Bug 1548625 part 2. Get rid of some ExposeObjectToActiveJS calls in DOM code. r=mccr8,jonco

The call in VRFrameData::LazyCreateMatrix is not needed because aRetval.set(aArray) ends up calling into Heap::get() which does a read barrier and exposes. The call in nsXULPrototypeScript::Compile is not needed because initializing the AutoJSAPI will guarantee that the global of the Realm it enters, which is what we're examining here, will be exposed. The call in Promise's CreateNativeHandlerFunction is not needed because the object being passed in was always just-created into a stack Rooted. The call in MIDIMessageEvent::GetData is not needed because it's always working with a just-created object. Also, mData is a Heap, so there will be a read barrier anyway before anyone gets at the value. The call in PrototypeDocumentContentSink::ExecuteScript is not needed because the AutoEntryScript will guarantee that the global of the Realm it enters is exposed. And the JSAutoRealm is not needed either, because we're in that Realm already. Differential Revision: https://phabricator.services.mozilla.com/D29720 --HG-- extra : moz-landing-system : lando
2025-02-25 03:49:42 +00:00 · 2019-05-03 10:09:11 +00:00 · 2019-05-03 10:09:11 +00:00 · 6430c24e0a
commit 6430c24e0a
parent 6f29e8d383
6 changed files with 11 additions and 12 deletions
--- a/dom/midi/MIDIMessageEvent.cpp
+++ b/dom/midi/MIDIMessageEvent.cpp
@ -99,7 +99,6 @@ void MIDIMessageEvent::GetData(JSContext* cx,
      return;
    }
    mRawData.Clear();
-    JS::ExposeObjectToActiveJS(mData);
  }
  aData.set(mData);
 }
--- a/dom/promise/Promise.cpp
+++ b/dom/promise/Promise.cpp
@ -359,7 +359,7 @@ static JSObject* CreateNativeHandlerFunction(JSContext* aCx,

  JS::Rooted<JSObject*> obj(aCx, JS_GetFunctionObject(func));

-  JS::ExposeObjectToActiveJS(aHolder);
+  JS::AssertObjectIsNotGray(aHolder);
  js::SetFunctionNativeReserved(obj, SLOT_NATIVEHANDLER,
                                JS::ObjectValue(*aHolder));
  js::SetFunctionNativeReserved(obj, SLOT_NATIVEHANDLER_TASK,
--- a/dom/prototype/PrototypeDocumentContentSink.cpp
+++ b/dom/prototype/PrototypeDocumentContentSink.cpp
@ -987,9 +987,6 @@ nsresult PrototypeDocumentContentSink::ExecuteScript(
  JS::Rooted<JSObject*> global(cx, JS::CurrentGlobalOrNull(cx));
  NS_ENSURE_TRUE(xpc::Scriptability::Get(global).Allowed(), NS_OK);

-  JS::ExposeObjectToActiveJS(global);
-  JSAutoRealm ar(cx, global);
-
  // The script is in the compilation scope. Clone it into the target scope
  // and execute it. On failure, ~AutoScriptEntry will handle exceptions, so
  // there is no need to manually check the return value.
--- a/dom/script/ScriptSettings.h
+++ b/dom/script/ScriptSettings.h
@ -214,6 +214,9 @@ class MOZ_STACK_CLASS AutoJSAPI : protected ScriptSettingsStackEntry {
  // If aGlobalObject represents a web-visible global, errors reported by this
  // AutoJSAPI as it comes off the stack will fire the relevant error events and
  // show up in the corresponding web console.
+  //
+  // Successfully initializing the AutoJSAPI will ensure that it enters the
+  // Realm of aGlobalObject's JSObject and exposes that JSObject to active JS.
  MOZ_MUST_USE bool Init(nsIGlobalObject* aGlobalObject);

  // This is a helper that grabs the native global associated with aObject and
@ -231,7 +234,7 @@ class MOZ_STACK_CLASS AutoJSAPI : protected ScriptSettingsStackEntry {
  // show up in the corresponding web console.
  MOZ_MUST_USE bool Init(nsIGlobalObject* aGlobalObject, JSContext* aCx);

-  // Convenience functions to take an nsPIDOMWindow* or nsGlobalWindow*,
+  // Convenience functions to take an nsPIDOMWindowInner or nsGlobalWindowInner,
  // when it is more easily available than an nsIGlobalObject.
  MOZ_MUST_USE bool Init(nsPIDOMWindowInner* aWindow);
  MOZ_MUST_USE bool Init(nsPIDOMWindowInner* aWindow, JSContext* aCx);
@ -310,15 +313,21 @@ class MOZ_STACK_CLASS AutoJSAPI : protected ScriptSettingsStackEntry {
 * |aReason| should be a statically-allocated C string naming the reason we're
 * invoking JavaScript code: "setTimeout", "event", and so on. The devtools use
 * these strings to label JS execution in timeline and profiling displays.
+ *
 */
 class MOZ_STACK_CLASS AutoEntryScript : public AutoJSAPI {
 public:
+  // Constructing the AutoEntryScript will ensure that it enters the
+  // Realm of aGlobalObject's JSObject and exposes that JSObject to active JS.
  AutoEntryScript(nsIGlobalObject* aGlobalObject, const char* aReason,
                  bool aIsMainThread = NS_IsMainThread());

  // aObject can be any object from the relevant global. It must not be a
  // cross-compartment wrapper because CCWs are not associated with a single
  // global.
+  //
+  // Constructing the AutoEntryScript will ensure that it enters the
+  // Realm of aObject JSObject and exposes aObject's global to active JS.
  AutoEntryScript(JSObject* aObject, const char* aReason,
                  bool aIsMainThread = NS_IsMainThread());

--- a/dom/vr/VRDisplay.cpp
+++ b/dom/vr/VRDisplay.cpp
@ -730,9 +730,6 @@ void VRFrameData::LazyCreateMatrix(JS::Heap<JSObject*>& aArray,
      return;
    }
  }
-  if (aArray) {
-    JS::ExposeObjectToActiveJS(aArray);
-  }
  aRetval.set(aArray);
 }

--- a/dom/xul/nsXULElement.cpp
+++ b/dom/xul/nsXULElement.cpp
@ -2136,9 +2136,6 @@ nsresult nsXULPrototypeScript::Compile(
  // source from the files on demand.
  options.setSourceIsLazy(mOutOfLine);
  JS::Rooted<JSObject*> scope(cx, JS::CurrentGlobalOrNull(cx));
-  if (scope) {
-    JS::ExposeObjectToActiveJS(scope);
-  }

  if (aOffThreadReceiver && JS::CanCompileOffThread(cx, options, aTextLength)) {
    if (!JS::CompileOffThread(cx, options, srcBuf,