Closed
Bug 413767
Opened 17 years ago
Closed 17 years ago
Make doGetObjectPrincipal() faster yet.
Categories
(Core :: Security: CAPS, defect, P1)
Core
Security: CAPS
Tracking
()
RESOLVED
FIXED
mozilla1.9beta3
People
(Reporter: jst, Assigned: jst)
References
Details
(Keywords: perf)
Attachments
(1 file)
|
8.58 KB,
patch
|
mrbkap
:
review+
brendan
:
superreview+
brendan
:
approval1.9+
|
Details | Diff | Splinter Review |
Now that the JS engine stores the JS class, parent, proto, and private (and a couple of other properties too) in pre-allocated slots (obj->fslots) it's ok to access them w/o any need to check whether we need to lock or what not. IOW, it's ok to access the values in the slots directly. Given that caps spends a good chunk of its time in getting at the JS class, private, and parent, it should use the fastest possible way to get to that info. Another nice benefit of this is that to access these slots, we don't need a JS context, which means we can drop the context argument to doGetObjectPrincipal(). See attached patch.
Flags: blocking1.9+
Attachment #298826 -
Flags: superreview?(brendan)
Attachment #298826 -
Flags: review?(mrbkap)
|
Assignee | |
Updated•17 years ago
|
Priority: -- → P1
|
||
Comment 1•17 years ago
|
||
How can we be sure that we're not going to end up racing with some random object whose private data gets set on a different thread?
|
||
Comment 2•17 years ago
|
||
Since when is caps threadsafe? But even so, there's no hazard on architectures we support, because word loads and stores are not split up into smaller atomic ops (cc'ing wtc to confirm). It's true that if we do support MT objects, two may race and there's no barrier to order their stores to obj->fslots[3] strongly -- but such objects need higher-order synchronization than JS object (scope) locking in any event, since even with such locking, races to update an MT object's private slot can happen. MT objects should not change privates, or if they do, you'll need a way to make sure racing readers don't get a pointer to the old private, and hang onto it after it is recycled or invalidated somehow. /be
|
|
||
Comment 3•17 years ago
|
||
Comment on attachment 298826 [details] [diff] [review] Use faster class/parent/private accessors. That's fair.
Attachment #298826 -
Flags: review?(mrbkap) → review+
|
|
||
Comment 4•17 years ago
|
||
Comment on attachment 298826 [details] [diff] [review] Use faster class/parent/private accessors. Comment how for the given native private types (JSFunction, nsIXPConnectWrappedNative, and nsISupports of a WN) the private pointer does not change over the lifetime of the JS object, so can't dangle, etc. Thanks, /be
Attachment #298826 -
Flags: superreview?(brendan)
Attachment #298826 -
Flags: superreview+
Attachment #298826 -
Flags: approval1.9+
|
||
Comment 5•17 years ago
|
||
(In reply to comment #2) > there's no hazard on architectures we support, because word > loads and stores are not split up into smaller atomic ops. I believe this is true if the word is aligned. But if you need to load the *current* value of a word, The PowerPC Architecture, Appendix E.1.1 says you need to use a pair of atomic instructions (lwarx + stwcx.). (The book calls this operation "fetch and no-op".) I guess if you don't care your loads must read the current values, you can use regular load instructions. (I don't fully understand this subject.)
|
||
Comment 6•17 years ago
|
||
So we going to take this?
|
|
Assignee | |
Comment 7•17 years ago
|
||
Yes, I'll land it as soon as I see green on tinderbox.
|
|
Assignee | |
Comment 8•17 years ago
|
||
Fix checked in.
Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
|
||
Updated•17 years ago
|
Flags: in-testsuite-
You need to log in
before you can comment on or make changes to this bug.
Description
•