Create DebuggerObject method that checks if given function is (safe) DOM attribute getter
Categories
(Core :: JavaScript Engine, task, P3)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox115 | --- | fixed |
People
(Reporter: arai, Assigned: arai)
References
Details
Attachments
(1 file)
Currently DevTools uses 2 ways to check is given getter function is safe to call:
- allowlist (gSideEffectFreeNatives map in eval-with-debugger.js)
- non-script (isSafeGetter in DevToolsUtils.js)
the allowlist way is stricter and more controllable, but current implementation has some problems:
- the allowlist needs to be converted into a map for each global
- there are ~3000 DOM getters and if we want to cover most of them, it's not memory-efficient
- cannot be applied to Worker, because it uses sandbox
- the actual comparison is done for native function pointer and jit info pointer. and the function object is not necessary
the non-script way is simply wrong and needs to be replaced (see bug 1806598)
possible solution for the above is to add ChromeUtils method that takes a function object and checks if it's DOM getter, or safe DOM getter.
if it's not performance-critical, the comparison can be done without any runtime allocation.
and if it's performance-critical, the comparison can be done with singleton map from getter name to function info.
my plan is:
- for each DOM binding, register the list of getters to singleton list
- (optional) when the
ChromeUtilsmethod is first called, generate a map - when the
ChromeUtilsmethod is called, look up the getter name in the list or map, and check if the function pointer and jit info matches
Prefable attributes don't need to be filtered, because the list is used only for checking existence.
|
Assignee | |
Comment 1•2 years ago
|
||
about "(safe)" part, there are 2 requirements:
- the consumers wants to see if the getter is side-effect-free
- annotating all getters with "side-effect-free or not" is hard to maintain, unless it's done by the spec itself
then, about "side-effect-free", in the context of devtools, the consumers are the following:
- eager evaluation
- object preview
and some minor side effect may be acceptable, such as, flushing the pending style calculation, etc.
in that case, we could make the new ChromeUtils method dedicate for the purpose, and just check if given getter is DOM getter.
that way we can filter out random unknown native getters, while keeping the eager evaluation and object preview keep working as expected.
|
|
Assignee | |
Comment 2•2 years ago
|
||
other possible implementation is to add dedicate bit to JSJitInfo.
that way we don't need map.
|
|
Assignee | |
Comment 3•2 years ago
|
||
(In reply to Tooru Fujisawa [:arai] from comment #2)
other possible implementation is to add dedicate bit to
JSJitInfo.
that way we don't need map.
We can cheat here.
given JSJitInfo is used only by DOM, and whether it's getter or not can be checked by JSJitInfo::OpType::Getter.
We can add ChromeUtils.isGetterWithJSJitInfo and use it in devtools.
|
|
Assignee | |
Comment 4•2 years ago
|
||
|
|
Assignee | |
Updated•2 years ago
|
|
||
Updated•2 years ago
|
|
||
Comment 6•2 years ago
|
||
| bugherder | ||
Description
•