Closed Bug 1815381 Opened 2 years ago Closed 2 years ago

Support DOM eager evaluation allowlist in worker

Categories

(DevTools :: Console, defect)

Product:
DevTools
Component:
Console
Type:
defect

Tracking

(firefox-esr102 unaffected, firefox113 wontfix, firefox114 wontfix, firefox115 fixed)

Status:
RESOLVED FIXED
Milestone:
115 Branch
Tracking Flags:
Tracking Status
firefox-esr102 --- unaffected
firefox113 --- wontfix
firefox114 --- wontfix
firefox115 --- fixed

People

(Reporter: arai, Assigned: arai)

References

(Blocks 1 open bug, Regression)

Details

(Keywords: regression)

Attachments

(4 files)

Bug 1815381 - Part 1: Use DebuggerObject.prototype.isNativeGetterWithJitInfo in eager evaluation. r?nchevobbe!
48 bytes, text/x-phabricator-request
Details | Review
Bug 1815381 - Part 2: Revert workaround for WorkerLocation.prototype.href getter. r?nchevobbe!
48 bytes, text/x-phabricator-request
Details | Review
Bug 1815381 - Part 3: Remove DOM getters from explicit allowlist. r?nchevobbe!
48 bytes, text/x-phabricator-request
Details | Review
Bug 1815381 - Part 4: Add tests with random native getters. r?nchevobbe!
48 bytes, text/x-phabricator-request
Details | Review

In bug 1806598, we're going to apply eager evaluation allowlist also to getter calls, instead of treating all getter calls side-effect-free.

Then, we don't support DOM allowlist in worker because we generate the allowlist from sandbox, which is not available on worker thread.
which means all DOM getters are blocked in eager evaluation.

There was one testcase which relied on the DOM getters in worker:

https://searchfox.org/mozilla-central/rev/188d0f76a73e0671d12e744a71e9f5701668cc37/devtools/client/webconsole/test/browser/browser_console_evaluation_context_selector.js#110,126-128

setInputValue(hud, "globalThis.location.href");
...
await waitFor(() =>
  evaluationContextSelectorButton.innerText.includes(workerFile)
);

This requires adding WorkerGlobalScope and WorkerLocation getters into allowlist.
(For now, I'm going to modify the testcase not to rely on DOM getters in eager evaluation)

Then, in order to support eager-evaluation allowlist in worker, we need a way to generate the allowlist without creating sandbox.

Possible solution I can think of is to create ChromeUtils method that takes a function and checks if the function is side-effect-free.
That means, move the allowlist creation and check from devtools JS code to native ChromeUtils method.

ChromeUtlls is accessible also on worker thread, and comparing native function pointer and JSJitInfo pointer doesn't require creating objects.

Summary: Support eager evaluation allowlist in worker → Support DOM eager evaluation allowlist in worker
Depends on: 1826696

Thanks a lot arai for working on this. I have positive feedback on the whole patch stack, so feel free to put them in review so I can have a thorough look :)

Assignee: nobody → arai.unmht
Attachment #9327858 - Attachment description: WIP: Bug 1815381 - Part 1: Use DebuggerObject.prototype.isNativeGetterWithJitInfo in eager evaluation. r?nchevobbe! → Bug 1815381 - Part 1: Use DebuggerObject.prototype.isNativeGetterWithJitInfo in eager evaluation. r?nchevobbe!
Status: NEW → ASSIGNED
Attachment #9327859 - Attachment description: WIP: Bug 1815381 - Part 2: Revert workaround for WorkerLocation.prototype.href getter. r?nchevobbe! → Bug 1815381 - Part 2: Revert workaround for WorkerLocation.prototype.href getter. r?nchevobbe!
Attachment #9327860 - Attachment description: WIP: Bug 1815381 - Part 3: Remove DOM getters from explicit allowlist. r?nchevobbe! → Bug 1815381 - Part 3: Remove DOM getters from explicit allowlist. r?nchevobbe!
Attachment #9327861 - Attachment description: WIP: Bug 1815381 - Part 4: Add tests with random native getters. r?nchevobbe! → Bug 1815381 - Part 4: Add tests with random native getters. r?nchevobbe!

The current patch queue seems to fix both bug 1818180 and bug 1822662. Should we resolve them as duplicated bugs?

Blocks: 1831819
Blocks: 1831821
Pushed by arai_a@mac.com: https://hg.mozilla.org/integration/autoland/rev/37482f544447 Part 1: Use DebuggerObject.prototype.isNativeGetterWithJitInfo in eager evaluation. r=nchevobbe,devtools-reviewers,ochameau https://hg.mozilla.org/integration/autoland/rev/58a13013137a Part 2: Revert workaround for WorkerLocation.prototype.href getter. r=nchevobbe,devtools-reviewers,ochameau https://hg.mozilla.org/integration/autoland/rev/2dd3c94ff852 Part 3: Remove DOM getters from explicit allowlist. r=nchevobbe,devtools-reviewers,ochameau https://hg.mozilla.org/integration/autoland/rev/e69bb7d10d11 Part 4: Add tests with random native getters. r=nchevobbe,devtools-reviewers,ochameau
Duplicate of this bug: 1818180
Duplicate of this bug: 1822662

The following field has been copied from duplicate bugs:

Field Value Source
Regressed by bug 1806598 bug 1818180 and bug 1822662

For more information, please visit BugBot documentation.

Type: task → defect
Keywords: regression
Regressed by: 1806598

Set release status flags based on info from the regressing bug 1806598

status-firefox113: --- → affected
status-firefox114: --- → affected
status-firefox-esr102: --- → unaffected

The patch landed in nightly and beta is affected.
:arai, is this bug important enough to require an uplift?

  • If yes, please nominate the patch for beta approval.
  • If no, please set status-firefox114 to wontfix.

For more information, please visit BugBot documentation.

Flags: needinfo?(arai.unmht)
status-firefox114: affectedwontfix
Flags: needinfo?(arai.unmht)
Regressed by: 1881359
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: