locals (169559, r=shaver).
- Also fix longstanding bug where global regexps in precompiled scripts were
wrongly shared among threads/contexts (165201, r=shaver).
- Also fix strict-aliasing gcc warning causes (206599, r=bryner).
scopes, and share it via downward goto from the old place (which should go
away when a bug on khanson's list whose # I forget is fixed). This fixes
the hole in sealed scope support mentioned in bug 94693 (r=rogerl/shaver).
The latter no longer calls the former via js_ConstructObject, to
minimize failure opportunities when converting an error into an
exception. Also, the 'stack' property of exception objects
faithfully preserves Unicode in function names and decompiled
actual argument sources.
Also, fun_xdrObject was reversing property order when encoding;
fixed to maximize property tree compression gain.
Also^2, js_ConstructObject was not handling success+not-found
return from FindConstructor.
bug 127136, r=rginda, sr=shaver, a=chofmann
with JSRESOLVE_ASSIGNING, wrongly), plus a few miscellaneous bugfixes.
- Combine the JSStackFrame members constructing, special, overrides, and
reserved into a uint32 flags member.
- Separate JOF_ASSIGNING from the JOF_SET bytecode format flag, and impute
JSRESOLVE_ASSIGNING from the presence of JOF_ASSIGNING among the current
opcode's format flags. To handle the for-in loop opcodes, which do more
than simply assign -- in particular, they do property lookups whose resolve
hook outcalls should not be flagged with JSRESOLVE_ASSIGNING -- a new frame
flag, JSFRAME_ASSIGNING, has been added.
- Fix interpreter version selection to respect JS_SetVersion, whose effect on
cx->version is "sticky".
- Fix js_DecompileValueGenerator to deal with JSOP_ENUMELEM -- it never had,
as this testcase shows (it crashes without this patch):
version(120);
eval("function fe(s) { for (it[s] in this); }");
try { fe('rdonly'); } catch (e) { print(e); }
create a long chain of removed sentinels. Also, when adding k to a table
where k is not mapped, but where k hashes to a chain that includes removed
sentinels, recycle the first removed sentinel in the chain for k's entry.
2. Cache cx->resolving till js_DestroyContext, to avoid high JSDHashTable
new/destroy overhead in js_LookupProperty.
3. Add NS_TraceStack to nsTraceMalloc.[ch] and clean the .c file up a bit.
to grows, shrinks, and compresses. This helps JS_DHashTableOperate callers
who hold returned entry pointers to validate those pointers and avoid having
to re-lookup an entry by its key.
- Balance that addition by removing JSDHashTable.sizeMask, which is induced by
JSDHashTable.sizeLog2 at the cost of two typically single-cycle instructions.
- Use JSDHashTable.generation in jsobj.c to avoid unsafely dereferencing an
entry pointer held across calls to JSClass.resolve from js_LookupProperty,
which may recur and add entries to cx->resolving, growing that table and
invalidating entry pointers held by earlier js_LookupProperty activations.
(bug 78121, r=jst@netscape.com, sr=jband@netscape.com, a=asa@mozilla.org)
js_SetProtoOrParent should always have used a condvar in addition to a lock.
- Fix bug 79129, assert-botch in js_AllocSlot (r/sr=jband, sr=shaver)
JS_INITIAL_NSLOTS is the minimum number of slots, js_FreeSlot guarantees it.
to the JS API, for per class extra slots beyond JSSLOT_PRIVATE (or starting
there for a class that lacks JSCLASS_HAS_PRIVATE). To avoid penalizing all
instances, these slots are allocated only upon first property-owned slot
allocation, or upon first JS_SetReservedSlot.
This entailed adding getRequiredSlot and setRequiredSlot hooks to the
JSObjectOps struct, and making obj->slots self-describing, a la BSTR. It
also afforded me a chance to clean up obj->slots locking so that non-native
JSObjectOps didn't risk unlocked accesses! Now there are thread-safe hooks
for all uses of obj.
First consumer is the new, DOM-glue-unifying XPConnect, which needs two
slots per wrapped function. Hence the change to js_FunctionClass.flags'
initializer.
- Commented the heck out of JSClass and JSObjectOps function typedefs in
jspubtd.h. I hope embedders see these comments!
- Fix JS_XDRValue's default case to handle int exclusively, there is no other
possible type (and therefore no JSMSG_BAD_JVAL_TYPE error).
