XPCOM strings mark logically unused parts of nsStringBuffer as uninitialized
in debug builds by writing a marker byte and if memory checking is active,
by telling the memory checking that the range of memory is uninitialized.
This patch limits such marking to up to 16 code units to avoid quadratic
behavior, which is especially bad when there's a large disparity between
length and capacity (after a call to SetCapacity()).
The assumption here is that even a small poisoned memory range is enough
to detect the bugs that the poisoning is intended to detect.
MozReview-Commit-ID: 178rp0ckztj
Differential Revision: https://phabricator.services.mozilla.com/D5838
--HG--
extra : moz-landing-system : lando
This restores the old allocation semantics for "append" operations between
Latin1 and UTF-16 while keeping the buffer re-use optimization for the
"assign" cases.
MozReview-Commit-ID: 8JCw3AaCNLN
Differential Revision: https://phabricator.services.mozilla.com/D3582
--HG--
extra : moz-landing-system : lando
Shrinking the buffer is purely a memory footprint optimization and can be
omitted as far as the string semantics visible to the caller are concerned.
Since shrinking is optional, it doesn't make sense to propagate error when
it fails due to OOM.
MozReview-Commit-ID: BuyBLCBmYzZ
Differential Revision: https://phabricator.services.mozilla.com/D3866
--HG--
extra : moz-landing-system : lando
There are surprisingly many of them.
(Plus a couple of unnecessary checks after `new` calls that were nearby.)
--HG--
extra : rebase_source : 47b6d5d7c5c99b1b50b396daf7a3b67abfd74fc1
Correctness improvements:
* UTF errors are handled safely per spec instead of dangerously truncating
strings.
* There are fewer converter implementations.
Performance improvements:
* The old code did exact buffer length math, which meant doing UTF math twice
on each input string (once for length calculation and another time for
conversion). Exact length math is more complicated when handling errors
properly, which the old code didn't do. The new code does UTF math on the
string content only once (when converting) but risks allocating more than
once. There are heuristics in place to lower the probability of
reallocation in cases where the double math avoidance isn't enough of a
saving to absorb an allocation and memcpy.
* Previously, in UTF-16 <-> UTF-8 conversions, an ASCII prefix was optimized
but a single non-ASCII code point pessimized the rest of the string. The
new code tries to get back on the fast ASCII path.
* UTF-16 to Latin1 conversion guarantees less about handling of out-of-range
input to eliminate an operation from the inner loop on x86/x86_64.
* When assigning to a pre-existing string, the new code tries to reuse the
old buffer instead of first releasing the old buffer and then allocating a
new one.
* When reallocating from the new code, the memcpy covers only the data that
is part of the logical length of the old string instead of memcpying the
whole capacity. (For old callers old excess memcpy behavior is preserved
due to bogus callers. See bug 1472113.)
* UTF-8 strings in XPConnect that are in the Latin1 range are passed to
SpiderMonkey as Latin1.
New features:
* Conversion between UTF-8 and Latin1 is added in order to enable faster
future interop between Rust code (or otherwise UTF-8-using code) and text
node and SpiderMonkey code that uses Latin1.
MozReview-Commit-ID: JaJuExfILM9
This gcc 4.9 workaround (from bug 1377351) is no longer needed because Firefox currently requires gcc 6.1 or later (as of bug 1444274).
MozReview-Commit-ID: 9R14BDzWEoj
--HG--
extra : rebase_source : a56ec3ee321cdc76e704fe33c2c4a5b85b558889
extra : source : e0c26ec11d499058e51bc2c3d06b2e1840e77f13
This patch is an automatic replacement of s/NS_NOTREACHED/MOZ_ASSERT_UNREACHABLE/. Reindenting long lines and whitespace fixups follow in patch 6b.
MozReview-Commit-ID: 5UQVHElSpCr
--HG--
extra : rebase_source : 4c1b2fc32b269342f07639266b64941e2270e9c4
extra : source : 907543f6eae716f23a6de52b1ffb1c82908d158a
This was done automatically replacing:
s/mozilla::Move/std::move/
s/ Move(/ std::move(/
s/(Move(/(std::move(/
Removing the 'using mozilla::Move;' lines.
And then with a few manual fixups, see the bug for the split series..
MozReview-Commit-ID: Jxze3adipUh
For nsCSSAnonBoxes.cpp, nsCSSPseudoElements.cpp, nsDirectoryService.cpp, the
corresponding .h file includes nsStaticAtom.h. For the other files in this
patch, nsStaticAtom.h is not needed at all.
MozReview-Commit-ID: IpMmbXwZHhu
--HG--
extra : rebase_source : 46d0a6b40a41ee233adad7c205cf907fa27de34a
The documentation indicates nsTStringTuple is intended for internal use only
and is designed to be only be used as a temporary. This makes that fact
explicit by annotating the class for static analysis.
