Last Comment Bug 589015 - js_watch_set doesn't need that crazy dummy frame
: js_watch_set doesn't need that crazy dummy frame
Status: RESOLVED FIXED
fixed-in-tracemonkey
:
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: Trunk
: All All
: -- normal (vote)
: ---
Assigned To: Luke Wagner [:luke]
:
:
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2010-08-19 17:38 PDT by Luke Wagner [:luke]
Modified: 2010-08-23 15:00 PDT (History)
4 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
rm (6.53 KB, patch)
2010-08-19 17:38 PDT, Luke Wagner [:luke]
mrbkap: review+
Details | Diff | Splinter Review

Description Luke Wagner [:luke] 2010-08-19 17:38:59 PDT
Created attachment 467615 [details] [diff] [review]
rm

When there is both a watchpoint and setter on the same property, the result of the watchpoint is passed to the setter.  As Blake explained: back in the day, before the age of wrapperization, there was a potential security hole whereby, e.g., content watchpoints could inject content values into chrome setters.  That was the problem fixed by the dummy frame.  With wrappers, though, there should be no such mingling and thus this dummy frame is no longer necessary.  It's also a massive breaker of invariants I'd like to have for bug 539144.
Comment 1 Blake Kaplan (:mrbkap) 2010-08-19 17:45:48 PDT
Comment on attachment 467615 [details] [diff] [review]
rm

Woo-hoo!
Comment 2 Brendan Eich [:brendan] 2010-08-19 17:47:18 PDT
I managed to dis-remember this dis-gusting history. Kill this code with fire, salt the earth, drive it before you and hear the lamentation da wimmin!

/be
Comment 3 Luke Wagner [:luke] 2010-08-19 18:00:59 PDT
Indeed, that is best in life.

http://hg.mozilla.org/tracemonkey/rev/b22e82ce2364
Comment 4 Brendan Eich [:brendan] 2010-08-19 21:00:25 PDT
http://www.youtube.com/watch?v=OBGOQ7SsJrw

/be

Note You need to log in before you can comment on or make changes to this bug.