1466133 - Enter callee's realm when making scripted/native calls

Status: RESOLVED FIXED

(Core :: JavaScript Engine, enhancement, P3)

Description

[Jan de Mooij [:jandem]]

Things we need to do here:

* Update cx->realm_ before and after scripted/native calls (including getters/setters). The hardest part here is doing that in JIT code for calls where we don't know the target's realm statically.

* Ion should not inline cross-realm scripted/native functions.

* The exception handlers will have to restore cx->realm_.

* In debug builds we could assert cx->realm_ == script->realm_ in script prologues.

We should soon have a testing mechanism for this in the shell so then we can write tests for things we fix.

Comment 1

[Jan de Mooij [:jandem]]

Attachment: Part 1 - Use correct realm in ObjectGroupRealm::makeGroup

ObjectGroupRealm::makeGroup allocates a new ObjectGroup but it set group->realm to cx->realm() and that's incorrect if we're allocating a new group for an existing object (for instance because the original group is a lazy group or whatever).

This fixes some weird issues I saw when writing tests.

Comment 2

[Jan de Mooij [:jandem]]

Comment on attachment 8986849 [details] [diff] [review]
Part 1 - Use correct realm in ObjectGroupRealm::makeGroup

Oops, wrong bug.

Comment 3

[Jan de Mooij [:jandem]]

Note to self: also need to fix Wasm indirect/import calls.

Comment 4

[Jan de Mooij [:jandem]]

(In reply to Jan de Mooij [:jandem] from comment #3)
> Note to self: also need to fix Wasm indirect/import calls.

Also optimized DOM calls in Ion and call/construct class hook calls.