Closed Bug 1781061 Opened 2 years ago Closed 2 years ago

Emit JSOp::DebugCheckSelfHosted in more places

Tracking

()

Status:

RESOLVED FIXED

Milestone:

105 Branch

Tracking Flags:

Tracking

Status

firefox105

---

fixed

People

(Reporter: arai, Assigned: arai)

References

(Blocks 1 open bug)

Details

Attachments

(11 files)

Bug 1781061 - Part 0: Do not use Array.from in eager evaluation test. r?nchevobbe! 2 years ago Tooru Fujisawa [:arai] 48 bytes, text/x-phabricator-request		Details \| Review
Bug 1781061 - Part 1: Add missing callContentFunction in sort. r?jandem! 2 years ago Tooru Fujisawa [:arai] 48 bytes, text/x-phabricator-request		Details \| Review
Bug 1781061 - Part 2: Remove self-hosted module code handling. r?jandem! 2 years ago Tooru Fujisawa [:arai] 48 bytes, text/x-phabricator-request		Details \| Review
Bug 1781061 - Part 3: Add SelfHostedIter::{Allow,Deny} enum and use it in all functions that can call iteration related function. r?jandem! 2 years ago Tooru Fujisawa [:arai] 48 bytes, text/x-phabricator-request		Details \| Review
Bug 1781061 - Part 4: Cleanup stack comment and remove unused CallOrNewEmitter method. r?jandem! 2 years ago Tooru Fujisawa [:arai] 48 bytes, text/x-phabricator-request		Details \| Review
Bug 1781061 - Part 5: Disallow non-name callee in self-hosted JS. r?jandem! 2 years ago Tooru Fujisawa [:arai] 48 bytes, text/x-phabricator-request		Details \| Review
Bug 1781061 - Part 6: Add JSOp::CallContentIter. r?jandem! 2 years ago Tooru Fujisawa [:arai] 48 bytes, text/x-phabricator-request		Details \| Review
Bug 1781061 - Part 7: Use JSOp::CallContentIter instead of JSOp::CallIter in self-hosted JS. r?jandem! 2 years ago Tooru Fujisawa [:arai] 48 bytes, text/x-phabricator-request		Details \| Review
Bug 1781061 - Part 8: Emit JSOp::DebugCheckSelfHosted in all case. r?jandem! 2 years ago Tooru Fujisawa [:arai] 48 bytes, text/x-phabricator-request		Details \| Review
Bug 1781061 - Part 9: Add eager evaluation test for crafted iterable. r?nchevobbe! 2 years ago Tooru Fujisawa [:arai] 48 bytes, text/x-phabricator-request		Details \| Review
Bug 1781061 - Part 10: Add eager evaluation test for reused iterator. r?nchevobbe! 2 years ago Tooru Fujisawa [:arai] 48 bytes, text/x-phabricator-request		Details \| Review

Tooru Fujisawa [:arai]

Assignee

Description

•

2 years ago

Bug 1609432 will add callContentFunction and constructContentFunction to all callsites where the callee can be content functions.
That means, in all other cases, the callee must be self-hosted function or built-in.
We can add JSOp::DebugCheckSelfHosted to all calls except for the above 2, so that
onNativeCall and eager evaluation keeps working.

Nicolas B. Pierron [:nbp]

Updated

•

2 years ago

Blocks: sm-security

Severity: -- → N/A

Type: task → enhancement

Priority: -- → P1

Tooru Fujisawa [:arai]

Assignee

Comment 1

•

2 years ago

Attached file Bug 1781061 - Part 0: Do not use Array.from in eager evaluation test. r?nchevobbe! — Details

Array.from on an iterable object internally calls
%ArrayIteratorPrototype%.next, which is effectful.

The later patches will add more coverage inside for-of loop inside
self-hosted JS, and that will expose the call on obj[Symbol.iterator]().next,
which can be %ArrayIteratorPrototype%.next or any other function.