- Clean up tabs in select old, tab-ridden files and sections.
- s/\<fh\>/file/g for stdio FILE * canonical variable names.
where any occurrence of arguments.length or arguments[0], e.g., would be
"optimized" to use those bytecodes. This is just wrong if the occurrence
is an operand of delete, ++, --, or the left-hand-side of an assignment
operator!
- [jsfun.c, jsinterp.c] args_getProperty etc. must use JS_GetInstancePrivate,
not JS_GetPrivate, as the arguments object is exposed, and can be made a
prototype of other objects that do not have private data, or private data
that's a JSStackFrame*. Same goes for fun_getProperty, js_GetArgument, etc.
- [jsfun.c, jsobj.c, jsstr.c] No need to specialize fun_delProperty and
str_delProperty to help convince users and ECMA conformance tests that
fun.length and str.length are direct properties of instances, instead of
being delegated to Function.prototype.length and String.prototype.length.
This special case is done universally in js_DeleteProperty for all SHARED
and PERMANENT proto-properties.
- [jshash.c] Sneaking this followup-fix for bug 69271 in: use JS_HASH_BITS
rather than hardcoded 32.
- [jsobj.c, jsscope.[ch]] Fix misnamed js_HashValue (it takes a jsid, so it
is now js_HashId).
- [jsscript.c] script_compile needs to call JS_InstanceOf, to ensure that obj
is a Script object.
- Fix bug where script jssrcnote vector terminator was not XDRed.
- Ensure that memory is cleared by serializing zero padding bytes as needed
under JS_XDRBytes and JS_XDRString.
- Fix JS_XDRValue to handle undefined and null JS types properly (bug 31003).
Also make it cast from jsint to uint32 and back carefully, so as to work
with negative numbers even on targets where jsval is a signed 64 bit type.
- Add JS_XDRScript public API.
- Optimize the per-JSXDRState class registry so it uses a JSDHashTable upon
searching for a class-id by name in an overpopulated (for linear search)
registry table.
- Clean up API nits such as JS_XDRNewBase => JS_XDRInitBase, with parameter
list rotation to put cx last (JS_XDRInitBase is an infallible init helper,
not an error-reporting, cx-comes-first, API entry point).
- Fix some XXX comments, unneeded masks, other nits.
- Make sure all JS XDR API functions start with JS_XDR.
- Remove bogus JS_ASSERT(!outermost) from the code that deals with a "#n="
type string being returned from js_EnterSharpObject, where the hash entry
is not yet sharp (because we haven't seen the object twice during depth
first search). This case trivially arises for the outermost object in,
e.g., 'o={}; o.foo=o; uneval(o)'.
- Avoid parenthesizing #n={...} object initializers for uneval, as they are
not ambiguous (whereas {foo:1}, e.g., is ambiguous because it could be a
block statement containing a labeled expression statement, or it could be
an object initializer).
- Death to tabs!
Backing out Brendan's previous checkin for bug #65553 (jsapi.c, jsdbgapi.c, jsemit.c, jsinterp.c, jsinterp.h, jsobj.c, and jsscript.c), so we can get smoke tests going.
r=attinasi@netscape.com (sheriff)
especially to jband for his great stress-test setup and particularly helpful
(in terms of reproducing bugs in draft patches) MP and laptop machines.
- Radical(*) object (scope) locking optimization: don't lock if a scope is
accessed on the context that exclusively owns it (initially, the context
on which the scope was created). Once a scope becomes shared among more
than one owner-context, give it the usual thin or fat lock, per existing
jslock.c code.
I did this at the memory cost of another word per JSScope, ownercx, which
raised scope size from 12 to 13 words if !DEBUG. I also added a linked
list head pointer, rt->scopeSharingTodo, and a scopeSharingDone condition
variable to JSRuntime, and a scopeToShare pointer to JSContext that's
necessary for deadlock avoidance.
The rt->scopeSharingTodo list links JSScopes through the scope->u.link
union arm, which overlays the pre-existing scope->count (now u.count)
member. This list holds scopes still exclusively owned by a context, but
wanted by js_LockScope calls active on other threads. Those calls wait
on the rt->scopeSharingDone condition, which is notified every time an
owner-context ends the request running on it, in which code active on
that context may be using scope freely until end of request.
