diff --git a/browser/locales/en-US/chrome/browser/browser.dtd b/browser/locales/en-US/chrome/browser/browser.dtd index 2bd2849baf2c..ff31d93413f7 100644 --- a/browser/locales/en-US/chrome/browser/browser.dtd +++ b/browser/locales/en-US/chrome/browser/browser.dtd @@ -792,7 +792,7 @@ you can use these alternative items. Otherwise, their values should be empty. - - + diff --git a/browser/themes/shared/customizableui/panelUI.inc.css b/browser/themes/shared/customizableui/panelUI.inc.css index 206b717783ed..7ce55bf7d960 100644 --- a/browser/themes/shared/customizableui/panelUI.inc.css +++ b/browser/themes/shared/customizableui/panelUI.inc.css @@ -609,7 +609,7 @@ toolbarbutton[constrain-size="true"][cui-areatype="menu-panel"] > .toolbarbutton text-align: center; text-shadow: none; max-width: 15em; - color: rgba(12, 12, 13, 0.5); + color: GrayText; } /* The boxes with "instructions" get extra top and bottom padding for space diff --git a/caps/ExpandedPrincipal.cpp b/caps/ExpandedPrincipal.cpp index 1825c768b767..9ff649b5c461 100644 --- a/caps/ExpandedPrincipal.cpp +++ b/caps/ExpandedPrincipal.cpp @@ -13,10 +13,12 @@ NS_IMPL_CLASSINFO(ExpandedPrincipal, nullptr, nsIClassInfo::MAIN_THREAD_ONLY, NS_EXPANDEDPRINCIPAL_CID) NS_IMPL_QUERY_INTERFACE_CI(ExpandedPrincipal, nsIPrincipal, - nsIExpandedPrincipal) + nsIExpandedPrincipal, + nsISerializable) NS_IMPL_CI_INTERFACE_GETTER(ExpandedPrincipal, nsIPrincipal, - nsIExpandedPrincipal) + nsIExpandedPrincipal, + nsISerializable) struct OriginComparator { @@ -54,6 +56,11 @@ ExpandedPrincipal::ExpandedPrincipal(nsTArray> &aWhiteLis } } +ExpandedPrincipal::ExpandedPrincipal() + : BasePrincipal(eExpandedPrincipal) +{ +} + ExpandedPrincipal::~ExpandedPrincipal() { } @@ -234,14 +241,71 @@ ExpandedPrincipal::GetScriptLocation(nsACString& aStr) // Methods implementing nsISerializable // ////////////////////////////////////////// +// We've had way too many issues with unversioned serializations, so +// explicitly version this one. +static const uint32_t kSerializationVersion = 1; + NS_IMETHODIMP ExpandedPrincipal::Read(nsIObjectInputStream* aStream) { - return NS_ERROR_NOT_IMPLEMENTED; + uint32_t version; + nsresult rv = aStream->Read32(&version); + if (version != kSerializationVersion) { + MOZ_ASSERT(false, + "We really need to add handling of the old(?) version here"); + return NS_ERROR_UNEXPECTED; + } + + uint32_t count; + rv = aStream->Read32(&count); + if (NS_FAILED(rv)) { + return rv; + } + + if (!mPrincipals.SetCapacity(count, fallible)) { + return NS_ERROR_OUT_OF_MEMORY; + } + + OriginComparator c; + for (uint32_t i = 0; i < count; ++i) { + nsCOMPtr read; + rv = aStream->ReadObject(true, getter_AddRefs(read)); + if (NS_FAILED(rv)) { + return rv; + } + + nsCOMPtr principal = do_QueryInterface(read); + if (!principal) { + return NS_ERROR_UNEXPECTED; + } + + // Play it safe and InsertElementSorted, in case the sort order + // changed for some bizarre reason. + mPrincipals.InsertElementSorted(Move(principal), c); + } + + return NS_OK; } NS_IMETHODIMP ExpandedPrincipal::Write(nsIObjectOutputStream* aStream) { - return NS_ERROR_NOT_IMPLEMENTED; + nsresult rv = aStream->Write32(kSerializationVersion); + if (NS_FAILED(rv)) { + return rv; + } + + rv = aStream->Write32(mPrincipals.Length()); + if (NS_FAILED(rv)) { + return rv; + } + + for (auto& principal : mPrincipals) { + rv = aStream->WriteObject(principal, true); + if (NS_FAILED(rv)) { + return rv; + } + } + + return NS_OK; } diff --git a/caps/ExpandedPrincipal.h b/caps/ExpandedPrincipal.h index dbabab6aefb4..c8fa0c8d46ec 100644 --- a/caps/ExpandedPrincipal.h +++ b/caps/ExpandedPrincipal.h @@ -22,6 +22,10 @@ public: static PrincipalKind Kind() { return eExpandedPrincipal; } + // For use from the XPCOM factory constructor only. Do not ever use this + // constructor by hand! + ExpandedPrincipal(); + NS_DECL_NSIEXPANDEDPRINCIPAL NS_DECL_NSISERIALIZABLE diff --git a/js/public/UbiNodeCensus.h b/js/public/UbiNodeCensus.h index 8c79908864b4..dcc6d376d044 100644 --- a/js/public/UbiNodeCensus.h +++ b/js/public/UbiNodeCensus.h @@ -199,9 +199,8 @@ struct Census { // is an element of the set. If the targetZones set is empty, then nodes in // all zones are considered. JS::ZoneSet targetZones; - Zone* atomsZone; - explicit Census(JSContext* cx) : cx(cx), atomsZone(nullptr) { } + explicit Census(JSContext* cx) : cx(cx) { } MOZ_MUST_USE JS_PUBLIC_API(bool) init(); }; diff --git a/js/src/builtin/Array.cpp b/js/src/builtin/Array.cpp index fff57aaf057b..98fb372e834b 100644 --- a/js/src/builtin/Array.cpp +++ b/js/src/builtin/Array.cpp @@ -670,7 +670,7 @@ MaybeInIteration(HandleObject obj, JSContext* cx) * the iterated object itself. */ - if (MOZ_LIKELY(!cx->compartment()->objectMaybeInIteration(obj))) + if (MOZ_LIKELY(!ObjectRealm::get(obj).objectMaybeInIteration(obj))) return false; ObjectGroup* group = JSObject::getGroup(cx, obj); diff --git a/js/src/builtin/Eval.cpp b/js/src/builtin/Eval.cpp index e657b9b89f47..db173426ef62 100644 --- a/js/src/builtin/Eval.cpp +++ b/js/src/builtin/Eval.cpp @@ -489,9 +489,10 @@ js::NewJSMEnvironment(JSContext* cx) if (!varEnv) return nullptr; - // Force LexicalEnvironmentObject to be created - MOZ_ASSERT(!cx->compartment()->getNonSyntacticLexicalEnvironment(varEnv)); - if (!cx->compartment()->getOrCreateNonSyntacticLexicalEnvironment(cx, varEnv)) + // Force LexicalEnvironmentObject to be created. + ObjectRealm& realm = ObjectRealm::get(varEnv); + MOZ_ASSERT(!realm.getNonSyntacticLexicalEnvironment(varEnv)); + if (!realm.getOrCreateNonSyntacticLexicalEnvironment(cx, varEnv)) return nullptr; return varEnv; @@ -509,7 +510,7 @@ js::ExecuteInJSMEnvironment(JSContext* cx, HandleScript scriptArg, HandleObject AutoObjectVector& targetObj) { assertSameCompartment(cx, varEnv); - MOZ_ASSERT(cx->compartment()->getNonSyntacticLexicalEnvironment(varEnv)); + MOZ_ASSERT(ObjectRealm::get(varEnv).getNonSyntacticLexicalEnvironment(varEnv)); MOZ_DIAGNOSTIC_ASSERT(scriptArg->noScriptRval()); RootedObject env(cx, JS_ExtensibleLexicalEnvironment(varEnv)); @@ -538,7 +539,7 @@ js::ExecuteInJSMEnvironment(JSContext* cx, HandleScript scriptArg, HandleObject return false; // Create an extensible LexicalEnvironmentObject for target object - env = cx->compartment()->getOrCreateNonSyntacticLexicalEnvironment(cx, env); + env = ObjectRealm::get(env).getOrCreateNonSyntacticLexicalEnvironment(cx, env); if (!env) return false; } diff --git a/js/src/builtin/TestingFunctions.cpp b/js/src/builtin/TestingFunctions.cpp index 41a062c6952d..0408d0ca38e9 100644 --- a/js/src/builtin/TestingFunctions.cpp +++ b/js/src/builtin/TestingFunctions.cpp @@ -5212,7 +5212,7 @@ BaselineCompile(JSContext* cx, unsigned argc, Value* vp) returnedStr = "can't compile"; break; } - if (!cx->compartment()->ensureJitCompartmentExists(cx)) + if (!cx->realm()->ensureJitRealmExists(cx)) return false; jit::MethodStatus status = jit::BaselineCompile(cx, script, forceDebug); diff --git a/js/src/builtin/TypedObject.cpp b/js/src/builtin/TypedObject.cpp index 051c1ccb82c7..05fe28ca42d2 100644 --- a/js/src/builtin/TypedObject.cpp +++ b/js/src/builtin/TypedObject.cpp @@ -1349,7 +1349,7 @@ bool TypedObject::isAttached() const { if (is()) { - ObjectWeakMap* table = compartment()->lazyArrayBuffers.get(); + ObjectWeakMap* table = ObjectRealm::get(this).lazyArrayBuffers.get(); if (table) { JSObject* buffer = table->lookup(this); if (buffer) @@ -2143,15 +2143,16 @@ InlineTypedObject::obj_moved(JSObject* dst, JSObject* src) ArrayBufferObject* InlineTransparentTypedObject::getOrCreateBuffer(JSContext* cx) { - if (!cx->compartment()->lazyArrayBuffers) { + ObjectRealm& realm = ObjectRealm::get(this); + if (!realm.lazyArrayBuffers) { auto table = cx->make_unique(cx); if (!table || !table->init()) return nullptr; - cx->compartment()->lazyArrayBuffers = Move(table); + realm.lazyArrayBuffers = Move(table); } - ObjectWeakMap* table = cx->compartment()->lazyArrayBuffers.get(); + ObjectWeakMap* table = realm.lazyArrayBuffers.get(); JSObject* obj = table->lookup(this); if (obj) diff --git a/js/src/gc/Allocator.cpp b/js/src/gc/Allocator.cpp index b68d749e9ba9..b9a936c06637 100644 --- a/js/src/gc/Allocator.cpp +++ b/js/src/gc/Allocator.cpp @@ -9,7 +9,7 @@ #include "gc/GCInternals.h" #include "gc/GCTrace.h" #include "gc/Nursery.h" -#include "jit/JitCompartment.h" +#include "jit/JitRealm.h" #include "threading/CpuCount.h" #include "vm/JSContext.h" #include "vm/Runtime.h" diff --git a/js/src/gc/GC.cpp b/js/src/gc/GC.cpp index aa253b51a713..b4343a9362e5 100644 --- a/js/src/gc/GC.cpp +++ b/js/src/gc/GC.cpp @@ -2578,8 +2578,8 @@ GCRuntime::sweepZoneAfterCompacting(Zone* zone) r->sweepGlobalObject(); r->sweepSelfHostingScriptSource(); r->sweepDebugEnvironments(); - r->sweepJitCompartment(); - r->sweepNativeIterators(); + r->sweepJitRealm(); + r->sweepObjectRealm(); r->sweepTemplateObjects(); } } @@ -5431,7 +5431,7 @@ SweepMisc(GCParallelTask* task) r->sweepTemplateObjects(); r->sweepSavedStacks(); r->sweepSelfHostingScriptSource(); - r->sweepNativeIterators(); + r->sweepObjectRealm(); r->sweepRegExps(); } } @@ -5552,8 +5552,8 @@ GCRuntime::sweepJitDataOnMainThread(FreeOp* fop) js::CancelOffThreadIonCompile(rt, JS::Zone::Sweep); } - for (SweepGroupCompartmentsIter c(rt); !c.done(); c.next()) - c->sweepJitCompartment(); + for (SweepGroupRealmsIter r(rt); !r.done(); r.next()) + r->sweepJitRealm(); for (SweepGroupZonesIter zone(rt); !zone.done(); zone.next()) { if (jit::JitZone* jitZone = zone->jitZone()) diff --git a/js/src/gc/Nursery.cpp b/js/src/gc/Nursery.cpp index f122fa6700c5..ccc79c06ebd4 100644 --- a/js/src/gc/Nursery.cpp +++ b/js/src/gc/Nursery.cpp @@ -782,10 +782,10 @@ js::Nursery::collect(JS::gcreason::Reason reason) zone->setPreservingCode(false); zone->discardJitCode(rt->defaultFreeOp()); zone->setPreservingCode(preserving); - for (CompartmentsInZoneIter c(zone); !c.done(); c.next()) { - if (jit::JitCompartment* jitComp = c->jitCompartment()) { - jitComp->discardStubs(); - jitComp->stringsCanBeInNursery = false; + for (RealmsInZoneIter r(zone); !r.done(); r.next()) { + if (jit::JitRealm* jitRealm = r->jitRealm()) { + jitRealm->discardStubs(); + jitRealm->stringsCanBeInNursery = false; } } zone->allocNurseryStrings = false; diff --git a/js/src/gc/Zone.cpp b/js/src/gc/Zone.cpp index d46821f5a396..93ef4926da08 100644 --- a/js/src/gc/Zone.cpp +++ b/js/src/gc/Zone.cpp @@ -11,7 +11,7 @@ #include "gc/PublicIterators.h" #include "jit/BaselineJIT.h" #include "jit/Ion.h" -#include "jit/JitCompartment.h" +#include "jit/JitRealm.h" #include "vm/Debugger.h" #include "vm/Runtime.h" diff --git a/js/src/gc/Zone.h b/js/src/gc/Zone.h index 25e36370d21a..d6fdfcf857b7 100644 --- a/js/src/gc/Zone.h +++ b/js/src/gc/Zone.h @@ -698,6 +698,13 @@ struct Zone : public JS::shadow::Zone, return p; } + // Non-zero if the storage underlying any typed object in this zone might + // be detached. This is stored in Zone because IC stubs bake in a pointer + // to this field and Baseline IC code is shared across realms within a + // Zone. Furthermore, it's not entirely clear if this flag is ever set to + // a non-zero value since bug 1458011. + uint32_t detachedTypedObjects = 