1332680 - Devirtualize More Methods/Classes with Final Keywords

Reporter

Description

•

8 years ago

Repeat the process in #1047696 to add final keywords. Eliminate vtable lookups and a layer of indirection and also reduce the number of targets for UAF exploitation. (Performance and security gains in one!)

Tom Ritter [:tjr]

Reporter

Updated

•

8 years ago

Depends on: 1330608

Tom Ritter [:tjr]

Reporter

Updated

•

8 years ago

Blocks: 1332682

Tom Ritter [:tjr]

Reporter

Updated

•

8 years ago

Depends on: 620058

Jed Davis [:jld] ⟨⏰|UTC-7⟩ ⟦he/him⟧

Updated

•

8 years ago

Updated

•

8 years ago

Depends on: 1360299

Tom Ritter [:tjr]

Reporter

Updated

•

8 years ago

Depends on: 1360300

Tom Ritter [:tjr]

Reporter

Updated

•

8 years ago

Depends on: 1360301

Tom Ritter [:tjr]

Reporter

Updated

•

8 years ago

No longer depends on: 1360301

Tom Ritter [:tjr]

Reporter

Updated

•

8 years ago

No longer depends on: 1360300

Tom Ritter [:tjr]

Reporter

Updated

•

8 years ago

No longer depends on: 1360299

Tom Ritter [:tjr]

Reporter

Comment 1

•

8 years ago

We do gcc builds for Linux. So we don't need MinGW to do this, we just need to get the warnings from our GCC builds and do something about them!

No longer depends on: 1330608

Comment hidden (obsolete)