The code that waits on rt->scopeSharingDone must first suspend any and
all requests active on the calling context, and resume those contexts
after the wait is notified. This means a GC could happen while the
thread locking a scope owned by another thread's context blocks; all
calls to JS_LOCK_OBJ must therefore first home fp->sp above any live
operands, e.g. The interpreter takes care to do that already.
To avoid AB-BA deadlocks, if a js_LockScope attempt on one context finds
that the owner-context of the scope is already waiting on a scope owned
by the current context (or indirectly depending on such a scope lock),
the attempt converts the scope from lock-free exclusive ownership to
shared ownership (thin or fat lock).
- Fix js_SetupLocks and the js_LockGlobal/js_UnlockGlobal code to avoid
divmod instruction costs, strength-reducing to bit-mask instructions.
- The radical lock-free scope change required care in handling the 0=>1
and 1=>0 transitions of cx->requestDepth, which was till now thread-local
because part of the JSContext not manipulated by other threads. It's
still updated only by cx's thread, but it is read by other threads in
the course of attempting to claim exclusive ownership of a scope for more
lock-free JS object operations.
- The JS_SuspendRequest and JS_ResumeRequest APIs have changed incompatibly
to require their caller to save and restore the requestCount found when
JS_SuspendRequest is called. This is necessary to avoid deadlock; sorry
for the incompatible change.
- Fixed various nits in jslock.[ch], including using Init/Finish rather
than New/Destroy for the methods that take a JSThinLock and initialize
and finish/free its members. Another example: JS_ATOMIC_ADDREF is now
JS_ATOMIC_INCREMENT and JS_ATOMIC_DECREMENT, so the two cases can be
mapped to PR_AtomicIncrement and PR_AtomicDecrement. This entailed
changing jsrefcount from jsword to int32 (PRInt32).
- No need to use JS_ATOMIC_INCREMENT on JSScopeProperty.nrefs, as it is
always and everywhere protected by the property's JSScope.lock.
- Cleaned up gratuitous casts in jscntxt.c by using &cx->links, etc.
- The lock used for mutual exclusion around both request begin and end vs.
GC synchronization is rt->gcLock, and this lock now also protects all
scope->ownercx pointer changes from non-null (exclusive) to null (shared),
the rt->scopeSharingTodo/scope->u.link list operations, and of course the
rt->scopeSharingDone condition.
But this means that js_GC cannot hold rt->gcLock across the bulk of its
body, in particular the mark phase, during which JS_GetPrivate calls,
e.g., may need to "promote" scope locks from lock-free to thin or fat,
because doing so would double-trip. There never was any good reason to
hold rt->gcLock so long, of course -- locks are for mutual exclusion, not
for waiting or notifying a thread -- those operations require a condition,
rt->gcDone, which we already use along with rt->gcLevel to keep racing GC
attempts at bay.
So now that rt->gcLock does not protect the mark phase, the enumeration
of rt->gcRootsHash can race badly with JS_RemoveRootRT, an API that may
legitimately be called outside of a request, without even a context. It
turns out that people may be cheating on the request model even with
JS_AddRoot, JS_AddNamedRoot, and JS_RemoveRoot calls, so we must make
all of those interlock with the GC using gcLevel and gcDone, unless they
are called on the gcThread.
Also, since bug 49816 was fixed, there has been no need for a separate
finalize phase, or for rt->gcFinalVec. Finalizers can no longer allocate
newborn GC-things that might be swept (because unmarked), or double-trip
on rt->gcLock (which is no longer held). So js_GC finalizes as it sweeps,
just as it did in days of old.
- I added comments to jslock.h making it plain that callers of JS_LOCK_OBJ
and JS_UNLOCK_OBJ must either be implementations of js_ObjectOps hooks,
or code reachable only from those hooks; or else must be predicated on
OBJ_IS_NATIVE tests. It turns out jsinterp.c's CACHED_GET and CACHED_SET
macros neglected to do such tests, limiting the ability of JS embeddings
to implement JSObjectOps with their own non-JSScope JSObjectMap subclass.
Fixed, small performance hit that the lock-free optimization should more
than make up for.
- jslock.c now gives a #error if you try to compile it on a platform that
lacks a compare-and-swap instruction. The #error says to use NSPR locks.
Before this change, some platforms would emulate compare-and-swap using
a global PRLock, which is always worse in runtime than using per-scope
PRLocks.
