::UnwrapObjectChecked(aJSObj, /* stopAtOuter = */ false);
+    aJSObj = js::CheckedUnwrap(aJSObj, /* stopAtOuter = */ false);
     if (!aJSObj) {
         JS_ReportError(aJSContext, "Permission denied to get native of security wrapper");
         return nullptr;
     }
     if (IS_WRAPPER_CLASS(js::GetObjectClass(aJSObj))) {
         if (IS_SLIM_WRAPPER_OBJECT(aJSObj))
             return (nsISupports*)xpc_GetJSPrivate(aJSObj);
         else if (XPCWrappedNative *wn = XPCWrappedNative::Get(aJSObj))
--- a/js/xpconnect/src/xpcprivate.h
+++ b/js/xpconnect/src/xpcprivate.h
@@ -2770,17 +2770,17 @@ public:
                 nsISupports* Object,
                 XPCWrappedNativeScope* Scope,
                 XPCNativeInterface* Interface,
                 XPCWrappedNative** wrapper);
 
     static XPCWrappedNative*
     GetAndMorphWrappedNativeOfJSObject(JSContext* cx, JSObject* obj)
     {
-        obj = js::UnwrapObjectChecked(obj, /* stopAtOuter = */ false);
+        obj = js::CheckedUnwrap(obj, /* stopAtOuter = */ false);
         if (!obj)
             return nullptr;
         if (!IS_WRAPPER_CLASS(js::GetObjectClass(obj)))
             return nullptr;
 
         if (IS_SLIM_WRAPPER_OBJECT(obj) && !MorphSlimWrapper(cx, obj))
             return nullptr;
         MOZ_ASSERT(IS_WN_WRAPPER(obj));
--- a/js/xpconnect/wrappers/AccessCheck.cpp
+++ b/js/xpconnect/wrappers/AccessCheck.cpp
@@ -78,17 +78,17 @@ AccessCheck::subsumesIgnoringDomain(JSCo
     return subsumes;
 }
 
 // Does the compartment of the wrapper subsumes the compartment of the wrappee?
 bool
 AccessCheck::wrapperSubsumes(JSObject *wrapper)
 {
     MOZ_ASSERT(js::IsWrapper(wrapper));
-    JSObject *wrapped = js::UnwrapObject(wrapper);
+    JSObject *wrapped = js::UncheckedUnwrap(wrapper);
     return AccessCheck::subsumes(js::GetObjectCompartment(wrapper),
                                  js::GetObjectCompartment(wrapped));
 }
 
 bool
 AccessCheck::isChrome(JSCompartment *compartment)
 {
     nsIScriptSecurityManager *ssm = XPCWrapper::GetSecurityManager();
@@ -253,17 +253,17 @@ AccessCheck::needsSystemOnlyWrapper(JSOb
     XPCWrappedNative *wn = static_cast<XPCWrappedNative *>(js::GetObjectPrivate(obj));
     return wn->NeedsSOW();
 }
 
 bool
 OnlyIfSubjectIsSystem::isSafeToUnwrap()
 {
     // It's nasty to use the context stack here, but the alternative is passing cx all
-    // the way down through UnwrapObjectChecked, which we just undid in a 100k patch. :-(
+    // the way down through CheckedUnwrap, which we just undid in a 100k patch. :-(
     JSContext *cx = nsContentUtils::GetCurrentJSContext();
     if (!cx)
         return true;
     // If XBL scopes are enabled for this compartment, this hook doesn't need to
     // be dynamic at all, since SOWs can be opaque.
     if (xpc::AllowXBLScope(js::GetContextCompartment(cx)))
         return false;
     return AccessCheck::isSystemOnlyAccessPermitted(cx);
@@ -323,17 +323,17 @@ ExposedPropertiesOnly::check(JSContext *
 
     if (!exposedProps.isObject()) {
         EnterAndThrow(cx, wrapper, "__exposedProps__ must be undefined, null, or an Object");
         return false;
     }
 
     JSObject *hallpass = &exposedProps.toObject();
 
-    if (!AccessCheck::subsumes(js::UnwrapObject(hallpass), wrappedObject)) {
+    if (!AccessCheck::subsumes(js::UncheckedUnwrap(hallpass), wrappedObject)) {
         EnterAndThrow(cx, wrapper, "Invalid __exposedProps__");
         return false;
     }
 
     Access access = NO_ACCESS;
 
