Closed Bug 1805199 Opened 2 years ago Closed 2 years ago

Support getters on the global in more cases

Categories

(Core :: JavaScript Engine: JIT, task, P1)

Product:
Core
Component:
JavaScript Engine: JIT
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
110 Branch
Tracking Flags:
Tracking Status
firefox110 --- fixed

People

(Reporter: jandem, Assigned: jandem)

References

(Blocks 2 open bugs)

Details

Attachments

(3 files)

Bug 1805199 part 1 - Pass getter kind to EmitCallGetterResultNoGuards. r?iain!
48 bytes, text/x-phabricator-request
Details | Review
Bug 1805199 part 2 - Support more getters on the global in CacheIR. r?iain!
48 bytes, text/x-phabricator-request
Details | Review
Bug 1805199 part 3 - Support more setters on the global in CacheIR. r?iain!
48 bytes, text/x-phabricator-request
Details | Review

We currently only support native getters that can take the Window instead of the WindowProxy as this. It's now pretty straight-forward to support passing the WindowProxy as receiver in CacheIR. This lets us support scripted getters, which should improve the demo in bug 1805045.

This way we don't have to recompute the kind by calling IsCacheableGetPropCall
a second time. We still assert the values match in debug builds.

Before this patch, we supported only native getters that can take the global object
as this argument (DOM getters) for GetProp on WindowProxy and GetGName.

This patch extends this to also support getters (native and scripted) that need
the WindowProxy if we have one.

Depends on D164540

Similar to the previous patch, but for setters.

The WindowProxy optimization for SetProp currently only supports data properties,
so there's only the set-name case we have to change.

Depends on D164541

Severity: -- → N/A
Priority: -- → P1
Blocks: 1805612
Pushed by jdemooij@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/4718eaf6f421 part 1 - Pass getter kind to EmitCallGetterResultNoGuards. r=iain https://hg.mozilla.org/integration/autoland/rev/91bd3ba3870f part 2 - Support more getters on the global in CacheIR. r=iain https://hg.mozilla.org/integration/autoland/rev/01e995a2bb73 part 3 - Support more setters on the global in CacheIR. r=iain

Backed out for causing multiple failures on GlobalObject.h

Flags: needinfo?(jdemooij)

(In reply to Cristian Tuns from comment #5)

Backed out for causing multiple failures on GlobalObject.h

The problem here was that the browser can sometimes call SetWindowProxy when the global already has a WindowProxy, failing the assertion I added. However in this case it's exactly the same window proxy JSObject* so we can just ignore it.

(In reply to Cristian Tuns from comment #6)

Also xpcshell failures: https://treeherder.mozilla.org/logviewer?job_id=399613944&repo=autoland

Hm this one doesn't seem obviously related to this bug, but I verified it's green on Try.

Flags: needinfo?(jdemooij)
Pushed by jdemooij@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/c2b32c470a1e part 1 - Pass getter kind to EmitCallGetterResultNoGuards. r=iain https://hg.mozilla.org/integration/autoland/rev/10ffcc14a7da part 2 - Support more getters on the global in CacheIR. r=iain https://hg.mozilla.org/integration/autoland/rev/f0aaba028dcd part 3 - Support more setters on the global in CacheIR. r=iain

https://hg.mozilla.org/mozilla-central/rev/c2b32c470a1e
https://hg.mozilla.org/mozilla-central/rev/10ffcc14a7da
https://hg.mozilla.org/mozilla-central/rev/f0aaba028dcd

Status: ASSIGNED → RESOLVED
Closed: 2 years ago
status-firefox110: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 110 Branch
Regressions: CVE-2024-3852
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: