Bug 973780 - Remove Xray expando slot from new-binding objects. r=bz
authorBobby Holley <bobbyholley@gmail.com>
Fri, 21 Feb 2014 11:35:49 -0800
changeset 170279 913cb7066263ab104f5917d82e82ad0c981df219
parent 170278 59fcb8a3225f63ae9a93dd9ddb36b37e8b72f9b0
child 170280 468d3ce7f848757d47880b92250544b76ca44b69
push id270
push userpvanderbeken@mozilla.com
push dateThu, 06 Mar 2014 09:24:21 +0000
reviewersbz
bugs973780
milestone30.0a1
Bug 973780 - Remove Xray expando slot from new-binding objects. r=bz
dom/bindings/BindingUtils.cpp
dom/bindings/BindingUtils.h
dom/bindings/DOMJSProxyHandler.h
dom/bindings/JSSlots.h
--- a/dom/bindings/BindingUtils.cpp
+++ b/dom/bindings/BindingUtils.cpp
@@ -1506,49 +1506,16 @@ AppendNamedPropertyIds(JSContext* cx, JS
         return false;
       }
     }
   }
 
   return true;
 }
 
-JSObject*
-GetXrayExpandoChain(JSObject* obj)
-{
-  const js::Class* clasp = js::GetObjectClass(obj);
-  JS::Value v;
-  if (IsNonProxyDOMClass(clasp) || IsDOMIfaceAndProtoClass(clasp)) {
-    v = js::GetReservedSlot(obj, DOM_XRAY_EXPANDO_SLOT);
-  } else if (clasp->isProxy()) {
-    MOZ_ASSERT(js::GetProxyHandler(obj)->family() == ProxyFamily());
-    v = js::GetProxyExtra(obj, JSPROXYSLOT_XRAY_EXPANDO);
-  } else {
-    MOZ_ASSERT(JS_IsNativeFunction(obj, Constructor));
-    v = js::GetFunctionNativeReserved(obj, CONSTRUCTOR_XRAY_EXPANDO_SLOT);
-  }
-  return v.isUndefined() ? nullptr : &v.toObject();
-}
-
-void
-SetXrayExpandoChain(JSObject* obj, JSObject* chain)
-{
-  JS::Value v = chain ? JS::ObjectValue(*chain) : JSVAL_VOID;
-  const js::Class* clasp = js::GetObjectClass(obj);
-  if (IsNonProxyDOMClass(clasp) || IsDOMIfaceAndProtoClass(clasp)) {
-    js::SetReservedSlot(obj, DOM_XRAY_EXPANDO_SLOT, v);
-  } else if (clasp->isProxy()) {
-    MOZ_ASSERT(js::GetProxyHandler(obj)->family() == ProxyFamily());
-    js::SetProxyExtra(obj, JSPROXYSLOT_XRAY_EXPANDO, v);
-  } else {
-    MOZ_ASSERT(JS_IsNativeFunction(obj, Constructor));
-    js::SetFunctionNativeReserved(obj, CONSTRUCTOR_XRAY_EXPANDO_SLOT, v);
-  }
-}
-
 bool
 DictionaryBase::ParseJSON(JSContext* aCx,
                           const nsAString& aJSON,
                           JS::MutableHandle<JS::Value> aVal)
 {
   if (aJSON.IsEmpty()) {
     return true;
   }
@@ -1750,17 +1717,16 @@ ReparentWrapper(JSContext* aCx, JS::Hand
         return NS_ERROR_FAILURE;
       }
     } else {
       propertyHolder = nullptr;
     }
 
     // Expandos from other compartments are attached to the target JS object.
     // Copy them over, and let the old ones die a natural death.
-    SetXrayExpandoChain(newobj, nullptr);
     if (!xpc::XrayUtils::CloneExpandoChain(aCx, newobj, aObj)) {
       return NS_ERROR_FAILURE;
     }
 
     // We've set up |newobj|, so we make it own the native by nulling
     // out the reserved slot of |obj|.
     //
     // NB: It's important to do this _after_ copying the properties to
--- a/dom/bindings/BindingUtils.h
+++ b/dom/bindings/BindingUtils.h
@@ -1950,24 +1950,22 @@ XrayEnumerateProperties(JSContext* cx, J
 
 extern NativePropertyHooks sWorkerNativePropertyHooks;
 
 // We use one constructor JSNative to represent all DOM interface objects (so
 // we can easily detect when we need to wrap them in an Xray wrapper). We store
 // the real JSNative in the mNative member of a JSNativeHolder in the
 // CONSTRUCTOR_NATIVE_HOLDER_RESERVED_SLOT slot of the JSFunction object for a
 // specific interface object. We also store the NativeProperties in the
-// JSNativeHolder. The CONSTRUCTOR_XRAY_EXPANDO_SLOT is used to store the
-// expando chain of the Xray for the interface object.
+// JSNativeHolder.
 // Note that some interface objects are not yet a JSFunction but a normal
 // JSObject with a DOMJSClass, those do not use these slots.
 
