Closed Bug 808457 Opened 12 years ago Closed 12 years ago

Add more Components telemetry

Categories

(Core :: XPConnect, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla19

People

(Reporter: bholley, Assigned: bholley)

References

Details

Attachments

(1 file)

From the Telemetry added in bug 795275, we can see that around 20% of Aurora users encounter some kind of access to the Components object at some point during their session. This more than we'd hoped, but we don't yet have a great sense of how pervasive it is (one popular site or many small sites) or what kind of access it is. I don't have any great ideas of how to diagnose the former in a privacy-correct manner (any ideas Nathan?) but the latter is pretty easy. So let's do it.

Off the top of my head, I can imagine 3 major types of Components access:
1 - Just touching the object, possibly for browser detection
2 - Using Components.lookupMethod
3 - Accessing Components.interfaces. From this, they might be either grabbing interfaces constants (such as those for XHR), or actually QIing objects.

(3) is the thing we most want to forbid access to, so I'm hoping that the numbers don't skew too much towards it. Only one way to find out, though.
Er, totally wrong title. Boy I'm jetlagged.
Summary: Add more enablePrivilege telemetry → Add more Components telemetry
This uses a couple of little tricks to be efficient. We can deduce that an access
was to a given property by first checking if the access was allowed (which implies
that it was in our |allowed| list), and then checking just the first letter (which
avoids an ASCII string conversion).
Attachment #678305 - Flags: review?(mrbkap)
Comment on attachment 678305 [details] [diff] [review]
Add Telemetry for Components.lookupMethod and Components.interfaces. v1

Review of attachment 678305 [details] [diff] [review]:
-----------------------------------------------------------------

::: js/xpconnect/src/XPCComponents.cpp
@@ +4832,5 @@
>  {
>      static const char* allowed[] = { "isSuccessCode", "lookupMethod", nullptr };
>      *_retval = xpc_CheckAccessList(methodName, allowed);
> +    if (*_retval &&
> +        (methodName[0] == 'l') &&

Nit: here and below: extra parens here.
Attachment #678305 - Flags: review?(mrbkap) → review+
https://hg.mozilla.org/mozilla-central/rev/4891d463b2ac
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla19
Blocks: 693733, 429070
Looking at metrics now, I see 18.2% for Components.interfaces and 2.96% for Components.lookupMethod.
The unfortunate problem with the Telemetry here is that we don't know which websites are affected, and whether it's just a couple of popular websites (that many users visit), or an evenly-distributed long  tail. Moreover, we don't have a sense of how bad they'll break if Components goes away.

Johnny and I discussed this, and decided to try removing Components at the beginning of the next cycle, with the knowledge that we may have to back out if we hit serious compat issues.
Well, one approach is to make the browser crash if somebody uses one of these and then you can get the URLs from the crash reports. ;)

I actually have COMPONENTS_INTERFACES_ACCESSED_BY_CONTENT = 1, but I have no idea what from.
(In reply to Andrew McCreight [:mccr8] from comment #8)
> Well, one approach is to make the browser crash if somebody uses one of
> these and then you can get the URLs from the crash reports. ;)

That seems way more disruptive than just landing the change. ;-) Though I suppose we could make it pref-controlled?
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: