Closed Bug 1527822 Opened 5 years ago Closed 5 years ago

Consider inlining cross-realm native calls in IonBuilder

Categories

(Core :: JavaScript Engine: JIT, enhancement, P1)

Product:
Core
Component:
JavaScript Engine: JIT
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla67
Tracking Flags:
Tracking Status
firefox67 --- fixed

People

(Reporter: jandem, Assigned: jandem)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Bug 1527822 - Allow inlining some cross-realm native calls in IonBuilder. r?anba!
47 bytes, text/x-phabricator-request
Details | Review

We don't inline cross-realm scripted/native calls in IonBuilder, but there are many natives we could easily inline cross-realm (the obvious ones are the typedArray.length getter, Math functions, etc).

Note to self: the realm check in IonBuilder::createThis is also a bit too pessimistic, many of the cases there are perfectly fine with a cross-realm function.

Flags: needinfo?(jdemooij)

As a start we should probably add the "abort if cross-realm" check to the inlining code for each native function, instead of checking it globally, and then we can incrementally remove the checks from the safe ones.

(In reply to Jan de Mooij [:jandem] from comment #2)

As a start we should probably add the "abort if cross-realm" check to the inlining code for each native function, instead of checking it globally, and then we can incrementally remove the checks from the safe ones.

This isn't trivial because there's no reliable way to get the target realm from the callInfo passed to all the IonBuilder::inlineFoo methods. One option is to add a |Realm* targetRealm| argument to all of them. That might be nice anyway to remind people of the cross-realm case.

This will be pretty tedious to do but we should just get it over with now that we're fixing cross-realm issues.

This adds the basic infrastructure and uses it for some Math natives and the
Array constructor.

(In reply to Jan de Mooij [:jandem] from comment #3)

This isn't trivial because there's no reliable way to get the target realm from the callInfo passed to all the IonBuilder::inlineFoo methods. One option is to add a |Realm* targetRealm| argument to all of them. That might be nice anyway to remind people of the cross-realm case.

I ended up implementing a less verbose option: I added a CanInlineCrossRealm function that's just a big switch-stament returning false for most natives. It's even more explicit and makes it easy to incrementally whitelist things in the future.

Flags: needinfo?(jdemooij)
status-firefox67: --- → affected
Priority: -- → P1
Assignee: nobody → jdemooij
Status: NEW → ASSIGNED
Pushed by jdemooij@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/deb3594da5b1
Allow inlining some cross-realm native calls in IonBuilder. r=anba
Blocks: 1534214

https://hg.mozilla.org/mozilla-central/rev/deb3594da5b1

Status: ASSIGNED → RESOLVED
Closed: 5 years ago
status-firefox67: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla67
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: