Most of these functions already solely operate on the runtime even though they
take a context. That leads to confusion at the API user level since it looks
like they're stored on the context. JS_GetDefaultLocale still takes a context
because it actually does use the passed-in context.
MozReview-Commit-ID: 4d0LQIBExvg
--HG--
extra : rebase_source : 79370897a9dca839a6760411ea95d97c5e92cb06
I also snuck in some last-minute assertions and minor fixes into this patch:
- don't stop reporting for a callee if we've seen it already (or rather, make the reachable set local to a root rather than global to all roots). This slows down runs with hundreds of hazards, but results in every problematic root being reported, for a more accurate count.
- annotate away some thread assertions
- special-case annotation for bug 1400435 since it's a whole family of hazards
--HG--
extra : rebase_source : ac7335d45e3e0772d34cb42cc6a3f628564fd3d1
nsStyleStruct has the field:
nsBorderColors** mBorderColors;
It starts out nullptr, and when it is needed, it allocates an array of 4 nsBorderColors pointers. But the nsStyleStruct exclusively owns the array; nothing else can get at it. This change teaches the analysis that if 'this' is a safe nsStyleStruct*, then it should treat mBorderColors as if it were an inline length-4 array.
--HG--
extra : rebase_source : e9d4a550a728e403b3bb30e7dd61341c2680962d
This is for nicer output only, and does not affect the computation. A WorkListEntry contains a stack of CallSites, and the top of the stack represents the entry itself and so should share parameterNames. This changes fixes cases where some names were being registered in a different table than ended up being used by printouts.
--HG--
extra : rebase_source : e52bbc9ab3e4596d748ca2d729772a61cde1430a
The code is
void
LangGroupFontPrefs::Initialize(nsIAtom* aLangGroupAtom)
{
nsFont* fontTypes[] = {
&mDefaultVariableFont,
&mDefaultFixedFont,
&mDefaultSerifFont,
&mDefaultSansSerifFont,
&mDefaultMonospaceFont,
&mDefaultCursiveFont,
&mDefaultFantasyFont
};
nsFont* font = fontTypes[3];
font->size = 42;
}
'this' is known to be a safe pointer (exclusively owned by the current thread), so a pointer to one of its members is also safe. But the analysis can't track safety across all that, so I have a special-case annotation here that says that fontTypes[3] returns a safe pointer if and only if 'this' is safe.
Note that all of those fields (eg mDefaultVariableFont) are nsFont structs, not pointers, so although you'd expect this to be one dereference away from a safe pointer's memory, it is not; assigning to font->size ends up being a write to some offset within the 'this' pointer, which is known to be safe here.
--HG--
extra : rebase_source : 60bf982911b8a66bc612cb5c7eeb04ec766ecf70
Note that this requires some enhancements to the JS engine to support reading and writing structured clone data from/to files.
--HG--
extra : rebase_source : 444a2d407bd231efbba4b6b648eeb151f02177db
Parts of Spidermonkey expect the bytecode length to always be non-zero.
Bug 1399373 shows crashes when this assumption fails. This patch moves
the check closer to source of error.
MozReview-Commit-ID: 8JROF2KCrNx
Also, MOZ_XPCTOOLS does not appear to be a thing any more.
MozReview-Commit-ID: 99BR9rl4EnD
--HG--
extra : rebase_source : 3712b7b2b180b583ca761cdc5d6ddf17728e8b74