SecureContext on attributes produces prototype mutations during realm creation

[esprehn]

ex. if we add [SecureContext] to something in the Element interface we need to insert the method on the Element.prototype during the realm creation. That seems unfortunate since it makes creating realms more expensive and changes the shape of the Element.prototype so any optimized code that knows offsets into the method table would then be invalid for either insecure or secure contexts.

I understand that in theory [Exposed] does work this way today, but we've not really used it much in the past on methods, only whole interfaces, which doesn't have the same issues.

It'd be nice to consider if we really must do this or if we can do something like security checks in the method invocations.

@mikewest @jeisinger

[mikewest]

I don't have strong opinions on this, but I agree that overall performance (and startup performance in particular) is something we need to consider. CCing folks at Mozilla participating in https://lists.w3.org/Archives/Public/public-script-coord/2016JanMar/0107.html: @heycam @bzbarsky @jwatt @annevk , as they're likely to have better informed opinions about the impact on Gecko and *Monkey.

[bzbarsky]

This is a non-issue for us, because: 1) We create prototype objects lazily anyway, and just evaluate the [SecureContext] state at that point and create the object with the right set of methods and 2) We don't share optimized code across Realms (for security reasons).

[mikewest]

@travisleithead: Can you look into the performance impact on Edge?

@rniwa: Could you help evaluate the impact on WebKit?

[mikewest]

https://lists.w3.org/Archives/Public/public-script-coord/2016JanMar/0104.html for context. :)

[travisleithead]

I suspect all browsers delay-load their prototype/constructor objects lazily because otherwise it would take quite an effort to spin-up a realm and prepare it for new script code. However, for cases like [SecureContext] we can know whether or not to emit the lazy creation handlers for the prototype/constructor objects, and can omit setting up the objects that won't need to be created. So, for Edge, this could actually result in a small performance improvement :-)

[mikewest]

@heycam landed this in WebIDL, and it looks like other browser vendors are happy with the behavior. How much don't you like it, @esprehn? :)

[mikewest]

Closing this out; it's what we're running with.