 enum {
-  CONSTRUCTOR_NATIVE_HOLDER_RESERVED_SLOT = 0,
-  CONSTRUCTOR_XRAY_EXPANDO_SLOT
+  CONSTRUCTOR_NATIVE_HOLDER_RESERVED_SLOT = 0
 };
 
 bool
 Constructor(JSContext* cx, unsigned argc, JS::Value* vp);
 
 inline bool
 UseDOMXray(JSObject* obj)
 {
@@ -2002,21 +2000,16 @@ Take(nsAutoPtr<T>& smartPtr, T* ptr)
   smartPtr = ptr;
 }
 
 inline void
 MustInheritFromNonRefcountedDOMObject(NonRefcountedDOMObject*)
 {
 }
 
-// Set the chain of expando objects for various consumers of the given object.
-// For Paris Bindings only. See the relevant infrastructure in XrayWrapper.cpp.
-JSObject* GetXrayExpandoChain(JSObject *obj);
-void SetXrayExpandoChain(JSObject *obj, JSObject *chain);
-
 /**
  * This creates a JSString containing the value that the toString function for
  * obj should create according to the WebIDL specification, ignoring any
  * modifications by script. The value is prefixed with pre and postfixed with
  * post, unless this is called for an object that has a stringifier. It is
  * specifically for use by Xray code.
  *
  * wrapper is the Xray JS object.
--- a/dom/bindings/DOMJSProxyHandler.h
+++ b/dom/bindings/DOMJSProxyHandler.h
@@ -16,18 +16,17 @@
 #define DOM_PROXY_OBJECT_SLOT js::PROXY_PRIVATE_SLOT
 
 namespace mozilla {
 namespace dom {
 
 class DOMClass;
 
 enum {
-  JSPROXYSLOT_EXPANDO = 0,
-  JSPROXYSLOT_XRAY_EXPANDO
+  JSPROXYSLOT_EXPANDO = 0
 };
 
 template<typename T> struct Prefable;
 
 // This variable exists solely to provide a unique address for use as an identifier.
 extern const char HandlerFamily;
 inline const void* ProxyFamily() { return &HandlerFamily; }
 
--- a/dom/bindings/JSSlots.h
+++ b/dom/bindings/JSSlots.h
@@ -9,42 +9,33 @@
  */
 #ifndef mozilla_dom_DOMSlots_h
 #define mozilla_dom_DOMSlots_h
 
 // We use slot 0 for holding the raw object.  This is safe for both
 // globals and non-globals.
 #define DOM_OBJECT_SLOT 0
 
-// We use slot 1 for holding the expando object. This is not safe for globals
-// until bug 760095 is fixed, so that bug blocks converting Window to new
-// bindings.
-#define DOM_XRAY_EXPANDO_SLOT 1
-
 // We use slot 2 for holding either a JS::ObjectValue which points to the cached
 // SOW or JS::UndefinedValue if this class doesn't need SOWs. This is not safe
 // for globals until bug 760095 is fixed, so that bug blocks converting Window
 // to new bindings.
-#define DOM_OBJECT_SLOT_SOW 2
+#define DOM_OBJECT_SLOT_SOW 1
 
 // The total number of slots non-proxy DOM objects use by default.
 // Specific objects may have more for storing cached values.
-#define DOM_INSTANCE_RESERVED_SLOTS 3
+#define DOM_INSTANCE_RESERVED_SLOTS 2
 
 // NOTE: This is baked into the Ion JIT as 0 in codegen for LGetDOMProperty and
 // LSetDOMProperty. Those constants need to be changed accordingly if this value
 // changes.
 #define DOM_PROTO_INSTANCE_CLASS_SLOT 0
 
 // Interface objects store a number of reserved slots equal to
 // DOM_INTERFACE_SLOTS_BASE + number of named constructors.
-#define DOM_INTERFACE_SLOTS_BASE (DOM_XRAY_EXPANDO_SLOT + 1)
+#define DOM_INTERFACE_SLOTS_BASE 0
 
 // Interface prototype objects store a number of reserved slots equal to
 // DOM_INTERFACE_PROTO_SLOTS_BASE or DOM_INTERFACE_PROTO_SLOTS_BASE + 1 if a
 // slot for the unforgeable holder is needed.
-#define DOM_INTERFACE_PROTO_SLOTS_BASE (DOM_XRAY_EXPANDO_SLOT + 1)
-
-static_assert(DOM_PROTO_INSTANCE_CLASS_SLOT != DOM_XRAY_EXPANDO_SLOT,
-              "Interface prototype object use both of these, so they must "
-              "not be the same slot.");
+#define DOM_INTERFACE_PROTO_SLOTS_BASE (DOM_PROTO_INSTANCE_CLASS_SLOT + 1)
 
 #endif /* mozilla_dom_DOMSlots_h */