Over in Bug 1332682 I got what seems to be a fairly comprehensive list of things to target. They are attached, with anything over a hundred calls right here: > 549 [task 2017-05-19T19:06:17.763311Z] 19:06:17 INFO - /home/worker/workspace/build/src/obj-firefox/dist/include/opentype-sanitiser.h:184:7: > warning: Declaring type 'class ots::OTSContext' final would enable devirtualization of 549 calls [-Wsuggest-final-types] > 548 [task 2017-05-19T19:06:17.769935Z] 19:06:17 INFO - /home/worker/workspace/build/src/obj-firefox/dist/include/opentype-sanitiser.h:204:18: > warning: Declaring method 'virtual void ots::OTSContext::Message(int, const char*, ...)' final would enable devirtualization of 548 calls > [-Wsuggest-final-methods] > 446 [task 2017-05-19T19:06:06.526697Z] 19:06:06 INFO - /home/worker/workspace/build/src/obj-firefox/ipc/ipdl/_ipdlheaders/mozilla/dom/> PContentChild.h:694:7: warning: Declaring type 'class mozilla::dom::PContentChild' final would enable devirtualization of 446 calls > [-Wsuggest-final-types] > 427 [task 2017-05-19T19:06:06.530484Z] 19:06:06 INFO - /home/worker/workspace/build/src/obj-firefox/ipc/ipdl/_ipdlheaders/mozilla/dom/> PContentParent.h:696:7: warning: Declaring type 'class mozilla::dom::PContentParent' final would enable devirtualization of 427 calls > [-Wsuggest-final-types] > 387 [task 2017-05-19T19:05:42.204250Z] 19:05:42 INFO - /home/worker/workspace/build/src/obj-firefox/ipc/ipdl/_ipdlheaders/mozilla/a11y/> PDocAccessibleParent.h:53:7: warning: Declaring type 'class mozilla::a11y::PDocAccessibleParent' final would enable devirtualization of 387 calls > [-Wsuggest-final-types] > 372 [task 2017-05-19T18:53:17.744898Z] 18:53:17 INFO - /home/worker/workspace/build/src/js/src/jit/LIR.h:866:7: warning: Declaring type 'class > js::jit::LElementVisitor' final would enable devirtualization of 372 calls [-Wsuggest-final-types] > 272 [task 2017-05-19T19:05:42.217053Z] 19:05:42 INFO - /home/worker/workspace/build/src/obj-firefox/ipc/ipdl/_ipdlheaders/mozilla/a11y/> PDocAccessibleChild.h:53:7: warning: Declaring type 'class mozilla::a11y::PDocAccessibleChild' final would enable devirtualization of 272 calls > [-Wsuggest-final-types] > 233 [task 2017-05-19T19:05:44.385346Z] 19:05:44 INFO - /home/worker/workspace/build/src/obj-firefox/ipc/ipdl/_ipdlheaders/mozilla/dom/> PBrowserChild.h:409:7: warning: Declaring type 'class mozilla::dom::PBrowserChild' final would enable devirtualization of 233 calls > [-Wsuggest-final-types] > 214 [task 2017-05-19T19:05:44.389335Z] 19:05:44 INFO - /home/worker/workspace/build/src/obj-firefox/ipc/ipdl/_ipdlheaders/mozilla/dom/> PBrowserParent.h:409:7: warning: Declaring type 'class mozilla::dom::PBrowserParent' final would enable devirtualization of 214 calls > [-Wsuggest-final-types] > 180 [task 2017-05-19T19:04:48.025547Z] 19:04:48 INFO - /home/worker/workspace/build/src/obj-firefox/ipc/ipdl/_ipdlheaders/mozilla/plugins/> PPluginInstanceChild.h:178:7: warning: Declaring type 'class mozilla::plugins::PPluginInstanceChild' final would enable devirtualization of 180 calls > [-Wsuggest-final-types] > 179 [task 2017-05-19T18:52:48.365671Z] 18:52:48 INFO - /home/worker/workspace/build/src/media/webrtc/signaling/src/jsep/JsepTrack.h:87:7: warning: > Declaring type 'class mozilla::JsepTrack' final would enable devirtualization of 179 calls [-Wsuggest-final-types] > 