From 1ca69e20aa7a8c314ae6590d810fc15262c3c64b Mon Sep 17 00:00:00 2001 From: Matheus Kerschbaum Date: Sun, 30 Oct 2011 15:33:44 +0100 Subject: [PATCH 01/14] Bug 697666 - Don't build the jstracer by default. r=dmandelin --- js/src/configure.in | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/js/src/configure.in b/js/src/configure.in index 11f5d6b6d939..f0d8758b2536 100644 --- a/js/src/configure.in +++ b/js/src/configure.in @@ -2491,7 +2491,6 @@ dnl Configure JIT support case "$target" in i?86-*) - ENABLE_TRACEJIT=1 NANOJIT_ARCH=i386 ENABLE_METHODJIT=1 ENABLE_MONOIC=1 @@ -2501,7 +2500,6 @@ i?86-*) AC_DEFINE(JS_NUNBOX32) ;; x86_64*-*) - ENABLE_TRACEJIT=1 NANOJIT_ARCH=X64 ENABLE_METHODJIT=1 ENABLE_MONOIC=1 @@ -2511,7 +2509,6 @@ x86_64*-*) AC_DEFINE(JS_PUNBOX64) ;; arm*-*) - ENABLE_TRACEJIT=1 NANOJIT_ARCH=ARM ENABLE_METHODJIT=1 ENABLE_MONOIC=1 @@ -2521,7 +2518,6 @@ arm*-*) AC_DEFINE(JS_NUNBOX32) ;; sparc*-*) - ENABLE_TRACEJIT=1 NANOJIT_ARCH=Sparc ENABLE_METHODJIT=1 ENABLE_MONOIC=1 @@ -2544,9 +2540,10 @@ MOZ_ARG_DISABLE_BOOL(polyic, [ --disable-polyic Disable use of PICs by JIT compiler], ENABLE_POLYIC= ) -MOZ_ARG_DISABLE_BOOL(tracejit, -[ --disable-tracejit Disable tracing JIT support], - ENABLE_TRACEJIT=) +MOZ_ARG_ENABLE_BOOL(tracejit, +[ --enable-tracejit Enable tracing JIT support], + ENABLE_TRACEJIT=1, + ENABLE_TRACEJIT= ) MOZ_ARG_ENABLE_BOOL(methodjit-spew, [ --enable-methodjit-spew Enable method JIT spew support], From 9d76bb72bc641745a00a4f2d825932a877cc4d36 Mon Sep 17 00:00:00 2001 From: Nick Hurley Date: Sun, 30 Oct 2011 15:39:53 +0100 Subject: [PATCH 02/14] Bug 687081 - Time how long it takes to find (or not) things in the cache. r=jduell --- netwerk/cache/nsCacheService.cpp | 2 ++ netwerk/cache/nsDiskCacheDevice.cpp | 1 + netwerk/cache/nsDiskCacheDeviceSQL.cpp | 2 ++ netwerk/cache/nsMemoryCacheDevice.cpp | 2 ++ toolkit/components/telemetry/TelemetryHistograms.h | 4 ++++ 5 files changed, 11 insertions(+) diff --git a/netwerk/cache/nsCacheService.cpp b/netwerk/cache/nsCacheService.cpp index 30ac953885bc..8af611f74fc1 100644 --- a/netwerk/cache/nsCacheService.cpp +++ b/netwerk/cache/nsCacheService.cpp @@ -74,6 +74,7 @@ #include // for log() #include "mozilla/Util.h" // for DebugOnly #include "mozilla/Services.h" +#include "mozilla/Telemetry.h" #include "mozilla/FunctionTimer.h" @@ -1764,6 +1765,7 @@ nsCacheService::ActivateEntry(nsCacheRequest * request, nsCacheEntry * nsCacheService::SearchCacheDevices(nsCString * key, nsCacheStoragePolicy policy, bool *collision) { + Telemetry::AutoTimer timer; nsCacheEntry * entry = nsnull; CACHE_LOG_DEBUG(("mMemoryDevice: 0x%p\n", mMemoryDevice)); diff --git a/netwerk/cache/nsDiskCacheDevice.cpp b/netwerk/cache/nsDiskCacheDevice.cpp index 9b1cb7979305..1fe79f29e683 100644 --- a/netwerk/cache/nsDiskCacheDevice.cpp +++ b/netwerk/cache/nsDiskCacheDevice.cpp @@ -503,6 +503,7 @@ nsDiskCacheDevice::GetDeviceID() nsCacheEntry * nsDiskCacheDevice::FindEntry(nsCString * key, bool *collision) { + Telemetry::AutoTimer timer; if (!Initialized()) return nsnull; // NS_ERROR_NOT_INITIALIZED nsDiskCacheRecord record; nsDiskCacheBinding * binding = nsnull; diff --git a/netwerk/cache/nsDiskCacheDeviceSQL.cpp b/netwerk/cache/nsDiskCacheDeviceSQL.cpp index 3ec77c2058a6..38581ada84fd 100644 --- a/netwerk/cache/nsDiskCacheDeviceSQL.cpp +++ b/netwerk/cache/nsDiskCacheDeviceSQL.cpp @@ -68,6 +68,7 @@ #include "nsISeekableStream.h" #include "mozilla/FunctionTimer.h" +#include "mozilla/Telemetry.h" using namespace mozilla; @@ -1340,6 +1341,7 @@ nsOfflineCacheDevice::GetDeviceID() nsCacheEntry * nsOfflineCacheDevice::FindEntry(nsCString *fullKey, bool *collision) { + mozilla::Telemetry::AutoTimer timer; LOG(("nsOfflineCacheDevice::FindEntry [key=%s]\n", fullKey->get())); // SELECT * FROM moz_cache WHERE key = ? diff --git a/netwerk/cache/nsMemoryCacheDevice.cpp b/netwerk/cache/nsMemoryCacheDevice.cpp index 64a5725f3ce7..a53c731b733f 100644 --- a/netwerk/cache/nsMemoryCacheDevice.cpp +++ b/netwerk/cache/nsMemoryCacheDevice.cpp @@ -48,6 +48,7 @@ #include "nsCRT.h" #include "nsCache.h" #include "nsReadableUtils.h" +#include "mozilla/Telemetry.h" // The memory cache implements the "LRU-SP" caching algorithm // described in "LRU-SP: A Size-Adjusted and Popularity-Aware LRU Replacement @@ -146,6 +147,7 @@ nsMemoryCacheDevice::GetDeviceID() nsCacheEntry * nsMemoryCacheDevice::FindEntry(nsCString * key, bool *collision) { + mozilla::Telemetry::AutoTimer timer; nsCacheEntry * entry = mMemCacheEntries.GetEntry(key); if (!entry) return nsnull; diff --git a/toolkit/components/telemetry/TelemetryHistograms.h