Tooru Fujisawa [:arai]

Assignee

Comment 2

•

2 years ago

Attached file Bug 1781061 - Part 1: Add missing callContentFunction in sort. r?jandem! — Details

Depends on D153153

Tooru Fujisawa [:arai]

Assignee

Comment 3

•

2 years ago

Attached file Bug 1781061 - Part 2: Remove self-hosted module code handling. r?jandem! — Details

Depends on D153154

Tooru Fujisawa [:arai]

Assignee

Comment 4

•

2 years ago

Attached file Bug 1781061 - Part 3: Add SelfHostedIter::{Allow,Deny} enum and use it in all functions that can call iteration related function. r?jandem! — Details

Depends on D153155

Tooru Fujisawa [:arai]

Assignee

Comment 5

•

2 years ago

Attached file Bug 1781061 - Part 4: Cleanup stack comment and remove unused CallOrNewEmitter method. r?jandem! — Details

Depends on D153156

Tooru Fujisawa [:arai]

Assignee

Comment 6

•

2 years ago

Attached file Bug 1781061 - Part 5: Disallow non-name callee in self-hosted JS. r?jandem! — Details

Depends on D153157

Tooru Fujisawa [:arai]

Assignee

Comment 7

•

2 years ago

Attached file Bug 1781061 - Part 6: Add JSOp::CallContentIter. r?jandem! — Details

Depends on D153158

Tooru Fujisawa [:arai]

Assignee

Comment 8

•

2 years ago

Attached file Bug 1781061 - Part 7: Use JSOp::CallContentIter instead of JSOp::CallIter in self-hosted JS. r?jandem! — Details

Depends on D153159

Tooru Fujisawa [:arai]

Assignee

Comment 9

•

2 years ago

Attached file Bug 1781061 - Part 8: Emit JSOp::DebugCheckSelfHosted in all case. r?jandem! — Details

Depends on D153160

Tooru Fujisawa [:arai]

Assignee

Comment 10

•

2 years ago

Attached file Bug 1781061 - Part 9: Add eager evaluation test for crafted iterable. r?nchevobbe! — Details

Depends on D153161

Tooru Fujisawa [:arai]

Assignee

Updated

•

2 years ago

Blocks: 1782677

Tooru Fujisawa [:arai]

Assignee

Comment 11

•

2 years ago

Attached file Bug 1781061 - Part 10: Add eager evaluation test for reused iterator. r?nchevobbe! — Details

Depends on D153162

Pulsebot

Comment 12

•

2 years ago

Pushed by arai_a@mac.com:
https://hg.mozilla.org/integration/autoland/rev/5a547dbb387b
Part 0: Do not use Array.from in eager evaluation test. r=nchevobbe
https://hg.mozilla.org/integration/autoland/rev/6dec44311fb1
Part 1: Add missing callContentFunction in sort. r=jandem
https://hg.mozilla.org/integration/autoland/rev/a7621b225cb3
Part 2: Remove self-hosted module code handling. r=jandem
https://hg.mozilla.org/integration/autoland/rev/52431c4b1588
Part 3: Add SelfHostedIter::{Allow,Deny} enum and use it in all functions that can call iteration related function. r=jandem
https://hg.mozilla.org/integration/autoland/rev/f0554d74eedb
Part 4: Cleanup stack comment and remove unused CallOrNewEmitter method. r=jandem
https://hg.mozilla.org/integration/autoland/rev/6f9dde36dbd8
Part 5: Disallow non-name callee in self-hosted JS. r=jandem
https://hg.mozilla.org/integration/autoland/rev/aa5f3bf898bc
Part 6: Add JSOp::CallContentIter. r=jandem
https://hg.mozilla.org/integration/autoland/rev/178d1de9debb
Part 7: Use JSOp::CallContentIter instead of JSOp::CallIter in self-hosted JS. r=jandem
https://hg.mozilla.org/integration/autoland/rev/7e49b9f5abc1
Part 8: Emit JSOp::DebugCheckSelfHosted in all case. r=jandem
https://hg.mozilla.org/integration/autoland/rev/c2480e13b36d
Part 9: Add eager evaluation test for crafted iterable. r=nchevobbe
https://hg.mozilla.org/integration/autoland/rev/19cb3c811aae
Part 10: Add eager evaluation test for reused iterator. r=nchevobbe

bszekely

Comment 13

•

2 years ago

bugherder

Status: ASSIGNED → RESOLVED

Closed: 2 years ago

status-firefox105: --- → fixed

Resolution: --- → FIXED

Target Milestone: --- → 105 Branch

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Emit JSOp::DebugCheckSelfHosted in more places

Categories

(Core :: JavaScript Engine, enhancement, P1)

Tracking

()

People

(Reporter: arai, Assigned: arai)

References

(Blocks 1 open bug)

Details

Crash Data

Security

(public)

User Story

Attachments

(11 files)

Description

Updated

Comment 1

Comment 2

Comment 3

Comment 4

Comment 5

Comment 6

Comment 7

Comment 8

Comment 9

Comment 10

Updated

Comment 11

Comment 12

Comment 13

Attachment

General

Description

File Name

Content Type