163 [task 2017-05-19T19:04:48.036275Z] 19:04:48 INFO - /home/worker/workspace/build/src/obj-firefox/ipc/ipdl/_ipdlheaders/mozilla/plugins/> PPluginInstanceParent.h:178:7: warning: Declaring type 'class mozilla::plugins::PPluginInstanceParent' final would enable devirtualization of 163 calls > [-Wsuggest-final-types] > 155 [task 2017-05-19T19:06:06.545584Z] 19:06:06 INFO - /home/worker/workspace/build/src/obj-firefox/ipc/ipdl/PContentChild.cpp:5285:6: warning: > Declaring method 'virtual const MessageChannel* mozilla::dom::PContentChild::GetIPCChannel() const' final would enable devirtualization of 155 calls > [-Wsuggest-final-methods] > 127 [task 2017-05-19T19:01:51.032513Z] 19:01:51 INFO - /home/worker/workspace/build/src/obj-firefox/dist/include/mozilla/gfx/Filters.h:477:7: > warning: Declaring type 'class mozilla::gfx::FilterNode' final would enable devirtualization of 127 calls [-Wsuggest-final-types] > 121 [task 2017-05-19T19:06:06.549277Z] 19:06:06 INFO - /home/worker/workspace/build/src/obj-firefox/ipc/ipdl/PContentParent.cpp:2916:6: warning: > Declaring method 'virtual const MessageChannel* mozilla::dom::PContentParent::GetIPCChannel() const' final would enable devirtualization of 121 calls > [-Wsuggest-final-methods] > 120 [task 2017-05-19T19:04:28.922724Z] 19:04:28 INFO - /home/worker/workspace/build/src/obj-firefox/ipc/ipdl/_ipdlheaders/mozilla/ipc/> PBackgroundChild.h:492:7: warning: Declaring type 'class mozilla::ipc::PBackgroundChild' final would enable devirtualization of 120 calls > [-Wsuggest-final-types] > 116 [task 2017-05-19T19:05:17.600036Z] 19:05:17 INFO - /home/worker/workspace/build/src/obj-firefox/ipc/ipdl/_ipdlheaders/mozilla/ipc/> PBackgroundParent.h:494:7: warning: Declaring type 'class mozilla::ipc::PBackgroundParent' final would enable devirtualization of 116 calls > [-Wsuggest-final-types] > 113 [task 2017-05-19T19:04:57.371073Z] 19:04:57 INFO - /home/worker/workspace/build/src/obj-firefox/ipc/ipdl/_ipdlheaders/mozilla/jsipc/> PJavaScriptParent.h:58:7: warning: Declaring type 'class mozilla::jsipc::PJavaScriptParent' final would enable devirtualization of 113 calls > [-Wsuggest-final-types] > 111 [task 2017-05-19T19:04:57.374151Z] 19:04:57 INFO - /home/worker/workspace/build/src/obj-firefox/ipc/ipdl/_ipdlheaders/mozilla/jsipc/> PJavaScriptChild.h:58:7: warning: Declaring type 'class mozilla::jsipc::PJavaScriptChild' final would enable devirtualization of 111 calls > [-Wsuggest-final-types] > 108 [task 2017-05-19T19:04:55.746167Z] 19:04:55 INFO - /home/worker/workspace/build/src/obj-firefox/ipc/ipdl/_ipdlheaders/mozilla/net/> PNeckoChild.h:409:7: warning: Declaring type 'class mozilla::net::PNeckoChild' final would enable devirtualization of 108 calls [-Wsuggest-final-types] > 102 [task 2017-05-19T19:04:55.746476Z] 19:04:55 INFO - /home/worker/workspace/build/src/obj-firefox/ipc/ipdl/_ipdlheaders/mozilla/net/> PNeckoParent.h:409:7: warning: Declaring type 'class mozilla::net::PNeckoParent' final would enable devirtualization of 102 calls [-Wsuggest-final-types] > 100 [task 2017-05-19T19:05:39.814356Z] 19:05:39 INFO - /home/worker/workspace/build/src/obj-firefox/ipc/ipdl/_ipdlheaders/mozilla/layers/PCompositorBridgeChild.h:179:7: warning: Declaring type 'class mozilla::layers::PCompositorBridgeChild' final would enable devirtualization of 100 calls [-Wsuggest-final-types]