- All jsvals for which JSVAL_IS_GCTHING evaluates to true must contain tagged
pointers into the GC heap -- therefore jsapi.c's JS_DefineConstDoubles cannot
"cheat" by tagging addresses of static jsdoubles to avoid js_NewNumberValue.
- Finalization is now interleaved with the Sweep phase, to avoid allocating
memory for finalization records while sweeping. Instead, the JSRuntime holds a
preallocated JSGCThing vector (gcFinalVec) that the Sweep phase fills and
flushes via gc_finalize_phase, repeatedly.
This means that finalizers cannot allocate a new GC thing, an incompatible but
plausible change. js_AllocGCThing asserts and then checks whether it is called
while rt->gcLevel is non-zero, and fails the allocation attempt if so. But this
fixes bug 38942, where the old sweep-then-finalize with a sweep => malloc
dependency could lead to memory exhaustion.
- Instead of scanning whole stackPool arenas, which led to UMRs (bug 27924) and
sometimes to gross over-scanning that depended on the GC bounds-checking all
thing pointers against its heap, we scan exactly those stack slots in use:
- arguments reachable from fp->argv;
- variables reachable from fp->vars;
- operands now reachable from fp->spbase, bounded above by the lesser of
fp->sp or fp->spbase + fp->script->depth for an interpreted frame; if the
latter, fp->sp has advanced logically above the operand budget, in order to
call a native method, and all unused slots from fp->sp up to depth slots
above fp->spbase must be set to JSVAL_VOID;
- stack segments pushed when calling native methods, prefixed by JSStackHeader
structs and linked from cx->stackSegments through each header.
The stack segment headers help the GC avoid scanning unused portions of the
stack: the generating pc slots running depth slots below fp->spbase, and slots
at the end of an arena that aren't sufficient to satisfy a contiguous allocation
for more args, vars, or operands.
- Exact GC means the stack pointer must remain above live operands until the
interpreter is done with them, so jsinterp.c got heavily whacked. Instead of
POPs of various kinds followed by a PUSH for binary operators (e.g.), we use
FETCH and STORE macros that index by -1 and -2 from sp, and minimize adjustments
to sp. When sp is homed to fp->sp, this allows js_DecompileValueGenerator to
find the value reliably, and if possible its generating pc.
- Finally, the O(n**2) growth rate of gc_find_flags has been fixed, using the
scheme sketched in bug 49816 and documented in a new major comment in jsgc.c.
Briefly, by allocating flags and things from one arena, we can align things on
1024-byte "thing page" boundaries, and use JSGCPageInfo headers in each page to
find a given thing's flags in O(1) time.
/be
Bug #34187, adding 'eval' as property of global object.
Bug #31864, decompiler failure when attempting to invoke a non-function
where that object is accessed via an incoming argument of the current
function.
caps/idl/nsICertificatePrincipal.idl
caps/idl/nsIPrincipal.idl
caps/src/nsBasePrincipal.cpp
Implement the ability to manipulate multiple capabilties simultaneously.
r=mstoltz@netscape.com
Files:
caps/src/nsCodebasePrincipal.cpp
Codebase equality should be based upon origin, not full path.
r=mstoltz@netscape.com
Files:
caps/src/nsScriptSecurityManager.cpp
Change URI checking to deny based upon scheme rather than allow based upon
scheme for greater flexibility.
r=mstoltz@netscape.com
Files:
dom/public/nsDOMPropEnums.h
dom/public/nsDOMPropNames.h
dom/src/base/nsGlobalWindow.cpp
modules/libpref/src/init/all.js
Fix bug 20469 Seeing JS functions and global variables from arbitrary host
r=vidur@netscape.com
Files:
dom/src/base/nsJSUtils.cpp
dom/src/base/nsJSUtils.h
dom/src/base/nsJSEnvironment.cpp
dom/tools/JSStubGen.cpp
layout/base/src/nsDocument.cpp
layout/html/content/src/nsGenericHTMLElement.cpp
Improve performance by removing NS_WITH_SERVICE call for every DOM access.
Propagate XPCOM failure codes out properly.
r=vidur@netscape.com
Files:
layout/html/document/src/nsFrameFrame.cpp
Fix 27387 Circumventing Same Origin security policy using setAttribute
r=vidur@netscape.com
Added ECMA3 compliant getter/setter syntax.