b/toolkit/components/telemetry/TelemetryHistograms.h index 61c866dd87b4..4552c5697ade 100644 --- a/toolkit/components/telemetry/TelemetryHistograms.h +++ b/toolkit/components/telemetry/TelemetryHistograms.h @@ -162,6 +162,10 @@ HISTOGRAM(HTTP_CACHE_DISPOSITION, 1, 5, 5, LINEAR, "HTTP Cache Hit, Reval, Faile HISTOGRAM(HTTP_DISK_CACHE_DISPOSITION, 1, 5, 5, LINEAR, "HTTP Disk Cache Hit, Reval, Failed-Reval, Miss") HISTOGRAM(HTTP_MEMORY_CACHE_DISPOSITION, 1, 5, 5, LINEAR, "HTTP Memory Cache Hit, Reval, Failed-Reval, Miss") HISTOGRAM(HTTP_OFFLINE_CACHE_DISPOSITION, 1, 5, 5, LINEAR, "HTTP Offline Cache Hit, Reval, Failed-Reval, Miss") +HISTOGRAM(CACHE_DEVICE_SEARCH, 1, 100, 100, LINEAR, "Time to search cache (ms)") +HISTOGRAM(CACHE_MEMORY_SEARCH, 1, 100, 100, LINEAR, "Time to search memory cache (ms)") +HISTOGRAM(CACHE_DISK_SEARCH, 1, 100, 100, LINEAR, "Time to search disk cache (ms)") +HISTOGRAM(CACHE_OFFLINE_SEARCH, 1, 100, 100, LINEAR, "Time to search offline cache (ms)") HISTOGRAM(FIND_PLUGINS, 1, 3000, 10, EXPONENTIAL, "Time spent scanning filesystem for plugins (ms)") HISTOGRAM(CHECK_JAVA_ENABLED, 1, 3000, 10, EXPONENTIAL, "Time spent checking if Java is enabled (ms)") From aef6e3f63c2d8a9d69aea169106ea75b8d684eb5 Mon Sep 17 00:00:00 2001 From: Adrian Johnson Date: Sat, 29 Oct 2011 19:36:19 +1030 Subject: [PATCH 03/14] Bug 691061 - Don't use EXTEND_PAD on printing surfaces. r=jmuizelaar --- gfx/thebes/gfxDrawable.cpp | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/gfx/thebes/gfxDrawable.cpp b/gfx/thebes/gfxDrawable.cpp index 3c195c2ff809..ea9bf29dd1b1 100644 --- a/gfx/thebes/gfxDrawable.cpp +++ b/gfx/thebes/gfxDrawable.cpp @@ -77,6 +77,21 @@ PreparePatternForUntiledDrawing(gfxPattern* aPattern, // the surface type. switch (currentTarget->GetType()) { + // The printing surfaces don't natively support or need + // EXTEND_PAD for padding the edges. Using EXTEND_PAD this way + // is suboptimal as it will result in the printing surface + // creating a new image for each fill operation. The pattern + // will be painted to the image to pad out the pattern, then + // the new image will be used as the source. This increases + // printing time and memory use, and prevents the use of mime + // data from cairo_surface_set_mime_data(). Bug 691061. + case gfxASurface::SurfaceTypePDF: + case gfxASurface::SurfaceTypePS: + case gfxASurface::SurfaceTypeWin32Printing: + aPattern->SetExtend(gfxPattern::EXTEND_NONE); + aPattern->SetFilter(aDefaultFilter); + break; + #ifdef MOZ_X11 case gfxASurface::SurfaceTypeXlib: { From e5ad5b962882055c7adcd31eddd59221622e565b Mon Sep 17 00:00:00 2001 From: Alex Vincent Date: Sun, 30 Oct 2011 15:47:51 +0100 Subject: [PATCH 04/14] Bug 698249 - Unnecessary nsresult rv declaration in nsFileChannel::OpenContentStream. r=bz --- netwerk/protocol/file/nsFileChannel.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/netwerk/protocol/file/nsFileChannel.cpp b/netwerk/protocol/file/nsFileChannel.cpp index fa84bb76baf4..a683b0748166 100644 --- a/netwerk/protocol/file/nsFileChannel.cpp +++ b/netwerk/protocol/file/nsFileChannel.cpp @@ -367,7 +367,7 @@ nsFileChannel::OpenContentStream(bool async, nsIInputStream **result, SetContentType(NS_LITERAL_CSTRING(APPLICATION_OCTET_STREAM)); } else { nsCAutoString contentType; - nsresult rv = MakeFileInputStream(file, stream, contentType); + rv = MakeFileInputStream(file, stream, contentType); if (NS_FAILED(rv)) return rv; From bb0a822b3e205513498838b66073092309dac926 Mon Sep 17 00:00:00 2001 From: Nicholas Nethercote Date: Sun, 30 Oct 2011 16:12:48 -0700 Subject: [PATCH 05/14] Bug 697933 - Allow HashTables to have a capacity as small as four. r=luke. --- js/public/HashTable.h | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/js/public/HashTable.h b/js/public/HashTable.h index f60014766c3b..918093c7e53c 100644 --- a/js/public/HashTable.h +++ b/js/public/HashTable.h @@ -295,8 +295,13 @@ class HashTable : private AllocPolicy uint64 mutationCount; #endif - static const unsigned sMinSizeLog2 = 4; + /* The default initial capacity is 16, but you can ask for as small as 4. */ + static const unsigned sMinSizeLog2 = 2; static const unsigned sMinSize = 1 << sMinSizeLog2; + static const unsigned sDefaultInitSizeLog2 = 4; + public: + static const unsigned sDefaultInitSize = 1 << sDefaultInitSizeLog2; + private: static const unsigned sMaxInit = JS_BIT(23); static const unsigned sMaxCapacity = JS_BIT(24); static const unsigned sHashBits = tl::BitSize::result; @@ -986,7 +991,7 @@ class HashMap * init after constructing a HashMap and check the return value. */ HashMap(AllocPolicy a = AllocPolicy()) : impl(a) {} - bool init(uint32 len = 0) { return impl.init(len); } + bool init(uint32 len = Impl::sDefaultInitSize) { return impl.init(len); } bool initialized() const { return impl.initialized(); } /* @@ -1214,7 +1219,7 @@ class HashSet * init after constructing a HashSet and check the return value. */ HashSet(AllocPolicy a = AllocPolicy()) : impl(a) {} - bool init(uint32 len = 0) { return impl.init(len); } + bool init(uint32 len = Impl::sDefaultInitSize) { return impl.init(len); } bool initialized() const { return impl.initialized(); } /* From e7cae5b8ca1c32e00958cb52db20782fc653eb87 Mon Sep 17 00:00:00 2001 From: Matt Woodrow Date: Mon, 31 Oct 2011 13:38:46 +1300 Subject: [PATCH 06/14] Bug 695832 - Perpsective origin offset should be relative to the transform origin. r=roc --- layout/base/nsDisplayList.cpp | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/layout/base/nsDisplayList.cpp b/layout/base/nsDisplayList.cpp index 95c84d54d565..6465b9c5f81a 100644 --- a/layout/base/nsDisplayList.cpp +++ b/layout/base/nsDisplayList.cpp @@ -2482,13 +2482,6 @@ gfxPoint3D GetDeltaToMozPerspectiveOrigin(const nsIFrame* aFrame, *coords[index] = NSAppUnitsToFloatPixels(coord.GetCoordValue(), aFactor); } } - - /** - * An offset of (0,0) results in the perspective-origin being at the centre of the element, - * so include a shift of the centre point to (0,0). - */ - result.x -= NSAppUnitsToFloatPixels(boundingRect.width, aFactor)/2; - result.y -= NSAppUnitsToFloatPixels(boundingRect.height, aFactor)/2; return result; } @@ -2551,7 +2544,10 @@ nsDisplayTransform::GetResultingTransformMatrix(const nsIFrame* aFrame, perspective._34 = -1.0 / NSAppUnitsToFloatPixels(parentDisp->mChildPerspective.GetCoordValue(), aFactor); - result = result * nsLayoutUtils::ChangeMatrixBasis(toPerspectiveOrigin, perspective); + /* At the point when perspective is applied, we have been translated to the transform origin. + * The translation to the perspective origin is the difference between these values. + */ + result = result * nsLayoutUtils::ChangeMatrixBasis(toPerspectiveOrigin - toMozOrigin, perspective); } if (aFrame->Preserves3D() && nsLayoutUtils::Are3DTransformsEnabled()) { From 8878bb62e5b733f54cc3484899109ac64a87bba4 Mon Sep 17 00:00:00 2001 From: Matt Woodrow Date: Mon, 31 Oct 2011 13:39:26 +1300 Subject: [PATCH 07/14] Bug 695832 - Test for perspective origin not being affected by transform origin. r=roc --- layout/reftests/transform-3d/reftest.list | 2 ++ .../transform-3d/rotatex-transformorigin-1-ref.html | 11 +++++++++++ .../transform-3d/rotatex-transformorigin-1a.html | 11 +++++++++++ 3 files changed, 24 insertions(+) create mode 100644 layout/reftests/transform-3d/rotatex-transformorigin-1-ref.html create mode 100644 layout/reftests/transform-3d/rotatex-transformorigin-1a.html diff --git a/layout/reftests/transform-3d/reftest.list b/layout/reftests/transform-3d/reftest.list index dc6df100f28c..847cba5671c5 100644 --- a/layout/reftests/transform-3d/reftest.list +++ b/layout/reftests/transform-3d/reftest.list @@ -35,3 +35,5 @@ fails == preserve3d-1a.html preserve3d-1-ref.html == sorting-2a.html sorting-2-ref.html # Parallel planes, same z depth (shouldn't be sorted!) == sorting-2b.html sorting-2-ref.html +# Different, but equivalent (for the given transform) transform origins +== rotatex-transformorigin-1a.html rotatex-transformorigin-1-ref.html diff --git a/layout/reftests/transform-3d/rotatex-transformorigin-1-ref.html b/layout/reftests/transform-3d/rotatex-transformorigin-1-ref.html new file mode 100644 index 000000000000..11a2dcf2d0c4 --- /dev/null +++ b/layout/reftests/transform-3d/rotatex-transformorigin-1-ref.html @@ -0,0 +1,11 @@ + + + + +
+
+ Test Text +
+
+ + diff --git a/layout/reftests/transform-3d/rotatex-transformorigin-1a.html b/layout/reftests/transform-3d/rotatex-transformorigin-1a.html new file mode 100644 index 000000000000..2c54cef32604 --- /dev/null +++ b/layout/reftests/transform-3d/rotatex-transformorigin-1a.html @@ -0,0 +1,11 @@ + + + + +
+
+ Test Text +
+
