Commit Graph

69088 Commits

Author SHA1 Message Date
Jan de Mooij
ad64261325 Bug 1524499 part 2 - Move the AutoSweepTypeScript& from JSScript::types() to TypeScript methods that depend on swept data. r=tcampbell
As we add more fields to TypeScript (= JitScript in the future), the
AutoSweepTypeScript argument to JSScript::types() is becoming annoying.
This patch moves the argument to TypeScript::typeArray() and
TypeScript::inlinedCompilations() because that's the data affected by type
sweeping.

Differential Revision: https://phabricator.services.mozilla.com/D18549

--HG--
extra : moz-landing-system : lando
2019-02-06 07:56:49 +00:00
Jan de Mooij
15b5b64c02 Bug 1524499 part 1 - Move active flag from BaselineScript to TypeScript. r=tcampbell
Baseline interpreter frames will have a TypeScript/ICScript we want to keep
around on GC.

The JSScript::typesDontCheckGeneration method will be removed in the next patch.

Differential Revision: https://phabricator.services.mozilla.com/D18548

--HG--
extra : moz-landing-system : lando
2019-02-06 07:56:17 +00:00
Jan de Mooij
14ff15bd15 Bug 1524707 - Ensure we're in the global's realm in GlobalObject::resolveConstructor. r=jorendorff
In js::SetPrototype we call GlobalObject::ensureConstructor. I think this is
only a problem for evalcx because other globals have an immutable prototype
chain.

Differential Revision: https://phabricator.services.mozilla.com/D18562

--HG--
extra : moz-landing-system : lando
2019-02-06 07:55:50 +00:00
Jan de Mooij
892e111b8b Bug 1522837 part 8 - Implement JSOP_GETIMPORT in BaselineInterpreterCodeGen. r=tcampbell
Eventually this op could use an IC or some frontend/bytecode refactoring to make
it faster in the interpreter. For now following the C++ interpreter is the
simplest solution though.

Differential Revision: https://phabricator.services.mozilla.com/D17939

--HG--
extra : moz-landing-system : lando
2019-02-06 07:55:25 +00:00
Jan de Mooij
0de2de5a18 Bug 1522837 part 7 - Implement JSOP_NEWARRAY_COPYONWRITE in BaselineInterpreterCodeGen. r=tcampbell
Differential Revision: https://phabricator.services.mozilla.com/D17938

--HG--
extra : moz-landing-system : lando
2019-02-06 07:54:47 +00:00
Jan de Mooij
eafe4a10dd Bug 1522837 part 6 - Implement JSOP_BUILTINPROTO in BaselineInterpreterCodeGen. r=tcampbell
Differential Revision: https://phabricator.services.mozilla.com/D17937

--HG--
extra : moz-landing-system : lando
2019-02-06 07:53:44 +00:00
Jan de Mooij
83e77e93f3 Bug 1522837 part 5 - Implement JSOP_IMPORTMETA in BaselineInterpreterCodeGen. r=tcampbell
Differential Revision: https://phabricator.services.mozilla.com/D17936

--HG--
extra : moz-landing-system : lando
2019-02-06 07:52:43 +00:00
Noemi Erli
314a6bb0a2 Backed out changeset 1d20638b3253 (bug 1525227) for build bustages on build/src/Cargo.lock CLOSED TREE 2019-02-06 07:05:59 +02:00
Mike Hommey
ec8999b18a Bug 1525227 - Remove unnecessary dependency on bindgen in js/src/rust/shared/Cargo.toml. r=mshal
The crate doesn't even have a build script.

Differential Revision: https://phabricator.services.mozilla.com/D18657

--HG--
extra : moz-landing-system : lando
2019-02-06 04:41:35 +00:00
Robin Templeton
e11487a677 Bug 1507484 - Implement minimal Ion support for BigInt r=wingo,jandem
Co-authored-by: Andy Wingo <wingo@igalia.com>

Differential Revision: https://phabricator.services.mozilla.com/D14826

--HG--
extra : moz-landing-system : lando
2019-02-05 23:19:44 +00:00
Noemi Erli
845539c92f Backed out 2 changesets (bug 1492629) for failures in mozJSComponentLoader.cpp
Backed out changeset 02f749ccdc4b (bug 1492629)
Backed out changeset cae6d1eec658 (bug 1492629)
2019-02-06 03:27:24 +02:00
Jim Blandy
e68817d63a Bug 1145201: Document OffThreadPromiseRuntimeState fields in more detail. r=luke
Differential Revision: https://phabricator.services.mozilla.com/D17543

