Labs/Jetpack/Binary Components

From MozillaWiki
< Labs‎ | Jetpack
Revision as of 01:46, 29 July 2009 by Avarma (talk | contribs) (→‎Membrane Objects: added docs for membrane.iteratorObject)
Jump to navigation Jump to search

nsJetpack

nsJetpack is a binary component used to provide services to Jetpack that aren't otherwise available to scripted chrome code in the Mozilla platform.

Accessing the Component

Because the goal of nsJetpack is to provide functionality to scripted code, and because much of its functionality is concerned with providing access to SpiderMonkey internals, the XPCOM interface for the component is rather trivial. To obtain the component, simply do: 

 var nsJetpack = Cc["@labs.mozilla.com/jetpackdi;1"]
                 .createInstance(Ci.nsIJetpack).get();

This will give you the nsJetpack native JavaScript object, which provides access to all the component's functionality.

Sample Code

Sample code for nsJetpack can be found in test-nsjetpack.js.

Flexible Membrane Functionality

nsJetpack contains functionality that exposes many SpiderMonkey C API calls to JavaScript, allowing chrome code to create custom membranes (aka wrappers) that allow trusted and untrusted code to interoperate.

Aside from security, however, this functionality can also be used to implement APIs that can't normally be implemented using the JavaScript language, such as the window.localStorage interface in HTML5.

The source code for this functionality is in wrapper.cpp.

Security Concerns

Note that the Flexible Membrane functionality is intended primarily for prototyping purposes; its use is discouraged in production code for two reasons:

  1. The membrane methods have a tendency to get called very frequently, and as a result, implementing them in JavaScript is likely to not be efficient.
  2. JavaScript is an inherently dynamic language, and it's very hard to predict what all the possible outcomes of JavaScript code for a membrane might be—especially when the membrane's script is in the same JSRuntime as the code it's trying to protect. Because of this, it's hard to code review a Flexible Membrane for security vulnerabilities.

Because of these concerns, it's advised that any flexible membranes be re-written in C++ before being reviewed for security and placed in production code. Before being re-written, however, a test suite should be created for the membrane to ensure that its new implementation has the same characteristics as the original.

Functions

nsJetpack.wrap(wrappee, membrane)

This function wraps wrappee with the Membrane membrane (meaning that membrane mediates all access to and from wrappee). The wrapped object is returned.

nsJetpack.unwrap(wrappedObject)

Removes the membrane from wrappedObject and returns the wrappee. If wrappedObject wasn't ever wrapped by nsJetpack.wrap(), this function returns null.

nsJetpack.getWrapper(wrappedObject)

Returns the membrane for the given wrappedObject. If wrappedObject wasn't ever wrapped by nsJetpack.wrap(), this function returns null.

Membrane Objects

A membrane object is a user-defined JavaScript object with any of the following optional methods defined:

membrane.call(wrappee, membrane, thisObj, args)

This is essentially a JavaScript version of JSClass.call; alternatively, it could be described as the analog of Python's __call__ magic method. thisObj is the object that the callee's this variable should be set to, and args is the array of arguments to be passed to the callee. This method should return whatever the return value of the callee is, or raise an exception.

membrane.construct(wrappee, membrane, thisObj, args)

This is essentially a JavaScript version of JSClass.construct. It's just like membrane.call(), only it's called when the call is preceded by the new operator.

membrane.convert(wrappee, membrane, type)

This is essentially a JavaScript version of JSClass.convert, and is called when SpiderMonkey needs to coerce wrappee to a different type. type is a string identifying the name of the desired type to coerce to, and can be anything ordinarily returned by JavaScript's typeof operator. The default implementation of this is to call wrappee.valueOf().

NOTE: Be very careful about implementing this function, as it can easily cause infinite recursion.

membrane.resolve(wrappee, membrane, name)

This is essentially a JavaScript version of JSClass.resolve. It's called when the property identified by name doesn't exist on wrappee. The membrane should either define name on wrappee and return wrappee, or—if name doesn't exist—it should return undefined.

membrane.enumerate(wrappee, membrane)

This is essentially a JavaScript version of JSClass.enumerate. It should return an iterator that iterates through all the property names in wrappee.

membrane.iteratorObject(wrappee, membrane, keysOnly)

This is essentially a JavaScript version of JSExtendedClass.iteratorObject. If keysOnly is true, it should return an iterator that iterates through all the property names in wrappee. Otherwise, it should return an iterator that yields key-value pairs (in an Array object).

membrane.getProperty(wrappee, membrane, name, defaultValue)

This is essentially a JavaScript version of JSClass.getProperty; alternatively, it could be described as the analog of Python's __getattr__ magic method. name is the name of the property being accessed, and defaultValue is the value that JavaScript would ordinarily return. This function should return the value of the property, which may be defaultValue or something different. Alternatively, the method may also throw an exception.