Comment hidden (obsolete)

(In reply to Tom Ritter [:tjr] from comment #2) > > 446 [task 2017-05-19T19:06:06.526697Z] 19:06:06 INFO - /home/worker/workspace/build/src/obj-firefox/ipc/ipdl/_ipdlheaders/mozilla/dom/> PContentChild.h:694:7: warning: Declaring type 'class mozilla::dom::PContentChild' final would enable devirtualization of 446 calls > [-Wsuggest-final-types] > > 427 [task 2017-05-19T19:06:06.530484Z] 19:06:06 INFO - /home/worker/workspace/build/src/obj-firefox/ipc/ipdl/_ipdlheaders/mozilla/dom/> PContentParent.h:696:7: warning: Declaring type 'class mozilla::dom::PContentParent' final would enable devirtualization of 427 calls > [-Wsuggest-final-types] > > 387 [task 2017-05-19T19:05:42.204250Z] 19:05:42 INFO - /home/worker/workspace/build/src/obj-firefox/ipc/ipdl/_ipdlheaders/mozilla/a11y/> PDocAccessibleParent.h:53:7: warning: Declaring type 'class mozilla::a11y::PDocAccessibleParent' final would enable devirtualization of 387 calls > [-Wsuggest-final-types] > > 372 [task 2017-05-19T18:53:17.744898Z] 18:53:17 INFO - /home/worker/workspace/build/src/js/src/jit/LIR.h:866:7: warning: Declaring type 'class > js::jit::LElementVisitor' final would enable devirtualization of 372 calls [-Wsuggest-final-types] > > 272 [task 2017-05-19T19:05:42.217053Z] 19:05:42 INFO - /home/worker/workspace/build/src/obj-firefox/ipc/ipdl/_ipdlheaders/mozilla/a11y/> PDocAccessibleChild.h:53:7: warning: Declaring type 'class mozilla::a11y::PDocAccessibleChild' final would enable devirtualization of 272 calls > [-Wsuggest-final-types] > > 233 [task 2017-05-19T19:05:44.385346Z] 19:05:44 INFO - /home/worker/workspace/build/src/obj-firefox/ipc/ipdl/_ipdlheaders/mozilla/dom/> PBrowserChild.h:409:7: warning: Declaring type 'class mozilla::dom::PBrowserChild' final would enable devirtualization of 233 calls > [-Wsuggest-final-types] > > 214 [task 2017-05-19T19:05:44.389335Z] 19:05:44 INFO - /home/worker/workspace/build/src/obj-firefox/ipc/ipdl/_ipdlheaders/mozilla/dom/> PBrowserParent.h:409:7: warning: Declaring type 'class mozilla::dom::PBrowserParent' final would enable devirtualization of 214 calls > [-Wsuggest-final-types] > > 180 [task 2017-05-19T19:04:48.025547Z] 19:04:48 INFO - /home/worker/workspace/build/src/obj-firefox/ipc/ipdl/_ipdlheaders/mozilla/plugins/> PPluginInstanceChild.h:178:7: warning: Declaring type 'class mozilla::plugins::PPluginInstanceChild' final would enable devirtualization of 180 calls > [-Wsuggest-final-types] > > 179 [task 2017-05-19T18:52:48.365671Z] 18:52:48 INFO - /home/worker/workspace/build/src/media/webrtc/signaling/src/jsep/JsepTrack.h:87:7: warning: > Declaring type 'class mozilla::JsepTrack' final would enable devirtualization of 179 calls [-Wsuggest-final-types] > > 163 [task 2017-05-19T19:04:48.036275Z] 19:04:48 INFO - /home/worker/workspace/build/src/obj-firefox/ipc/ipdl/_ipdlheaders/mozilla/plugins/> PPluginInstanceParent.h:178:7: warning: Declaring type 'class mozilla::plugins::PPluginInstanceParent' final would enable devirtualization of 163 calls > [-Wsuggest-final-types] > > 155 [task 2017-05-19T19:06:06.545584Z] 19:06:06 INFO - /home/worker/workspace/build/src/obj-firefox/ipc/ipdl/PContentChild.cpp:5285:6: warning: > Declaring method 'virtual const MessageChannel* mozilla::dom::PContentChild::GetIPCChannel() const' final would enable devirtualization of 155 calls > [-Wsuggest-final-methods] > > 127 [task 2017-05-19T19:01:51.032513Z] 19:01:51 INFO - /home/worker/workspace/build/src/obj-firefox/dist/include/mozilla/gfx/Filters.h:477:7: > warning: Declaring type 'class mozilla::gfx::FilterNode' final would enable devirtualization of 127 calls [-Wsuggest-final-types] > > 121 [task 2017-05-19T19:06:06.549277Z] 19:06:06 INFO - /home/worker/workspace/build/src/obj-firefox/ipc/ipdl/PContentParent.cpp:2916:6: warning: > Declaring method 'virtual const MessageChannel* mozilla::dom::PContentParent::GetIPCChannel() const' final would enable devirtualization of 121 calls > [-Wsuggest-final-methods] > > 120 [task 2017-05-19T19:04:28.922724Z] 19:04:28 INFO - /home/worker/workspace/build/src/obj-firefox/ipc/ipdl/_ipdlheaders/mozilla/ipc/> PBackgroundChild.h:492:7: warning: Declaring type 'class mozilla::ipc::PBackgroundChild' final would enable devirtualization of 120 calls > [-Wsuggest-final-types] > > 116 [task 2017-05-19T19:05:17.600036Z] 19:05:17 INFO - /home/worker/workspace/build/src/obj-firefox/ipc/ipdl/_ipdlheaders/mozilla/ipc/> PBackgroundParent.h:494:7: warning: Declaring type 'class mozilla::ipc::PBackgroundParent' final would enable devirtualization of 116 calls > [-Wsuggest-final-types] > > 113 [task 2017-05-19T19:04:57.371073Z] 19:04:57 INFO - /home/worker/workspace/build/src/obj-firefox/ipc/ipdl/_ipdlheaders/mozilla/jsipc/> PJavaScriptParent.h:58:7: warning: Declaring type 'class mozilla::jsipc::PJavaScriptParent' final would enable devirtualization of 113 calls > [-Wsuggest-final-types] > > 111 [task 2017-05-19T19:04:57.374151Z] 19:04:57 INFO - /home/worker/workspace/build/src/obj-firefox/ipc/ipdl/_ipdlheaders/mozilla/jsipc/> PJavaScriptChild.h:58:7: warning: Declaring type 'class mozilla::jsipc::PJavaScriptChild' final would enable devirtualization of 111 calls > [-Wsuggest-final-types] > > 108 [task 2017-05-19T19:04:55.746167Z] 19:04:55 INFO - /home/worker/workspace/build/src/obj-firefox/ipc/ipdl/_ipdlheaders/mozilla/net/> PNeckoChild.h:409:7: warning: Declaring type 'class mozilla::net::PNeckoChild' final would enable devirtualization of 108 calls [-Wsuggest-final-types] > > 102 [task 2017-05-19T19:04:55.746476Z] 19:04:55 INFO - /home/worker/workspace/build/src/obj-firefox/ipc/ipdl/_ipdlheaders/mozilla/net/> PNeckoParent.h:409:7: warning: Declaring type 'class mozilla::net::PNeckoParent' final would enable devirtualization of 102 calls [-Wsuggest-final-types] > > 100 [task 2017-05-19T19:05:39.814356Z] 19:05:39 INFO - /home/worker/workspace/build/src/obj-firefox/ipc/ipdl/_ipdlheaders/mozilla/layers/PCompositorBridgeChild.h:179:7: warning: Declaring type 'class mozilla::layers::PCompositorBridgeChild' final would enable devirtualization of 100 calls [-Wsuggest-final-types] These IPDL types look suspicious to me because they are meant to be overridden.

