Closed
Bug 1025338
Opened 10 years ago
Closed 2 years ago
Remove JSPropertyDescriptor::object()
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1708698
People
(Reporter: bholley, Unassigned)
References
Details
Attachments
(1 file)
10.67 KB,
patch
|
Details | Diff | Splinter Review |
Right now we do all this work to maintain the object we found the described property upon. In reality though, we only care about two things: (1) Was the property found? !!desc.object() (2) Was the property |own|? desc.object() == obj Both of these could be solved with simple flags. The current setup is bad because: * It costs us an extra wrap() call when wrapping property descriptors across membranes. * For pseudo (intra-compartment) membranes, we generally get this wrong, leading to bugs like bug 1025323. * It's an extra thing to root in JSPropertyDescriptor. This shouldn't take more than a couple of hours, and seems like it would have very good bang for the buck. Does anyone have an intern we could give this to? I'm happy to mentor it.
Comment 1•10 years ago
|
||
+1. This also helps us if we decide that we want to use js::PropDesc externally instead of JSPropertyDescriptor. It's not clear to me that we care to do that, since [[Origin]] has been removed, though. This would be amamzingly cool to have done, though.
Reporter | ||
Comment 2•10 years ago
|
||
Eric is going to take this. Should be a quick performance and correctness win with little effort.
Assignee: nobody → efaustbmo
Comment 3•10 years ago
|
||
OK, so it looks like ChromeObjectWrapper.cpp contains PropIsFromStandardPrototype(), which uses the object() in a non-trivial way. Can we just add a js::UnshadowedPrototypeWithProperty() (or something, that name is bad) friend API function to do this lookup? It looks like we are already inside the security boundary. Bobby, does this seem sane/reasonable?
Flags: needinfo?(bobbyholley)
Reporter | ||
Comment 4•10 years ago
|
||
Yeah, this machinery is all on its way out, so I'm fine with implementing this check in a dumb way. The simplest drop-in replacement would be to just manually climb the prototype chain invoking getOwnPropertyDescriptor.
Flags: needinfo?(bobbyholley)
Reporter | ||
Comment 5•8 years ago
|
||
Eric, are you ever going to get back to this?
Flags: needinfo?(efaustbmo)
Comment 6•8 years ago
|
||
It's unclear to me that we actually want to do this. I don't actually think the two things in comment 1 are true? I've seen several cases where we do other things with that object. I have to admit, it's not high on my list.
Flags: needinfo?(efaustbmo)
Reporter | ||
Comment 7•8 years ago
|
||
I wrote this to prove to efaust that we didn't need desc.object(). He has now relented and agreed to fix this. :-) The one hangup is BaseProxyHandler::get, which uses object() in a weird way after bug 895223. Both efaust and jorendorff have ideas to solve this.
Reporter | ||
Comment 8•8 years ago
|
||
Eric says that he'll look at this on monday - setting NI to track that. Thanks for doing it!
Flags: needinfo?(efaustbmo)
Comment 9•8 years ago
|
||
My idea is to reimplement BaseProxyHandler::get to follow 9.1.8 closely. Then it won't use getPropertyDescriptor at all anymore. (I previously did this for BPH::set; BPH::get should be easier.)
Comment 10•2 years ago
|
||
The bug assignee didn't login in Bugzilla in the last 7 months, so the assignee is being reset.
Assignee: efaustbmo → nobody
Comment 11•2 years ago
|
||
Bug 1708698 did this.
Status: NEW → RESOLVED
Closed: 2 years ago
Flags: needinfo?(efaustbmo)
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•