Graph: http://build-graphs.mozilla.org/graph/query.cgi?testname=dhtml&tbox=luna.mozilla.org&autoscale=1&days=7&avg=1&showpoint=2006:06:05:16:01:23,1595 Checkin range: http://tinderbox.mozilla.org/bonsai/cvsquery.cgi?module=MozillaTinderboxAll&date=explicit&mindate=1149540900&maxdate=1149546299 If I were a betting man, I'd bet on bug 339918. With that change, once we have a single toplevel script access on a window (before any accesses from functions), all following accesses on that window will do security checks, as far as I can tell.
Created attachment 224604 [details] [diff] [review] Potential fix This patch attempts to undo some of the damage by not really caching the value if we were unable to find a function object on the stack (so we'll do the security checks for top level scripts, but only cache the result when we actually found a function object). This might still ding perf on scripts who only access window or document properties from top level scripts, but I'm hoping it will save Tdhtml setInterval functions, etc.
I checked the potential fix into the trunk. All tinderboxes running Tdhtml except for argo and argo-vm showed drops back to pre-bug 339918 numbers. I'm marking this bug as fixed, though I cannot explain argo's reaction.
Nominating to match bug 339918.
Comment on attachment 224604 [details] [diff] [review] Potential fix This is a companion patch for bug 339918.
Fix checked into the 1.8 branch.
Comment on attachment 224604 [details] [diff] [review] Potential fix approved for 1.8.0 branch, a=dveditz for drivers
Fix checked into the 1.8.0 branch.