[Webkit-unassigned] [Bug 230602] [JSC] implement Shadow Realm

Mon Oct 11 03:11:21 PDT 2021

https://bugs.webkit.org/show_bug.cgi?id=230602

--- Comment #17 from Phillip Mates <pmates at igalia.com> ---
(In reply to Yusuke Suzuki from comment #16)
> Comment on attachment 439587 [details]
> Patch
> 
> 
> OK! For this patch itself, I think this is OK. But we cannot enable it
> immediately until we have a change making WebCore work with ShadowRealm & we
> would like to know how this ShadowRealm JSGlobalObject is handled in DOM
> side, e.g. incumbent window's lookup.

Sounds good, here is a ticket I created to look into that: https://bugs.webkit.org/show_bug.cgi?id=231506

> > Source/JavaScriptCore/bytecode/LinkTimeConstant.h:66
> > +    v(ShadowRealm, nullptr) \
> 
> Unnecessary.

When I remove this line I get the following error:

> /home/mates/igalia/WebKit/Source/JavaScriptCore/runtime/JSGlobalObject.cpp: In member function ‘void JSC::JSGlobalObject::init(JSC::VM&)’:
> /home/mates/igalia/WebKit/Source/JavaScriptCore/runtime/JSGlobalObject.cpp:1034:65: error: ‘ShadowRealm’ is not a member of ‘JSC::LinkTimeConstant’
> 1034 |     m_linkTimeConstants[static_cast<unsigned>(LinkTimeConstant::ShadowRealm)].set(vm, this, shadowRealmConstructor);

> > Source/JavaScriptCore/jsc.cpp:2064
> > +        Structure* structure = arg.structureOrNull(vm);
> > +        return JSValue::encode(structure->globalObject()->globalThis());
> 
> Do, `return JSValue::encode(asCell(arg)->globalObject(vm)->globalThis());`

I couldn't find a `globalObject` fn assocated with the `JSCell` class, so I did:

`return JSValue::encode(arg.asCell()->structure(vm)->globalObject()->globalThis());`

> > Source/JavaScriptCore/runtime/ArrayPrototype.cpp:108
> > +    JSC_BUILTIN_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->builtinNames().mapPrivateName(), arrayPrototypeMapCodeGenerator, static_cast<unsigned>(PropertyAttribute::DontEnum));
> 
> Let's remove this.

Without it I can't use `@map` in `ShadowRealmPrototype.js`. Is there another way to move forward on using a non-modifiable `map` implementation?

> > Source/JavaScriptCore/runtime/IndirectEvalExecutable.cpp:-60
> > -        throwVMError(globalObject, scope, error.toErrorObject(globalObject, executable->source()));
> 
> scope.release() is necessary here.

Thanks for the catch! I added a regression test to cover this.

> > Source/JavaScriptCore/runtime/OptionsList.h:543
> > +    v(Bool, useShadowRealm, false, Normal, "Expose the ShadowRealm object.") \
> 
> Yup. I think we cannot enable this for now since WebCore has a lot of code,
> which is assuming that, if it is JSGlobalObject, it is JSDOMGlobalObject.
> (for example, incumbentDOMWindow is traversing JSGlobalObjects in the
> callstack, and it assumes that these ones are JSDOMWindow. But this is not
> true after this patch).
> So, to enable that, we also need the WebCore side change.
Oh, interesting; I'll look into it, thanks for the heads up!

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20211011/26224bfb/attachment.htm>