--HG--
extra : rebase_source : 737481fb39355c456cf1bbf17b887e35d692c4df
This removes nsSubstringTuple.h and nsSubstringTuple.cpp in favor of
nsTSubstringTuple.
--HG--
extra : rebase_source : 4539b7cccd7a6837ca695782200a2e8d19b8436a
This adds a copy constructor that uses Rebind to preserve the reference to
static data rather allocate a new shared buffer.
--HG--
extra : rebase_source : db04def1137a9be646b8e09dfee780c9163a585c
We had to force-include Char16.h to simulate char16_t on older MSVC versions.
But it is no longer the case. We should not rebuild the world whenever we
touch this file.
MozReview-Commit-ID: 1XY7tQD8LoK
--HG--
extra : rebase_source : a08ccfc9b6a4abf90f6f8b97a42079865724c9ec
Final style cleanup:
- Comment formatting
- Move variable declarations to where they're used
- Don't set NS_OK until we finish processing
- Early exit for error conditions
--HG--
extra : rebase_source : 15e216df6b9a5ca113d2da029e999d8bccd6752b
This reduces the indentation by removing the `if(cp)` and `if(done)` blocks
and just returning early. The `if(cp)` was unnecessary as `BeginReading` will
never return nullptr.
--HG--
extra : rebase_source : e0889e65bd5d371d54783087ae22e097c8dfe4db
In theory other radixes can be passed in but we don't actually handle them.
This asserts that the radix is supported and just switches over to using 10 and
16 directly.
--HG--
extra : rebase_source : 71891302d499bfd108a5bb41626d921b3be193ce
The `haveValue` logic is no longer necessary. If we don't have a value the
result will always be 0.
--HG--
extra : rebase_source : df79cbe1dab86914873de72f0ef8fe72d3469e1a
kAutoDetect is never actually used in our codebase and makes ToInteger rather
convoluted. This removes the logic for it, the constant itself, and the
resulting dead code.
--HG--
extra : rebase_source : 0809b1d167a0c6ffcc7d45cc6f471c9d381ca303
Remove the headers included for "backwards compatibility" and just include them
where required.
--HG--
extra : source : e2beba7e6875120ebbbcadf24bcbcb5b86411a94
extra : amend_source : 11f07a27431cd468511f0bd45afe36150c6e342c
Remove the headers included for "backwards compatibility" and just include them
where required.
--HG--
extra : rebase_source : 03e703a81ed4b80f4f116ff36d8787464ce5acba
This removes an unnecessary level of indirection by replacing all
nsStringGlue.h instances with just nsString.h.
--HG--
extra : rebase_source : 340989240af4018f3ebfd92826ae11b0cb46d019
This version of the patch hopefully causes fewer performance regressions.
It might be good to apply this and catch some more assertions.
--HG--
extra : rebase_source : b8674308d581bed4baf6f64a9dd23f2cf995028b
MOZ_CRASH_UNSAFE_PRINTF causes data collection because crash strings are annotated to crash-stats and are publicly visible. Firefox data stewards must do data review on usages of this macro. However, all the crash strings this patch collects with MOZ_CRASH_UNSAFE_PRINTF are already collected with NS_RUNTIMEABORT.
MozReview-Commit-ID: 5ujXa9MHH5Z
--HG--
extra : rebase_source : 1367e6ac3c6085341e36cb0859d91417245ea472
extra : source : 3edeb64a40afd79d5c01ae0f0d3ab2777a2e744b
In order to properly disable template functions with `std::enable_if` we need
to use the resulting type. This only works if we use a dependent type in the
template params, hence the need to shadow the `T` param.
Proper usage is now of the form:
template<typename Q = T, typename EnableIfChar = CharOnlyT<Q>>
Foo();
--HG--
extra : rebase_source : da7855403d9e683d06d3858e26805e9d8e338208
Renames are because another location also defined that
variable. Unused definitions are eliminated.
The .eslintrc.js file makes eslint expect XPCShell global variables.
MozReview-Commit-ID: Fafm5o45bme
--HG--
extra : rebase_source : ab71132a60e90bd30f34766bd828b18dd608f8b3
These were generated with |./mach eslint --fix xpcom| with the
.eslintignore and xpcom/tests/unit/.eslintrc.js changes from the next
patch.
MozReview-Commit-ID: 8pKkICSK3JQ
--HG--
extra : rebase_source : bbc98050928f27160d8ca63d38aa0c383be95878
(patch is actually r=erahm,mystor)
nsTFixedString<T> is only used as a base class for nsTAutoStringN<T, N>, so
this patch merges the former into the latter, cutting some code and simplifying
the string class hierarchy.
Because the "Fixed" name is now gone, the patch also renames
StringDataFlags::FIXED as INLINE and ClassDataFlags::FIXED as INLINE.
