Bug 1442737: Use shared JSM global for compilation and privileged junk scopes. r=bholley

MozReview-Commit-ID: 3rLgxQVtc0X

--HG--
extra : rebase_source : 9486cd685b4db0f5f282a8cd362a05056064f32e
extra : intermediate-source : a1db50f691f000a0261a57d39da75675592ada9c
extra : source : 8477472996e06d06a21d8e602e4a92d0ec130ea3

dom/base/test/chrome/cpows_child.js

@@ -185,7 +185,7 @@ function compartment_test(finish)
     function ok(x, msg) { results.push({ result: x ? "PASS" : "FAIL", message: msg }) };
 
     let cpowLocation = Cu.getRealmLocation(obj);
-    ok(/Privileged Junk/.test(cpowLocation),
+    ok(/shared JSM global/.test(cpowLocation),
        "child->parent CPOWs should live in the privileged junk scope: " + cpowLocation);
     is(obj(), 42, "child->parent CPOW is invokable");
     try {

dom/base/test/chrome/cpows_parent.xul

@@ -302,7 +302,7 @@
          Cu.getGlobalForObject(unprivilegedObject),
          "all parent->child CPOWs should live in the same scope");
       let cpowLocation = Cu.getRealmLocation(getUnprivilegedObject);
-      ok(/Privileged Junk/.test(cpowLocation),
+      ok(/shared JSM global/.test(cpowLocation),
          "parent->child CPOWs should live in the privileged junk scope: " + cpowLocation);
 
       // Make sure that parent->child CPOWs point through a privileged scope in the child

js/xpconnect/loader/ScriptPreloader.cpp

@@ -6,7 +6,6 @@
 
 #include "ScriptPreloader-inl.h"
 #include "mozilla/ScriptPreloader.h"
-#include "mozJSComponentLoader.h"
 #include "mozilla/loader/ScriptCacheActors.h"
 
 #include "mozilla/URLPreloader.h"
@@ -465,7 +464,7 @@ ScriptPreloader::InitCache(const nsAString& basePath)
     // Grab the compilation scope before initializing the URLPreloader, since
     // it's not safe to run component loader code during its critical section.
     AutoSafeJSAPI jsapi;
-    JS::RootedObject scope(jsapi.cx(), CompilationScope(jsapi.cx()));
+    JS::RootedObject scope(jsapi.cx(), xpc::CompilationScope());
 
     // Note: Code on the main thread *must not access Omnijar in any way* until
     // this AutoBeginReading guard is destroyed.
@@ -977,12 +976,6 @@ ScriptPreloader::DoFinishOffThreadDecode()
     MaybeFinishOffThreadDecode();
 }
 
-JSObject*
-ScriptPreloader::CompilationScope(JSContext* cx)
-{
-    return mozJSComponentLoader::Get()->CompilationScope(cx);
-}
-
 void
 ScriptPreloader::MaybeFinishOffThreadDecode()
 {
@@ -1001,7 +994,7 @@ ScriptPreloader::MaybeFinishOffThreadDecode()
     AutoSafeJSAPI jsapi;
     JSContext* cx = jsapi.cx();
 
-    JSAutoRealm ar(cx, CompilationScope(cx));
+    JSAutoRealm ar(cx, xpc::CompilationScope());
     JS::Rooted<JS::ScriptVector> jsScripts(cx, JS::ScriptVector(cx));
 
     // If this fails, we still need to mark the scripts as finished. Any that
@@ -1071,7 +1064,7 @@ ScriptPreloader::DecodeNextBatch(size_t chunkSize, JS::HandleObject scope)
 
     AutoSafeJSAPI jsapi;
     JSContext* cx = jsapi.cx();
-    JSAutoRealm ar(cx, scope ? scope : CompilationScope(cx));
+    JSAutoRealm ar(cx, scope ? scope : xpc::CompilationScope());
 
     JS::CompileOptions options(cx);
     options.setNoScriptRval(true)

js/xpconnect/loader/ScriptPreloader.h

@@ -397,11 +397,6 @@ private:
     void MaybeFinishOffThreadDecode();
     void DoFinishOffThreadDecode();
 
-    // Returns the global scope object for off-thread compilation. When global
-    // sharing is enabled in the component loader, this should be the shared
-    // module global. Otherwise, it should be the XPConnect compilation scope.
-    JSObject* CompilationScope(JSContext* cx);
-
     size_t ShallowHeapSizeOfIncludingThis(mozilla::MallocSizeOf mallocSizeOf)
     {
         return (mallocSizeOf(this) + mScripts.ShallowSizeOfExcludingThis(mallocSizeOf) +

js/xpconnect/loader/mozJSComponentLoader.h

@@ -89,7 +89,7 @@ class mozJSComponentLoader final : public mozilla::ModuleLoader,
  protected:
     virtual ~mozJSComponentLoader();
 
-    friend class mozilla::ScriptPreloader;
+    friend class XPCJSRuntime;
 
     JSObject* CompilationScope(JSContext* aCx)
     {

js/xpconnect/src/XPCJSRuntime.cpp

@@ -515,13 +515,13 @@ UnprivilegedJunkScope()
 JSObject*
 PrivilegedJunkScope()
 {
-    return XPCJSRuntime::Get()->PrivilegedJunkScope();
+    return XPCJSRuntime::Get()->LoaderGlobal();
 }
 