membrane.setProperty(wrappee, membrane, name, defaultValue)

This is essentially a JavaScript version of JSClass.setProperty; alternatively, it could be described as the analog of Python's __setattr__ magic method. name is the name of the property being accessed, and defaultValue is the value that JavaScript would ordinarily set the value of the property to. This function should return the value to set the property to, which may be defaultValue or something different. Alternatively, the method may also throw an exception.

membrane.addProperty(wrappee, membrane, name, defaultValue)

This is essentially a JavaScript version of JSClass.addProperty, and is called immediately after a new property has been added to wrappee. name is the name of the property being accessed, and defaultValue is the value that JavaScript would ordinarily set the initial value of the property to. This function should return the initial value to set the property to, which may be defaultValue or something different. Alternatively, the method may also throw an exception.

membrane.delProperty(wrappee, membrane, name)

This is essentially a JavaScript version of JSClass.delProperty; alternatively, it could be described as the analog of Python's __delattr__ magic method. name is the name of the property being deleted. This function should return true if the property can be deleted, and false if not.

Memory Profiling

nsJetpack contains functionality allowing chrome code to examine the JavaScript heap. The semantics of this are described at a high level in Atul's blog post entitled Fun with SpiderMonkey; please read this blog post before reading the rest of this section.

The source code for this functionality is in memory_profiler.cpp.

Functions

nsJetpack.profileMemory(code, filename, lineNumber, namedObjects)

This function launches a memory profiling JS runtime and executes code in it. The filename and lineNumber information is for error reporting purposes only.

namedObjects is an optional object whose properties, called "names", point to objects in the target JS runtime; these objects can be referred to by their names by certain functions in the memory profiling JS runtime.

If the final statement of code results in a string value, this value is copied and passed back as the result of this function. This allows code to perform some memory profiling activity and return the results back to the target JS runtime.

Memory Profiling Globals

Code running in the memory profiling JS runtime has access to the following global objects and functions.

ServerSocket()

This constructor creates a new blocking TCP/IP socket, or ServerSocket.

getGCRoots()

Returns an array of the numeric JavaScript object IDs of the target runtime that are garbage collection roots.

getObjectInfo(idOrName)

Returns a JSON-able object containing metadata for the object in the target runtime with the given numeric ID or string name. The object may contain any of the following keys:

id - The numeric ID of the object.
nativeClass - The name of the JSClass used by the object.
size - The size of the object, as reported by JS_GetObjectTotalSize().
parent - The object's __parent__ property (i.e., its global scope).
prototype - The object's __proto__ property.
wrappedObject - The object ID of the object that this object wraps.
outerObject - The object ID for this object's outer half, if it's the inner half of a split object.
innerObject - The object ID for this object's inner half, if it's the outer half of a split object.
children - An array of object IDs corresponding to all the objects that this object references. Note that these aren't really "children" in a hierarchical sense, but rather in a heap-tracing sense.
functionSize - If this object corresponds to a function, this is the value returned by JS_GetFunctionTotalSize() on the object.
scriptSize - If this object corresponds to a function, this is the value returned by JS_GetScriptTotalSize() on the object.
name - If this object corresponds to a function, this is the function's name.
filename - If this object corresponds to a function, this is the filename in which the function is defined.
lineStart - If this object corresponds to a function, this is the line at which the function's code begins.
lineEnd - If this object corresponds to a function, this is the line at which the function's code ends.

getNamedObjects()

Returns a JSON-able object containing a mapping of names to numeric object IDs; this is the "mirror" of the namedObjects parameter passed to nsJetpack.profileMemory() in the memory profiling runtime.

TODO: Document TCB functions.

ServerSocket Objects

ServerSocket.bind(ip, port)

Binds the socket to the given ip and port.

ServerSocket.listen()

Configures the socket for listening.

ServerSocket.accept()

Blocks until a connection is made on the socket and returns a new ServerSocket object representing the new connection.

ServerSocket.recv(size)

Receives up to size bytes of text from the connected client and returns it as a string. If the connection has been closed, null is returned instead.

ServerSocket.send(text)

Sends the given text to the connected client.

ServerSocket.close()

Closes the connection.

Miscellaneous Functions

The source code for this functionality is in tcb.cpp.

nsJetpack.functionInfo(func)

Returns a JSON-able object with the following properties:

filename - The filename in which func is defined.
lineNumber - The line number at which func is defined.

nsJetpack.seal(object, isDeep)

This is essentially a JavaScript version of JS_SealObject.

Note that according to the documentation for JS_SealObject and John Resig's post on Ecmascript 5, this actually appears to be more similar to ES5's Object.freeze() than it is to ES5's Object.seal().

Retrieved from "https://wiki.mozilla.org/index.php?title=Labs/Jetpack/Binary_Components&oldid=158337"