Comment hidden (obsolete)

Tom Ritter [:tjr]

Reporter

Comment 6

•

7 years ago

After discussions in SF, the path forward for this is to add -lto and rerun the analysis, and see if we can get the build to complete and give us data.

Tom Ritter [:tjr]

Reporter

Updated

•

7 years ago

Attachment #8869560 - Attachment is obsolete: true

Tom Ritter [:tjr]

Reporter

Comment 7

•

7 years ago

Attached file suggest-final-methods.log — Details

Tom Ritter [:tjr]

Reporter

Comment 8

•

7 years ago

Attached file suggest-final-types.log — Details

Tom Ritter [:tjr]

Reporter

Comment 9

•

7 years ago

Okay, I got a successfull LTO build, and extracted out these warnings. I've attached the raw output, and I'm going to paste some high-hit ones here that aren't in third party code: > 483 /dom/base/nsGlobalWindowInner.h:206:7: warning: Declaring type 'struct nsGlobalWindowInner' final would enable devirtualization of 483 calls > 143 /dom/base/nsGlobalWindowOuter.h:164:7: warning: Declaring type 'struct nsGlobalWindowOuter' final would enable devirtualization of 143 calls > 70 /netwerk/cache2/CacheFileIOManager.h:46:7: warning: Declaring type 'struct CacheFileHandle' final would enable devirtualization of 70 calls > 69 /netwerk/cache2/CacheFileIOManager.h:262:7: warning: Declaring type 'struct CacheFileIOManager' final would enable devirtualization of 69 calls > 603 /dom/promise/Promise.cpp:66:0: warning: Declaring method 'Release' final would enable devirtualization of 603 calls > 433 /media/webrtc/signaling/src/jsep/JsepSessionImpl.h:151:0: warning: Declaring method 'GetTransceivers' final would enable devirtualization of 433 calls > 379 /xpcom/threads/AbstractThread.cpp:197:1: warning: Declaring method 'Release' final would enable devirtualization of 379 calls > 249 /xpcom/threads/AbstractThread.cpp:197:1: warning: Declaring method 'Release' final would enable devirtualization of 249 calls > 207 /xpcom/threads/AbstractThread.cpp:197:1: warning: Declaring method 'AddRef' final would enable devirtualization of 207 calls > 189 /layout/base/nsPresContext.cpp:439:0: warning: Declaring method 'Release' final would enable devirtualization of 189 calls > 154 /dom/file/Blob.cpp:45:0: warning: Declaring method 'Release' final would enable devirtualization of 154 calls > 141 /obj-firefox/ipc/ipdl/PContentChild.cpp:4712:0: warning: Declaring method 'GetIPCChannel' final would enable devirtualization of 141 calls > 124 /xpcom/threads/AbstractThread.cpp:197:1: warning: Declaring method 'AddRef' final would enable devirtualization of 124 calls > 121 /dom/base/nsGlobalWindowInner.cpp:4487:0: warning: Declaring method 'GetExistingListenerManager' final would enable devirtualization of 121 calls > 118 /dom/base/nsGlobalWindowInner.cpp:4476:0: warning: Declaring method 'GetOrCreateListenerManager' final would enable devirtualization of 118 calls > 116 /dom/promise/Promise.cpp:65:0: warning: Declaring method 'AddRef' final would enable devirtualization of 116 calls > 102 /dom/media/MediaStreamTrack.cpp:199:0: warning: Declaring method 'Release' final would enable devirtualization of 102 calls > 100 /dom/media/MediaStreamTrack.cpp:199:0: warning: Declaring method 'Release' final would enable devirtualization of 100 calls > 95 /layout/base/nsPresContext.cpp:438:0: warning: Declaring method 'AddRef' final would enable devirtualization of 95 calls > 83 /image/imgRequestProxy.cpp:99:0: warning: Declaring method 'Release' final would enable devirtualization of 83 calls

