Bug 1548625 part 2. Get rid of some ExposeObjectToActiveJS calls in DOM code. r=mccr8,jonco
authorBoris Zbarsky <bzbarsky@mit.edu>
Fri, 03 May 2019 10:09:11 +0000
changeset 531321 aee3238950ca2c51c282739c319644718651ad38
parent 531320 66f4abcb9d406257dcae595e839469331f74f1a8
child 531322 c42fe6e0cd6a57563c6fa4d75e9f2a1d786e22bb
push id11265
push userffxbld-merge
push dateMon, 13 May 2019 10:53:39 +0000
treeherdermozilla-beta@77e0fe8dbdd3 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmccr8, jonco
bugs1548625
milestone68.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1548625 part 2. Get rid of some ExposeObjectToActiveJS calls in DOM code. r=mccr8,jonco The call in VRFrameData::LazyCreateMatrix is not needed because aRetval.set(aArray) ends up calling into Heap::get() which does a read barrier and exposes. The call in nsXULPrototypeScript::Compile is not needed because initializing the AutoJSAPI will guarantee that the global of the Realm it enters, which is what we're examining here, will be exposed. The call in Promise's CreateNativeHandlerFunction is not needed because the object being passed in was always just-created into a stack Rooted. The call in MIDIMessageEvent::GetData is not needed because it's always working with a just-created object. Also, mData is a Heap, so there will be a read barrier anyway before anyone gets at the value. The call in PrototypeDocumentContentSink::ExecuteScript is not needed because the AutoEntryScript will guarantee that the global of the Realm it enters is exposed. And the JSAutoRealm is not needed either, because we're in that Realm already. Differential Revision: https://phabricator.services.mozilla.com/D29720
dom/midi/MIDIMessageEvent.cpp
dom/promise/Promise.cpp
dom/prototype/PrototypeDocumentContentSink.cpp
dom/script/ScriptSettings.h
dom/vr/VRDisplay.cpp
dom/xul/nsXULElement.cpp
--- a/dom/midi/MIDIMessageEvent.cpp
+++ b/dom/midi/MIDIMessageEvent.cpp
@@ -94,15 +94,14 @@ void MIDIMessageEvent::GetData(JSContext
   if (!mData) {
     mData =
         Uint8Array::Create(cx, this, mRawData.Length(), mRawData.Elements());
     if (!mData) {
       aRv.Throw(NS_ERROR_OUT_OF_MEMORY);
       return;
     }
     mRawData.Clear();
-    JS::ExposeObjectToActiveJS(mData);
   }
   aData.set(mData);
 }
 
 }  // namespace dom
 }  // namespace mozilla
--- a/dom/promise/Promise.cpp
+++ b/dom/promise/Promise.cpp
@@ -354,17 +354,17 @@ static JSObject* CreateNativeHandlerFunc
                                                  /* nargs = */ 1,
                                                  /* flags = */ 0, nullptr);
   if (!func) {
     return nullptr;
   }
 
   JS::Rooted<JSObject*> obj(aCx, JS_GetFunctionObject(func));
 
-  JS::ExposeObjectToActiveJS(aHolder);
+  JS::AssertObjectIsNotGray(aHolder);
   js::SetFunctionNativeReserved(obj, SLOT_NATIVEHANDLER,
                                 JS::ObjectValue(*aHolder));
   js::SetFunctionNativeReserved(obj, SLOT_NATIVEHANDLER_TASK,
                                 JS::Int32Value(static_cast<int32_t>(aTask)));
 
   return obj;
 }
 
--- a/dom/prototype/PrototypeDocumentContentSink.cpp
+++ b/dom/prototype/PrototypeDocumentContentSink.cpp
@@ -982,19 +982,16 @@ nsresult PrototypeDocumentContentSink::E
   JSContext* cx = aes.cx();
 
   JS::Rooted<JSScript*> scriptObject(cx, aScript->GetScriptObject());
   NS_ENSURE_TRUE(scriptObject, NS_ERROR_UNEXPECTED);
 
   JS::Rooted<JSObject*> global(cx, JS::CurrentGlobalOrNull(cx));
   NS_ENSURE_TRUE(xpc::Scriptability::Get(global).Allowed(), NS_OK);
 
-  JS::ExposeObjectToActiveJS(global);
-  JSAutoRealm ar(cx, global);
-
   // The script is in the compilation scope. Clone it into the target scope
   // and execute it. On failure, ~AutoScriptEntry will handle exceptions, so
   // there is no need to manually check the return value.
   JS::RootedValue rval(cx);
   JS::CloneAndExecuteScript(cx, scriptObject, &rval);
 
   return NS_OK;
 }
--- a/dom/script/ScriptSettings.h
+++ b/dom/script/ScriptSettings.h
@@ -209,16 +209,19 @@ class MOZ_STACK_CLASS AutoJSAPI : protec
   // This uses the SafeJSContext (or worker equivalent), and enters the
   // compartment of aGlobalObject.
   // If aGlobalObject or its associated JS global are null then it returns
   // false and use of cx() will cause an assertion.
   //
   // If aGlobalObject represents a web-visible global, errors reported by this
   // AutoJSAPI as it comes off the stack will fire the relevant error events and
   // show up in the corresponding web console.
+  //
+  // Successfully initializing the AutoJSAPI will ensure that it enters the
+  // Realm of aGlobalObject's JSObject and exposes that JSObject to active JS.
   MOZ_MUST_USE bool Init(nsIGlobalObject* aGlobalObject);
 
