It's sort of annoying to add this API just for tests, but there's not another
great way to trigger a compartment-wide transplant with Xray waivers
(since setting document.domain doesn't recompute wrappers to/from chrome, and
Xray waivers will stop being accessible to content entirely in bug 742444).
We currently set this for system globals and anything whose parent
chain leads to a system global. Maybe this was relevant before, but
with CPG this is just equivalent to asking whether the object is in
a system compartment. And the only place where we _check_ this bit
is immediately after checking for a system compartment, in
WrapperFactory. So AFAICT this can go away entirely.
If we just naively use the thread manager to dispatch the event via SpecialPowers,
we cannot avoid the XPCWrappedJS for the runnable being in chrome scope (even if
we pass a content object, we make the call in chrome scope, so we pass a cross-
compartment wrapper). This means that the machinery in
nsXPCWrappedJSClass::CheckForException ends up calling the error reporter for the
SpecialPowers scope, which isn't what we want.
Messing around with the implementation of CheckForException is playing with fire.
So we work around this with an explicit Cu API. :-(
If we just naively use the thread manager to dispatch the event via SpecialPowers,
we cannot avoid the XPCWrappedJS for the runnable being in chrome scope (even if
we pass a content object, we make the call in chrome scope, so we pass a cross-
compartment wrapper). This means that the machinery in
nsXPCWrappedJSClass::CheckForException ends up calling the error reporter for the
SpecialPowers scope, which isn't what we want.
Messing around with the implementation of CheckForException is playing with fire.
So we work around this with an explicit Cu API. :-(
This part replaces the JSContext *cx argument in most GC-related API
with JSRuntime *rt. When possible, the patch removes the code to obtain
a temporary cx just to run the GC.
The patch also removes JS_DestroyContextMaybeGC. That function is not
used in FF code base and its implementation is broken. It requires that
the context has an entered compartment when it is destroyed, which in
turns implies a missing leave compartment call.
This part changes the signatures for various finalization API to take
not JSContext* but rather either JSFreeOp structure or its
library-private counterpart FreeOp. These structures wrap parameters
that are passed to the finalizers removing most of explicit dependencies
on JSContext in the finalization code.
Currently to serialize principals stored in JSScript we have a rather complex
schema. First there is the transcode callback that the embedding must provide
to transcode principals using XDR API. Second we use rather complex glue code
to implement that callback in terms of writing/reading nsIObjectOutputStream/
nsIObjectInputStream. This glue code is duplicated in 3 places. All this can
be avoided if we simply delegate transcoding of principals to the caller. In
addition, at least in the case of the cached startup scripts we do not even
need to transcode the principals as the the cached scripts always have the
system principal so we can skip all the transcode complexity there.
The patch implemnts this idea. In particular, the code in JS engine
responsible for transcoding of principals is replaced by the single API
function JS_XDRSetPrincipals that the embedding can use to set principals for
decoded scripts and functions. Then the startup cache uses this to set the
principals for the decoded script to the system principals. The other two
places in nsJSContext::Serialize and XBL_SerializeFunction that need to
serialize principals together with a function or script now uses common
utilities in nsXPConnect so the serialization complexity resides in the single
place.