Closed
Bug 1439466
Opened 6 years ago
Closed 6 years ago
Document mapping between tabs/iframes and compartments/zones
Categories
(Core :: JavaScript: GC, enhancement, P2)
Core
JavaScript: GC
Tracking
()
RESOLVED
FIXED
mozilla65
People
(Reporter: pbone, Assigned: jandem)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
Whenever I try to find out how Compartments and Zones map to browser concepts like tabs, documents and iframes I get answers like "soft of" and "it's complicated". I don't want to blame anyone, but since this _is_ complicated I would like for us to find this information out and document it clearly.
Comment 1•6 years ago
|
||
On IRC, smaug pointed to https://searchfox.org/mozilla-central/rev/47cb352984bac15c476dcd75f8360f902673cb98/dom/base/nsGlobalWindowOuter.cpp#1584 <smaug> tabs share the same zone, and tabgroups seem to share zone groups // Two browsing contexts are considered "related" if they are reachable from one // another through window.opener, window.parent, or window.frames. This is the // spec concept of a "unit of related browsing contexts" // // Two browsing contexts are considered "similar-origin" if they can be made to // have the same origin by setting document.domain. This is the spec concept of // a "unit of similar-origin related browsing contexts" // // A TabGroup is a set of browsing contexts which are all "related". Within a // TabGroup, browsing contexts are broken into "similar-origin" DocGroups. In // more detail, a DocGroup is actually a collection of documents, and a // TabGroup is a collection of DocGroups. A TabGroup typically will contain // (through its DocGroups) the documents from one or more tabs related by // window.opener. A DocGroup is a member of exactly one TabGroup. And then jandem pointed out that cooperative scheduling is getting ripped out. So we may not have zone groups for much longer?
Comment 2•6 years ago
|
||
Note that I am not implying that this is a complete answer. I guess it might be if you know what window.opener and friends are. But it's not enough for *me* to have a complete understanding.
Reporter | ||
Comment 3•6 years ago
|
||
Thank you, That is helpful, but doesn't answer my questions yet.
Comment 4•6 years ago
|
||
Jan knows things, and I can type "//" on many lines of text, so we might make a good team here
Flags: needinfo?(jdemooij)
Updated•6 years ago
|
Priority: -- → P1
Assignee | ||
Comment 5•6 years ago
|
||
So this is my current understanding, I don't know if the browser parts are 100% accurate. Let me know if anything is missing or unclear. Compartment/global ------------------ * Since compartment-per-global, a compartment is basically "data associated with some global object". Every compartment has one global object, every global object belongs to one compartment. * Compartments have important security properties. When compartment A wants to reference an object in compartment B, a wrapper (implemented as a proxy) is needed. There are different kinds of wrappers depending on how the compartments are related. For instance, same-origin wrappers will be transparent; different-origin wrappers may deny access to the wrapped object. * The wrapper mechanism also allows us to "nuke" compartments by transplanting the wrapper with a "dead object proxy". This is used to avoid chrome -> content leaks (cutting wrappers lets the GC collect the content compartment). * Each tab/frame/iframe in the browser has its own global object, so they must have their own compartment. Zone ---- * A zone is just a JS engine optimization (it's not a security boundary) to group compartments that have similar lifetimes. Gecko uses a separate zone for each tab - this is nice because when the user closes a tab, all resources associated with that zone can be freed/collected. There's also a system zone for chrome code. * GC arenas are allocated per zone. GC can collect a single zone (not a single compartment). * Some GC things (strings, shapes, etc) are shared between compartments within a Zone. * There are some special Zones: the atoms zone contains all atoms and symbols. The self-hosting zone/compartment contains self-hosted functions/scripts that can be lazily cloned into other compartments. Off-thread parsing uses its own zone/compartment that's later merged with the main-thread zone/compartment. ZoneGroup --------- * ZoneGroups were added for cooperative scheduling but cooperative scheduling is not actually used right now and will probably be removed (bug 1434211, bug 1435689). * A ZoneGroup contains zones that may reference each other. For instance, if window.open() is used, we may create a new zone for the new window, but because the two zones/windows can interact with each other they must belong to the same ZoneGroup. The system zone/ZoneGroup is special. JSRuntime --------- * A JSRuntime contains all (heap) state for a thread running JS. Every ZoneGroup/Zone belongs to a single runtime, except for the self-hosting zone and the set of permanent atoms (these are read-only and can be shared with the "parent runtime" to save memory). * In the browser, the main thread, each web worker, etc has its own runtime. JSContext --------- * There's one JSContext per thread. This includes threads running JS, but also helper threads (helper threads are shared by all JSRuntimes in the process). * With cooperative scheduling, there may be multiple contexts/threads per runtime that can execute JS (scheduled cooperatively). Once we remove cooperative scheduling, JSContext and JSRuntime will be related 1:1 again (except for the helper threads; they have a JSContext but are used by all runtimes in the process).
Flags: needinfo?(jdemooij)
Comment 6•6 years ago
|
||
Oh. We should have landed that comment and closed this. Jan, please update comment 5 and let's get it into an [SMDOC] comment, maybe at the point in jsapi.h just above JS_NewContext.
Flags: needinfo?(jdemooij)
Updated•6 years ago
|
status-firefox62:
--- → wontfix
Updated•6 years ago
|
Assignee | ||
Comment 7•6 years ago
|
||
Stealing this back :)
Flags: needinfo?(jorendorff) → needinfo?(jdemooij)
Assignee | ||
Comment 8•6 years ago
|
||
Assignee | ||
Updated•6 years ago
|
Assignee: nobody → jdemooij
Status: NEW → ASSIGNED
Flags: needinfo?(jdemooij)
Updated•6 years ago
|
Attachment #9024965 -
Attachment description: Bug 1439466 - Add a comment explaining realms, compartments, zones, contexts, runtimes. r?jorendorff → Bug 1439466 - Add a comment explaining realms, compartments, zones, contexts, runtimes. r?jorendorff DONTBUILD
Pushed by jandemooij@gmail.com: https://hg.mozilla.org/integration/autoland/rev/afe668c91201 Add a comment explaining realms, compartments, zones, contexts, runtimes. r=jorendorff DONTBUILD
Comment 10•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/afe668c91201
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
status-firefox65:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla65
Updated•5 years ago
|
status-firefox64:
--- → wontfix
You need to log in
before you can comment on or make changes to this bug.
Description
•