Ensure we avoid clobbering live GC pointers in JSFunction by using helper
methods to clear to the isIncomplete state and trigger write barriers.
Differential Revision: https://phabricator.services.mozilla.com/D55056
--HG--
extra : moz-landing-system : lando
This replaces the 'hasUncompletedScript' accessor and removes the requirement
that 'hasScript' is already true. In general, if function is found by
scanning the GC arenas, one should check for the isIncomplete() state.
Depends on D55054
Differential Revision: https://phabricator.services.mozilla.com/D55055
--HG--
extra : moz-landing-system : lando
This should have been 'initSelfHostedLazyScript' all along for consistency
with other method names.
Depends on D55053
Differential Revision: https://phabricator.services.mozilla.com/D55054
--HG--
extra : moz-landing-system : lando
Refactor slightly for readability and cleanup the conditions on function that
are checked.
Differential Revision: https://phabricator.services.mozilla.com/D55053
--HG--
extra : moz-landing-system : lando
XPConnect calls this method during shutdown after the pointer to the
singleton nsScriptSecurityManager has been cleared, so it is actually
calling it with a null |this|. Nobody noticed this because it isn't
actually using |this|. This patch turns it into a static method to
make the sanitizers happy.
Differential Revision: https://phabricator.services.mozilla.com/D54846
--HG--
extra : moz-landing-system : lando
As demonstrated in the last patch, OutlineTypedObjects always have an attached
datum, which means `TypedObject::isAttached` always returns true for any
TypedObject.
The two new assertions in `OutlineTypedObject::obj_trace` have been added so
it's easier to see that `owner_` is nullptr iff `data_` is nullptr.
Differential Revision: https://phabricator.services.mozilla.com/D54718
--HG--
extra : moz-landing-system : lando
`OutlineTypedObject::attach` is only called when creating a new OutlineTypedObject.
By making the two `attach` functions and `createUnattached[WithClass]` private
methods, we can enforce only OutlineTypedObjects with attached data are exposed
to the user.
This is in preparation for the next patch.
Differential Revision: https://phabricator.services.mozilla.com/D54717
--HG--
extra : moz-landing-system : lando
`AttacheTypedObject` is only ever called directly after `NewOpaqueTypedObject`,
so we can merge both functions similar to the existing `NewDerivedTypedObject`
function.
This is in preparation of the next two patches.
Differential Revision: https://phabricator.services.mozilla.com/D54716
--HG--
extra : moz-landing-system : lando
- Instead of testing for `InlineTransparentTypedObject` and `InlineOpaqueTypedObject`
separately, we can directly test for `InlineTypedObject`.
- Because the ArrayBuffer of an `OutlineTypedObject` can never be detached, we
don't need to test for it.
Differential Revision: https://phabricator.services.mozilla.com/D54714
--HG--
extra : moz-landing-system : lando
Because ArrayBuffers used for TypedObjects can never be detached, we can remove
a couple of additional functions which are no longer used.
Differential Revision: https://phabricator.services.mozilla.com/D54713
--HG--
extra : moz-landing-system : lando
`ArrayBufferObject::detach` expects all views are `ArrayBufferViewObject`, which
means detaching an ArrayBuffer used for TypedObjects already crashes anyway.
Instead let's change `ArrayBufferObject::addView` and `ABO::setFirstView` to only
accept `ArrayBufferViewObject` and then remove the `addView` call in
`OutlineTypedObject::attach`. Additionally introduce `ABO::createForTypedObject`
as the single function which can call `ABO::setHasTypedObjectViews` to mark an
ArrayBufferObject as being used for TypedObjects.
Differential Revision: https://phabricator.services.mozilla.com/D54712
--HG--
extra : moz-landing-system : lando
Entries are never added to `lazyArrayBuffers` resp. `lazyArrayBuffers` isn't
even allocated anymore.
Differential Revision: https://phabricator.services.mozilla.com/D54711
--HG--
extra : moz-landing-system : lando
Remove resp. add null/undefined to the typeset in improveTypesAtTest for
MIsNullOrUndefined. That way operations on the coalesce expression can be
further optimised. For example `a += obj.prop ?? 0` where `obj.prop` is either
an Int32 or null/undefined can now be optimised to use Int32 addition, because
both possible right-hand side values are now typed as Int32.
Differential Revision: https://phabricator.services.mozilla.com/D53174
--HG--
extra : moz-landing-system : lando
Fold away MIsNullOrUndefined when the input is definitely null/undefined resp.
never null/undefined.
Differential Revision: https://phabricator.services.mozilla.com/D53172
--HG--
extra : moz-landing-system : lando
Only define `Promise_static_any` when `NIGHTLY_BUILD` to avoid an unused
function warning.
Differential Revision: https://phabricator.services.mozilla.com/D54697
--HG--
extra : moz-landing-system : lando
With XBL gone we don't have any real consumers left. Global scripts can still be
cloned but this removes the ability to clone arbitrary functions.
This also removes the testCloneScript jsapi-test because it's not trivial to rewrite and
I don't think it's testing anything that isn't covered by other tests.
Differential Revision: https://phabricator.services.mozilla.com/D52979
--HG--
extra : moz-landing-system : lando
We want to remove JS::CloneFunctionObject. Most tests can use
either cloneAndExecuteScript or evaluate instead.
Differential Revision: https://phabricator.services.mozilla.com/D52978
--HG--
extra : moz-landing-system : lando
There was a similar issue in the caller, where it checks |*s != '('|.
Also changes the code to use RangedPtr so these issues become assertion failures
instead of requiring ASan.
ConsumeUntil was added to encapsulate the js_strchr_limit call.
Differential Revision: https://phabricator.services.mozilla.com/D54455
--HG--
extra : moz-landing-system : lando
Bulk memory reduces active segments to sequences of *.init that are executed
before the start function is called. This implies that an error here is to be
reported as a RuntimeError, as an error in the start function would. The latest
spec tests for bulk-memory check this, so we're required to update as well.
Differential Revision: https://phabricator.services.mozilla.com/D54598
--HG--
extra : moz-landing-system : lando
Bulk memory reduces active segments to sequences of *.init that are executed
before the start function is called. This implies that an error here is to be
reported as a RuntimeError, as an error in the start function would. The latest
spec tests for bulk-memory check this, so we're required to update as well.
Differential Revision: https://phabricator.services.mozilla.com/D54598
--HG--
extra : moz-landing-system : lando
Split out the self-hosted handling from delazifyLazilyInterpretedFunction
since it will need to be handled differently when LazyScript merges with
JSScript.
Depends on D54526
Differential Revision: https://phabricator.services.mozilla.com/D54527
--HG--
extra : moz-landing-system : lando
Hide the check for LazyScript vs JSScript inside an accessor function.
Depends on D54525
Differential Revision: https://phabricator.services.mozilla.com/D54526
--HG--
extra : moz-landing-system : lando
Ted Campbell
Noemi Erli
Steve Fink
Philip Chimento
Andrew McCreight
André Bargull
Tom Tung
Jan de Mooij
yulia
Ryan Hunt
Dorel Luca
Jeff Walden
Sylvestre Ledru
Jon Coppeard