+ + From a66c69621aa50d7a3f09a409f8d0c02a9732701a Mon Sep 17 00:00:00 2001 From: Matt Woodrow Date: Mon, 31 Oct 2011 13:47:43 +1300 Subject: [PATCH 08/14] Bug 688365 - Enable Skia 'New AA' mode. r=jrmuizel --- gfx/skia/new-aa.patch | 22 ++++++++++++++++++++++ gfx/skia/src/core/SkScan_AntiPath.cpp | 2 +- gfx/skia/update.sh | 2 ++ 3 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 gfx/skia/new-aa.patch diff --git a/gfx/skia/new-aa.patch b/gfx/skia/new-aa.patch new file mode 100644 index 000000000000..d03b56dbb06e --- /dev/null +++ b/gfx/skia/new-aa.patch @@ -0,0 +1,22 @@ +diff --git a/gfx/skia/src/core/SkScan_AntiPath.cpp b/gfx/skia/src/core/SkScan_AntiPath.cpp +--- a/gfx/skia/src/core/SkScan_AntiPath.cpp ++++ b/gfx/skia/src/core/SkScan_AntiPath.cpp +@@ -26,17 +26,17 @@ + this is often faster for large objects with big spans + + NEW_AA is a set of code-changes to try to make both paths produce identical + results. Its not quite there yet, though the remaining differences may be + in the subsequent blits, and not in the different masks/runs... + */ + //#define FORCE_SUPERMASK + //#define FORCE_RLE +-//#define SK_SUPPORT_NEW_AA ++#define SK_SUPPORT_NEW_AA + + /////////////////////////////////////////////////////////////////////////////// + + class BaseSuperBlitter : public SkBlitter { + public: + BaseSuperBlitter(SkBlitter* realBlitter, const SkIRect& ir, + const SkRegion& clip); + diff --git a/gfx/skia/src/core/SkScan_AntiPath.cpp b/gfx/skia/src/core/SkScan_AntiPath.cpp index fae5cb2e7e97..3b893009b6f2 100644 --- a/gfx/skia/src/core/SkScan_AntiPath.cpp +++ b/gfx/skia/src/core/SkScan_AntiPath.cpp @@ -31,7 +31,7 @@ */ //#define FORCE_SUPERMASK //#define FORCE_RLE -//#define SK_SUPPORT_NEW_AA +#define SK_SUPPORT_NEW_AA /////////////////////////////////////////////////////////////////////////////// diff --git a/gfx/skia/update.sh b/gfx/skia/update.sh index a2999e7870dc..0184fbb2b025 100755 --- a/gfx/skia/update.sh +++ b/gfx/skia/update.sh @@ -99,3 +99,5 @@ patch -p3 < arm-opts.patch patch -p3 < fix-gradient-clamp.patch # Bug 687189 - Implement SkPaint::getPosTextPath. patch -p3 < getpostextpath.patch +# Bug 688365 - Enable Skia 'New AA' mode. +patch -p3 < new-aa.patch From ab6ce385b1c392809af75a3fe9924275932a83c9 Mon Sep 17 00:00:00 2001 From: Matt Woodrow Date: Mon, 31 Oct 2011 13:48:54 +1300 Subject: [PATCH 09/14] Bug 688366 - Fix Skia marking radial gradients with the same radius as invalid. r=jrmuizel --- gfx/skia/radial-gradients.patch | 25 +++++++++++++++++++++++ gfx/skia/src/effects/SkGradientShader.cpp | 5 ++++- gfx/skia/update.sh | 2 ++ 3 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 gfx/skia/radial-gradients.patch diff --git a/gfx/skia/radial-gradients.patch b/gfx/skia/radial-gradients.patch new file mode 100644 index 000000000000..eca14d5c8b1b --- /dev/null +++ b/gfx/skia/radial-gradients.patch @@ -0,0 +1,25 @@ +diff --git a/gfx/skia/src/effects/SkGradientShader.cpp b/gfx/skia/src/effects/SkGradientShader.cpp +--- a/gfx/skia/src/effects/SkGradientShader.cpp ++++ b/gfx/skia/src/effects/SkGradientShader.cpp +@@ -1652,17 +1652,20 @@ public: + } + return kRadial2_GradientType; + } + + virtual void shadeSpan(int x, int y, SkPMColor* SK_RESTRICT dstC, int count) { + SkASSERT(count > 0); + + // Zero difference between radii: fill with transparent black. +- if (fDiffRadius == 0) { ++ // TODO: Is removing this actually correct? Two circles with the ++ // same radius, but different centers doesn't sound like it ++ // should be cleared ++ if (fDiffRadius == 0 && fCenter1 == fCenter2) { + sk_bzero(dstC, count * sizeof(*dstC)); + return; + } + SkMatrix::MapXYProc dstProc = fDstToIndexProc; + TileProc proc = fTileProc; + const SkPMColor* SK_RESTRICT cache = this->getCache32(); + + SkScalar foura = fA * 4; diff --git a/gfx/skia/src/effects/SkGradientShader.cpp b/gfx/skia/src/effects/SkGradientShader.cpp index 1103e8b14c1e..57b94890d25a 100644 --- a/gfx/skia/src/effects/SkGradientShader.cpp +++ b/gfx/skia/src/effects/SkGradientShader.cpp @@ -1657,7 +1657,10 @@ public: SkASSERT(count > 0); // Zero difference between radii: fill with transparent black. - if (fDiffRadius == 0) { + // TODO: Is removing this actually correct? Two circles with the + // same radius, but different centers doesn't sound like it + // should be cleared + if (fDiffRadius == 0 && fCenter1 == fCenter2) { sk_bzero(dstC, count * sizeof(*dstC)); return; } diff --git a/gfx/skia/update.sh b/gfx/skia/update.sh index 0184fbb2b025..868c61cb360a 100755 --- a/gfx/skia/update.sh +++ b/gfx/skia/update.sh @@ -101,3 +101,5 @@ patch -p3 < fix-gradient-clamp.patch patch -p3 < getpostextpath.patch # Bug 688365 - Enable Skia 'New AA' mode. patch -p3 < new-aa.patch +# Bug 688366 - Fix Skia marking radial gradients with the same radius as invalid. +patch -p3 < radial-gradients.patch From 062fd5d6c557d50b53b030a2d334fcdbb872a112 Mon Sep 17 00:00:00 2001 From: Joel Maher Date: Mon, 31 Oct 2011 08:37:00 -0400 Subject: [PATCH 10/14] Last Comment Bug 698387 - disable orange browser-chrome tests since we are not fixing them. r=mfinkle --- mobile/chrome/tests/Makefile.in | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/mobile/chrome/tests/Makefile.in