Fixed bugs
- #28686, mishandling of \$ in replace()
- #27902, eval not detected as heavyweight indicator for non ECMA
context version.
was causing defered calls to js_FreeSlot to do wild pointer writes into slots that
were no longer owned by the object. Also this improves the fix to 14462 (see note
in 28982 from brendan). r=brendan@mozilla.orga=jar@netscape.com
Bug #14462, lot's of discussin there about these changes, but here's
Brendan's description :
In order, changes in the patch are:
- Rename JSSLOT_ITR_STATE to be JSSLOT_ITER_STATE (avoid cybercrud abbreviation
as cbrcrd, no more six-char id limits!).
- Property cache tests must occur with the object's scope-lock held, to close a
race with delete (js_DestroyProperty, always called with the property's scope
locked). Once the cache has been hit, and before the lock is released, the
property's refcount must be bumped. This requires re-acquisition of the lock
and js_DropScopeProperty afterward.
- Reworked js_FindProperty to use a do-while loop, as cx->fp->scopeChain must be
non-null. This avoids a gratuitous lastobj init done to "Suppress gcc warning"
in the old revision.
- Akin to the property cache hit cases in jsinterp.c and jsobj.c's
js_FindProperty, code to hold and drop the scope-property by its refcount that
was #ifdef JS_THREADSAFE must be unconditional, now that user-defined getters
and setters may delete the property id they're getting or setting.
- Fixed overlong continuation line in jsobj.h.
/be
Courtesy Bill Gibbons <bill@gibbons.org>
His comments:
Here are the changes to JSRef to make it compile either as C or C++. Mostly the changes are to add missing casts (since C++ doesn't have implict conversion from void* to other pointer types nor implicit casts from ints to enumerations) plus a few random things like the use of "private" as a variable name.
There are a few other minor bug fixes; in particular:
* A long statement with and'ed conditions is reformatted to make it easier to remove other builtin objects (e.g. Date).
* A #if was added to jsscript.c for the JS_HAS_SCRIPT_OBJECT off case.
* In jsmath a #ifdef was changed to #if.
My notes also mention...
* jsobj.c should include jsopcode.h
* jsfun.c - doesn't link if JS_HAS_ARGS_OBJECT is off
* jsarray.c - a reference to js_ValueToSource should be conditional on JS_HAS_TOSOURCE
r=mccabe
code review and fixes (r=chouck@geocast.com). He needs this cuz he has no
knowledge of exact number of properties before new-style enumerating them.
- Patch up jsdbgapi.c a bit -- it needs to use OBJ_GET_ATTRIBUTES and new APIs
to do a better job describing properties to a debugger.
- Add JSMSG_CANT_DESCRIBE_PROPS for bogus non-native error case in jsdbgapi.c.
- Fix "Inappropriate" => "invalid" in JSMSG_BAD_ARRAY_LENGTH message.
14443 "Same origin" security policy may be circumvented using docu
14820 Fixing up the relationship between nsCodeBasePrincipal and n
14919 Crash in JS MM code
Reviewed by mstoltz, approved by scc.
and propertyIsEnumerable) for JS1.5.
- Optimize obj_propertyIsEnumerable to avoid extra lookup code bloat, requiring
fix to js_GetAttributes (unset out param on successful early retunr) that it
exposed.
- Use more righteous else-if style in shaver's jsarray.c change.
- Add JS1.5 getter/setter support in all its glory:
* getter function SN() {return ++x} at top-level or as a closure binds an SN
property getter than returns the incremented value of x. Likewise for
setter function SN(y) {return y = x}.
* getters and setters may be defined in an object literal:
o = {p getter:function() {return ++this.x},
p setter:function(y){return this.x = y},
x:42};
* getter= and setter= operators (compound tokens) may be used to bind getter
and setter properties dynamically:
o = new Object;
o.p getter= function() {return ++this.x};
o.p setter= function(y){return this.x = y};
o.x = 42;
Waldemar is concerned that this form will collide semantically with JS2, so
I am not committing to keeping it in JS1.5. I'd like to check my code in
ASAP so shaver can use it, and I'd also like to see this form get used (or
not) during Mozilla betas. Caveat emptor, and if you find this "dynamic"
or "imperative" form necessary and hard to substitute, please let me know.
If this proves important to users, then I think JS1.5 should keep it.