0; + private: js::ZoneData jitZone_; diff --git a/js/src/irregexp/NativeRegExpMacroAssembler.cpp b/js/src/irregexp/NativeRegExpMacroAssembler.cpp index 0d900669cc84..775f723f32b9 100644 --- a/js/src/irregexp/NativeRegExpMacroAssembler.cpp +++ b/js/src/irregexp/NativeRegExpMacroAssembler.cpp @@ -107,7 +107,7 @@ NativeRegExpMacroAssembler::NativeRegExpMacroAssembler(JSContext* cx, LifoAlloc* RegExpCode NativeRegExpMacroAssembler::GenerateCode(JSContext* cx, bool match_only) { - if (!cx->compartment()->ensureJitCompartmentExists(cx)) + if (!cx->realm()->ensureJitRealmExists(cx)) return RegExpCode(); JitSpew(SPEW_PREFIX "GenerateCode"); diff --git a/js/src/jit/Bailouts.cpp b/js/src/jit/Bailouts.cpp index dc2c80e40127..e0630399c02a 100644 --- a/js/src/jit/Bailouts.cpp +++ b/js/src/jit/Bailouts.cpp @@ -10,7 +10,7 @@ #include "jit/BaselineJIT.h" #include "jit/Ion.h" -#include "jit/JitCompartment.h" +#include "jit/JitRealm.h" #include "jit/JitSpewer.h" #include "jit/Snapshots.h" #include "vm/JSContext.h" diff --git a/js/src/jit/BaselineBailouts.cpp b/js/src/jit/BaselineBailouts.cpp index d739b18d1346..201cf0115f65 100644 --- a/js/src/jit/BaselineBailouts.cpp +++ b/js/src/jit/BaselineBailouts.cpp @@ -469,18 +469,18 @@ IsInlinableFallback(ICFallbackStub* icEntry) static inline void* GetStubReturnAddress(JSContext* cx, jsbytecode* pc) { - JitCompartment* jitComp = cx->compartment()->jitCompartment(); + JitRealm* jitRealm = cx->realm()->jitRealm(); if (IsGetPropPC(pc)) - return jitComp->bailoutReturnAddr(BailoutReturnStub::GetProp); + return jitRealm->bailoutReturnAddr(BailoutReturnStub::GetProp); if (IsSetPropPC(pc)) - return jitComp->bailoutReturnAddr(BailoutReturnStub::SetProp); + return jitRealm->bailoutReturnAddr(BailoutReturnStub::SetProp); // This should be a call op of some kind, now. MOZ_ASSERT(IsCallPC(pc) && !IsSpreadCallPC(pc)); if (IsConstructorCallPC(pc)) - return jitComp->bailoutReturnAddr(BailoutReturnStub::New); - return jitComp->bailoutReturnAddr(BailoutReturnStub::Call); + return jitRealm->bailoutReturnAddr(BailoutReturnStub::New); + return jitRealm->bailoutReturnAddr(BailoutReturnStub::Call); } static inline jsbytecode* diff --git a/js/src/jit/BaselineIC.cpp b/js/src/jit/BaselineIC.cpp index c22fd47fa48c..e9ad0fc2565c 100644 --- a/js/src/jit/BaselineIC.cpp +++ b/js/src/jit/BaselineIC.cpp @@ -1646,7 +1646,7 @@ ICSetProp_Fallback::Compiler::postGenerateStubCode(MacroAssembler& masm, Handle< { BailoutReturnStub kind = BailoutReturnStub::SetProp; void* address = code->raw() + bailoutReturnOffset_.offset(); - cx->compartment()->jitCompartment()->initBailoutReturnAddr(address, getKey(), kind); + cx->realm()->jitRealm()->initBailoutReturnAddr(address, getKey(), kind); } // @@ -1798,7 +1798,7 @@ GetTemplateObjectForSimd(JSContext* cx, JSFunction* target, MutableHandleObject // Create a template object based on retType. RootedGlobalObject global(cx, cx->global()); Rooted descr(cx, GlobalObject::getOrCreateSimdTypeDescr(cx, global, retType)); - res.set(cx->compartment()->jitCompartment()->getSimdTemplateObjectFor(cx, descr)); + res.set(cx->realm()->jitRealm()->getSimdTemplateObjectFor(cx, descr)); return true; } @@ -1903,7 +1903,7 @@ GetTemplateObjectForClassHook(JSContext* cx, JSNative hook, CallArgs& args, if (hook == SimdTypeDescr::call && JitSupportsSimd()) { Rooted descr(cx, &args.callee().as()); - templateObject.set(cx->compartment()->jitCompartment()->getSimdTemplateObjectFor(cx, descr)); + templateObject.set(cx->realm()->jitRealm()->getSimdTemplateObjectFor(cx, descr)); return !!templateObject; } @@ -2880,7 +2880,7 @@ ICCall_Fallback::Compiler::postGenerateStubCode(MacroAssembler& masm, Handleraw() + bailoutReturnOffset_.offset(); BailoutReturnStub kind = isConstructing_ ? BailoutReturnStub::New : BailoutReturnStub::Call; - cx->compartment()->jitCompartment()->initBailoutReturnAddr(address, getKey(), kind); + cx->realm()->jitRealm()->initBailoutReturnAddr(address, getKey(), kind); } typedef bool (*CreateThisFn)(JSContext* cx, HandleObject callee, HandleObject newTarget, diff --git a/js/src/jit/BaselineJIT.cpp b/js/src/jit/BaselineJIT.cpp index 660cb3fa6b4f..a2cd2bbcdc45 100644 --- a/js/src/jit/BaselineJIT.cpp +++ b/js/src/jit/BaselineJIT.cpp @@ -282,12 +282,12 @@ CanEnterBaselineJIT(JSContext* cx, HandleScript script, InterpreterFrame* osrFra if (script->hasBaselineScript()) return Method_Compiled; - // Check this before calling ensureJitCompartmentExists, so we're less + // Check this before calling ensureJitRealmExists, so we're less // likely to report OOM in JSRuntime::createJitRuntime. if (!CanLikelyAllocateMoreExecutableMemory()) return Method_Skipped; - if (!cx->compartment()->ensureJitCompartmentExists(cx)) + if (!cx->realm()->ensureJitRealmExists(cx)) return Method_Error; // Check script warm-up counter. diff --git a/js/src/jit/CacheIR.cpp b/js/src/jit/CacheIR.cpp index c32529d64260..6925e4e7615f 100644 --- a/js/src/jit/CacheIR.cpp +++ b/js/src/jit/CacheIR.cpp @@ -1604,7 +1604,7 @@ GetPropIRGenerator::tryAttachTypedObject(HandleObject obj, ObjOperandId objId, H if (!obj->is()) return false; - if (!cx_->runtime()->jitSupportsFloatingPoint || cx_->compartment()->detachedTypedObjects) + if (!cx_->runtime()->jitSupportsFloatingPoint || cx_->zone()->detachedTypedObjects) return false; TypedObject* typedObj = &obj->as(); @@ -2070,7 +2070,7 @@ GetPropIRGenerator::tryAttachTypedElement(HandleObject obj, ObjOperandId objId, // Don't attach typed object stubs if the underlying storage could be // detached, as the stub will always bail out. - if (IsPrimitiveArrayTypedObject(obj) && cx_->compartment()->detachedTypedObjects) + if (IsPrimitiveArrayTypedObject(obj) && cx_->zone()->detachedTypedObjects) return false; TypedThingLayout layout = GetTypedThingLayout(obj->getClass()); @@ -3296,7 +3296,7 @@ SetPropIRGenerator::tryAttachTypedObjectProperty(HandleObject obj, ObjOperandId if (!obj->is()) return false; - if (!cx_->runtime()->jitSupportsFloatingPoint || cx_->compartment()->detachedTypedObjects) + if (!cx_->runtime()->jitSupportsFloatingPoint || cx_->zone()->detachedTypedObjects) return false; if (!obj->as().typeDescr().is()) @@ -3690,9 +3690,8 @@ SetPropIRGenerator::tryAttachSetTypedElement(HandleObject obj, ObjOperandId objI return false; // Don't attach stubs if the underlying storage for typed objects - // in the compartment could be detached, as the stub will always - // bail out. - if (cx_->compartment()->detachedTypedObjects) + // in the zone could be detached, as the stub will always bail out. + if (cx_->zone()->detachedTypedObjects) return false; } @@ -4373,7 +4372,7 @@ GetIteratorIRGenerator::tryAttachNativeIterator(ObjOperandId objId, HandleObject GeneratePrototypeHoleGuards(writer, obj, objId); ObjOperandId iterId = - writer.guardAndGetIterator(objId, iterobj, &cx_->compartment()->enumerators); + writer.guardAndGetIterator(objId, iterobj, &ObjectRealm::get(obj).enumerators); writer.loadObjectResult(iterId); writer.returnFromIC(); diff --git a/js/src/jit/CacheIR.h b/js/src/jit/CacheIR.h index 3a906650fece..ab56174fc2de 100644 --- a/js/src/jit/CacheIR.h +++ b/js/src/jit/CacheIR.h @@ -43,8 +43,8 @@ enum class BaselineCacheIRStubKind; // This class stores the CacheIR and the location of GC things stored in the // stub, for the GC. // -// JitCompartment has a CacheIRStubInfo* -> JitCode* weak map that's used to -// share both the IR and JitCode between CacheIR stubs. This HashMap owns the +// JitZone has a CacheIRStubInfo* -> JitCode* weak map that's used to share both +// the IR and JitCode between Baseline CacheIR stubs. This HashMap owns the // stubInfo (it uses UniquePtr), so once there are no references left to the // shared stub code, we can also free the CacheIRStubInfo. // diff --git a/js/src/jit/CacheIRCompiler.cpp b/js/src/jit/CacheIRCompiler.cpp index bf6330b3f1b1..da18ddf83cd8 100644 --- a/js/src/jit/CacheIRCompiler.cpp +++ b/js/src/jit/CacheIRCompiler.cpp @@ -1648,10 +1648,10 @@ CacheIRCompiler::emitGuardNoDetachedTypedObjects() if (!addFailurePath(&failure)) return false; - // All stubs manipulating typed objects must check the compartment-wide - // flag indicating whether their underlying storage might be detached, to - // bail out if needed. - int32_t* address = &cx_->compartment()->detachedTypedObjects; + // All stubs manipulating typed objects must check the zone-wide flag + // indicating whether their underlying storage might be detached, to bail + // out if needed. + uint32_t* address = &cx_->zone()->detachedTypedObjects; masm.branch32(Assembler::NotEqual, AbsoluteAddress(address), Imm32(0), failure->label()); return true; } @@ -3142,4 +3142,4 @@ CacheIRCompiler::emitLoadObject() StubFieldOffset obj(reader.stubOffset(), StubField::Type::JSObject); emitLoadStubField(obj, reg); return true; -} \ No newline at end of file +} diff --git a/js/src/jit/CodeGenerator.cpp b/js/src/jit/CodeGenerator.cpp index e0343abec343..b468d9ca623d 100644 --- a/js/src/jit/CodeGenerator.cpp +++ b/js/src/jit/CodeGenerator.cpp @@ -399,7 +399,7 @@ CodeGenerator::CodeGenerator(MIRGenerator* gen, LIRGraph* graph, MacroAssembler* , ionScriptLabels_(gen->alloc()) , scriptCounts_(nullptr) , simdTemplatesToReadBarrier_(0) - , compartmentStubsToReadBarrier_(0) + , realmStubsToReadBarrier_(0) { } @@ -1894,7 +1894,7 @@ CreateMatchResultFallback(MacroAssembler& masm, LiveRegisterSet regsToSave, } JitCode* -JitCompartment::generateRegExpMatcherStub(JSContext* cx) +JitRealm::generateRegExpMatcherStub(JSContext* cx) { Register regexp = RegExpMatcherRegExpReg; Register input = RegExpMatcherStringReg; @@ -2217,8 +2217,8 @@ CodeGenerator::visitRegExpMatcher(LRegExpMatcher* lir) OutOfLineRegExpMatcher* ool = new(alloc()) OutOfLineRegExpMatcher(lir); addOutOfLineCode(ool, lir->mir()); - const JitCompartment* jitCompartment = gen->compartment->jitCompartment(); - JitCode* regExpMatcherStub = jitCompartment->regExpMatcherStubNoBarrier(&compartmentStubsToReadBarrier_); + const JitRealm* jitRealm = gen->compartment->jitRealm(); + JitCode* regExpMatcherStub = jitRealm->regExpMatcherStubNoBarrier(&realmStubsToReadBarrier_); masm.call(regExpMatcherStub); masm.branchTestUndefined(Assembler::Equal, JSReturnOperand, ool->entry()); masm.bind(ool->rejoin()); @@ -2230,7 +2230,7 @@ static const int32_t RegExpSearcherResultNotFound = -1; static const int32_t RegExpSearcherResultFailed = -2; JitCode* -JitCompartment::generateRegExpSearcherStub(JSContext* cx) +JitRealm::generateRegExpSearcherStub(JSContext* cx) { Register regexp = RegExpTesterRegExpReg; Register input = RegExpTesterStringReg; @@ -2367,8 +2367,8 @@ CodeGenerator::visitRegExpSearcher(LRegExpSearcher* lir) OutOfLineRegExpSearcher* ool = new(alloc()) OutOfLineRegExpSearcher(lir); addOutOfLineCode(ool, lir->mir()); - const JitCompartment* jitCompartment = gen->compartment->jitCompartment(); - JitCode* regExpSearcherStub = jitCompartment->regExpSearcherStubNoBarrier(&compartmentStubsToReadBarrier_); + const JitRealm* jitRealm = gen->compartment->jitRealm(); + JitCode* regExpSearcherStub = jitRealm->regExpSearcherStubNoBarrier(&realmStubsToReadBarrier_); masm.call(regExpSearcherStub); masm.branch32(Assembler::Equal, ReturnReg, Imm32(RegExpSearcherResultFailed), ool->entry()); masm.bind(ool->rejoin()); @@ -2380,7 +2380,7 @@ static const int32_t RegExpTesterResultNotFound = -1; static const int32_t RegExpTesterResultFailed = -2; JitCode* -JitCompartment::generateRegExpTesterStub(JSContext* cx) +JitRealm::generateRegExpTesterStub(JSContext* cx) { Register regexp = RegExpTesterRegExpReg; Register input = RegExpTesterStringReg; @@ -2504,8 +2504,8 @@ CodeGenerator::visitRegExpTester(LRegExpTester* lir) OutOfLineRegExpTester* ool = new(alloc()) OutOfLineRegExpTester(lir); addOutOfLineCode(ool, lir->mir()); - const JitCompartment* jitCompartment = gen->compartment->jitCompartment(); - JitCode* regExpTesterStub = jitCompartment->regExpTesterStubNoBarrier(&compartmentStubsToReadBarrier_); + const JitRealm* jitRealm = gen->compartment->jitRealm(); + JitCode* regExpTesterStub = jitRealm->regExpTesterStubNoBarrier(&realmStubsToReadBarrier_); masm.call(regExpTesterStub); masm.branch32(Assembler::Equal, ReturnReg, Imm32(RegExpTesterResultFailed), ool->entry()); @@ -8202,8 +8202,8 @@ CodeGenerator::emitConcat(LInstruction* lir, Register lhs, Register rhs, Registe OutOfLineCode* ool = oolCallVM(ConcatStringsInfo, lir, ArgList(lhs, rhs), StoreRegisterTo(output)); - const JitCompartment* jitCompartment = gen->compartment->jitCompartment(); - JitCode* stringConcatStub = jitCompartment->stringConcatStubNoBarrier(&compartmentStubsToReadBarrier_); + const JitRealm* jitRealm = gen->compartment->jitRealm(); + JitCode* stringConcatStub = jitRealm->stringConcatStubNoBarrier(&realmStubsToReadBarrier_); masm.call(stringConcatStub); masm.branchTestPtr(Assembler::Zero, output, output, ool->entry()); @@ -8483,7 +8483,7 @@ CodeGenerator::visitSubstr(LSubstr* lir) } JitCode* -JitCompartment::generateStringConcatStub(JSContext* cx) +JitRealm::generateStringConcatStub(JSContext* cx) { StackMacroAssembler masm(cx); @@ -10293,9 +10293,9 @@ CodeGenerator::link(JSContext* cx, CompilerConstraintList* constraints) // Perform any read barriers which were skipped while compiling the // script, which may have happened off-thread. - const JitCompartment* jc = gen->compartment->jitCompartment(); - jc->performStubReadBarriers(compartmentStubsToReadBarrier_); - jc->performSIMDTemplateReadBarriers(simdTemplatesToReadBarrier_); + const JitRealm* jr = gen->compartment->jitRealm(); + jr->performStubReadBarriers(realmStubsToReadBarrier_); + jr->performSIMDTemplateReadBarriers(simdTemplatesToReadBarrier_); // We finished the new IonScript. Invalidate the current active IonScript, // so we can replace it with this new (probably higher optimized) version. diff --git a/js/src/jit/CodeGenerator.h b/js/src/jit/CodeGenerator.h index e51b97e06a7b..cfe89e5e4df7 100644 --- a/js/src/jit/CodeGenerator.h +++ b/js/src/jit/CodeGenerator.h @@ -321,7 +321,7 @@ class CodeGenerator final : public CodeGeneratorSpecific // MSimdBox instruction is encoded, it might have either been created by // IonBuilder, or by the Eager Simd Unbox phase. // - // As the template objects are weak references, the JitCompartment is using + // As the template objects are weak references, the JitRealm is using // Read Barriers, but such barrier cannot be used during the compilation. To // work around this issue, the barriers are captured during // CodeGenerator::link. @@ -330,8 +330,8 @@ class CodeGenerator final : public CodeGeneratorSpecific // Barriered objects in a bit mask. uint32_t simdTemplatesToReadBarrier_; - // Bit mask of JitCompartment stubs that are to be read-barriered. - uint32_t compartmentStubsToReadBarrier_; + // Bit mask of JitRealm stubs that are to be read-barriered. + uint32_t realmStubsToReadBarrier_; void addSimdTemplateToReadBarrier(SimdType simdType); diff --git a/js/src/jit/CompileWrappers.cpp b/js/src/jit/CompileWrappers.cpp index 97bf2e982e35..8bc050a01bd9 100644 --- a/js/src/jit/CompileWrappers.cpp +++ b/js/src/jit/CompileWrappers.cpp @@ -8,7 +8,7 @@ #include "gc/GC.h" #include "jit/Ion.h" -#include "jit/JitCompartment.h" +#include "jit/JitRealm.h" #include "vm/JSCompartment-inl.h" @@ -260,10 +260,10 @@ CompileCompartment::addressOfRandomNumberGenerator() return JS::GetRealmForCompartment(compartment())->addressOfRandomNumberGenerator(); } -const JitCompartment* -CompileCompartment::jitCompartment() +const JitRealm* +CompileCompartment::jitRealm() { - return compartment()->jitCompartment(); + return JS::GetRealmForCompartment(compartment())->jitRealm(); } const GlobalObject* diff --git a/js/src/jit/CompileWrappers.h b/js/src/jit/CompileWrappers.h index 415d7b7c1e45..d3b4b9307be4 100644 --- a/js/src/jit/CompileWrappers.h +++ b/js/src/jit/CompileWrappers.h @@ -87,7 +87,7 @@ class CompileZone void setMinorGCShouldCancelIonCompilations(); }; -class JitCompartment; +class JitRealm; class CompileCompartment { @@ -101,7 +101,7 @@ class CompileCompartment const void* addressOfRandomNumberGenerator(); - const JitCompartment* jitCompartment(); + const JitRealm* jitRealm(); const GlobalObject* maybeGlobal(); const uint32_t* addressOfGlobalWriteBarriered(); diff --git a/js/src/jit/EagerSimdUnbox.cpp b/js/src/jit/EagerSimdUnbox.cpp index c593c34e725c..c7c35e610692 100644 --- a/js/src/jit/EagerSimdUnbox.cpp +++ b/js/src/jit/EagerSimdUnbox.cpp @@ -16,14 +16,14 @@ namespace jit { // Do not optimize any Phi instruction which has conflicting Unbox operations, // as this might imply some intended polymorphism. static bool -CanUnboxSimdPhi(const JitCompartment* jitCompartment, MPhi* phi, SimdType unboxType) +CanUnboxSimdPhi(const JitRealm* jitRealm, MPhi* phi, SimdType unboxType) { MOZ_ASSERT(phi->type() == MIRType::Object); // If we are unboxing, we are more than likely to have boxed this SIMD type // once in baseline, otherwise, we cannot create a MSimdBox as we have no // template object to use. - if (!jitCompartment->maybeGetSimdTemplateObjectFor(unboxType)) + if (!jitRealm->maybeGetSimdTemplateObjectFor(unboxType)) return false; MResumePoint* entry = phi->block()->entryResumePoint(); @@ -46,7 +46,7 @@ CanUnboxSimdPhi(const JitCompartment* jitCompartment, MPhi* phi, SimdType unboxT } static void -UnboxSimdPhi(const JitCompartment* jitCompartment, MIRGraph& graph, MPhi* phi, SimdType unboxType) +UnboxSimdPhi(const JitRealm* jitRealm, MIRGraph& graph, MPhi* phi, SimdType unboxType) { TempAllocator& alloc = graph.alloc(); @@ -70,7 +70,7 @@ UnboxSimdPhi(const JitCompartment* jitCompartment, MIRGraph& graph, MPhi* phi, S MUseIterator i(phi->usesBegin()), e(phi->usesEnd()); // Add a MSimdBox, and replace all the Phi uses with it. - JSObject* templateObject = jitCompartment->maybeGetSimdTemplateObjectFor(unboxType); + JSObject* templateObject = jitRealm->maybeGetSimdTemplateObjectFor(unboxType); InlineTypedObject* inlineTypedObject = &templateObject->as(); MSimdBox* recoverBox = MSimdBox::New(alloc, nullptr, phi, inlineTypedObject, unboxType, gc::DefaultHeap); recoverBox->setRecoveredOnBailout(); @@ -100,7 +100,7 @@ UnboxSimdPhi(const JitCompartment* jitCompartment, MIRGraph& graph, MPhi* phi, S bool EagerSimdUnbox(MIRGenerator* mir, MIRGraph& graph) { - const JitCompartment* jitCompartment = mir->compartment->jitCompartment(); + const JitRealm* jitRealm = mir->compartment->jitRealm(); for (PostorderIterator block = graph.poBegin(); block != graph.poEnd(); block++) { if (mir->shouldCancel("Eager Simd Unbox")) return false; @@ -114,10 +114,10 @@ EagerSimdUnbox(MIRGenerator* mir, MIRGraph& graph) continue; MPhi* phi = unbox->input()->toPhi(); - if (!CanUnboxSimdPhi(jitCompartment, phi, unbox->simdType())) + if (!CanUnboxSimdPhi(jitRealm, phi, unbox->simdType())) continue; - UnboxSimdPhi(jitCompartment, graph, phi, unbox->simdType()); + UnboxSimdPhi(jitRealm, graph, phi, unbox->simdType()); } } diff --git a/js/src/jit/ExecutableAllocator.cpp b/js/src/jit/ExecutableAllocator.cpp index 9e3c2b38e267..50d32d922b50 100644 --- a/js/src/jit/ExecutableAllocator.cpp +++ b/js/src/jit/ExecutableAllocator.cpp @@ -27,7 +27,7 @@ #include "jit/ExecutableAllocator.h" -#include "jit/JitCompartment.h" +#include "jit/JitRealm.h" #include "js/MemoryMetrics.h" using namespace js::jit; diff --git a/js/src/jit/ICStubSpace.h b/js/src/jit/ICStubSpace.h index 88dd069f4f55..8839e2561194 100644 --- a/js/src/jit/ICStubSpace.h +++ b/js/src/jit/ICStubSpace.h @@ -48,7 +48,7 @@ class ICStubSpace } }; -// Space for optimized stubs. Every JitCompartment has a single +// Space for optimized stubs. Every JitRealm has a single // OptimizedICStubSpace. struct OptimizedICStubSpace : public ICStubSpace { diff --git a/js/src/jit/Ion.cpp b/js/src/jit/Ion.cpp index 53ef43857eb1..d26c8e32826d 100644 --- a/js/src/jit/Ion.cpp +++ b/js/src/jit/Ion.cpp @@ -31,7 +31,7 @@ #include "jit/IonOptimizationLevels.h" #include "jit/JitcodeMap.h" #include "jit/JitCommon.h" -#include "jit/JitCompartment.h" +#include "jit/JitRealm.h" #include "jit/JitSpewer.h" #include "jit/LICM.h" #include "jit/Linker.h" @@ -215,7 +215,7 @@ JitRuntime::initialize(JSContext* cx, AutoLockForExclusiveAccess& lock) JitContext jctx(cx, nullptr); - if (!cx->compartment()->ensureJitCompartmentExists(cx)) + if (!cx->realm()->ensureJitRealmExists(cx)) return false; functionWrappers_ = cx->new_(cx); @@ -391,18 +391,18 @@ JSContext::freeOsrTempData() osrTempData_ = nullptr; } -JitCompartment::JitCompartment() +JitRealm::JitRealm() : stubCodes_(nullptr) { } -JitCompartment::~JitCompartment() +JitRealm::~JitRealm() { js_delete(stubCodes_); } bool -JitCompartment::initialize(JSContext* cx) +JitRealm::initialize(JSContext* cx) { stubCodes_ = cx->new_(cx->zone()); if (!stubCodes_) @@ -431,7 +431,7 @@ PopNextBitmaskValue(uint32_t* bitmask) } void -JitCompartment::performStubReadBarriers(uint32_t stubsToBarrier) const +JitRealm::performStubReadBarriers(uint32_t stubsToBarrier) const { while (stubsToBarrier) { auto stub = PopNextBitmaskValue(&stubsToBarrier); @@ -442,7 +442,7 @@ JitCompartment::performStubReadBarriers(uint32_t stubsToBarrier) const } void -JitCompartment::performSIMDTemplateReadBarriers(uint32_t simdTemplatesToBarrier) const +JitRealm::performSIMDTemplateReadBarriers(uint32_t simdTemplatesToBarrier) const { while (simdTemplatesToBarrier) { auto type = PopNextBitmaskValue(&simdTemplatesToBarrier); @@ -629,10 +629,10 @@ JitRuntime::SweepJitcodeGlobalTable(JSRuntime* rt) } void -JitCompartment::sweep(JSCompartment* compartment) +JitRealm::sweep(JS::Realm* realm) { // Any outstanding compilations should have been cancelled by the GC. - MOZ_ASSERT(!HasOffThreadIonCompile(compartment)); + MOZ_ASSERT(!HasOffThreadIonCompile(JS::GetCompartmentForRealm(realm))); stubCodes_->sweep(); @@ -660,7 +660,7 @@ JitZone::sweep() } size_t -JitCompartment::sizeOfIncludingThis(mozilla::MallocSizeOf mallocSizeOf) const +JitRealm::sizeOfIncludingThis(mozilla::MallocSizeOf mallocSizeOf) const { size_t n = mallocSizeOf(this); if (stubCodes_) @@ -1893,21 +1893,51 @@ CompileBackEnd(MIRGenerator* mir) return GenerateCode(mir, lir); } -// Find a builder which the current thread can finish. -static IonBuilder* -GetFinishedBuilder(JSRuntime* rt, GlobalHelperThreadState::IonBuilderVector& finished, - const AutoLockHelperThreadState& locked) +static