b/mobile/chrome/tests/Makefile.in index 88d5032ec471..a3d4a1aeda30 100644 --- a/mobile/chrome/tests/Makefile.in +++ b/mobile/chrome/tests/Makefile.in @@ -81,7 +81,7 @@ _BROWSER_FILES = \ browser_preferences_text.js \ browser_preferences_fulltoggle.js \ browser_rect.js \ - browser_rememberPassword.js \ + $(info browser_rememberPassword.js is disabled because it is random orange on XUL fennec (bug 698387)) \ browser_scroll.js \ browser_scroll.html \ browser_scrollbar.js \ @@ -89,8 +89,8 @@ _BROWSER_FILES = \ browser_select.js \ browser_sessionstore.js \ browser_tabs.js \ - browser_tapping.js \ - browser_tap_content.html \ + $(info browser_tapping.js is disabled because it is random orange on XUL fennec (bug 698387)) \ + $(info browser_tap_content.html is disabled because it is random orange on XUL fennec (bug 698387) \ browser_tapping_edit.js \ browser_tap_contentedit.html \ browser_test.js \ From 470745f6cf0c2cbe3511eaddb4f170a5bb5c3e89 Mon Sep 17 00:00:00 2001 From: Joel Maher Date: Mon, 31 Oct 2011 09:18:03 -0400 Subject: [PATCH 11/14] Bug 698387 - disable orange browser-chrome tests since we are not fixing them [hotfix]. r=Ms2ger --- mobile/chrome/tests/Makefile.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mobile/chrome/tests/Makefile.in b/mobile/chrome/tests/Makefile.in index a3d4a1aeda30..70d823415068 100644 --- a/mobile/chrome/tests/Makefile.in +++ b/mobile/chrome/tests/Makefile.in @@ -90,7 +90,7 @@ _BROWSER_FILES = \ browser_sessionstore.js \ browser_tabs.js \ $(info browser_tapping.js is disabled because it is random orange on XUL fennec (bug 698387)) \ - $(info browser_tap_content.html is disabled because it is random orange on XUL fennec (bug 698387) \ + $(info browser_tap_content.html is disabled because it is random orange on XUL fennec (bug 698387)) \ browser_tapping_edit.js \ browser_tap_contentedit.html \ browser_test.js \ From 9eb7ebb819b59f29832dd4a1d4ce7a385559a7da Mon Sep 17 00:00:00 2001 From: Henri Sivonen Date: Sat, 29 Oct 2011 23:14:31 +0300 Subject: [PATCH 12/14] Bug 696651 part 2 - Establish document.write() insertion position before re-entrant calls can occur. r=Olli.Pettay. --- parser/html/nsHtml5OwningUTF16Buffer.cpp | 7 + parser/html/nsHtml5OwningUTF16Buffer.h | 5 + parser/html/nsHtml5Parser.cpp | 163 ++++++++++++------ parser/html/nsHtml5UTF16BufferCppSupplement.h | 14 ++ parser/html/nsHtml5UTF16BufferHSupplement.h | 5 + 5 files changed, 138 insertions(+), 56 deletions(-) diff --git a/parser/html/nsHtml5OwningUTF16Buffer.cpp b/parser/html/nsHtml5OwningUTF16Buffer.cpp index f70682fa2cd5..5edd860ac220 100644 --- a/parser/html/nsHtml5OwningUTF16Buffer.cpp +++ b/parser/html/nsHtml5OwningUTF16Buffer.cpp @@ -77,6 +77,13 @@ nsHtml5OwningUTF16Buffer::FalliblyCreate(PRInt32 aLength) return newObj.forget(); } +void +nsHtml5OwningUTF16Buffer::Swap(nsHtml5OwningUTF16Buffer* aOther) +{ + nsHtml5UTF16Buffer::Swap(aOther); +} + + // Not using macros for AddRef and Release in order to be able to refcount on // and create on different threads. diff --git a/parser/html/nsHtml5OwningUTF16Buffer.h b/parser/html/nsHtml5OwningUTF16Buffer.h index d55699f44a55..d1e4c9d4a6af 100644 --- a/parser/html/nsHtml5OwningUTF16Buffer.h +++ b/parser/html/nsHtml5OwningUTF16Buffer.h @@ -75,6 +75,11 @@ class nsHtml5OwningUTF16Buffer : public nsHtml5UTF16Buffer static already_AddRefed FalliblyCreate(PRInt32 aLength); + /** + * Swap start, end and buffer fields with another object. + */ + void Swap(nsHtml5OwningUTF16Buffer* aOther); + nsrefcnt AddRef(); nsrefcnt Release(); private: diff --git a/parser/html/nsHtml5Parser.cpp b/parser/html/nsHtml5Parser.cpp index 992c6aa58c0e..2774359e11a3 100644 --- a/parser/html/nsHtml5Parser.cpp +++ b/parser/html/nsHtml5Parser.cpp @@ -287,25 +287,103 @@ nsHtml5Parser::Parse(const nsAString& aSourceBuffer, NS_ASSERTION(!mStreamParser, "Had stream parser but got document.close()."); mDocumentClosed = true; - if (!mBlocked) { + if (!mBlocked && !mInDocumentWrite) { ParseUntilBlocked(); } return NS_OK; } + // If we got this far, we are dealing with a document.write or + // document.writeln call--not document.close(). + NS_ASSERTION(IsInsertionPointDefined(), "Doc.write reached parser with undefined insertion point."); NS_ASSERTION(!