--HG--
extra : moz-landing-system : lando
2019-01-30 18:59:02 +00:00
Adrian Wielgosik
74008d7bbb Bug 1492629 - de-COM mozJSComponentLoader. r=mccr8
Differential Revision: https://phabricator.services.mozilla.com/D18388

--HG--
extra : moz-landing-system : lando
2019-02-05 00:47:48 +00:00
Cosmin Sabou
3bd26d627f Backed out 2 changesets (bug 1471496) as requested by developer on irc. CLOSED TREE
Backed out changeset 00cdd5991ace (bug 1471496)
Backed out changeset 317151999412 (bug 1471496)
2019-02-06 01:23:17 +02:00
Boris Zbarsky
6e6a41683e Bug 1471496 part 2. Change the way we do cross-compartment wrappers for Window and Location so they don't ever need to be recomputed. r=bholley
The end result we want is that on the web cross-compartment wrappers for
WindowProxy and Location are always CrossOriginObjectWrapper.  That needs to be true
for both cases that are different-origin (as now) and cases that are
same-origin, since they might become different-origin due to document.domain
changes but we don't want that to affect the wrappers involved.

On the web, all security checks are symmetric, so in WrapperFactory::Rewrap we
would have originSubsumesTarget == targetSubsumesOrigin in all web cases.

I claim that

  originSubsumesTarget == targetSubsumesOrigin &&
  (!targetSubsumesOrigin ||
   (!originCompartmentPrivate->wantXrays &&
    !targetCompartmentPrivate->wantXrays)) &&
  "object is a WindowProxy or Location"

is a necessary and sufficient condition for using CrossOriginObjectWrapper.

Comparing to our current code, if originSubsumesTarget and targetSubsumesOrigin
are both false, then for the WindowProxy and Location cases we currently end up
with the following arguments to SelectWrapper:

  securityWrapper: true
  xrayType: XrayForDOMObject
  waiveXrays: false

So SelectWrapper ends up returning CrossOriginObjectWrapper, which the new
condition keeps doing.

If originSubsumesTarget and targetSubsumesOrigin are both true, then there are
two cases.  If both compartments have wantXrays false (which is always the case
on the web), then we end up with the following arguments to SelectWrapper:

  securityWrapper: false
  xrayType: NotXray
  waiveXrays: false

and SelectWrapper returns CrossCompartmentWrapper.  We want to do
CrossOriginObjectWrapper instead, as explained above.

Finally, if originSubsumesTarget and targetSubsumesOrigin are both true but one
of the compartments has wantXrays set, then we get:

  securityWrapper: false
  xrayType: XrayForDOMObject
  waiveXrays: might be true or false

and then SelectWrapper might return a WaiveXrayWrapper or a PermissiveXrayDOM.
In this case we do _not_ want to start returning CrossOriginObjectWrapper, and
this is a non-web case anyway, since web compartments can't set wantXrays.

Differential Revision: https://phabricator.services.mozilla.com/D18030

--HG--
extra : moz-landing-system : lando
2019-02-05 18:06:18 +00:00
Noemi Erli
18a515c6f9 Backed out changeset dfefd2d4d63f (bug 1525346) for failures in test_bug862380.html CLOSED TREE 2019-02-06 00:10:11 +02:00
Boris Zbarsky
c48f274465 Bug 1525346. Fix the cross-compartment bug in MaybeCrossOriginObject::enumerate. r=jandem
Differential Revision: https://phabricator.services.mozilla.com/D18714

--HG--
extra : moz-landing-system : lando
2019-02-05 18:45:27 +00:00
Ted Campbell
d30333735e Bug 1518377 - Fix the way isIon accesses current script r=nbp
Existing code crashes on IonIC frames. Instead, use FrameIter to
determine caller. This also simplifies WASM handling. Also make inJit
use a similar approach for consistency.

Differential Revision: https://phabricator.services.mozilla.com/D18151

--HG--
extra : moz-landing-system : lando
2019-02-05 18:08:54 +00:00
Andy Wingo
6b615827de Bug 1510624 - StructuredClone array reader should initialize target array even in error cases r=jwalden
Differential Revision: https://phabricator.services.mozilla.com/D17801

--HG--
extra : moz-landing-system : lando
2019-01-31 22:32:34 +00:00
Tooru Fujisawa
3469b17a67 Bug 1518391 - Part 4: Use pn_u.function.syntaxKind instead of pn_op for FunctionNode. r=jorendorff
Differential Revision: https://phabricator.services.mozilla.com/D18329

--HG--
extra : moz-landing-system : lando
2019-02-05 14:59:11 +00:00
Tooru Fujisawa
2f0e1b5e4e Bug 1518391 - Part 3: Add pn_u.function.syntaxKind for FunctionNode. r=jorendorff
This is a replacement for pn_op that is used in BytecodeEmitter.
This patch just adds the field, but keeps using pn_op.
Part 4 removes the usage of pn_op for FunctionNode.

Differential Revision: https://phabricator.services.mozilla.com/D18328

--HG--
extra : moz-landing-system : lando
2019-02-05 14:58:42 +00:00
Tooru Fujisawa
43929c139f Bug 1518391 - Part 2: Separate CodeNode into FunctionNode and ModuleNode. r=jorendorff
CodeNode was shared between ParseNodeKind::Function and ParseNodeKind::Module,
but Module only uses `pn_u.code.body`.
Separated them for further refactoring for function part.

Differential Revision: https://phabricator.services.mozilla.com/D18327

--HG--
extra : moz-landing-system : lando
2019-02-05 14:58:17 +00:00
Tooru Fujisawa
24c65d0fc6 Bug 1518391 - Part 1: Remove unused case/code from function node ops. r=jorendorff
pn_op for CodeNode can only be JSOP_NOP, JSOP_LAMBDA, and JSOP_LAMBDA_ARROW.
Removed other cases.
Also removed the override with JSOP_FUNWITHPROTO given the field is never read
after the function.

Differential Revision: https://phabricator.services.mozilla.com/D18325

--HG--
extra : moz-landing-system : lando
2019-02-05 14:57:47 +00:00
Mike Hommey
029e8b5700 Bug 1524461 - Run the clock_gettime(CLOCK_MONOTONIC) configure check on OSX. r=froydnj
That will make it detected when we bump the MACOSX_DEPLOYMENT_TARGET
to a value >= 10.12.

Differential Revision: https://phabricator.services.mozilla.com/D18310

--HG--
extra : moz-landing-system : lando
2019-02-04 23:26:34 +00:00
Coroiu Cristina
667401357b Merge mozilla-central to autoland a=merge on a CLOSED TREE 2019-02-04 23:47:17 +02:00
Coroiu Cristina
98926c4646 Merge inbound to mozilla-central a=merge 2019-02-04 23:42:26 +02:00
Tooru Fujisawa
dd11979649 Bug 1524969 - Use 2-spaces indent in BinSource.yaml. r=Yoric
Differential Revision: https://phabricator.services.mozilla.com/D18551

--HG--
extra : moz-landing-system : lando
2019-02-04 20:46:02 +00:00
Sylvestre Ledru
14486004b6 Bug 1519636 - Reformat recent changes to the Google coding style r=Ehsan
# ignore-this-changeset

Differential Revision: https://phabricator.services.mozilla.com/D18488

--HG--
extra : moz-landing-system : lando
2019-02-04 19:10:18 +00:00
Bogdan Tara
c39a332eaa Merge mozilla-central to autoland. a=merge CLOSED TREE 2019-02-04 19:39:48 +02:00
Jon Coppeard
1add144308 Bug 1522204 - Add profiler label for gray unmarking r=mstange 2019-02-04 10:55:11 +00:00
Brindusan Cristian
0e637b692d Merge mozilla-central to inbound. a=merge CLOSED TREE 2019-02-03 23:45:10 +02:00
Denis Palmeiro
ad385bf56a Bug 1384808 - Implement a linear cache for searching the shape lineage r=djvj
Linearly searching the shape lineage can be expensive.  It is going to cause branch misses and cache misses since we are traversing a linked list.  Since this is done frequently enough, it may be worth while to "cache" results from the linear search.  This revision hopes to lazily allocate a small linear cache after the first linear search on a shape.  The results from each linear search afterwards will be placed into the cache.  If the jsid that is being searched for is frequently looked up then we obtain a "cache hit" from a quick search in the cache.  Otherwise, we fall back to a linear search and append the new entry to the cache.  Once the cache is full, it will transform into a shape hash table like the previous approach.

Differential Revision: https://phabricator.services.mozilla.com/D12155

--HG--
extra : moz-landing-system : lando
2019-02-03 00:03:35 +00:00
Jan de Mooij
d9d405b919 Bug 1522837 part 4 - Implement JSOP_CALLSITEOBJ in BaselineInterpreterCodeGen. r=tcampbell
This is just a VM call in the interpreter. We could optimize this with an IC or
inline path if it ever becomes a problem.

Differential Revision: https://phabricator.services.mozilla.com/D17935

--HG--
extra : moz-landing-system : lando
2019-02-03 10:08:41 +00:00
Jan de Mooij
1f750cdfb7 Bug 1522837 part 3 - Refactor JSOP_OBJECT in BaselineCodeGen. r=tcampbell
This adds js::SingletonObjectLiteralOperation and calls it from both the
interpreter and Baseline. The Baseline compiler still has a fast path for the
cloning-not-necessary case.