inline bool +TooManyUnlinkedBuilders(JSRuntime* rt) { - for (size_t i = 0; i < finished.length(); i++) { - IonBuilder* testBuilder = finished[i]; - if (testBuilder->script()->runtimeFromAnyThread() == rt) { - HelperThreadState().remove(finished, &i); - rt->jitRuntime()->numFinishedBuildersRef(locked)--; - return testBuilder; - } - } + static const size_t MaxUnlinkedBuilders = 100; + return rt->jitRuntime()->ionLazyLinkListSize() > MaxUnlinkedBuilders; +} - return nullptr; +static void +MoveFinshedBuildersToLazyLinkList(JSRuntime* rt, const AutoLockHelperThreadState& lock) +{ + // Incorporate any off thread compilations for the runtime which have + // finished, failed or have been cancelled. + + GlobalHelperThreadState::IonBuilderVector& finished = HelperThreadState().ionFinishedList(lock); + + for (size_t i = 0; i < finished.length(); i++) { + // Find a finished builder for the runtime. + IonBuilder* builder = finished[i]; + if (builder->script()->runtimeFromAnyThread() != rt) + continue; + + HelperThreadState().remove(finished, &i); + rt->jitRuntime()->numFinishedBuildersRef(lock)--; + + JSScript* script = builder->script(); + MOZ_ASSERT(script->hasBaselineScript()); + script->baselineScript()->setPendingIonBuilder(rt, script, builder); + rt->jitRuntime()->ionLazyLinkListAdd(rt, builder); + } +} + +static void +EagerlyLinkExcessBuilders(JSContext* cx, AutoLockHelperThreadState& lock) +{ + JSRuntime* rt = cx->runtime(); + MOZ_ASSERT(TooManyUnlinkedBuilders(rt)); + + do { + jit::IonBuilder* builder = rt->jitRuntime()->ionLazyLinkList(rt).getLast(); + RootedScript script(cx, builder->script()); + + AutoUnlockHelperThreadState unlock(lock); + AutoRealm ar(cx, script); + jit::LinkIonScript(cx, script); + } while (TooManyUnlinkedBuilders(rt)); } void @@ -1920,31 +1950,17 @@ AttachFinishedCompilations(JSContext* cx) return; AutoLockHelperThreadState lock; - GlobalHelperThreadState::IonBuilderVector& finished = HelperThreadState().ionFinishedList(lock); - // Incorporate any off thread compilations for the runtime which have - // finished, failed or have been cancelled. while (true) { - // Find a finished builder for the runtime. - IonBuilder* builder = GetFinishedBuilder(rt, finished, lock); - if (!builder) + MoveFinshedBuildersToLazyLinkList(rt, lock); + + if (!TooManyUnlinkedBuilders(rt)) break; - JSScript* script = builder->script(); - MOZ_ASSERT(script->hasBaselineScript()); - script->baselineScript()->setPendingIonBuilder(rt, script, builder); - rt->jitRuntime()->ionLazyLinkListAdd(rt, builder); + EagerlyLinkExcessBuilders(cx, lock); - // Don't keep more than 100 lazy link builders in a runtime. - // Link the oldest ones immediately. - while (rt->jitRuntime()->ionLazyLinkListSize() > 100) { - jit::IonBuilder* builder = rt->jitRuntime()->ionLazyLinkList(rt).getLast(); - RootedScript script(cx, builder->script()); - - AutoUnlockHelperThreadState unlock(lock); - AutoRealm ar(cx, script); - jit::LinkIonScript(cx, script); - } + // Linking releases the lock so we must now check the finished list + // again. } MOZ_ASSERT(!rt->jitRuntime()->numFinishedBuilders()); @@ -2035,10 +2051,10 @@ IonCompile(JSContext* cx, JSScript* script, JitContext jctx(cx, temp); - if (!cx->compartment()->ensureJitCompartmentExists(cx)) + if (!cx->realm()->ensureJitRealmExists(cx)) return AbortReason::Alloc; - if (!cx->compartment()->jitCompartment()->ensureIonStubsExist(cx)) + if (!cx->realm()->jitRealm()->ensureIonStubsExist(cx)) return AbortReason::Alloc; MIRGraph* graph = alloc->new_(temp); diff --git a/js/src/jit/IonAnalysis.cpp b/js/src/jit/IonAnalysis.cpp index 2ed9f9813212..4b609b96e6dd 100644 --- a/js/src/jit/IonAnalysis.cpp +++ b/js/src/jit/IonAnalysis.cpp @@ -4212,7 +4212,7 @@ jit::AnalyzeNewScriptDefiniteProperties(JSContext* cx, HandleFunction fun, if (!jit::CanLikelyAllocateMoreExecutableMemory()) return true; - if (!cx->compartment()->ensureJitCompartmentExists(cx)) + if (!cx->realm()->ensureJitRealmExists(cx)) return false; if (!script->hasBaselineScript()) { @@ -4466,7 +4466,7 @@ jit::AnalyzeArgumentsUsage(JSContext* cx, JSScript* scriptArg) if (!jit::CanLikelyAllocateMoreExecutableMemory()) return true; - if (!cx->compartment()->ensureJitCompartmentExists(cx)) + if (!cx->realm()->ensureJitRealmExists(cx)) return false; MIRGraph graph(&temp); diff --git a/js/src/jit/JitFrames.cpp b/js/src/jit/JitFrames.cpp index 5201c6e33695..65d1afb5d809 100644 --- a/js/src/jit/JitFrames.cpp +++ b/js/src/jit/JitFrames.cpp @@ -15,7 +15,7 @@ #include "jit/BaselineJIT.h" #include "jit/Ion.h" #include "jit/JitcodeMap.h" -#include "jit/JitCompartment.h" +#include "jit/JitRealm.h" #include "jit/JitSpewer.h" #include "jit/MacroAssembler.h" #include "jit/PcScriptCache.h" diff --git a/js/src/jit/JitCompartment.h b/js/src/jit/JitRealm.h similarity index 97% rename from js/src/jit/JitCompartment.h rename to js/src/jit/JitRealm.h index 9afdc4b071be..60b11448b1ca 100644 --- a/js/src/jit/JitCompartment.h +++ b/js/src/jit/JitRealm.h @@ -4,8 +4,8 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -#ifndef jit_JitCompartment_h -#define jit_JitCompartment_h +#ifndef jit_JitRealm_h +#define jit_JitRealm_h #include "mozilla/Array.h" #include "mozilla/DebugOnly.h" @@ -59,7 +59,7 @@ class JitcodeGlobalTable; class JitRuntime { private: - friend class JitCompartment; + friend class JitRealm; // Executable allocator for all code except wasm code. MainThreadData execAlloc_; @@ -449,7 +449,7 @@ enum class BailoutReturnStub { Count }; -class JitCompartment +class JitRealm { friend class JitActivation; @@ -475,9 +475,9 @@ class JitCompartment BailoutReturnStub::Count, BailoutReturnStubInfo> bailoutReturnStubInfo_; - // The JitCompartment stores stubs to concatenate strings inline and perform - // RegExp calls inline. These bake in zone and compartment specific - // pointers and can't be stored in JitRuntime. + // The JitRealm stores stubs to concatenate strings inline and perform + // RegExp calls inline. These bake in zone and realm specific pointers + // and can't be stored in JitRuntime. // // These are weak pointers, but they can by accessed during off-thread Ion // compilation and therefore can't use the usual read barrier. Instead, we @@ -551,8 +551,8 @@ class JitCompartment return bailoutReturnStubInfo_[kind].addr; } - JitCompartment(); - ~JitCompartment(); + JitRealm(); + ~JitRealm(); MOZ_MUST_USE bool initialize(JSContext* cx); @@ -564,7 +564,7 @@ class JitCompartment return stubs_[StringConcat]; } - void sweep(JSCompartment* compartment); + void sweep(JS::Realm* realm); void discardStubs() { for (ReadBarrieredJitCode& stubRef : stubs_) @@ -623,7 +623,7 @@ class JitCompartment bool stringsCanBeInNursery; }; -// Called from JSCompartment::discardJitCode(). +// Called from Zone::discardJitCode(). void InvalidateAll(FreeOp* fop, JS::Zone* zone); void FinishInvalidation(FreeOp* fop, JSScript* script); @@ -681,4 +681,4 @@ class MOZ_STACK_CLASS MaybeAutoWritableJitCode } // namespace jit } // namespace js -#endif /* jit_JitCompartment_h */ +#endif /* jit_JitRealm_h */ diff --git a/js/src/jit/Linker.h b/js/src/jit/Linker.h index a87561ea2a22..3869c9844541 100644 --- a/js/src/jit/Linker.h +++ b/js/src/jit/Linker.h @@ -9,7 +9,7 @@ #include "jit/ExecutableAllocator.h" #include "jit/IonCode.h" -#include "jit/JitCompartment.h" +#include "jit/JitRealm.h" #include "jit/MacroAssembler.h" #include "vm/JSCompartment.h" #include "vm/JSContext.h" diff --git a/js/src/jit/MCallOptimize.cpp b/js/src/jit/MCallOptimize.cpp index 2133ae544422..1408840a81fa 100644 --- a/js/src/jit/MCallOptimize.cpp +++ b/js/src/jit/MCallOptimize.cpp @@ -2152,7 +2152,7 @@ IonBuilder::inlineRegExpMatcher(CallInfo& callInfo) return InliningStatus_NotInlined; JSContext* cx = TlsContext.get(); - if (!cx->compartment()->jitCompartment()->ensureRegExpMatcherStubExists(cx)) { + if (!cx->realm()->jitRealm()->ensureRegExpMatcherStubExists(cx)) { cx->clearPendingException(); // OOM or overrecursion. return InliningStatus_NotInlined; } @@ -2196,7 +2196,7 @@ IonBuilder::inlineRegExpSearcher(CallInfo& callInfo) return InliningStatus_NotInlined; JSContext* cx = TlsContext.get(); - if (!cx->compartment()->jitCompartment()->ensureRegExpSearcherStubExists(cx)) { + if (!cx->realm()->jitRealm()->ensureRegExpSearcherStubExists(cx)) { cx->clearPendingException(); // OOM or overrecursion. return abort(AbortReason::Error); } @@ -2240,7 +2240,7 @@ IonBuilder::inlineRegExpTester(CallInfo& callInfo) return InliningStatus_NotInlined; JSContext* cx = TlsContext.get(); - if (!cx->compartment()->jitCompartment()->ensureRegExpTesterStubExists(cx)) { + if (!cx->realm()->jitRealm()->ensureRegExpTesterStubExists(cx)) { cx->clearPendingException(); // OOM or overrecursion. return InliningStatus_NotInlined; } diff --git a/js/src/jit/MIRGenerator.h b/js/src/jit/MIRGenerator.h index fab14b3952ce..6c9cc8c0062c 100644 --- a/js/src/jit/MIRGenerator.h +++ b/js/src/jit/MIRGenerator.h @@ -16,7 +16,7 @@ #include "jit/CompileInfo.h" #include "jit/JitAllocPolicy.h" -#include "jit/JitCompartment.h" +#include "jit/JitRealm.h" #include "jit/MIR.h" #ifdef JS_ION_PERF # include "jit/PerfSpewer.h" diff --git a/js/src/jit/MacroAssembler.h b/js/src/jit/MacroAssembler.h index cef8c094b70c..f3dc38de5c73 100644 --- a/js/src/jit/MacroAssembler.h +++ b/js/src/jit/MacroAssembler.h @@ -33,7 +33,7 @@ #include "jit/AtomicOp.h" #include "jit/IonInstrumentation.h" #include "jit/IonTypes.h" -#include "jit/JitCompartment.h" +#include "jit/JitRealm.h" #include "jit/TemplateObject.h" #include "jit/VMFunctions.h" #include "vm/ProxyObject.h" diff --git a/js/src/jit/SharedIC.cpp b/js/src/jit/SharedIC.cpp index 8ee679b8bb6c..10b4f72a5b5f 100644 --- a/js/src/jit/SharedIC.cpp +++ b/js/src/jit/SharedIC.cpp @@ -494,11 +494,11 @@ ICUpdatedStub::initUpdatingChain(JSContext* cx, ICStubSpace* space) JitCode* ICStubCompiler::getStubCode() { - JitCompartment* comp = cx->compartment()->jitCompartment(); + JitRealm* realm = cx->realm()->jitRealm(); // Check for existing cached stubcode. uint32_t stubKey = getKey(); - JitCode* stubCode = comp->getStubCode(stubKey); + JitCode* stubCode = realm->getStubCode(stubKey); if (stubCode) return stubCode; @@ -523,7 +523,7 @@ ICStubCompiler::getStubCode() return nullptr; // Cache newly compiled stubcode. - if (!comp->putStubCode(cx, stubKey, newStubCode)) + if (!realm->putStubCode(cx, stubKey, newStubCode)) return nullptr; // After generating code, run postGenerateStubCode(). We must not fail @@ -2041,7 +2041,7 @@ ICGetProp_Fallback::Compiler::postGenerateStubCode(MacroAssembler& masm, Handle< BailoutReturnStub kind = hasReceiver_ ? BailoutReturnStub::GetPropSuper : BailoutReturnStub::GetProp; void* address = code->raw() + bailoutReturnOffset_.offset(); - cx->compartment()->jitCompartment()->initBailoutReturnAddr(address, getKey(), kind); + cx->realm()->jitRealm()->initBailoutReturnAddr(address, getKey(), kind); } } diff --git a/js/src/jit/VMFunctions.cpp b/js/src/jit/VMFunctions.cpp index e4caef216e6b..f83c7ce0c97b 100644 --- a/js/src/jit/VMFunctions.cpp +++ b/js/src/jit/VMFunctions.cpp @@ -10,8 +10,8 @@ #include "frontend/BytecodeCompiler.h" #include "jit/arm/Simulator-arm.h" #include "jit/BaselineIC.h" -#include "jit/JitCompartment.h" #include "jit/JitFrames.h" +#include "jit/JitRealm.h" #include "jit/mips32/Simulator-mips32.h" #include "jit/mips64/Simulator-mips64.h" #include "vm/ArrayObject.h" diff --git a/js/src/jit/arm/Assembler-arm.cpp b/js/src/jit/arm/Assembler-arm.cpp index dfd8c2f61b13..d251d487fe3f 100644 --- a/js/src/jit/arm/Assembler-arm.cpp +++ b/js/src/jit/arm/Assembler-arm.cpp @@ -15,7 +15,7 @@ #include "jit/arm/disasm/Disasm-arm.h" #include "jit/arm/MacroAssembler-arm.h" #include "jit/ExecutableAllocator.h" -#include "jit/JitCompartment.h" +#include "jit/JitRealm.h" #include "jit/MacroAssembler.h" #include "vm/JSCompartment.h" diff --git a/js/src/jit/arm/Assembler-arm.h b/js/src/jit/arm/Assembler-arm.h index 62345401952a..fa4ffe4016d3 100644 --- a/js/src/jit/arm/Assembler-arm.h +++ b/js/src/jit/arm/Assembler-arm.h @@ -15,7 +15,7 @@ #include "jit/arm/disasm/Disasm-arm.h" #include "jit/CompactBuffer.h" #include "jit/IonCode.h" -#include "jit/JitCompartment.h" +#include "jit/JitRealm.h" #include "jit/shared/Assembler-shared.h" #include "jit/shared/Disassembler-shared.h" #include "jit/shared/IonAssemblerBufferWithConstantPools.h" diff --git a/js/src/jit/arm/Bailouts-arm.cpp b/js/src/jit/arm/Bailouts-arm.cpp index 809423b188b1..e8de32c947ee 100644 --- a/js/src/jit/arm/Bailouts-arm.cpp +++ b/js/src/jit/arm/Bailouts-arm.cpp @@ -6,7 +6,7 @@ #include "jit/arm/Assembler-arm.h" #include "jit/Bailouts.h" -#include "jit/JitCompartment.h" +#include "jit/JitRealm.h" #include "vm/JSCompartment.h" #include "vm/JSContext.h" diff --git a/js/src/jit/arm/CodeGenerator-arm.cpp b/js/src/jit/arm/CodeGenerator-arm.cpp index 562d187fe8f9..a88e14793132 100644 --- a/js/src/jit/arm/CodeGenerator-arm.cpp +++ b/js/src/jit/arm/CodeGenerator-arm.cpp @@ -13,8 +13,8 @@ #include "jsnum.h" #include "jit/CodeGenerator.h" -#include "jit/JitCompartment.h" #include "jit/JitFrames.h" +#include "jit/JitRealm.h" #include "jit/MIR.h" #include "jit/MIRGraph.h" #include "js/Conversions.h" diff --git a/js/src/jit/arm/Trampoline-arm.cpp b/js/src/jit/arm/Trampoline-arm.cpp index 16dbca405186..14a59405a0f4 100644 --- a/js/src/jit/arm/Trampoline-arm.cpp +++ b/js/src/jit/arm/Trampoline-arm.cpp @@ -6,8 +6,8 @@ #include "jit/arm/SharedICHelpers-arm.h" #include "jit/Bailouts.h" -#include "jit/JitCompartment.h" #include "jit/JitFrames.h" +#include "jit/JitRealm.h" #include "jit/JitSpewer.h" #include "jit/Linker.h" #include "vm/JSCompartment.h" diff --git a/js/src/jit/arm64/Assembler-arm64.cpp b/js/src/jit/arm64/Assembler-arm64.cpp index 1d80a85a06fb..c3e3c8721a95 100644 --- a/js/src/jit/arm64/Assembler-arm64.cpp +++ b/js/src/jit/arm64/Assembler-arm64.cpp @@ -16,7 +16,7 @@ #include "jit/arm64/MacroAssembler-arm64.h" #include "jit/arm64/vixl/Disasm-vixl.h" #include "jit/ExecutableAllocator.h" -#include "jit/JitCompartment.h" +#include "jit/JitRealm.h" #include "vm/JSCompartment.h" #include "gc/StoreBuffer-inl.h" diff --git a/js/src/jit/arm64/Assembler-arm64.h b/js/src/jit/arm64/Assembler-arm64.h index a0abe69ecbe2..d5e5ecd9d038 100644 --- a/js/src/jit/arm64/Assembler-arm64.h +++ b/js/src/jit/arm64/Assembler-arm64.h @@ -9,7 +9,7 @@ #include "jit/arm64/vixl/Assembler-vixl.h" -#include "jit/JitCompartment.h" +#include "jit/JitRealm.h" #include "jit/shared/Disassembler-shared.h" namespace js { diff --git a/js/src/jit/arm64/CodeGenerator-arm64.cpp b/js/src/jit/arm64/CodeGenerator-arm64.cpp index 4bb2e2bcf877..db096d08d796 100644 --- a/js/src/jit/arm64/CodeGenerator-arm64.cpp +++ b/js/src/jit/arm64/CodeGenerator-arm64.cpp @@ -11,8 +11,8 @@ #include "jsnum.h" #include "jit/CodeGenerator.h" -#include "jit/JitCompartment.h" #include "jit/JitFrames.h" +#include "jit/JitRealm.h" #include "jit/MIR.h" #include "jit/MIRGraph.h" #include "vm/JSCompartment.h" diff --git a/js/src/jit/arm64/Trampoline-arm64.cpp b/js/src/jit/arm64/Trampoline-arm64.cpp index fe5f9a33173e..44d5ae06126a 100644 --- a/js/src/jit/arm64/Trampoline-arm64.cpp +++ b/js/src/jit/arm64/Trampoline-arm64.cpp @@ -5,8 +5,8 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #include "jit/Bailouts.h" -#include "jit/JitCompartment.h" #include "jit/JitFrames.h" +#include "jit/JitRealm.h" #include "jit/Linker.h" #ifdef JS_ION_PERF # include "jit/PerfSpewer.h" diff --git a/js/src/jit/mips-shared/Assembler-mips-shared.cpp b/js/src/jit/mips-shared/Assembler-mips-shared.cpp index f6060e66b5e5..39de000b60bc 100644 --- a/js/src/jit/mips-shared/Assembler-mips-shared.cpp +++ b/js/src/jit/mips-shared/Assembler-mips-shared.cpp @@ -13,7 +13,7 @@ #include "gc/Marking.h" #include "jit/ExecutableAllocator.h" -#include "jit/JitCompartment.h" +#include "jit/JitRealm.h" #include "vm/JSCompartment.h" using mozilla::DebugOnly; diff --git a/js/src/jit/mips-shared/Assembler-mips-shared.h b/js/src/jit/mips-shared/Assembler-mips-shared.h index 25c57d81eaa7..f2912ff5bb48 100644 --- a/js/src/jit/mips-shared/Assembler-mips-shared.h +++ b/js/src/jit/mips-shared/Assembler-mips-shared.h @@ -14,7 +14,7 @@ #include "jit/CompactBuffer.h" #include "jit/IonCode.h" -#include "jit/JitCompartment.h" +#include "jit/JitRealm.h" #include "jit/JitSpewer.h" #include "jit/mips-shared/Architecture-mips-shared.h" #include "jit/shared/Assembler-shared.h" diff --git a/js/src/jit/mips-shared/CodeGenerator-mips-shared.cpp b/js/src/jit/mips-shared/CodeGenerator-mips-shared.cpp index b31c78463d18..4e6ef1345c5a 100644 --- a/js/src/jit/mips-shared/CodeGenerator-mips-shared.cpp +++ b/js/src/jit/mips-shared/CodeGenerator-mips-shared.cpp @@ -12,8 +12,8 @@ #include "jsnum.h" #include "jit/CodeGenerator.h" -#include "jit/JitCompartment.h" #include "jit/JitFrames.h" +#include "jit/JitRealm.h" #include "jit/MIR.h" #include "jit/MIRGraph.h" #include "js/Conversions.h" diff --git a/js/src/jit/mips32/Bailouts-mips32.h b/js/src/jit/mips32/Bailouts-mips32.h index 0c4d7f313273..c9212a3901a5 100644 --- a/js/src/jit/mips32/Bailouts-mips32.h +++ b/js/src/jit/mips32/Bailouts-mips32.h @@ -8,7 +8,7 @@ #define jit_mips32_Bailouts_mips32_h #include "jit/Bailouts.h" -#include "jit/JitCompartment.h" +#include "jit/JitRealm.h" namespace js { namespace jit { diff --git a/js/src/jit/mips32/CodeGenerator-mips32.cpp b/js/src/jit/mips32/CodeGenerator-mips32.cpp index b2800bd04a7c..cee79a1f3812 100644 --- a/js/src/jit/mips32/CodeGenerator-mips32.cpp +++ b/js/src/jit/mips32/CodeGenerator-mips32.cpp @@ -9,8 +9,8 @@ #include "mozilla/MathAlgorithms.h" #include "jit/CodeGenerator.h" -#include "jit/JitCompartment.h" #include "jit/JitFrames.h" +#include "jit/JitRealm.h" #include "jit/MIR.h" #include "jit/MIRGraph.h" #include "js/Conversions.h" diff --git a/js/src/jit/mips32/Trampoline-mips32.cpp b/js/src/jit/mips32/Trampoline-mips32.cpp index 0074a27eacce..798cad6fb711 100644 --- a/js/src/jit/mips32/Trampoline-mips32.cpp +++ b/js/src/jit/mips32/Trampoline-mips32.cpp @@ -7,8 +7,8 @@ #include "mozilla/DebugOnly.h" #include "jit/Bailouts.h" -#include "jit/JitCompartment.h" #include "jit/JitFrames.h" +#include "jit/JitRealm.h" #include "jit/JitSpewer.h" #include "jit/Linker.h" #include "jit/mips-shared/SharedICHelpers-mips-shared.h" diff --git a/js/src/jit/mips64/Bailouts-mips64.h b/js/src/jit/mips64/Bailouts-mips64.h index 1f80b303f8fe..34b71b91eba4 100644 --- a/js/src/jit/mips64/Bailouts-mips64.h +++ b/js/src/jit/mips64/Bailouts-mips64.h @@ -8,7 +8,7 @@ #define jit_mips64_Bailouts_mips64_h #include "jit/Bailouts.h" -#include "jit/JitCompartment.h" +#include "jit/JitRealm.h" namespace js { namespace jit { diff --git a/js/src/jit/mips64/CodeGenerator-mips64.cpp b/js/src/jit/mips64/CodeGenerator-mips64.cpp index 52a517167f82..5090870e3778 100644 --- a/js/src/jit/mips64/CodeGenerator-mips64.cpp +++ b/js/src/jit/mips64/CodeGenerator-mips64.cpp @@ -9,8 +9,8 @@ #include "mozilla/MathAlgorithms.h" #include "jit/CodeGenerator.h" -#include "jit/JitCompartment.h" #include "jit/JitFrames.h" +#include "jit/JitRealm.h" #include "jit/MIR.h" #include "jit/MIRGraph.h" #include "js/Conversions.h" diff --git a/js/src/jit/mips64/Trampoline-mips64.cpp b/js/src/jit/mips64/Trampoline-mips64.cpp index 448a9db90853..21faffbbfe61 100644 --- a/js/src/jit/mips64/Trampoline-mips64.cpp +++ b/js/src/jit/mips64/Trampoline-mips64.cpp @@ -7,8 +7,8 @@ #include "mozilla/DebugOnly.h" #include "jit/Bailouts.h" -#include "jit/JitCompartment.h" #include "jit/JitFrames.h" +#include "jit/JitRealm.h" #include "jit/JitSpewer.h" #include "jit/Linker.h" #include "jit/mips-shared/SharedICHelpers-mips-shared.h" diff --git a/js/src/jit/none/MacroAssembler-none.h b/js/src/jit/none/MacroAssembler-none.h index 0ebf9347da37..953ee039098f 100644 --- a/js/src/jit/none/MacroAssembler-none.h +++ b/js/src/jit/none/MacroAssembler-none.h @@ -7,7 +7,7 @@ #ifndef jit_none_MacroAssembler_none_h #define jit_none_MacroAssembler_none_h -#include "jit/JitCompartment.h" +#include "jit/JitRealm.h" #include "jit/MoveResolver.h" #include "jit/shared/Assembler-shared.h" diff --git a/js/src/jit/x64/Assembler-x64.h b/js/src/jit/x64/Assembler-x64.h index dce0f924000d..a2a9ecf2523c 100644 --- a/js/src/jit/x64/Assembler-x64.h +++ b/js/src/jit/x64/Assembler-x64.h @@ -10,7 +10,7 @@ #include "mozilla/ArrayUtils.h" #include "jit/IonCode.h" -#include "jit/JitCompartment.h" +#include "jit/JitRealm.h" #include "jit/shared/Assembler-shared.h" namespace js { diff --git a/js/src/jit/x64/MacroAssembler-x64.cpp b/js/src/jit/x64/MacroAssembler-x64.cpp index e335f7b27b1c..49242415d7f2 100644 --- a/js/src/jit/x64/MacroAssembler-x64.cpp +++ b/js/src/jit/x64/MacroAssembler-x64.cpp @@ -8,8 +8,8 @@ #include "jit/Bailouts.h" #include "jit/BaselineFrame.h" -#include "jit/JitCompartment.h" #include "jit/JitFrames.h" +#include "jit/JitRealm.h" #include "jit/MacroAssembler.h" #include "jit/MoveEmitter.h" diff --git a/js/src/jit/x64/Trampoline-x64.cpp b/js/src/jit/x64/Trampoline-x64.cpp index f86d753773dd..bfb3a3367771 100644 --- a/js/src/jit/x64/Trampoline-x64.cpp +++ b/js/src/jit/x64/Trampoline-x64.cpp @@ -5,8 +5,8 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #include "jit/Bailouts.h" -#include "jit/JitCompartment.h" #include "jit/JitFrames.h" +#include "jit/JitRealm.h" #include "jit/Linker.h" #ifdef JS_ION_PERF # include "jit/PerfSpewer.h" diff --git a/js/src/jit/x86-shared/Assembler-x86-shared.cpp b/js/src/jit/x86-shared/Assembler-x86-shared.cpp index bbca7aa7b184..3d81bebd0c8e 100644 --- a/js/src/jit/x86-shared/Assembler-x86-shared.cpp +++ b/js/src/jit/x86-shared/Assembler-x86-shared.cpp @@ -6,7 +6,7 @@ #include "gc/Marking.h" #include "jit/Disassembler.h" -#include "jit/JitCompartment.h" +#include "jit/JitRealm.h" #if defined(JS_CODEGEN_X86) # include "jit/x86/MacroAssembler-x86.h" #elif defined(JS_CODEGEN_X64) diff --git a/js/src/jit/x86-shared/CodeGenerator-x86-shared.cpp b/js/src/jit/x86-shared/CodeGenerator-x86-shared.cpp index def9b110e592..a51cb6d31cdc 100644 --- a/js/src/jit/x86-shared/CodeGenerator-x86-shared.cpp +++ b/js/src/jit/x86-shared/CodeGenerator-x86-shared.cpp @@ -12,8 +12,8 @@ #include "jsmath.h" #include "jit/CodeGenerator.h" -#include "jit/JitCompartment.h" #include "jit/JitFrames.h" +#include "jit/JitRealm.h" #include "jit/Linker.h" #include "jit/RangeAnalysis.h" #include "vm/TraceLogging.h" diff --git a/js/src/jit/x86/Assembler-x86.h b/js/src/jit/x86/Assembler-x86.h index 6a4956e3511d..f31e2e285e79 100644 --- a/js/src/jit/x86/Assembler-x86.h +++ b/js/src/jit/x86/Assembler-x86.h @@ -11,7 +11,7 @@ #include "jit/CompactBuffer.h" #include "jit/IonCode.h" -#include "jit/JitCompartment.h" +#include "jit/JitRealm.h" #include "jit/shared/Assembler-shared.h" #include "jit/x86-shared/Constants-x86-shared.h" diff --git a/js/src/jit/x86/Bailouts-x86.cpp b/js/src/jit/x86/Bailouts-x86.cpp index 845509ce0236..ea555a111d45 100644 --- a/js/src/jit/x86/Bailouts-x86.cpp +++ b/js/src/jit/x86/Bailouts-x86.cpp @@ -5,7 +5,7 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #include "jit/Bailouts.h" -#include "jit/JitCompartment.h" +#include "jit/JitRealm.h" #include "vm/JSCompartment.h" #include "vm/JSContext.h" diff --git a/js/src/jit/x86/Trampoline-x86.cpp b/js/src/jit/x86/Trampoline-x86.cpp index 9717f70e909c..6fdc644dd117 100644 --- a/js/src/jit/x86/Trampoline-x86.cpp +++ b/js/src/jit/x86/Trampoline-x86.cpp @@ -8,8 +8,8 @@ #include "jit/Bailouts.h" #include "jit/BaselineJIT.h" -#include "jit/JitCompartment.h" #include "jit/JitFrames.h" +#include "jit/JitRealm.h" #include "jit/JitSpewer.h" #include "jit/Linker.h" #ifdef JS_ION_PERF diff --git a/js/src/jsapi.cpp b/js/src/jsapi.cpp index 797c9ec81f3d..fb439dba2a10 100644 --- a/js/src/jsapi.cpp +++ b/js/src/jsapi.cpp @@ -1294,7 +1294,7 @@ JS_GlobalLexicalEnvironment(JSObject* obj) extern JS_PUBLIC_API(bool) JS_HasExtensibleLexicalEnvironment(JSObject* obj) { - return obj->is() || obj->compartment()->getNonSyntacticLexicalEnvironment(obj); + return obj->is() || ObjectRealm::get(obj).getNonSyntacticLexicalEnvironment(obj); } extern JS_PUBLIC_API(JSObject*) @@ -1304,7 +1304,7 @@ JS_ExtensibleLexicalEnvironment(JSObject* obj) if (obj->is()) lexical = JS_GlobalLexicalEnvironment(obj); else - lexical = obj->compartment()->getNonSyntacticLexicalEnvironment(obj); + lexical = ObjectRealm::get(obj).getNonSyntacticLexicalEnvironment(obj); MOZ_ASSERT(lexical); return lexical; } @@ -3630,7 +3630,7 @@ CreateNonSyntacticEnvironmentChain(JSContext* cx, AutoObjectVector& envChain, // // TODOshu: disallow the subscript loader from using non-distinguished // objects as dynamic scopes. - env.set(cx->compartment()->getOrCreateNonSyntacticLexicalEnvironment(cx, env)); + env.set(ObjectRealm::get(env).getOrCreateNonSyntacticLexicalEnvironment(cx, env)); if (!env) return false; } else { diff --git a/js/src/jsfriendapi.cpp b/js/src/jsfriendapi.cpp index cdec079debd0..3d2ae3bdf35f 100644 --- a/js/src/jsfriendapi.cpp +++ b/js/src/jsfriendapi.cpp @@ -1425,7 +1425,7 @@ js::SetAllocationMetadataBuilder(JSContext* cx, const AllocationMetadataBuilder* JS_FRIEND_API(JSObject*) js::GetAllocationMetadata(JSObject* obj) { - ObjectWeakMap* map = obj->compartment()->objectMetadataTable.get(); + ObjectWeakMap* map = ObjectRealm::get(obj).objectMetadataTable.get(); if (map) return map->lookup(obj); return nullptr; diff --git a/js/src/vm/ArrayBufferObject.cpp b/js/src/vm/ArrayBufferObject.cpp index 3a2fea6d9260..5206d082099f 100644 --- a/js/src/vm/ArrayBufferObject.cpp +++ b/js/src/vm/ArrayBufferObject.cpp @@ -492,8 +492,8 @@ ArrayBufferObject::detach(JSContext* cx, Handle buffer, // When detaching a buffer with typed object views, any jitcode accessing // such views must be deoptimized so that detachment checks are performed. - // This is done by setting a compartment-wide flag indicating that buffers - // with typed object views have been detached. + // This is done by setting a zone-wide flag indicating that buffers with + // typed object views have been detached. if (buffer->hasTypedObjectViews()) { // Make sure the global object's group has been instantiated, so the // flag change will be observed. @@ -501,13 +501,13 @@ ArrayBufferObject::detach(JSContext* cx, Handle buffer, if (!JSObject::getGroup(cx, cx->global())) oomUnsafe.crash("ArrayBufferObject::detach"); MarkObjectGroupFlags(cx, cx->global(), OBJECT_FLAG_TYPED_OBJECT_HAS_DETACHED_BUFFER); - cx->compartment()->detachedTypedObjects = 1; + cx->zone()->detachedTypedObjects = 1; } // Update all views of the buffer to account for the buffer having been // detached, and clear the buffer's data and list of views. - auto& innerViews = cx->compartment()->innerViews.get(); + auto& innerViews = ObjectRealm::get(buffer).innerViews.get(); if (InnerViewTable::ViewVector* views = innerViews.maybeViewsUnbarriered(buffer)) { for (size_t i = 0; i < views->length(); i++) NoteViewBufferWasDetached((*views)[i], newContents, cx); @@ -582,7 +582,7 @@ ArrayBufferObject::changeContents(JSContext* cx, BufferContents newContents, setNewData(cx->runtime()->defaultFreeOp(), newContents, ownsState); // Update all views. - auto& innerViews = cx->compartment()->innerViews.get(); + auto& innerViews = ObjectRealm::get(this).innerViews.get(); if (InnerViewTable::ViewVector* views = innerViews.maybeViewsUnbarriered(this)) { for (size_t i = 0; i < views->length(); i++) changeViewContents(cx, (*views)[i], oldDataPointer, newContents); @@ -1485,7 +1485,7 @@ ArrayBufferObject::addView(JSContext* cx, JSObject* viewArg) setFirstView(view); return true; } - return cx->compartment()->innerViews.get().addView(cx, this, view); + return ObjectRealm::get(this).innerViews.get().addView(cx, this, view); } /* diff --git a/js/src/vm/HelperThreads.cpp b/js/src/vm/HelperThreads.cpp index cde989bfba8c..3498827c967f 100644 --- a/js/src/vm/HelperThreads.cpp +++ b/js/src/vm/HelperThreads.cpp @@ -235,8 +235,8 @@ JitDataStructuresExist(const CompilationSelector& selector) { struct Matcher { - bool match(JSScript* script) { return !!script->compartment()->jitCompartment(); } - bool match(JSCompartment* comp) { return !!comp->jitCompartment(); } + bool match(JSScript* script) { return !!script->realm()->jitRealm(); } + bool match(JSCompartment* comp) { return !!JS::GetRealmForCompartment(comp)->jitRealm(); } bool match(Zone* zone) { return !!zone->jitZone(); } bool match(ZonesInState zbs) { return zbs.runtime->hasJitRuntime(); } bool match(JSRuntime* runtime) { return runtime->hasJitRuntime(); } diff --git a/js/src/vm/Iteration.cpp b/js/src/vm/Iteration.cpp index 2d2046953f44..4467d2965abf 100644 --- a/js/src/vm/Iteration.cpp +++ b/js/src/vm/Iteration.cpp @@ -541,10 +541,10 @@ js::GetPropertyKeys(JSContext* cx, HandleObject obj, unsigned flags, AutoIdVecto } static inline void -RegisterEnumerator(JSContext* cx, NativeIterator* ni) +RegisterEnumerator(ObjectRealm& realm, NativeIterator* ni) { /* Register non-escaping native enumerators (for-in) with the current context. */ - ni->link(cx->compartment()->enumerators); + ni->link(realm.enumerators); MOZ_ASSERT(!(ni->flags & JSITER_ACTIVE)); ni->flags |= JSITER_ACTIVE; @@ -611,7 +611,10 @@ CreatePropertyIterator(JSContext* cx, Handle objBeingIterated, if (hadError) return nullptr; - RegisterEnumerator(cx, ni); + ObjectRealm& realm = + objBeingIterated ? ObjectRealm::get(objBeingIterated) : ObjectRealm::get(propIter); + RegisterEnumerator(realm, ni); + return propIter; } @@ -820,7 +823,7 @@ LookupInIteratorCache(JSContext* cx, JSObject* obj, uint32_t* numGuards) *numGuards = guards.length(); IteratorHashPolicy::Lookup lookup(guards.begin(), guards.length(), key); - auto p = cx->compartment()->iteratorCache.lookup(lookup); + auto p = ObjectRealm::get(obj).iteratorCache.lookup(lookup); if (!p) return nullptr; @@ -870,7 +873,7 @@ StoreInIteratorCache(JSContext* cx, JSObject* obj, PropertyIteratorObject* itero ni->guardCount(), ni->guard_key); - JSCompartment::IteratorCache& cache = cx->compartment()->iteratorCache; + ObjectRealm::IteratorCache& cache = ObjectRealm::get(obj).iteratorCache; bool ok; auto p = cache.lookupForAdd(lookup); if (MOZ_LIKELY(!p)) { @@ -896,7 +899,7 @@ js::GetIterator(JSContext* cx, HandleObject obj) if (PropertyIteratorObject* iterobj = LookupInIteratorCache(cx, obj, &numGuards)) { NativeIterator* ni = iterobj->getNativeIterator(); UpdateNativeIterator(ni, obj); - RegisterEnumerator(cx, ni); + RegisterEnumerator(ObjectRealm::get(obj), ni); return iterobj; } @@ -1347,7 +1350,7 @@ SuppressDeletedProperty(JSContext* cx, NativeIterator* ni, HandleObject obj, static bool SuppressDeletedPropertyHelper(JSContext* cx, HandleObject obj, Handle str) { - NativeIterator* enumeratorList = cx->compartment()->enumerators; + NativeIterator* enumeratorList = ObjectRealm::get(obj).enumerators; NativeIterator* ni = enumeratorList->next(); while (ni != enumeratorList) { @@ -1362,7 +1365,7 @@ SuppressDeletedPropertyHelper(JSContext* cx, HandleObject obj, Handlecompartment()->objectMaybeInIteration(obj))) + if (MOZ_LIKELY(!ObjectRealm::get(obj).objectMaybeInIteration(obj))) return true; if (JSID_IS_SYMBOL(id)) @@ -1377,7 +1380,7 @@ js::SuppressDeletedProperty(JSContext* cx, HandleObject obj, jsid id) bool js::SuppressDeletedElement(JSContext* cx, HandleObject obj, uint32_t index) { - if (MOZ_LIKELY(!cx->compartment()->objectMaybeInIteration(obj))) + if (MOZ_LIKELY(!ObjectRealm::get(obj).objectMaybeInIteration(obj))) return true; RootedId id(cx); diff --git a/js/src/vm/JSCompartment-inl.h b/js/src/vm/JSCompartment-inl.h index 557bad02c323..5b531444bdaa 100644 --- a/js/src/vm/JSCompartment-inl.h +++ b/js/src/vm/JSCompartment-inl.h @@ -43,6 +43,12 @@ JS::Realm::globalIsAboutToBeFinalized() return global_ && js::gc::IsAboutToBeFinalizedUnbarriered(global_.unsafeGet()); } +/* static */ inline js::ObjectRealm& +js::ObjectRealm::get(const JSObject* obj) +{ + return obj->realm()->objects_; +} + template js::AutoRealm::AutoRealm(JSContext* cx, const T& target) : cx_(cx), @@ -160,9 +166,9 @@ JSCompartment::wrap(JSContext* cx, JS::MutableHandleValue vp) } MOZ_ALWAYS_INLINE bool -JSCompartment::objectMaybeInIteration(JSObject* obj) +js::ObjectRealm::objectMaybeInIteration(JSObject* obj) { - MOZ_ASSERT(obj->compartment() == this); + MOZ_ASSERT(&ObjectRealm::get(obj) == this); // If the list is empty we're not iterating any objects. js::NativeIterator* next = enumerators->next(); diff --git a/js/src/vm/JSCompartment.cpp b/js/src/vm/JSCompartment.cpp index 2e4e85c4c177..0391d5a06b0b 100644 --- a/js/src/vm/JSCompartment.cpp +++ b/js/src/vm/JSCompartment.cpp @@ -14,8 +14,8 @@ #include "gc/Policy.h" #include "gc/PublicIterators.h" -#include "jit/JitCompartment.h" #include "jit/JitOptions.h" +#include "jit/JitRealm.h" #include "js/Date.h" #include "js/Proxy.h" #include "js/RootingAPI.h" @@ -46,19 +46,26 @@ JSCompartment::JSCompartment(Zone* zone) runtime_(zone->runtimeFromAnyThread()), data(nullptr), regExps(), - detachedTypedObjects(0), - innerViews(zone), - gcIncomingGrayPointers(nullptr), - enumerators(nullptr) + gcIncomingGrayPointers(nullptr) { runtime_->numCompartments++; } +ObjectRealm::ObjectRealm(JS::Zone* zone) + : innerViews(zone) +{} + +ObjectRealm::~ObjectRealm() +{ + MOZ_ASSERT(enumerators == iteratorSentinel_.get()); +} + Realm::Realm(JS::Zone* zone, const JS::RealmOptions& options) : JSCompartment(zone), creationOptions_(options.creationOptions()), behaviors_(options.behaviors()), global_(nullptr), + objects_(zone), randomKeyGenerator_(runtime_->forkRandomKeyGenerator()), wasm(zone->runtimeFromMainThread()), performanceMonitoring(runtime_) @@ -77,8 +84,6 @@ Realm::~Realm() JSCompartment::~JSCompartment() { - MOZ_ASSERT(enumerators == iteratorSentinel_.get()); - #ifdef DEBUG // Avoid assertion destroying the unboxed layouts list if the embedding // leaked GC things. @@ -98,13 +103,24 @@ JSCompartment::init(JSContext* maybecx) return false; } + return true; +} + +bool +ObjectRealm::init(JSContext* maybecx) +{ + if (!iteratorCache.init()) { + if (maybecx) + ReportOutOfMemory(maybecx); + return false; + } + NativeIteratorSentinel sentinel(NativeIterator::allocateSentinel(maybecx)); if (!sentinel) return false; iteratorSentinel_ = Move(sentinel); enumerators = iteratorSentinel_.get(); - return true; } @@ -127,9 +143,11 @@ Realm::init(JSContext* maybecx) */ JS::ResetTimeZone(); + if (!objects_.init(maybecx)) + return false; + if (!savedStacks_.init() || - !varNames_.init() || - !iteratorCache.init()) + !varNames_.init()) { if (maybecx) ReportOutOfMemory(maybecx); @@ -174,23 +192,23 @@ JSRuntime::createJitRuntime(JSContext* cx) } bool -JSCompartment::ensureJitCompartmentExists(JSContext* cx) +Realm::ensureJitRealmExists(JSContext* cx) { using namespace js::jit; - if (jitCompartment_) + if (jitRealm_) return true; if (!zone()->getJitZone(cx)) return false; - UniquePtr jitComp = cx->make_unique(); - if (!jitComp) + UniquePtr jitRealm = cx->make_unique(); + if (!jitRealm) return false; - if (!jitComp->initialize(cx)) + if (!jitRealm->initialize(cx)) return false; - jitCompartment_ = Move(jitComp); + jitRealm_ = Move(jitRealm); return true; } @@ -517,8 +535,10 @@ JSCompartment::wrap(JSContext* cx, MutableHandle> vec) } LexicalEnvironmentObject* -JSCompartment::getOrCreateNonSyntacticLexicalEnvironment(JSContext* cx, HandleObject enclosing) +ObjectRealm::getOrCreateNonSyntacticLexicalEnvironment(JSContext* cx, HandleObject enclosing) { + MOZ_ASSERT(&ObjectRealm::get(enclosing) == this); + if (!nonSyntacticLexicalEnvironments_) { auto map = cx->make_unique(cx); if (!map || !map->init()) @@ -558,8 +578,10 @@ JSCompartment::getOrCreateNonSyntacticLexicalEnvironment(JSContext* cx, HandleOb } LexicalEnvironmentObject* -JSCompartment::getNonSyntacticLexicalEnvironment(JSObject* enclosing) const +ObjectRealm::getNonSyntacticLexicalEnvironment(JSObject* enclosing) const { + MOZ_ASSERT(&ObjectRealm::get(enclosing) == this); + if (!nonSyntacticLexicalEnvironments_) return nullptr; // If a wrapped WithEnvironmentObject was passed in, unwrap it as in @@ -633,6 +655,19 @@ Realm::traceGlobal(JSTracer* trc) varNames_.trace(trc); } +void +ObjectRealm::trace(JSTracer* trc) +{ + if (lazyArrayBuffers) + lazyArrayBuffers->trace(trc); + + if (objectMetadataTable) + objectMetadataTable->trace(trc); + + if (nonSyntacticLexicalEnvironments_) + nonSyntacticLexicalEnvironments_->trace(trc); +} + void Realm::traceRoots(JSTracer* trc, js::gc::GCRuntime::TraceOrMarkRuntime traceOrMark) { @@ -661,11 +696,7 @@ Realm::traceRoots(JSTracer* trc, js::gc::GCRuntime::TraceOrMarkRuntime traceOrMa if (debugEnvs) debugEnvs->trace(trc); - if (lazyArrayBuffers) - lazyArrayBuffers->trace(trc); - - if (objectMetadataTable) - objectMetadataTable->trace(trc); + objects_.trace(trc); // If code coverage is only enabled with the Debugger or the LCovOutput, // then the following comment holds. @@ -691,9 +722,19 @@ Realm::traceRoots(JSTracer* trc, js::gc::GCRuntime::TraceOrMarkRuntime traceOrMa MOZ_ASSERT(script == r.front().key(), "const_cast is only a work-around"); } } +} + +void +ObjectRealm::finishRoots() +{ + if (lazyArrayBuffers) + lazyArrayBuffers->clear(); + + if (objectMetadataTable) + objectMetadataTable->clear(); if (nonSyntacticLexicalEnvironments_) - nonSyntacticLexicalEnvironments_->trace(trc); + nonSyntacticLexicalEnvironments_->clear(); } void @@ -702,31 +743,35 @@ Realm::finishRoots() if (debugEnvs) debugEnvs->finish(); - if (lazyArrayBuffers) - lazyArrayBuffers->clear(); - - if (objectMetadataTable) - objectMetadataTable->clear(); + objects_.finishRoots(); clearScriptCounts(); clearScriptNames(); +} - if (nonSyntacticLexicalEnvironments_) - nonSyntacticLexicalEnvironments_->clear(); +void +ObjectRealm::sweepAfterMinorGC() +{ + InnerViewTable& table = innerViews.get(); + if (table.needsSweepAfterMinorGC()) + table.sweepAfterMinorGC(); +} + +void +Realm::sweepAfterMinorGC() +{ + globalWriteBarriered = 0; + dtoaCache.purge(); + objects_.sweepAfterMinorGC(); } void JSCompartment::sweepAfterMinorGC(JSTracer* trc) { - InnerViewTable& table = innerViews.get(); - if (table.needsSweepAfterMinorGC()) - table.sweepAfterMinorGC(); - crossCompartmentWrappers.sweepAfterMinorGC(trc); Realm* realm = JS::GetRealmForCompartment(this); - realm->globalWriteBarriered = 0; - realm->dtoaCache.purge(); + realm->sweepAfterMinorGC(); } void @@ -753,10 +798,10 @@ Realm::sweepSelfHostingScriptSource() } void -JSCompartment::sweepJitCompartment() +Realm::sweepJitRealm() { - if (jitCompartment_) - jitCompartment_->sweep(this); + if (jitRealm_) + jitRealm_->sweep(this); } void @@ -778,7 +823,7 @@ JSCompartment::sweepDebugEnvironments() } void -JSCompartment::sweepNativeIterators() +ObjectRealm::sweepNativeIterators() { /* Sweep list of native iterators. */ NativeIterator* ni = enumerators->next(); @@ -787,10 +832,17 @@ JSCompartment::sweepNativeIterators() NativeIterator* next = ni->next(); if (gc::IsAboutToBeFinalizedUnbarriered(&iterObj)) ni->unlink(); + MOZ_ASSERT_IF(ni->obj, &ObjectRealm::get(ni->obj) == this); ni = next; } } +void +Realm::sweepObjectRealm() +{ + objects_.sweepNativeIterators(); +} + /* * Remove dead wrappers from the table. We must sweep all compartments, since * string entries in the crossCompartmentWrappers table are not marked during @@ -966,7 +1018,7 @@ Realm::purge() dtoaCache.purge(); newProxyCache.purge(); objectGroups.purge(); - iteratorCache.clearAndShrink(); + objects_.iteratorCache.clearAndShrink(); arraySpeciesLookup.purge(); } @@ -978,9 +1030,9 @@ Realm::clearTables() // No scripts should have run in this realm. This is used when merging // a realm that has been used off thread into another realm and zone. JS::GetCompartmentForRealm(this)->assertNoCrossCompartmentWrappers(); - MOZ_ASSERT(!jitCompartment_); + MOZ_ASSERT(!jitRealm_); MOZ_ASSERT(!debugEnvs); - MOZ_ASSERT(enumerators->next() == enumerators); + MOZ_ASSERT(objects_.enumerators->next() == objects_.enumerators); objectGroups.clearTables(); if (savedStacks_.initialized()) @@ -1015,17 +1067,23 @@ Realm::forgetAllocationMetadataBuilder() void Realm::setNewObjectMetadata(JSContext* cx, HandleObject obj) { + MOZ_ASSERT(obj->realm() == this); assertSameCompartment(cx, this, obj); AutoEnterOOMUnsafeRegion oomUnsafe; if (JSObject* metadata = allocationMetadataBuilder_->build(cx, obj, oomUnsafe)) { + MOZ_ASSERT(metadata->realm() == obj->realm()); assertSameCompartment(cx, metadata); - if (!objectMetadataTable) { - objectMetadataTable = cx->make_unique(cx); - if (!objectMetadataTable || !objectMetadataTable->init()) + + if (!objects_.objectMetadataTable) { + auto table = cx->make_unique(cx); + if (!table || !table->init()) oomUnsafe.crash("setNewObjectMetadata"); + + objects_.objectMetadataTable = Move(table); } - if (!objectMetadataTable->add(cx, obj, metadata)) + + if (!objects_.objectMetadataTable->add(cx, obj, metadata)) oomUnsafe.crash("setNewObjectMetadata"); } } @@ -1254,6 +1312,25 @@ JSCompartment::addSizeOfExcludingThis(mozilla::MallocSizeOf mallocSizeOf, *crossCompartmentWrappersArg += crossCompartmentWrappers.sizeOfExcludingThis(mallocSizeOf); } +void +ObjectRealm::addSizeOfExcludingThis(mozilla::MallocSizeOf mallocSizeOf, + size_t* innerViewsArg, + size_t* lazyArrayBuffersArg, + size_t* objectMetadataTablesArg, + size_t* nonSyntacticLexicalEnvironmentsArg) +{ + *innerViewsArg += innerViews.sizeOfExcludingThis(mallocSizeOf); + + if (lazyArrayBuffers) + *lazyArrayBuffersArg += lazyArrayBuffers->sizeOfIncludingThis(mallocSizeOf); + + if (objectMetadataTable) + *objectMetadataTablesArg += objectMetadataTable->sizeOfIncludingThis(mallocSizeOf); + + if (auto& map = nonSyntacticLexicalEnvironments_) + *nonSyntacticLexicalEnvironmentsArg += map->sizeOfIncludingThis(mallocSizeOf); +} + void Realm::addSizeOfIncludingThis(mozilla::MallocSizeOf mallocSizeOf, size_t* tiAllocationSiteTables, @@ -1268,7 +1345,7 @@ Realm::addSizeOfIncludingThis(mozilla::MallocSizeOf mallocSizeOf, size_t* savedStacksSet, size_t* varNamesSet, size_t* nonSyntacticLexicalEnvironmentsArg, - size_t* jitCompartment, + size_t* jitRealm, size_t* privateData, size_t* scriptCountsMapArg) { @@ -1280,19 +1357,18 @@ Realm::addSizeOfIncludingThis(mozilla::MallocSizeOf mallocSizeOf, tiArrayTypeTables, tiObjectTypeTables, realmTables); wasm.addSizeOfExcludingThis(mallocSizeOf, realmTables); - *innerViewsArg += innerViews.sizeOfExcludingThis(mallocSizeOf); - if (lazyArrayBuffers) - *lazyArrayBuffersArg += lazyArrayBuffers->sizeOfIncludingThis(mallocSizeOf); - if (objectMetadataTable) - *objectMetadataTablesArg += objectMetadataTable->sizeOfIncludingThis(mallocSizeOf); + objects_.addSizeOfExcludingThis(mallocSizeOf, + innerViewsArg, + lazyArrayBuffersArg, + objectMetadataTablesArg, + nonSyntacticLexicalEnvironmentsArg); + *savedStacksSet += savedStacks_.sizeOfExcludingThis(mallocSizeOf); *varNamesSet += varNames_.sizeOfExcludingThis(mallocSizeOf); - if (nonSyntacticLexicalEnvironments_) - *nonSyntacticLexicalEnvironmentsArg += - nonSyntacticLexicalEnvironments_->sizeOfIncludingThis(mallocSizeOf); - if (jitCompartment_) - *jitCompartment += jitCompartment_->sizeOfIncludingThis(mallocSizeOf); + + if (jitRealm_) + *jitRealm += jitRealm_->sizeOfIncludingThis(mallocSizeOf); auto callback = runtime_->sizeOfIncludingThisCompartmentCallback; if (callback) diff --git a/js/src/vm/JSCompartment.h b/js/src/vm/JSCompartment.h index ffe77aa70991..a967543f0f65 100644 --- a/js/src/vm/JSCompartment.h +++ b/js/src/vm/JSCompartment.h @@ -31,7 +31,7 @@ namespace js { namespace jit { -class JitCompartment; +class JitRealm; } // namespace jit namespace gc { @@ -592,15 +592,6 @@ struct JSCompartment public: js::RegExpCompartment regExps; - using IteratorCache = js::HashSet; - IteratorCache iteratorCache; - - // Non-zero if the storage underlying any typed object in this compartment - // might be detached. - int32_t detachedTypedObjects; - // Recompute the probability with which this compartment should record // profiling data (stack traces, allocations log, etc.) about each // allocation. We consult the probabilities requested by the Debugger @@ -618,28 +609,10 @@ struct JSCompartment #ifdef JSGC_HASH_TABLE_CHECKS void checkWrapperMapAfterMovingGC(); #endif - // Keep track of the metadata objects which can be associated with each JS - // object. Both keys and values are in this compartment. - js::UniquePtr objectMetadataTable; - - // Map from array buffers to views sharing that storage. - JS::WeakCache innerViews; - - // Inline transparent typed objects do not initially have an array buffer, - // but can have that buffer created lazily if it is accessed later. This - // table manages references from such typed objects to their