     JSPropertyDescriptor desc;
     if (!JS_GetPropertyDescriptorById(cx, hallpass, id, 0, &desc)) {
--- a/js/xpconnect/wrappers/ChromeObjectWrapper.cpp
+++ b/js/xpconnect/wrappers/ChromeObjectWrapper.cpp
@@ -26,17 +26,17 @@ AllowedByBase(JSContext *cx, JS::Handle<
     ChromeObjectWrapper *handler = &ChromeObjectWrapper::singleton;
     return handler->ChromeObjectWrapperBase::enter(cx, wrapper, id, act, &bp);
 }
 
 static bool
 PropIsFromStandardPrototype(JSContext *cx, JSPropertyDescriptor *desc)
 {
     MOZ_ASSERT(desc->obj);
-    JSObject *unwrapped = js::UnwrapObject(desc->obj);
+    JSObject *unwrapped = js::UncheckedUnwrap(desc->obj);
     JSAutoCompartment ac(cx, unwrapped);
     return JS_IdentifyClassPrototype(cx, unwrapped) != JSProto_Null;
 }
 
 // Note that we're past the policy enforcement stage, here, so we can query
 // ChromeObjectWrapperBase and get an unfiltered view of the underlying object.
 // This lets us determine whether the property we would have found (given a
 // transparent wrapper) would have come off a standard prototype.
--- a/js/xpconnect/wrappers/WrapperFactory.cpp
+++ b/js/xpconnect/wrappers/WrapperFactory.cpp
@@ -45,17 +45,17 @@ WrapperFactory::IsCOW(JSObject *obj)
     return IsWrapper(obj) &&
            Wrapper::wrapperHandler(obj) == &ChromeObjectWrapper::singleton;
 }
 
 JSObject *
 WrapperFactory::GetXrayWaiver(JSObject *obj)
 {
     // Object should come fully unwrapped but outerized.
-    MOZ_ASSERT(obj == UnwrapObject(obj));
+    MOZ_ASSERT(obj == UncheckedUnwrap(obj));
     MOZ_ASSERT(!js::GetObjectClass(obj)->ext.outerObject);
     XPCWrappedNativeScope *scope = GetObjectScope(obj);
     MOZ_ASSERT(scope);
 
     if (!scope->mWaiverWrapperMap)
         return NULL;
     return xpc_UnmarkGrayObject(scope->mWaiverWrapperMap->Find(obj));
 }
@@ -95,17 +95,17 @@ WrapperFactory::CreateXrayWaiver(JSConte
     if (!scope->mWaiverWrapperMap->Add(obj, waiver))
         return nullptr;
     return waiver;
 }
 
 JSObject *
 WrapperFactory::WaiveXray(JSContext *cx, JSObject *obj)
 {
-    obj = UnwrapObject(obj);
+    obj = UncheckedUnwrap(obj);
     MOZ_ASSERT(!js::IsInnerObject(obj));
 
     JSObject *waiver = GetXrayWaiver(obj);
     if (waiver)
         return waiver;
     return CreateXrayWaiver(cx, obj);
 }
 
@@ -129,17 +129,17 @@ WrapperFactory::PrepareForWrapping(JSCon
     // Outerize any raw inner objects at the entry point here, so that we don't
     // have to worry about them for the rest of the wrapping code.
     if (js::IsInnerObject(obj)) {
         JSAutoCompartment ac(cx, obj);
         obj = JS_ObjectToOuterObject(cx, obj);
         NS_ENSURE_TRUE(obj, nullptr);
         // The outerization hook wraps, which means that we can end up with a
         // CCW here if |obj| was a navigated-away-from inner. Strip any CCWs.
-        obj = js::UnwrapObject(obj);
+        obj = js::UncheckedUnwrap(obj);
         MOZ_ASSERT(js::IsOuterObject(obj));
     }
 
     // If we've got an outer window, there's nothing special that needs to be
     // done here, and we can move on to the next phase of wrapping. We handle
     // this case first to allow us to assert against wrappers below.
     if (js::IsOuterObject(obj))
         return DoubleWrap(cx, obj, flags);
@@ -519,32 +519,32 @@ WrapperFactory::WrapForSameCompartment(J
         return obj;
 
     // Extract the WN. It should exist.
     XPCWrappedNative *wn = static_cast<XPCWrappedNative *>(xpc_GetJSPrivate(obj));
     MOZ_ASSERT(wn, "Trying to wrap a dead WN!");
 
     // The WN knows what to do.
     JSObject *wrapper = wn->GetSameCompartmentSecurityWrapper(cx);
-    MOZ_ASSERT_IF(wrapper != obj && IsComponentsObject(js::UnwrapObject(obj)),
+    MOZ_ASSERT_IF(wrapper != obj && IsComponentsObject(js::UncheckedUnwrap(obj)),
                   !Wrapper::wrapperHandler(wrapper)->isSafeToUnwrap());
     return wrapper;
 }
 