Differential Revision: https://phabricator.services.mozilla.com/D17934

--HG--
extra : moz-landing-system : lando
2019-02-03 10:07:31 +00:00
Jan de Mooij
ae765c9ac3 Bug 1522837 part 2 - Implement subtractScriptSlotsSize, loadGlobalLexicalEnvironment, loadGlobalThisValue, pushScriptArg. r=tcampbell
Differential Revision: https://phabricator.services.mozilla.com/D17645

--HG--
extra : moz-landing-system : lando
2019-02-03 10:07:01 +00:00
Jan de Mooij
aa34bcb168 Bug 1522837 part 1 - Implement loadScript, emitInitializeLocals, storeFrameSizeAndPushDescriptor for BaselineInterpreterHandler. r=djvj
This also removes computeFullFrameSize because we don't really need it.

Differential Revision: https://phabricator.services.mozilla.com/D17644

--HG--
extra : moz-landing-system : lando
2019-02-03 10:06:39 +00:00
Ciure Andrei
9c86f4019d Backed out 2 changesets (bug 1471496) for causing CycleCollectedJSRuntime.cpp perma failures CLOSED TREE
Backed out changeset 9658187a54fb (bug 1471496)
Backed out changeset 2ff333373fe4 (bug 1471496)
2019-02-02 20:44:08 +02:00
Bob Clary
5e07455d7b Bug 1524352 - [jittest] Improve ADBProcessError messages in run_test_remote, r=gbrown. 2019-02-04 09:45:28 -08:00
Jon Coppeard
6ab95aed88 Bug 1520783 - Check whether the path passed to createMappedArrayBuffer() is a regular file. r=sfink
--HG--
extra : histedit_source : 80f8a356833d5dd92e4084da17e9565750301fde
2019-02-01 02:07:00 +02:00
Boris Zbarsky
10ed8acc81 Bug 1471496 part 2. Change the way we do cross-compartment wrappers for Window and Location so they don't ever need to be recomputed. r=bholley
The end result we want is that on the web cross-compartment wrappers for
WindowProxy and Location are always CrossOriginObjectWrapper.  That needs to be true
for both cases that are different-origin (as now) and cases that are
same-origin, since they might become different-origin due to document.domain
changes but we don't want that to affect the wrappers involved.

On the web, all security checks are symmetric, so in WrapperFactory::Rewrap we
would have originSubsumesTarget == targetSubsumesOrigin in all web cases.

I claim that

  originSubsumesTarget == targetSubsumesOrigin &&
  (!targetSubsumesOrigin ||
   (!originCompartmentPrivate->wantXrays &&
    !targetCompartmentPrivate->wantXrays)) &&
  "object is a WindowProxy or Location"

is a necessary and sufficient condition for using CrossOriginObjectWrapper.

Comparing to our current code, if originSubsumesTarget and targetSubsumesOrigin
are both false, then for the WindowProxy and Location cases we currently end up
with the following arguments to SelectWrapper:

  securityWrapper: true
  xrayType: XrayForDOMObject
  waiveXrays: false

So SelectWrapper ends up returning CrossOriginObjectWrapper, which the new
condition keeps doing.

If originSubsumesTarget and targetSubsumesOrigin are both true, then there are
two cases.  If both compartments have wantXrays false (which is always the case
on the web), then we end up with the following arguments to SelectWrapper:

  securityWrapper: false
  xrayType: NotXray
  waiveXrays: false

and SelectWrapper returns CrossCompartmentWrapper.  We want to do
CrossOriginObjectWrapper instead, as explained above.

Finally, if originSubsumesTarget and targetSubsumesOrigin are both true but one
of the compartments has wantXrays set, then we get:

  securityWrapper: false
  xrayType: XrayForDOMObject
  waiveXrays: might be true or false

and then SelectWrapper might return a WaiveXrayWrapper or a PermissiveXrayDOM.
In this case we do _not_ want to start returning CrossOriginObjectWrapper, and
this is a non-web case anyway, since web compartments can't set wantXrays.

Differential Revision: https://phabricator.services.mozilla.com/D18030

--HG--
extra : moz-landing-system : lando
2019-01-31 15:56:22 +00:00
Jan de Mooij
6ddcffaa4e Bug 1524565 - Clone ScriptSourceObject just once when cloning a script with inner functions. r=tcampbell
Creating too many SSOs can apparently slow down the debugger and it's just
wasteful.

This patch passes the SSO down to the cloning functions. One nice side-effect is
that the self-hosting SSO code now lives in SelfHosting.cpp instead of JSScript.cpp

Differential Revision: https://phabricator.services.mozilla.com/D18347

--HG--
extra : moz-landing-system : lando
2019-02-02 10:42:27 +00:00
Daniel Varga
69d3c6c61d Merge mozilla-inbound to mozilla-central. a=merge
--HG--
rename : toolkit/components/passwordmgr/test/test_xhr.html => toolkit/components/passwordmgr/test/mochitest/test_xhr.html
2019-02-02 11:44:15 +02:00
Boris Zbarsky
44e2b07ad2 Bug 1521907 part 7. Start using CheckedUnwrapStatic/Dynamic in JS debugger. r=jandem
Differential Revision: https://phabricator.services.mozilla.com/D17889

--HG--
extra : moz-landing-system : lando
2019-02-02 03:26:24 +00:00
Boris Zbarsky
d9fc29464f Bug 1521907 part 5. Start using CheckedUnwrapStatic/Dynamic in XPConnect. r=peterv
I am not a huge fan of the UnwrapReflectorToISupports setup here.  Maybe we
should introduce two differently-named methods that make it somewhat clear what
the limitations of not taking a JSContext are?  I couldn't think of sane
naming...

Differential Revision: https://phabricator.services.mozilla.com/D17885

--HG--
extra : moz-landing-system : lando
2019-02-02 03:24:45 +00:00
Boris Zbarsky
7e5a37a024 Bug 1521907 part 3. Start using CheckedUnwrapStatic/Dynamic in bindings. r=peterv
The basic idea for the changes around UnwrapObjectInternal and its callers
(UnwrapObject, UNWRAP_OBJECT, etc) is to add a parameter to the guts of the
object-unwrapping code in bindings which can be either a JSContext* or nullptr
(statically typed).  Then we test which type it is and do either a
CheckedUnwrapDynamic or CheckedUnwrapStatic.  Since the type is known at
compile time, there is no actual runtime check; the compiler just emits a call
to the right thing directly (verified by examining the assembly output on
Linux).

The rest of the changes are mostly propagating through that template parameter,
adding static asserts to make sure people don't accidentally pass nullptr while
trying to unwrap to a type that might be a WindowProxy or Location, etc.

There are also some changes to places that were calling CheckedUnwrap directly
to use either the static or dynamic version, as needed.

Differential Revision: https://phabricator.services.mozilla.com/D17883

--HG--
extra : moz-landing-system : lando
2019-02-02 03:23:49 +00:00
Boris Zbarsky
e5fac88563 Bug 1521907 part 2. Add dynamic CheckedUnwrap support to CrossOriginObjectWrapper. r=peterv,sfink
This will allow us to correctly handle CheckedUnwrapDynamic on wrappers around
WindowProxy and Location.

Differential Revision: https://phabricator.services.mozilla.com/D17882

--HG--
extra : moz-landing-system : lando
2019-02-02 03:23:16 +00:00
Boris Zbarsky
1fa4aa00d2 Bug 1521907 part 1. Add a version of CheckedUnwrap that can do a dynamic security check. r=jandem,sfink
We're going to need this because we will have multiple Realms in the same
compartment which want different CheckedUnwrap behavior in some cases.  So we
need to be able to check which Realm we're in.

Differential Revision: https://phabricator.services.mozilla.com/D17881

--HG--
extra : moz-landing-system : lando
2019-02-02 03:22:29 +00:00
Bogdan Tara
8c569d6761 Merge mozilla-central to mozilla-inbound. a=merge CLOSED TREE 2019-02-02 01:39:31 +02:00
Bogdan Tara
add2612cc6 Backed out 8 changesets (bug 1522837) for buffer-full-inspect-buffer-during-callback.html failures a=backout
Backed out changeset 2bd187c04fd9 (bug 1522837)
Backed out changeset 47c7f936579b (bug 1522837)
Backed out changeset 8fb361192757 (bug 1522837)
Backed out changeset 877d383189f4 (bug 1522837)
Backed out changeset 814aa7e78267 (bug 1522837)
Backed out changeset 2d7be3f59c9d (bug 1522837)
Backed out changeset 893db1319f23 (bug 1522837)
Backed out changeset 3eeb76f0f5d8 (bug 1522837)
2019-02-02 01:34:58 +02:00
Gurzau Raul
34253a9d78 Backed out changeset 56023d83552d (bug 1518377) for bustages at /tests/basic/bug908915.js on a CLOSED TREE 2019-02-01 21:36:39 +02:00