   // This is a helper that grabs the native global associated with aObject and
   // invokes the above Init() with that. aObject must not be a cross-compartment
   // wrapper: CCWs are not associated with a single global.
   MOZ_MUST_USE bool Init(JSObject* aObject);
 
   // Unsurprisingly, this uses aCx and enters the compartment of aGlobalObject.
@@ -226,17 +229,17 @@ class MOZ_STACK_CLASS AutoJSAPI : protec
   // false and use of cx() will cause an assertion.
   // If aCx is null it will cause an assertion.
   //
   // If aGlobalObject represents a web-visible global, errors reported by this
   // AutoJSAPI as it comes off the stack will fire the relevant error events and
   // show up in the corresponding web console.
   MOZ_MUST_USE bool Init(nsIGlobalObject* aGlobalObject, JSContext* aCx);
 
-  // Convenience functions to take an nsPIDOMWindow* or nsGlobalWindow*,
+  // Convenience functions to take an nsPIDOMWindowInner or nsGlobalWindowInner,
   // when it is more easily available than an nsIGlobalObject.
   MOZ_MUST_USE bool Init(nsPIDOMWindowInner* aWindow);
   MOZ_MUST_USE bool Init(nsPIDOMWindowInner* aWindow, JSContext* aCx);
 
   MOZ_MUST_USE bool Init(nsGlobalWindowInner* aWindow);
   MOZ_MUST_USE bool Init(nsGlobalWindowInner* aWindow, JSContext* aCx);
 
   JSContext* cx() const {
@@ -305,25 +308,31 @@ class MOZ_STACK_CLASS AutoJSAPI : protec
 };
 
 /*
  * A class that represents a new script entry point.
  *
  * |aReason| should be a statically-allocated C string naming the reason we're
  * invoking JavaScript code: "setTimeout", "event", and so on. The devtools use
  * these strings to label JS execution in timeline and profiling displays.
+ *
  */
 class MOZ_STACK_CLASS AutoEntryScript : public AutoJSAPI {
  public:
+  // Constructing the AutoEntryScript will ensure that it enters the
+  // Realm of aGlobalObject's JSObject and exposes that JSObject to active JS.
   AutoEntryScript(nsIGlobalObject* aGlobalObject, const char* aReason,
                   bool aIsMainThread = NS_IsMainThread());
 
   // aObject can be any object from the relevant global. It must not be a
   // cross-compartment wrapper because CCWs are not associated with a single
   // global.
+  //
+  // Constructing the AutoEntryScript will ensure that it enters the
+  // Realm of aObject JSObject and exposes aObject's global to active JS.
   AutoEntryScript(JSObject* aObject, const char* aReason,
                   bool aIsMainThread = NS_IsMainThread());
 
   ~AutoEntryScript();
 
   void SetWebIDLCallerPrincipal(nsIPrincipal* aPrincipal) {
     mWebIDLCallerPrincipal = aPrincipal;
   }
--- a/dom/vr/VRDisplay.cpp
+++ b/dom/vr/VRDisplay.cpp
@@ -725,19 +725,16 @@ void VRFrameData::LazyCreateMatrix(JS::H
   if (!aArray) {
     // Lazily create the Float32Array
     aArray = dom::Float32Array::Create(aCx, this, 16, aMat.components);
     if (!aArray) {
       aRv.NoteJSContextException(aCx);
       return;
     }
   }
-  if (aArray) {
-    JS::ExposeObjectToActiveJS(aArray);
-  }
   aRetval.set(aArray);
 }
 
 double VRFrameData::Timestamp() const {
   // Converting from seconds to milliseconds
   return mFrameInfo.mVRState.timestamp * 1000.0f;
 }
 
--- a/dom/xul/nsXULElement.cpp
+++ b/dom/xul/nsXULElement.cpp
@@ -2131,19 +2131,16 @@ nsresult nsXULPrototypeScript::Compile(
   JS::CompileOptions options(cx);
   options.setIntroductionType("scriptElement")
       .setFileAndLine(urlspec.get(), aLineNo);
   // If the script was inline, tell the JS parser to save source for
   // Function.prototype.toSource(). If it's out of line, we retrieve the
   // source from the files on demand.
   options.setSourceIsLazy(mOutOfLine);
   JS::Rooted<JSObject*> scope(cx, JS::CurrentGlobalOrNull(cx));
-  if (scope) {
-    JS::ExposeObjectToActiveJS(scope);
-  }
 
   if (aOffThreadReceiver && JS::CanCompileOffThread(cx, options, aTextLength)) {
     if (!JS::CompileOffThread(cx, options, srcBuf,
                               OffThreadScriptReceiverCallback,
                               static_cast<void*>(aOffThreadReceiver))) {
       return NS_ERROR_OUT_OF_MEMORY;
     }
     NotifyOffThreadScriptCompletedRunnable::NoteReceiver(aOffThreadReceiver);