The patch also removes nsFixed[C]String and ns_auto_[c]string! from Rust code
because nsAutoString can't be implemented directly in Rust due to its move
semantics. There were only two uses of ns_auto_string! outside of tests so this
seems like a minor loss.
MozReview-Commit-ID: 8ntximghiut
--HG--
extra : rebase_source : f36edbae0553adcfee356fb8b311097ff7424786
Full specialization is allowed in MSVC, but not in gcc.
MozReview-Commit-ID: 9QI6YWc5Rvr
--HG--
extra : rebase_source : 7387899a6d76832afbe15e088b80a82adee59ca3
XPCOM's string API doesn't have the notion of a "null string". But it does have
the notion of a "void string" (or "voided string"), and that's what these
functions are returning. So the names should reflect that.
--HG--
extra : rebase_source : 4e3f982e0873877174a08a25413595ff66f7d20e
Bug 1388789 introduced a bug breaking formats like "%*.f". The problem
was that the next "natural" argument was taken before the "*" width
argument.
MozReview-Commit-ID: BZack9faY7a
--HG--
extra : rebase_source : a14485914ef9e29e38f29be6c1df1372ce5e722f
nsTextFormatter unconditionally emitted a trailing \0, leading some code
elsewhere to have to work around this. This changes the code to only
emit it in snprintf.
MozReview-Commit-ID: G3CBpAPp9Tn
--HG--
extra : rebase_source : 36666476a4f796e2553c9fa31daa54d245ae3b5f
The char* and char16_t* cases handled null strings differently;
normalize them to both emit "(null)".
MozReview-Commit-ID: IzRkc3pSSjl
--HG--
extra : rebase_source : f43a1a852a2c8aa3d6607c7202f7cd42fdd5740a
Change nsTextFormatter functions to template functions, box their
arguments, and then make the formatter mostly impervious to type
mismatches. Most formatting is done according to the type of the actual
argument.
MozReview-Commit-ID: H8WmyxFCb7s
--HG--
extra : rebase_source : ad98ad6243825f1a892fc6a641d155e239b12a6b
nsTextFormatter::vsnprintf is defined to return uint32_t(-1) on error.
However, it was not doing this.
nsTextFormatter::vssprintf is defined as infallible; enforce this by
having it return void.
MozReview-Commit-ID: LdOhIHzRvAT
--HG--
extra : rebase_source : 7164eb47a89ecebfa50d40684eea1325de0172ba
nsTextFormatter tried to pass unrecognized escapes in the format string
through to the output. However, if the format held a width or
precision, that text was not output. It seems better to me to try to
preserve the format text as-is.
MozReview-Commit-ID: HoBykpfzK7C
--HG--
extra : rebase_source : 9b071db3800e3e75cabb4995a920818dfb35b03d
nsTextFormatter used nsAutoString for arrays of hex digits; but this
didn't seem to provide any benefit.
MozReview-Commit-ID: EYHtnAzJL8h
--HG--
extra : rebase_source : 6906075f06478b7c10229201de46e36d08d1f7f8
The runtime type-checking rewrite of nsTextFormatter will not support
va_list uses. So, make these functions private and fix the sole user.
MozReview-Commit-ID: IBWALVzIcHC
--HG--
extra : rebase_source : a822697c81c1a054359fc2ecd894d51f95686548
The template declaration and definition of Compare use NS_FASTCALL,
while the explicit instantiation of Compare does not, which produces
complaints from newer compilers. Add NS_FASTCALL to the explicit
instantiation so that things match up.
nsTSubstring.cpp is calling RoundUpPow2 which is defined in MathAlgorithms.h.
Without this, we get a build failure in non-unified builds.
MozReview-Commit-ID: Dz7VIZk4dLw
--HG--
extra : rebase_source : 7795784894bfca6e921d38cedaa4f543317c2165
This removes the double-include macro hackery that we use to define two
separate string types (nsAString and nsACString) in favor of a templated
solution.
Annotations for Valgrind and the JS hazard analysis are updated as well as
the rust binding generations for string code.
--HG--
extra : rebase_source : 63ab2c4620cfcd4b764d42d654c82f30f984d016
extra : source : 9115364cd4aa078c49bba7911069f8178e55166f
This is straightforward, with only two notable things.
- `#include "nsXPIDLString.h" is replaced with `#include "nsString.h"`
throughout, because all nsXPIDLString.h did was include nsString.h. The
exception is for files which already include nsString.h, in which case the
patch just removes the nsXPIDLString.h inclusion.
- The patch removes the |xpidl_string| gtest, but improves the |voided| test to
cover some of its ground, e.g. testing Adopt(nullptr).
--HG--
extra : rebase_source : 452cc4a08046a1adb1a8099a7e85a1917de5add8
We should not be declaring forward declarations for nsString classes directly,
instead we should use nsStringFwd.h. This will make changing the underlying
types easier.
--HG--
extra : rebase_source : b2c7554e8632f078167ff2f609392e63a136c299