buffers. - js::UniquePtr lazyArrayBuffers; // All unboxed layouts in the compartment. mozilla::LinkedList unboxedLayouts; - protected: - // All non-syntactic lexical environments in the compartment. These are kept in - // a map because when loading scripts into a non-syntactic environment, we need - // to use the same lexical environment to persist lexical bindings. - js::UniquePtr nonSyntacticLexicalEnvironments_; - - public: /* * During GC, stores the head of a list of incoming pointers from gray cells. * @@ -701,10 +674,6 @@ struct JSCompartment explicit StringWrapperEnum(JSCompartment* c) : js::WrapperMap::Enum(c->crossCompartmentWrappers, nullptr) {} }; - js::LexicalEnvironmentObject* - getOrCreateNonSyntacticLexicalEnvironment(JSContext* cx, js::HandleObject enclosing); - js::LexicalEnvironmentObject* getNonSyntacticLexicalEnvironment(JSObject* enclosing) const; - /* * These methods mark pointers that cross compartment boundaries. They are * called in per-zone GCs to prevent the wrappers' outgoing edges from @@ -718,10 +687,8 @@ struct JSCompartment void sweepCrossCompartmentWrappers(); void sweepSavedStacks(); - void sweepJitCompartment(); void sweepRegExps(); void sweepDebugEnvironments(); - void sweepNativeIterators(); static void fixupCrossCompartmentWrappersAfterMovingGC(JSTracer* trc); void fixupAfterMovingGC(); @@ -737,35 +704,81 @@ struct JSCompartment /* Bookkeeping information for debug scope objects. */ js::UniquePtr debugEnvs; - /* - * List of potentially active iterators that may need deleted property - * suppression. - */ - private: - using NativeIteratorSentinel = js::UniquePtr; - NativeIteratorSentinel iteratorSentinel_; - public: - js::NativeIterator* enumerators; - - MOZ_ALWAYS_INLINE bool objectMaybeInIteration(JSObject* obj); - // These flags help us to discover if a compartment that shouldn't be alive // manages to outlive a GC. Note that these flags have to be on the // compartment, not the realm, because same-compartment realms can have // cross-realm pointers without wrappers. bool scheduledForDestruction = false; bool maybeAlive = true; +}; - protected: - js::UniquePtr jitCompartment_; +namespace js { + +// ObjectRealm stores various tables and other state associated with particular +// objects in a realm. To make sure the correct ObjectRealm is used for an +// object, use of the ObjectRealm::get(obj) static method is required. +class ObjectRealm +{ + using NativeIteratorSentinel = js::UniquePtr; + NativeIteratorSentinel iteratorSentinel_; + + // All non-syntactic lexical environments in the realm. These are kept in a + // map because when loading scripts into a non-syntactic environment, we + // need to use the same lexical environment to persist lexical bindings. + js::UniquePtr nonSyntacticLexicalEnvironments_; + + ObjectRealm(const ObjectRealm&) = delete; + void operator=(const ObjectRealm&) = delete; public: - bool ensureJitCompartmentExists(JSContext* cx); - js::jit::JitCompartment* jitCompartment() { - return jitCompartment_.get(); - } + // List of potentially active iterators that may need deleted property + // suppression. + js::NativeIterator* enumerators = nullptr; + + // Map from array buffers to views sharing that storage. + JS::WeakCache innerViews; + + // Inline transparent typed objects do not initially have an array buffer, + // but can have that buffer created lazily if it is accessed later. This + // table manages references from such typed objects to their buffers. + js::UniquePtr lazyArrayBuffers; + + // Keep track of the metadata objects which can be associated with each JS + // object. Both keys and values are in this realm. + js::UniquePtr objectMetadataTable; + + using IteratorCache = js::HashSet; + IteratorCache iteratorCache; + + static inline ObjectRealm& get(const JSObject* obj); + + explicit ObjectRealm(JS::Zone* zone); + ~ObjectRealm(); + + MOZ_MUST_USE bool init(JSContext* maybecx); + + void finishRoots(); + void trace(JSTracer* trc); + void sweepAfterMinorGC(); + void sweepNativeIterators(); + + void addSizeOfExcludingThis(mozilla::MallocSizeOf mallocSizeOf, + size_t* innerViewsArg, + size_t* lazyArrayBuffersArg, + size_t* objectMetadataTablesArg, + size_t* nonSyntacticLexicalEnvironmentsArg); + + MOZ_ALWAYS_INLINE bool objectMaybeInIteration(JSObject* obj); + + js::LexicalEnvironmentObject* + getOrCreateNonSyntacticLexicalEnvironment(JSContext* cx, js::HandleObject enclosing); + js::LexicalEnvironmentObject* getNonSyntacticLexicalEnvironment(JSObject* enclosing) const; }; +} // namespace js + class JS::Realm : public JSCompartment { const JS::RealmCreationOptions creationOptions_; @@ -774,6 +787,10 @@ class JS::Realm : public JSCompartment friend struct ::JSContext; js::ReadBarrieredGlobalObject global_; + // Note: this is private to enforce use of ObjectRealm::get(obj). + js::ObjectRealm objects_; + friend js::ObjectRealm& js::ObjectRealm::get(const JSObject*); + // The global environment record's [[VarNames]] list that contains all // names declared using FunctionDeclaration, GeneratorDeclaration, and // VariableDeclaration declarations in global code in this realm. @@ -795,6 +812,8 @@ class JS::Realm : public JSCompartment JSPrincipals* principals_ = nullptr; + js::UniquePtr jitRealm_; + // Used by memory reporters and invalid otherwise. JS::RealmStats* realmStats_ = nullptr; @@ -877,6 +896,9 @@ class JS::Realm : public JSCompartment private: void updateDebuggerObservesFlag(unsigned flag); + Realm(const Realm&) = delete; + void operator=(const Realm&) = delete; + public: Realm(JS::Zone* zone, const JS::RealmOptions& options); ~Realm(); @@ -898,7 +920,7 @@ class JS::Realm : public JSCompartment size_t* savedStacksSet, size_t* varNamesSet, size_t* nonSyntacticLexicalScopes, - size_t* jitCompartment, + size_t* jitRealm, size_t* privateData, size_t* scriptCountsMapArg); @@ -961,6 +983,8 @@ class JS::Realm : public JSCompartment */ void finishRoots(); + void sweepAfterMinorGC(); + void sweepObjectRealm(); void sweepSelfHostingScriptSource(); void sweepTemplateObjects(); @@ -1232,6 +1256,13 @@ class JS::Realm : public JSCompartment void setValidAccessPtr(bool* accessp) { validAccessPtr_ = accessp; } + + bool ensureJitRealmExists(JSContext* cx); + void sweepJitRealm(); + + js::jit::JitRealm* jitRealm() { + return jitRealm_.get(); + } }; namespace js { diff --git a/js/src/vm/Runtime.cpp b/js/src/vm/Runtime.cpp index 6e0e58ed8fd0..d133e8dbfb68 100644 --- a/js/src/vm/Runtime.cpp +++ b/js/src/vm/Runtime.cpp @@ -32,7 +32,7 @@ #include "jit/arm/Simulator-arm.h" #include "jit/arm64/vixl/Simulator-vixl.h" #include "jit/IonBuilder.h" -#include "jit/JitCompartment.h" +#include "jit/JitRealm.h" #include "jit/mips32/Simulator-mips32.h" #include "jit/mips64/Simulator-mips64.h" #include "js/Date.h" diff --git a/js/src/vm/Stack.cpp b/js/src/vm/Stack.cpp index 0c767a9f6eee..7292112eb95f 100644 --- a/js/src/vm/Stack.cpp +++ b/js/src/vm/Stack.cpp @@ -9,7 +9,7 @@ #include "gc/Marking.h" #include "jit/BaselineFrame.h" #include "jit/JitcodeMap.h" -#include "jit/JitCompartment.h" +#include "jit/JitRealm.h" #include "vm/Debugger.h" #include "vm/JSContext.h" #include "vm/Opcodes.h" diff --git a/js/src/vm/TypeInference.cpp b/js/src/vm/TypeInference.cpp index 853ea19e122a..0a898f55a6cf 100644 --- a/js/src/vm/TypeInference.cpp +++ b/js/src/vm/TypeInference.cpp @@ -23,7 +23,7 @@ #include "jit/CompileInfo.h" #include "jit/Ion.h" #include "jit/IonAnalysis.h" -#include "jit/JitCompartment.h" +#include "jit/JitRealm.h" #include "jit/OptimizationTracking.h" #include "js/MemoryMetrics.h" #include "vm/HelperThreads.h" diff --git a/js/src/vm/UbiNodeCensus.cpp b/js/src/vm/UbiNodeCensus.cpp index 2e71968db911..52e91dc00580 100644 --- a/js/src/vm/UbiNodeCensus.cpp +++ b/js/src/vm/UbiNodeCensus.cpp @@ -32,8 +32,6 @@ CountDeleter::operator()(CountBase* ptr) JS_PUBLIC_API(bool) Census::init() { - AutoLockForExclusiveAccess lock(cx); - atomsZone = cx->runtime()->atomsRealm(lock)->zone(); return targetZones.init(); } @@ -942,7 +940,7 @@ CensusHandler::operator() (BreadthFirst& traversal, if (census.targetZones.count() == 0 || census.targetZones.has(zone)) return rootCount->count(mallocSizeOf, referent); - if (zone == census.atomsZone) { + if (zone->isAtomsZone()) { traversal.abandonReferent(); return rootCount->count(mallocSizeOf, referent); } diff --git a/js/src/vm/UnboxedObject.cpp b/js/src/vm/UnboxedObject.cpp index b4d1bc3c0ff8..6cce11856032 100644 --- a/js/src/vm/UnboxedObject.cpp +++ b/js/src/vm/UnboxedObject.cpp @@ -72,7 +72,7 @@ UnboxedLayout::makeConstructorCode(JSContext* cx, HandleObjectGroup group) using namespace jit; - if (!cx->compartment()->ensureJitCompartmentExists(cx)) + if (!cx->realm()->ensureJitRealmExists(cx)) return false; AutoSweepObjectGroup sweep(group); diff --git a/layout/build/nsLayoutModule.cpp b/layout/build/nsLayoutModule.cpp index 416cda00e9e6..38bb371c6f60 100644 --- a/layout/build/nsLayoutModule.cpp +++ b/layout/build/nsLayoutModule.cpp @@ -100,6 +100,7 @@ using mozilla::dom::AudioChannelAgent; #include "nsScriptSecurityManager.h" #include "ContentPrincipal.h" +#include "ExpandedPrincipal.h" #include "SystemPrincipal.h" #include "NullPrincipal.h" #include "nsNetCID.h" @@ -462,6 +463,7 @@ NS_GENERIC_FACTORY_CONSTRUCTOR(CSPService) NS_GENERIC_FACTORY_CONSTRUCTOR(nsMixedContentBlocker) NS_GENERIC_FACTORY_CONSTRUCTOR(ContentPrincipal) +NS_GENERIC_FACTORY_CONSTRUCTOR(ExpandedPrincipal) NS_GENERIC_FACTORY_SINGLETON_CONSTRUCTOR(SystemPrincipal, nsScriptSecurityManager::SystemPrincipalSingletonConstructor) NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(NullPrincipal, Init) @@ -578,6 +580,7 @@ NS_DEFINE_NAMED_CID(NS_PARENTPROCESSMESSAGEMANAGER_CID); NS_DEFINE_NAMED_CID(NS_CHILDPROCESSMESSAGEMANAGER_CID); NS_DEFINE_NAMED_CID(NS_SCRIPTSECURITYMANAGER_CID); NS_DEFINE_NAMED_CID(NS_PRINCIPAL_CID); +NS_DEFINE_NAMED_CID(NS_EXPANDEDPRINCIPAL_CID); NS_DEFINE_NAMED_CID(NS_SYSTEMPRINCIPAL_CID); NS_DEFINE_NAMED_CID(NS_NULLPRINCIPAL_CID); NS_DEFINE_NAMED_CID(THIRDPARTYUTIL_CID); @@ -825,6 +828,7 @@ static const mozilla::Module::CIDEntry kLayoutCIDs[] = { { &kNS_CHILDPROCESSMESSAGEMANAGER_CID, false, nullptr, CreateChildMessageManager }, { &kNS_SCRIPTSECURITYMANAGER_CID, false, nullptr, Construct_nsIScriptSecurityManager }, { &kNS_PRINCIPAL_CID, false, nullptr, ContentPrincipalConstructor }, + { &kNS_EXPANDEDPRINCIPAL_CID, false, nullptr, ExpandedPrincipalConstructor }, { &kNS_SYSTEMPRINCIPAL_CID, false, nullptr, SystemPrincipalConstructor }, { &kNS_NULLPRINCIPAL_CID, false, nullptr, NullPrincipalConstructor }, { &kNS_DEVICE_SENSORS_CID, false, nullptr, nsDeviceSensorsConstructor }, @@ -929,6 +933,7 @@ static const mozilla::Module::ContractIDEntry kLayoutContracts[] = { { NS_CHILDPROCESSMESSAGEMANAGER_CONTRACTID, &kNS_CHILDPROCESSMESSAGEMANAGER_CID }, { NS_SCRIPTSECURITYMANAGER_CONTRACTID, &kNS_SCRIPTSECURITYMANAGER_CID }, { NS_PRINCIPAL_CONTRACTID, &kNS_PRINCIPAL_CID }, + { NS_EXPANDEDPRINCIPAL_CONTRACTID, &kNS_EXPANDEDPRINCIPAL_CID }, { NS_SYSTEMPRINCIPAL_CONTRACTID, &kNS_SYSTEMPRINCIPAL_CID }, { NS_NULLPRINCIPAL_CONTRACTID, &kNS_NULLPRINCIPAL_CID }, { NS_DEVICE_SENSORS_CONTRACTID, &kNS_DEVICE_SENSORS_CID },