- Cleaned up property flags (in a binary-incompatible fashion -- who cares?) by
eliminating JSPROP_ASSIGNHACK and JSPROP_TINYIDHACK.
- Added JS_DONT_PRETTY_PRINT flag to be ORed with the indent argument to the
several JS_Decompile*() API calls. This avoids any newlines or identation in
the decompiled string.
- Improved and extended (for getter/setter non-reservation) scanner lookahead
by using a circular (power-of-2 sized) token buffer.
- Fix ECMA Edition 3 deviation where function f(){function g(){}} bound f.g by
mistake (it should arrange to make a closure named g in activations of f, but
it should not bind a property of function f).
- js_DecompileValueGenerator had rusted due to bytecode/source-note changes,
or maybe parts of it never worked right. Anyway, it now does not induce a
crashing underflow in the decompiler. As part of this fix, it now takes a
checkStack flag telling whether to look for the jsval v argument on the JS
stack. The calls from ImportProperty, js_SetProperty, and js_DeleteProperty
pass in v a jsval for the property id, which should not be sought after on
the stack (it might happen to be there due to o['p'] = 2, but we want to
decompile o["p"], not "p").
- js_DecompileValueGenerator would load a generating pc even if the value v
did not match the pc's corresponding stack item! Oops. This lead to less
than idea diagnostics.
- js_DecompileValueGenerator was also not mapping JSOP_TRAP to the real op at
a sufficiently early and univeral point in its control flow.
- Fix PopOff to assert and check for stack underflow in the decompiler, and
beef up PushOff too (it asserted, but did not check).
- js_ReportIsNotFunction now avoids JS_InternString by indexing directly into
cx->runtime->atomState.typeAtoms with the result of JS_TypeOfValue.
- Removed unnecessary local GC root reserved by non-zero trailing member of
obj_eval's JSFunctionSpec initializer.
to define an unbound global variable used to enumerate an empty object, when
the standard says no variable should be defined.
- Clean up minor nits, make comment style match prevailing, tighten up for..in
element-indexing special case comments.
- Fix js_Invoke to take CONSTRUCT and INTERNAL flags arg instead of a construct
boolean arg and the JSStackFrame internalCall mis-located boolean non-arg.
Use these flags correctly in all calls (previous version failed to set the
bogus frame.internalCall around js_Invoke calls from jsfun.c and jsstr.c).
"external" calls compiled from scripts, which have stack budget depth slots
under the return value slot for the call expression's generating pc.
- New internalCall packed boolean flag in JSStackFrame to distinguish callers
of js_InternalCall so the generating pc isn't mistakenly stored depth slots
below stack space allocated on-the-fly for internal call args/rval.
- Fixed bugzilla bug 8042, finally by storing the call expression's generating
pc -- but only for external calls.
- Whitespace policing, gratuitous parenthesization reduction, etc.
+ merging of js/src and js/ref
+ elimination of most dependencies on NSPR
+ JS1.4 feature additions and accumulated bug fixes
More details are in last week's mozilla status report.
and development branches, including but
not limited to:
- Preliminary exception handling per
ECMA proposal; try, multiple
catchblocks, and finally. Catchblocks
are of the form catch (v) or
catch(v:<guard>), where guard is an
optional boolean expression that is
evaluated to determine whether the
exception is to be caught by that block.
- ECMA-proposed 'in' operator; "'foo' in
o" or "4 in o" asks if o has property
foo or element 4.
- Added a new set of defines in
jsconfig.h for js 1.4
features-in-progress. (in, instanceof,
exception handling.) Default build
version is now 1.4. Fixed a few
conditional features that had become
broken.
- Progress towards porting to FreeBSD
and Alpha; casts of NaN and friends to
int are a little more localized. Not
there yet...
- New config files to compile on more
OSes; various fixes to improve
portability.
and tested in that release):
#114564: Fix JS_Enumerate to return an empty id array instead of null
#115395: Fix JS garbage collection
#115200: Security dialog no longer blows assertion
#123211: Make sure output of sort array function is -1, 0, or 1.
#116195: Fix ImportProperty(), cope with an existing local variable
of the same name as the imported property
Unbusticate JS_invoke() so that closures work again
#115384,#115395: Handle bugs in toSource that strike when
getProperty is non-idempotent. Fix crash during JavaScript
garbage collection after enumerating object properties.
#??????: mjudge - Win16 files to make ptrdiff_t be 32 bits on Win16