Closed
Bug 1025338
Opened 10 years ago
Closed 2 years ago
Remove JSPropertyDescriptor::object()
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1708698
People
(Reporter: bholley, Unassigned)
References
Details
Attachments
(1 file)
|
10.67 KB,
patch
|
Details | Diff | Splinter Review |
Right now we do all this work to maintain the object we found the described property upon. In reality though, we only care about two things: (1) Was the property found? !!desc.object() (2) Was the property |own|? desc.object() == obj Both of these could be solved with simple flags. The current setup is bad because: * It costs us an extra wrap() call when wrapping property descriptors across membranes. * For pseudo (intra-compartment) membranes, we generally get this wrong, leading to bugs like bug 1025323. * It's an extra thing to root in JSPropertyDescriptor. This shouldn't take more than a couple of hours, and seems like it would have very good bang for the buck. Does anyone have an intern we could give this to? I'm happy to mentor it.
|
||
Comment 1•10 years ago
|
||
+1. This also helps us if we decide that we want to use js::PropDesc externally instead of JSPropertyDescriptor. It's not clear to me that we care to do that, since [[Origin]] has been removed, though. This would be amamzingly cool to have done, though.
|
Reporter | |
Comment 2•10 years ago
|
||
Eric is going to take this. Should be a quick performance and correctness win with little effort.
Assignee: nobody → efaustbmo
|
|
||
Comment 3•10 years ago
|
||
OK, so it looks like ChromeObjectWrapper.cpp contains PropIsFromStandardPrototype(), which uses the object() in a non-trivial way. Can we just add a js::UnshadowedPrototypeWithProperty() (or something, that name is bad) friend API function to do this lookup? It looks like we are already inside the security boundary. Bobby, does this seem sane/reasonable?
Flags: needinfo?(bobbyholley)
|
|
Reporter | |
Comment 4•10 years ago
|
||
Yeah, this machinery is all on its way out, so I'm fine with implementing this check in a dumb way. The simplest drop-in replacement would be to just manually climb the prototype chain invoking getOwnPropertyDescriptor.
Flags: needinfo?(bobbyholley)
|
|
Reporter | |
Comment 5•8 years ago
|
||
Eric, are you ever going to get back to this?
Flags: needinfo?(efaustbmo)
|
|
||
Comment 6•8 years ago
|
||
It's unclear to me that we actually want to do this. I don't actually think the two things in comment 1 are true? I've seen several cases where we do other things with that object. I have to admit, it's not high on my list.
Flags: needinfo?(efaustbmo)
|
|
Reporter | |
Comment 7•8 years ago
|
||
I wrote this to prove to efaust that we didn't need desc.object(). He has now relented and agreed to fix this. :-) The one hangup is BaseProxyHandler::get, which uses object() in a weird way after bug 895223. Both efaust and jorendorff have ideas to solve this.
|
|
Reporter | |
Comment 8•8 years ago
|
||
Eric says that he'll look at this on monday - setting NI to track that. Thanks for doing it!
Flags: needinfo?(efaustbmo)
|
||
Comment 9•8 years ago
|
||
My idea is to reimplement BaseProxyHandler::get to follow 9.1.8 closely. Then it won't use getPropertyDescriptor at all anymore. (I previously did this for BPH::set; BPH::get should be easier.)
|
||
Comment 10•2 years ago
|
||
The bug assignee didn't login in Bugzilla in the last 7 months, so the assignee is being reset.
Assignee: efaustbmo → nobody
|
||
Comment 11•2 years ago
|
||
Bug 1708698 did this.
Status: NEW → RESOLVED
Closed: 2 years ago
Flags: needinfo?(efaustbmo)
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•