 JSObject*
 CompilationScope()
 {
-    return XPCJSRuntime::Get()->CompilationScope();
+    return XPCJSRuntime::Get()->LoaderGlobal();
 }
 
 nsGlobalWindowInner*
@@ -2821,8 +2821,7 @@ void
 XPCJSRuntime::Initialize(JSContext* cx)
 {
     mUnprivilegedJunkScope.init(cx, nullptr);
-    mPrivilegedJunkScope.init(cx, nullptr);
-    mCompilationScope.init(cx, nullptr);
+    mLoaderGlobal.init(cx, nullptr);
 
     // these jsids filled in later when we have a JSContext to work with.
     mStrIDs[0] = JSID_VOID;
@@ -3072,24 +3071,6 @@ XPCJSRuntime::InitSingletonScopes()
     rv = CreateSandboxObject(cx, &v, nullptr, unprivilegedJunkScopeOptions);
     MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
     mUnprivilegedJunkScope = js::UncheckedUnwrap(&v.toObject());
-
-    // Create the Privileged Junk Scope.
-    SandboxOptions privilegedJunkScopeOptions;
-    privilegedJunkScopeOptions.sandboxName.AssignLiteral("XPConnect Privileged Junk Compartment");
-    privilegedJunkScopeOptions.invisibleToDebugger = true;
-    privilegedJunkScopeOptions.wantComponents = false;
-    rv = CreateSandboxObject(cx, &v, nsXPConnect::SystemPrincipal(), privilegedJunkScopeOptions);
-    MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
-    mPrivilegedJunkScope = js::UncheckedUnwrap(&v.toObject());
-
-    // Create the Compilation Scope.
-    SandboxOptions compilationScopeOptions;
-    compilationScopeOptions.sandboxName.AssignLiteral("XPConnect Compilation Compartment");
-    compilationScopeOptions.invisibleToDebugger = true;
-    compilationScopeOptions.discardSource = ShouldDiscardSystemSource();
-    rv = CreateSandboxObject(cx, &v, /* principal = */ nullptr, compilationScopeOptions);
-    MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
-    mCompilationScope = js::UncheckedUnwrap(&v.toObject());
 }
 
 void
@@ -3100,10 +3081,20 @@ XPCJSRuntime::DeleteSingletonScopes()
     RefPtr<SandboxPrivate> sandbox = SandboxPrivate::GetPrivate(mUnprivilegedJunkScope);
     sandbox->ReleaseWrapper(sandbox);
     mUnprivilegedJunkScope = nullptr;
-    sandbox = SandboxPrivate::GetPrivate(mPrivilegedJunkScope);
-    sandbox->ReleaseWrapper(sandbox);
-    mPrivilegedJunkScope = nullptr;
-    sandbox = SandboxPrivate::GetPrivate(mCompilationScope);
-    sandbox->ReleaseWrapper(sandbox);
-    mCompilationScope = nullptr;
+    mLoaderGlobal = nullptr;
+}
+
+JSObject*
+XPCJSRuntime::LoaderGlobal()
+{
+    if (!mLoaderGlobal) {
+        RefPtr<mozJSComponentLoader> loader = mozJSComponentLoader::GetOrCreate();
+
+        dom::AutoJSAPI jsapi;
+        jsapi.Init();
+
+        mLoaderGlobal = loader->GetSharedGlobal(jsapi.cx());
+        MOZ_RELEASE_ASSERT(!JS_IsExceptionPending(jsapi.cx()));
+    }
+    return mLoaderGlobal;
 }

js/xpconnect/src/xpcprivate.h

@@ -575,8 +575,7 @@ public:
     size_t SizeOfIncludingThis(mozilla::MallocSizeOf mallocSizeOf);
 
     JSObject* UnprivilegedJunkScope() { return mUnprivilegedJunkScope; }
-    JSObject* PrivilegedJunkScope() { return mPrivilegedJunkScope; }
-    JSObject* CompilationScope() { return mCompilationScope; }
+    JSObject* LoaderGlobal();
 
     void InitSingletonScopes();
     void DeleteSingletonScopes();
@@ -611,8 +610,7 @@ private:
     JS::GCSliceCallback mPrevGCSliceCallback;
     JS::DoCycleCollectionCallback mPrevDoCycleCollectionCallback;
     JS::PersistentRootedObject mUnprivilegedJunkScope;
-    JS::PersistentRootedObject mPrivilegedJunkScope;
-    JS::PersistentRootedObject mCompilationScope;
+    JS::PersistentRootedObject mLoaderGlobal;
     RefPtr<AsyncFreeSnowWhite> mAsyncSnowWhiteFreer;
 
     friend class XPCJSContext;

js/xpconnect/src/xpcpublic.h

@@ -453,13 +453,16 @@ UnwrapReflectorToISupports(JSObject* reflector);
 JSObject*
 UnprivilegedJunkScope();
 
+/**
+ * This will generally be the shared JSM global, but callers should not depend
+ * on that fact.
+ */
 JSObject*
 PrivilegedJunkScope();
 
 /**
  * Shared compilation scope for XUL prototype documents and XBL
- * precompilation. This compartment has a null principal. No code may run, and
- * it is invisible to the debugger.
+ * precompilation.
  */
 JSObject*
 CompilationScope();