 // Call WaiveXrayAndWrap when you have a JS object that you don't want to be
 // wrapped in an Xray wrapper. cx->compartment is the compartment that will be
 // using the returned object. If the object to be wrapped is already in the
 // correct compartment, then this returns the unwrapped object.
 bool
 WrapperFactory::WaiveXrayAndWrap(JSContext *cx, jsval *vp)
 {
     if (JSVAL_IS_PRIMITIVE(*vp))
         return JS_WrapValue(cx, vp);
 
-    JSObject *obj = js::UnwrapObject(JSVAL_TO_OBJECT(*vp));
+    JSObject *obj = js::UncheckedUnwrap(JSVAL_TO_OBJECT(*vp));
     MOZ_ASSERT(!js::IsInnerObject(obj));
     if (js::IsObjectInContextCompartment(obj, cx)) {
         *vp = OBJECT_TO_JSVAL(obj);
         return true;
     }
 
     obj = WaiveXray(cx, obj);
     if (!obj)
--- a/js/xpconnect/wrappers/WrapperFactory.h
+++ b/js/xpconnect/wrappers/WrapperFactory.h
@@ -17,30 +17,30 @@ class WrapperFactory {
   public:
     enum { WAIVE_XRAY_WRAPPER_FLAG = js::Wrapper::LAST_USED_FLAG << 1,
            IS_XRAY_WRAPPER_FLAG    = WAIVE_XRAY_WRAPPER_FLAG << 1,
            SOW_FLAG                = IS_XRAY_WRAPPER_FLAG << 1 };
 
     // Return true if any of any of the nested wrappers have the flag set.
     static bool HasWrapperFlag(JSObject *wrapper, unsigned flag) {
         unsigned flags = 0;
-        js::UnwrapObject(wrapper, true, &flags);
+        js::UncheckedUnwrap(wrapper, true, &flags);
         return !!(flags & flag);
     }
 
     static bool IsXrayWrapper(JSObject *wrapper) {
         return HasWrapperFlag(wrapper, IS_XRAY_WRAPPER_FLAG);
     }
 
     static bool HasWaiveXrayFlag(JSObject *wrapper) {
         return HasWrapperFlag(wrapper, WAIVE_XRAY_WRAPPER_FLAG);
     }
 
     static bool IsSecurityWrapper(JSObject *obj) {
-        return !js::UnwrapObjectChecked(obj);
+        return !js::CheckedUnwrap(obj);
     }
 
     static bool IsCOW(JSObject *wrapper);
 
     static JSObject *GetXrayWaiver(JSObject *obj);
     static JSObject *CreateXrayWaiver(JSContext *cx, JSObject *obj);
     static JSObject *WaiveXray(JSContext *cx, JSObject *obj);
 
--- a/js/xpconnect/wrappers/XrayWrapper.cpp
+++ b/js/xpconnect/wrappers/XrayWrapper.cpp
@@ -47,17 +47,17 @@ JSClass HolderClass = {
 };
 }
 
 using namespace XrayUtils;
 
 XrayType
 GetXrayType(JSObject *obj)
 {
-    obj = js::UnwrapObject(obj, /* stopAtOuter = */ false);
+    obj = js::UncheckedUnwrap(obj, /* stopAtOuter = */ false);
     if (mozilla::dom::UseDOMXray(obj))
         return XrayForDOMObject;
 
     js::Class* clasp = js::GetObjectClass(obj);
     if (IS_WRAPPER_CLASS(clasp) || clasp->ext.innerObject) {
         NS_ASSERTION(clasp->ext.innerObject || IS_WN_WRAPPER_OBJECT(obj),
                      "We forgot to Morph a slim wrapper!");
         return XrayForWrappedNative;
@@ -126,17 +126,17 @@ public:
     {
     }
 };
 
 class XrayTraits
 {
 public:
     static JSObject* getTargetObject(JSObject *wrapper) {
-        return js::UnwrapObject(wrapper, /* stopAtOuter = */ false);
+        return js::UncheckedUnwrap(wrapper, /* stopAtOuter = */ false);
     }
 
     virtual bool resolveOwnProperty(JSContext *cx, Wrapper &jsWrapper,
                                     HandleObject wrapper, HandleObject holder,
                                     HandleId id, JSPropertyDescriptor *desc, unsigned flags);
 
     static bool call(JSContext *cx, HandleObject wrapper, const JS::CallArgs &args)
     {