Bug 1588231. Remove special-cased QI-for-DOM-objects handling in CPOW…

…s, since no one uses it outside of one test. r=peterv

Differential Revision: https://phabricator.services.mozilla.com/D49025

dom/base/test/chrome/cpows_parent.xul

@@ -228,11 +228,11 @@
       // Test to ensure that we don't pass CPOWs to C++-implemented interfaces.
       // See bug 1072980.
       if (test_state == "remote") {
-        // This doesn't work because we intercept toString and QueryInterface specially
+        // This doesn't work because we intercept toString specially
         // and don't cache the function pointer.
         // See bug 1140636.
         todo_is(savedElement.toString, savedElement.toString, "toString identity works");
-        todo_is(savedElement.QueryInterface, savedElement.QueryInterface, "toString identity works");
+        is(savedElement.QueryInterface, savedElement.QueryInterface, "QueryInterface identity works");
 
         is(Object.prototype.toString.call(savedElement), "[object HTMLDivElement]",
            "prove that this works (and doesn't leak)");

js/ipc/WrapperOwner.cpp

@@ -28,7 +28,6 @@ struct AuxCPOWData {
   ObjectId id;
   bool isCallable;
   bool isConstructor;
-  bool isDOMObject;
 
   // The object tag is just some auxilliary information that clients can use
   // however they see fit.
@@ -38,11 +37,10 @@ struct AuxCPOWData {
   nsCString className;
 
   AuxCPOWData(ObjectId id, bool isCallable, bool isConstructor,
-              bool isDOMObject, const nsACString& objectTag)
+              const nsACString& objectTag)
       : id(id),
         isCallable(isCallable),
         isConstructor(isConstructor),
-        isDOMObject(isDOMObject),
         objectTag(objectTag) {}
 };
 
@@ -312,17 +310,6 @@ bool CPOWProxyHandler::get(JSContext* cx, HandleObject proxy,
   FORWARD(get, (cx, proxy, receiver, id, vp), false);
 }
 
-static bool CPOWDOMQI(JSContext* cx, unsigned argc, Value* vp) {
-  CallArgs args = CallArgsFromVp(argc, vp);
-  if (!args.thisv().isObject() || !IsCPOW(&args.thisv().toObject())) {
-    JS_ReportErrorASCII(cx, "bad this object passed to special QI");
-    return false;
-  }
-
-  RootedObject proxy(cx, &args.thisv().toObject());
-  FORWARD(DOMQI, (cx, proxy, args), false);
-}
-
 static bool CPOWToString(JSContext* cx, unsigned argc, Value* vp) {
   CallArgs args = CallArgsFromVp(argc, vp);
   RootedObject callee(cx, &args.callee());
@@ -379,41 +366,6 @@ bool WrapperOwner::toString(JSContext* cx, HandleObject cpow,
   return true;
 }
 
-bool WrapperOwner::DOMQI(JSContext* cx, JS::HandleObject proxy,
-                         JS::CallArgs& args) {
-  // Someone's calling us, handle nsISupports specially to avoid unnecessary
-  // CPOW traffic.
-  if (Maybe<nsID> id = xpc::JSValue2ID(cx, args[0])) {
-    if (id->Equals(NS_GET_IID(nsISupports))) {
-      args.rval().set(args.thisv());
-      return true;
-    }
-
-    // Webidl-implemented DOM objects never have nsIClassInfo.
-    if (id->Equals(NS_GET_IID(nsIClassInfo))) {
-      return Throw(cx, NS_ERROR_NO_INTERFACE);
-    }
-  }
-
-  // It wasn't nsISupports, call into the other process to do the QI for us
-  // (since we don't know what other interfaces our object supports). Note
-  // that we have to use JS_GetPropertyDescriptor here to avoid infinite
-  // recursion back into CPOWDOMQI via WrapperOwner::get().
-  // We could stash the actual QI function on our own function object to avoid
-  // if we're called multiple times, but since we're transient, there's no
-  // point right now.
-  JS::Rooted<PropertyDescriptor> propDesc(cx);
-  if (!JS_GetPropertyDescriptor(cx, proxy, "QueryInterface", &propDesc)) {
-    return false;
-  }
-
-  if (!propDesc.value().isObject()) {
-    MOZ_ASSERT_UNREACHABLE("We didn't get QueryInterface off a node");
-    return Throw(cx, NS_ERROR_UNEXPECTED);
-  }
-  return JS_CallFunctionValue(cx, proxy, propDesc.value(), args, args.rval());
-}
-
 bool WrapperOwner::get(JSContext* cx, HandleObject proxy, HandleValue receiver,
                        HandleId id, MutableHandleValue vp) {
   ObjectId objId = idOf(proxy);
@@ -428,21 +380,6 @@ bool WrapperOwner::get(JSContext* cx, HandleObject proxy, HandleValue receiver,
     return false;
   }
 
-  AuxCPOWData* data = AuxCPOWDataOf(proxy);
-  if (data->isDOMObject && idVar.type() == JSIDVariant::TnsString &&
-      idVar.get_nsString().EqualsLiteral("QueryInterface")) {
-    // Handle QueryInterface on DOM Objects specially since we can assume
-    // certain things about their implementation.
-    RootedFunction qi(cx,
-                      JS_NewFunction(cx, CPOWDOMQI, 1, 0, "QueryInterface"));
-    if (!qi) {
-      return false;
-    }
-
-    vp.set(ObjectValue(*JS_GetFunctionObject(qi)));
-    return true;
-  }
-
   JSVariant val;
   ReturnStatus status;
   if (!SendGet(objId, receiverVar, idVar, &status, &val)) {
@@ -1146,9 +1083,8 @@ JSObject* WrapperOwner::fromRemoteObjectVariant(JSContext* cx,
     // Incref once we know the decref will be called.
     incref();
 
-    AuxCPOWData* aux =
-        new AuxCPOWData(objId, objVar.isCallable(), objVar.isConstructor(),
-                        objVar.isDOMObject(), objVar.objectTag());
+    AuxCPOWData* aux = new AuxCPOWData(
+        objId, objVar.isCallable(), objVar.isConstructor(), objVar.objectTag());
 
     SetProxyReservedSlot(obj, 0, PrivateValue(this));
     SetProxyReservedSlot(obj, 1, PrivateValue(aux));

js/ipc/WrapperOwner.h

@@ -67,7 +67,6 @@ class WrapperOwner : public virtual JavaScriptShared {
   nsresult instanceOf(JSObject* obj, const nsID* id, bool* bp);
 
   bool toString(JSContext* cx, JS::HandleObject callee, JS::CallArgs& args);
-  bool DOMQI(JSContext* cx, JS::HandleObject callee, JS::CallArgs& args);
 
   /*
    * Check that |obj| is a DOM wrapper whose prototype chain contains