(mStreamParser && !aKey), "Got a null key in a non-script-created parser"); + // XXX is this optimization bogus? if (aSourceBuffer.IsEmpty()) { return NS_OK; } + // This guard is here to prevent document.close from tokenizing synchronously + // while a document.write (that wrote the script that called document.close!) + // is still on the call stack. mozilla::AutoRestore guard(mInDocumentWrite); mInDocumentWrite = true; + // The script is identified by aKey. If there's nothing in the buffer + // chain for that key, we'll insert at the head of the queue. + // When the script leaves something in the queue, a zero-length + // key-holder "buffer" is inserted in the queue. If the same script + // leaves something in the chain again, it will be inserted immediately + // before the old key holder belonging to the same script. + // + // We don't do the actual data insertion yet in the hope that the data gets + // tokenized and there no data or less data to copy to the heap after + // tokenization. Also, this way, we avoid inserting one empty data buffer + // per document.write, which matters for performance when the parser isn't + // blocked and a badly-authored script calls document.write() once per + // input character. (As seen in a benchmark!) + // + // The insertion into the input stream happens conceptually before anything + // gets tokenized. To make sure multi-level document.write works right, + // it's necessary to establish the location of our parser key up front + // in case this is the first write with this key. + // + // In a document.open() case, the first write level has a null key, so that + // case is handled separately, because normal buffers containing data + // have null keys. + + nsHtml5OwningUTF16Buffer* prevSearchBuf = nsnull; + nsHtml5OwningUTF16Buffer* firstLevelMarker = nsnull; + + if (aKey) { + if (mFirstBuffer == mLastBuffer) { + nsHtml5OwningUTF16Buffer* keyHolder = new nsHtml5OwningUTF16Buffer(aKey); + keyHolder->next = mLastBuffer; + mFirstBuffer = keyHolder; + } else { + prevSearchBuf = mFirstBuffer; + for (;;) { + if (prevSearchBuf->next == mLastBuffer) { + // key was not found + nsHtml5OwningUTF16Buffer* keyHolder = + new nsHtml5OwningUTF16Buffer(aKey); + keyHolder->next = mFirstBuffer; + mFirstBuffer = keyHolder; + prevSearchBuf = nsnull; + break; + } + if (prevSearchBuf->next->key == aKey) { + // found a key holder + break; + } + prevSearchBuf = prevSearchBuf->next; + } + } + // prevSearchBuf is the previous buffer before the keyholder or null if + // there isn't one. + } else { + // We have a first-level write in the document.open() case. We insert + // before mLastBuffer. We need to put a marker there, because otherwise + // additional document.writes from nested event loops would insert in the + // wrong place. Sigh. + firstLevelMarker = new nsHtml5OwningUTF16Buffer((void*)nsnull); + if (mFirstBuffer == mLastBuffer) { + firstLevelMarker->next = mLastBuffer; + mFirstBuffer = firstLevelMarker; + } else { + prevSearchBuf = mFirstBuffer; + while (prevSearchBuf->next != mLastBuffer) { + prevSearchBuf = prevSearchBuf->next; + } + firstLevelMarker->next = mLastBuffer; + prevSearchBuf->next = firstLevelMarker; + } + } + nsHtml5DependentUTF16Buffer stackBuffer(aSourceBuffer); while (!mBlocked && stackBuffer.hasMore()) { @@ -355,60 +433,35 @@ nsHtml5Parser::Parse(const nsAString& aSourceBuffer, } } - // The buffer is inserted to the stream here in case it won't be parsed - // to completion. - // The script is identified by aKey. If there's nothing in the buffer - // chain for that key, we'll insert at the head of the queue. - // When the script leaves something in the queue, a zero-length - // key-holder "buffer" is inserted in the queue. If the same script - // leaves something in the chain again, it will be inserted immediately - // before the old key holder belonging to the same script. - nsHtml5OwningUTF16Buffer* prevSearchBuf = nsnull; - nsHtml5OwningUTF16Buffer* searchBuf = mFirstBuffer; - - // after document.open, the first level of document.write has null key - if (aKey) { - while (searchBuf != mLastBuffer) { - if (searchBuf->key == aKey) { - // found a key holder - // now insert the new buffer between the previous buffer - // and the key holder if we have a buffer left. - if (heapBuffer) { - heapBuffer->next = searchBuf; - if (prevSearchBuf) { - prevSearchBuf->next = heapBuffer; - } else { - mFirstBuffer = heapBuffer; - } - } - break; - } - prevSearchBuf = searchBuf; - searchBuf = searchBuf->next; - } - if (searchBuf == mLastBuffer) { - // key was not found - nsHtml5OwningUTF16Buffer* keyHolder = new nsHtml5OwningUTF16Buffer(aKey); - keyHolder->next = mFirstBuffer; - if (heapBuffer) { - heapBuffer->next = keyHolder; + if (heapBuffer) { + // We have something to insert before the keyholder holding in the non-null + // aKey case and we have something to swap into firstLevelMarker in the + // null aKey case. + if (aKey) { + NS_ASSERTION(mFirstBuffer != mLastBuffer, + "Where's the keyholder?"); + // the key holder is still somewhere further down the list from + // prevSearchBuf (which may be null) + if (mFirstBuffer->key == aKey) { + NS_ASSERTION(!prevSearchBuf, + "Non-null prevSearchBuf when mFirstBuffer is the key holder?"); + heapBuffer->next = mFirstBuffer; mFirstBuffer = heapBuffer; } else { - mFirstBuffer = keyHolder; + if (!prevSearchBuf) { + prevSearchBuf = mFirstBuffer; + } + // We created a key holder earlier, so we will find it without walking + // past the end of the list. + while (prevSearchBuf->next->key != aKey) { + prevSearchBuf = prevSearchBuf->next; + } + heapBuffer->next = prevSearchBuf->next; + prevSearchBuf->next = heapBuffer; } - } - } else if (heapBuffer) { - // we have a first level document.write after document.open() - // insert immediately before mLastBuffer - while (searchBuf != mLastBuffer) { - prevSearchBuf = searchBuf; - searchBuf = searchBuf->next; - } - heapBuffer->next = mLastBuffer; - if (prevSearchBuf) { - prevSearchBuf->next = heapBuffer; } else { - mFirstBuffer = heapBuffer; + NS_ASSERTION(firstLevelMarker, "How come we don't have a marker."); + firstLevelMarker->Swap(heapBuffer); } } @@ -657,14 +710,12 @@ nsHtml5Parser::ParseUntilBlocked() NS_PRECONDITION(!mExecutor->IsFragmentMode(), "ParseUntilBlocked called in fragment mode."); - if (mBlocked || - mExecutor->IsComplete() || - mExecutor->IsBroken() || - mInDocumentWrite) { + if (mBlocked || mExecutor->IsComplete() || mExecutor->IsBroken()) { return; } - NS_ASSERTION(mExecutor->HasStarted(), "Bad life cycle."); + NS_ASSERTION(!mInDocumentWrite, + "ParseUntilBlocked entered while in doc.write!"); mDocWriteSpeculatorActive = false; diff --git a/parser/html/nsHtml5UTF16BufferCppSupplement.h b/parser/html/nsHtml5UTF16BufferCppSupplement.h index 14e0fb6d369c..8072e17d41c3 100644 --- a/parser/html/nsHtml5UTF16BufferCppSupplement.h +++ b/parser/html/nsHtml5UTF16BufferCppSupplement.h @@ -53,3 +53,17 @@ nsHtml5UTF16Buffer::DeleteBuffer() { delete[] buffer; } + +void +nsHtml5UTF16Buffer::Swap(nsHtml5UTF16Buffer* aOther) +{ + PRUnichar* tempBuffer = buffer; + PRInt32 tempStart = start; + PRInt32 tempEnd = end; + buffer = aOther->buffer; + start = aOther->start; + end = aOther->end; + aOther->buffer = tempBuffer; + aOther->start = tempStart; + aOther->end = tempEnd; +} diff --git a/parser/html/nsHtml5UTF16BufferHSupplement.h b/parser/html/nsHtml5UTF16BufferHSupplement.h index dede72cd973c..8fcacdde09c8 100644 --- a/parser/html/nsHtml5UTF16BufferHSupplement.h +++ b/parser/html/nsHtml5UTF16BufferHSupplement.h @@ -43,3 +43,8 @@ protected: * For working around the privacy of |buffer| in the generated code. */ void DeleteBuffer(); + + /** + * For working around the privacy of |buffer| in the generated code. + */ + void Swap(nsHtml5UTF16Buffer* aOther); From d2a3a876865e7e6aa9fb622174ec9a79cee0bbf0 Mon Sep 17 00:00:00 2001 From: Henri Sivonen Date: Sat, 29 Oct 2011 23:14:32 +0300 Subject: [PATCH 13/14] Test for bug 696651 part 2 - Establish document.write() insertion position before re-entrant calls can occur. r=Olli.Pettay. --- parser/htmlparser/tests/reftest/bug696651-1-ref.html | 1 + parser/htmlparser/tests/reftest/bug696651-1.html | 2 ++ parser/htmlparser/tests/reftest/bug696651-1.html~ | 2 ++ parser/htmlparser/tests/reftest/bug696651-2-ref.html | 1 + parser/htmlparser/tests/reftest/bug696651-2.html | 6 ++++++ parser/htmlparser/tests/reftest/bug696651-2.html~ | 6 ++++++ parser/htmlparser/tests/reftest/bug696651-external.js | 1 + parser/htmlparser/tests/reftest/reftest.list | 2 ++ 8 files changed, 21 insertions(+) create mode 100644 parser/htmlparser/tests/reftest/bug696651-1-ref.html create mode 100644 parser/htmlparser/tests/reftest/bug696651-1.html create mode 100644 parser/htmlparser/tests/reftest/bug696651-1.html~ create mode 100644 parser/htmlparser/tests/reftest/bug696651-2-ref.html create mode 100644 parser/htmlparser/tests/reftest/bug696651-2.html create mode 100644 parser/htmlparser/tests/reftest/bug696651-2.html~ create mode 100644 parser/htmlparser/tests/reftest/bug696651-external.js diff --git a/parser/htmlparser/tests/reftest/bug696651-1-ref.html b/parser/htmlparser/tests/reftest/bug696651-1-ref.html new file mode 100644 index 000000000000..02f59b7ae65a --- /dev/null +++ b/parser/htmlparser/tests/reftest/bug696651-1-ref.html @@ -0,0 +1 @@ +CcBbAa diff --git a/parser/htmlparser/tests/reftest/bug696651-1.html b/parser/htmlparser/tests/reftest/bug696651-1.html new file mode 100644 index 000000000000..50a9135aa38e --- /dev/null +++ b/parser/htmlparser/tests/reftest/bug696651-1.html @@ -0,0 +1,2 @@ + + diff --git a/parser/htmlparser/tests/reftest/bug696651-1.html~ b/parser/htmlparser/tests/reftest/bug696651-1.html~ new file mode 100644 index 000000000000..ed609e77ed74 --- /dev/null +++ b/parser/htmlparser/tests/reftest/bug696651-1.html~ @@ -0,0 +1,2 @@ + + diff --git a/parser/htmlparser/tests/reftest/bug696651-2-ref.html b/parser/htmlparser/tests/reftest/bug696651-2-ref.html new file mode 100644 index 000000000000..7999785c0974 --- /dev/null +++ b/parser/htmlparser/tests/reftest/bug696651-2-ref.html @@ -0,0 +1 @@ + diff --git a/parser/htmlparser/tests/reftest/bug696651-2.html b/parser/htmlparser/tests/reftest/bug696651-2.html new file mode 100644 index 000000000000..2d3515b6afa0 --- /dev/null +++ b/parser/htmlparser/tests/reftest/bug696651-2.html @@ -0,0 +1,6 @@ + + + + diff --git a/parser/htmlparser/tests/reftest/bug696651-2.html~ b/parser/htmlparser/tests/reftest/bug696651-2.html~ new file mode 100644 index 000000000000..2bc1d0a142f6 --- /dev/null +++ b/parser/htmlparser/tests/reftest/bug696651-2.html~ @@ -0,0 +1,6 @@ + + + + diff --git a/parser/htmlparser/tests/reftest/bug696651-external.js b/parser/htmlparser/tests/reftest/bug696651-external.js new file mode 100644 index 000000000000..c1c2a8f78893 --- /dev/null +++ b/parser/htmlparser/tests/reftest/bug696651-external.js @@ -0,0 +1 @@ +document.write("C"); document.write("c"); diff --git a/parser/htmlparser/tests/reftest/reftest.list b/parser/htmlparser/tests/reftest/reftest.list index 244ea3d3d8b3..3e97f0100a1f 100644 --- a/parser/htmlparser/tests/reftest/reftest.list +++ b/parser/htmlparser/tests/reftest/reftest.list @@ -5,3 +5,5 @@ == bug592656-1.html bug592656-1-ref.html == bug608373-1.html bug608373-1-ref.html == view-source:bug673094-1.html view-source:bug673094-1-ref.html +== bug696651-1.html bug696651-1-ref.html +== bug696651-2.html bug696651-2-ref.html From d1640b5ba016bdd816200aebfb75598594c9060e Mon Sep 17 00:00:00 2001 From: Henri Sivonen Date: Mon, 31 Oct 2011 16:28:23 +0200 Subject: [PATCH 14/14] Bug 696651 part 3 - Refine part 2. r=Olli.Pettay. --- parser/html/nsHtml5Parser.cpp | 17 +++++++++++++---- .../htmlparser/tests/reftest/bug696651-1.html~ | 2 -- .../htmlparser/tests/reftest/bug696651-2.html~ | 6 ------ 3 files changed, 13 insertions(+), 12 deletions(-) delete mode 100644 parser/htmlparser/tests/reftest/bug696651-1.html~ delete mode 100644 parser/htmlparser/tests/reftest/bug696651-2.html~ diff --git a/parser/html/nsHtml5Parser.cpp b/parser/html/nsHtml5Parser.cpp index 2774359e11a3..2139f781deff 100644 --- a/parser/html/nsHtml5Parser.cpp +++ b/parser/html/nsHtml5Parser.cpp @@ -336,15 +336,23 @@ nsHtml5Parser::Parse(const nsAString& aSourceBuffer, // case is handled separately, because normal buffers containing data // have null keys. - nsHtml5OwningUTF16Buffer* prevSearchBuf = nsnull; - nsHtml5OwningUTF16Buffer* firstLevelMarker = nsnull; + // These don't need to be owning references, because they always point to + // the buffer queue and buffers can't be removed from the buffer queue + // before document.write() returns. The buffer queue clean-up happens the + // next time ParseUntilBlocked() is called. + // However, they are made owning just in case the reasoning above is flawed + // and a flaw would lead to worse problems with plain pointers. If this + // turns out to be a perf problem, it's worthwhile to consider making + // prevSearchbuf a plain pointer again. + nsRefPtr prevSearchBuf; + nsRefPtr firstLevelMarker; if (aKey) { if (mFirstBuffer == mLastBuffer) { nsHtml5OwningUTF16Buffer* keyHolder = new nsHtml5OwningUTF16Buffer(aKey); keyHolder->next = mLastBuffer; mFirstBuffer = keyHolder; - } else { + } else if (mFirstBuffer->key != aKey) { prevSearchBuf = mFirstBuffer; for (;;) { if (prevSearchBuf->next == mLastBuffer) { @@ -362,7 +370,8 @@ nsHtml5Parser::Parse(const nsAString& aSourceBuffer, } prevSearchBuf = prevSearchBuf->next; } - } + } // else mFirstBuffer is the keyholder + // prevSearchBuf is the previous buffer before the keyholder or null if // there isn't one. } else { diff --git a/parser/htmlparser/tests/reftest/bug696651-1.html~ b/parser/htmlparser/tests/reftest/bug696651-1.html~ deleted file mode 100644 index ed609e77ed74..000000000000 --- a/parser/htmlparser/tests/reftest/bug696651-1.html~ +++ /dev/null @@ -1,2 +0,0 @@ - - diff --git a/parser/htmlparser/tests/reftest/bug696651-2.html~ b/parser/htmlparser/tests/reftest/bug696651-2.html~ deleted file mode 100644 index 2bc1d0a142f6..000000000000 --- a/parser/htmlparser/tests/reftest/bug696651-2.html~ +++ /dev/null @@ -1,6 +0,0 @@ - - - -