Andrew McCreight [:mccr8]

Comment 10

•

7 years ago

smaug might be interested in looking at the list. There's a lot of DOM stuff in comment 9, and he hates virtual calls. :)

Tom Ritter [:tjr]

Reporter

Comment 11

•

7 years ago

I have a try run going for nsGlobalWindowInner/Outer here: https://treeherder.mozilla.org/#/jobs?repo=try&revision=48615cf2083ae24a28f7981cb2ec2de42abc3ae8

Andrew McCreight [:mccr8]

Comment 12

•

7 years ago

It looks like we may need new variants of the ISUPPORTS decl macros that have final in them. (I hadn't realized you could declare individual methods final, but it makes sense.)

Jan Hubicka

Comment 13

•

7 years ago

I am glad this warning seems useful. If you do LTO+PGO build you will get the warnings sorted by the actual number of executions of the devirtualized calls :)

Tom Ritter [:tjr]

Reporter

Updated

•

7 years ago

Blocks: 1443252

Andrew McCreight [:mccr8]

Updated

•

7 years ago

Attachment #8955498 - Attachment mime type: text/x-log → text/plain

Andrew McCreight [:mccr8]

Updated

•

7 years ago

Attachment #8955501 - Attachment mime type: text/x-log → text/plain

Alex Gaynor [:Alex_Gaynor]

Updated

•

7 years ago

Depends on: 1444175

Tom Ritter [:tjr]

Reporter

Updated

•

7 years ago

Depends on: 1444490

Tom Ritter [:tjr]

Reporter

Updated

•

7 years ago

Depends on: 1446509

Tom Ritter [:tjr]

Reporter

Updated

•

7 years ago

Blocks: 1449288

Eric Rahm [:erahm]

Updated

•

6 years ago

Whiteboard: [overhead:noted]

Jim Mathies [:jimm]

Updated

•

6 years ago

Priority: -- → P3

Gerald Squelart (he/him) (not at Mozilla since 2022-09-15)

Updated

•

6 years ago

Depends on: 1488684

June Wilde (she/her) [:jewilde]

Updated

•

6 years ago

Updated

•

2 years ago

Severity: normal → S3

sorted_output.txt 8 years ago Tom Ritter [:tjr] 3.61 MB, text/plain		Details
suggest-final-methods.log 7 years ago Tom Ritter [:tjr] 868.46 KB, text/plain		Details
suggest-final-types.log 7 years ago Tom Ritter [:tjr] 325.80 KB, text/plain		Details