The default bug view has changed. See this FAQ.

7% Tdhtml regression on June 5

RESOLVED FIXED in mozilla1.8.1beta1

Status

()

Core
DOM
P2
normal
RESOLVED FIXED
11 years ago
11 years ago

People

(Reporter: bz, Assigned: mrbkap)

Tracking

({fixed1.8.0.5, fixed1.8.1, regression})

Trunk
mozilla1.8.1beta1
x86
Linux
fixed1.8.0.5, fixed1.8.1, regression
Points:
---
Bug Flags:
blocking1.8.1 +
blocking1.8.0.5 +

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

Graph:  http://build-graphs.mozilla.org/graph/query.cgi?testname=dhtml&tbox=luna.mozilla.org&autoscale=1&days=7&avg=1&showpoint=2006:06:05:16:01:23,1595

Checkin range: http://tinderbox.mozilla.org/bonsai/cvsquery.cgi?module=MozillaTinderboxAll&date=explicit&mindate=1149540900&maxdate=1149546299

If I were a betting man, I'd bet on bug 339918.  With that change, once we have a single toplevel script access on a window (before any accesses from functions), all following accesses on that window will do security checks, as far as I can tell.
Flags: blocking1.9a1?
Keywords: regression
(Assignee)

Comment 1

11 years ago
Created attachment 224604 [details] [diff] [review]
Potential fix

This patch attempts to undo some of the damage by not really caching the value if we were unable to find a function object on the stack (so we'll do the security checks for top level scripts, but only cache the result when we actually found a function object). This might still ding perf on scripts who only access window or document properties from top level scripts, but I'm hoping it will save Tdhtml setInterval functions, etc.
Assignee: general → mrbkap
Status: NEW → ASSIGNED
Attachment #224604 - Flags: superreview?(bzbarsky)
Attachment #224604 - Flags: review?(bzbarsky)
(Assignee)

Updated

11 years ago
Priority: -- → P2
Target Milestone: --- → mozilla1.9alpha
Attachment #224604 - Flags: superreview?(bzbarsky)
Attachment #224604 - Flags: superreview+
Attachment #224604 - Flags: review?(bzbarsky)
Attachment #224604 - Flags: review+
(Assignee)

Comment 2

11 years ago
I checked the potential fix into the trunk. All tinderboxes running Tdhtml except for argo and argo-vm showed drops back to pre-bug 339918 numbers. I'm marking this bug as fixed, though I cannot explain argo's reaction.
Status: ASSIGNED → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → FIXED
(Assignee)

Comment 3

11 years ago
Nominating to match bug 339918.
Flags: blocking1.8.1?
Flags: blocking1.8.0.6?
(Assignee)

Comment 4

11 years ago
Comment on attachment 224604 [details] [diff] [review]
Potential fix

This is a companion patch for bug 339918.
Attachment #224604 - Flags: approval1.8.1?
Attachment #224604 - Flags: approval1.8.0.6?
Flags: blocking1.8.0.5?

Updated

11 years ago
Attachment #224604 - Flags: approval1.8.1? → approval1.8.1+

Updated

11 years ago
Flags: blocking1.8.1? → blocking1.8.1+
Target Milestone: mozilla1.9alpha → mozilla1.8.1beta1
(Assignee)

Comment 5

11 years ago
Fix checked into the 1.8 branch.
Keywords: fixed1.8.1
Flags: blocking1.8.0.6?
Flags: blocking1.8.0.5?
Flags: blocking1.8.0.5+
Comment on attachment 224604 [details] [diff] [review]
Potential fix

approved for 1.8.0 branch, a=dveditz for drivers
Attachment #224604 - Flags: approval1.8.0.6? → approval1.8.0.5+
(Assignee)

Comment 7

11 years ago
Fix checked into the 1.8.0 branch.
Keywords: fixed1.8.0.5
Flags: blocking1.9a1?
You need to log in before you can comment on or make changes to this bug.