Correctness improvements:
* UTF errors are handled safely per spec instead of dangerously truncating
strings.
* There are fewer converter implementations.
Performance improvements:
* The old code did exact buffer length math, which meant doing UTF math twice
on each input string (once for length calculation and another time for
conversion). Exact length math is more complicated when handling errors
properly, which the old code didn't do. The new code does UTF math on the
string content only once (when converting) but risks allocating more than
once. There are heuristics in place to lower the probability of
reallocation in cases where the double math avoidance isn't enough of a
saving to absorb an allocation and memcpy.
* Previously, in UTF-16 <-> UTF-8 conversions, an ASCII prefix was optimized
but a single non-ASCII code point pessimized the rest of the string. The
new code tries to get back on the fast ASCII path.
* UTF-16 to Latin1 conversion guarantees less about handling of out-of-range
input to eliminate an operation from the inner loop on x86/x86_64.
* When assigning to a pre-existing string, the new code tries to reuse the
old buffer instead of first releasing the old buffer and then allocating a
new one.
* When reallocating from the new code, the memcpy covers only the data that
is part of the logical length of the old string instead of memcpying the
whole capacity. (For old callers old excess memcpy behavior is preserved
due to bogus callers. See bug 1472113.)
* UTF-8 strings in XPConnect that are in the Latin1 range are passed to
SpiderMonkey as Latin1.
New features:
* Conversion between UTF-8 and Latin1 is added in order to enable faster
future interop between Rust code (or otherwise UTF-8-using code) and text
node and SpiderMonkey code that uses Latin1.
MozReview-Commit-ID: JaJuExfILM9
Entry storage allocation now occurs on the first lookupForAdd()/put()/putNew().
This removes the need for init() and initialized(), and matches how
PLDHashTable/nsTHashtable work. It also removes the need for init() functions
in a lot of types that are built on top of mozilla::Hash{Map,Set}.
Pros:
- No need for init() calls and subsequent checks.
- No memory allocated for empty tables, which are not that uncommon.
Cons:
- An extra branch in lookup() and lookupForAdd(), but not in put()/putNew(),
because the existing checkOverloaded() can handle it.
Specifics:
- Construction now can take a length parameter.
- init() is removed. Explicit length-setting, when necessary, now occurs in the
constructors.
- initialized() is removed.
- capacity() now returns zero when the entry storage is absent.
- lookupForAdd() is no longer `const`, because it can instantiate the storage,
which requires modifications.
- lookupForAdd() can now return an invalid AddPtr in two cases:
- old: hashing failure (due to OOM in the hasher)
- new: OOM while instantiating entry storage
The existing failure handling paths for the old case work for the new case.
- clear(), finish(), and clearAndShrink() are replaced by clear(), compact(),
and reserve(). The old compactIfUnderloaded() is also removed.
- Capacity computation code is now in its own functions, bestCapacity() and
hashShift(). setTableSizeLog2() is removed.
- uint32_t is used throughout for capacities, instead of size_t, for
consistency with other similar values.
- changeTableSize() now takes a capacity instead of a deltaLog2, and it can now
handle !mTable.
Measurements:
- Total source code size is reduced by over 900 lines. Also, lots of existing
lines got shorter (i.e. two checks were reduced to one).
- Executable size barely changed, down by 2 KiB on Linux64. The extra branches
are compensated for by the lack of init() calls.
- Speed changed negligibly. The instruction count for Bench_Cpp_MozHash
increased from 2.84 billion to 2.89 billion but any execution time change was
well below noise.
GCHashMap will shortly lose its initialized() function, so we need another way
to indicate whether this table has been created. This patch changes it to use a
pointer instead.
--HG--
extra : rebase_source : 05ce9f2938d1fc8373cbac77c0b3bd62633f93d8
This patch was written entirely by the following script:
#!/bin/bash
if [ ! -d "./.hg" ]
then
echo "Not in a source tree." 1>&2
exit 1
fi
find . -regex '.*\(ref\|crash\)test.*\.list' | while read FILENAME
do
echo "Processing ${FILENAME}."
# The following has four substitutions:
# * The first one replaces the *first* argument to fuzzy() when it doesn't
# have a - in it, by replacing it with an explicit 0-N range.
# * The second one does the same for the *second* argument to fuzzy().
# * The third does the same for the *second* argument to fuzzy-if().
# * The fourth does the same for the *third* argument to fuzzy-if().
#
# Note that this is using perl rather than sed because perl doesn't
# support non-greedy matching, which is needed for the first argument to
# fuzzy-if.
perl -pi -e 's/(fuzzy\()([^ ,()-]*)(,[^ ,()]*\))/${1}0-${2}${3}/g;s/(fuzzy\([^ ,()]*,)([^ ,()-]*)(\))/${1}0-${2}${3}/g;s/(fuzzy-if\([^ ]*?,)([^ ,()-]*)(,[^ ,()]*\))/${1}0-${2}${3}/g;s/(fuzzy-if\([^ ]*?,[^ ,()]*,)([^ ,()-]*)(\))/${1}0-${2}${3}/g' "${FILENAME}"
done
Differential Revision: https://phabricator.services.mozilla.com/D2974
--HG--
extra : moz-landing-system : lando
This introduces the machinery needed to generate crash annotations from a YAML
file. The relevant C++ functions are updated to take a typed enum. JavaScript
calls are unaffected but they will throw if the string argument does not
correspond to one of the known entries in the C++ enum. The existing whitelists
and blacklists of annotations are also generated from the YAML file and all
duplicate code related to them has been consolidated. Once written out to the
.extra file the annotations are converted in string form and are no different
than the existing ones.
All existing annotations have been included in the list (and some obsolete ones
have been removed) and all call sites have been updated including tests where
appropriate.
--HG--
extra : source : 4f6c43f2830701ec5552e08e3f1b06fe6d045860
nsJSObjWrapper::mJSObj can be a cross-compartment wrapper, so we can't use it with JSAutoRealm. Store a (same-compartment) global and use that instead.
This introduces the machinery needed to generate crash annotations from a YAML
file. The relevant functions are updated to take a typed enum (in C++) and an
integer constant (in JavaScript). A JavaScript wrapper around the crash
reporter service is provided to hold the constants. The existing whitelists
and blacklists of annotations are also generated from the YAML file and the
existing duplicate code has been consolidated. Once written out to the .extra
file the annotations are converted in string form and are no different than
the existing ones.
All existing annotations have been included (and some obsolete ones removed)
and all call sites have been updated including tests.
--HG--
extra : rebase_source : b4f0d4bf83c64851028c271d3fab3ebcb6fbcd3e
This introduces the machinery needed to generate crash annotations from a YAML
file. The relevant functions are updated to take a typed enum (in C++) and an
integer constant (in JavaScript). A JavaScript wrapper around the crash
reporter service is provided to hold the constants. The existing whitelists
and blacklists of annotations are also generated from the YAML file and the
existing duplicate code has been consolidated. Once written out to the .extra
file the annotations are converted in string form and are no different than
the existing ones.
All existing annotations have been included (and some obsolete ones removed)
and all call sites have been updated including tests.
--HG--
extra : rebase_source : f0e8d229581ac5c0daa0e0454cb258746108e28d
DocShells are associated with outer DOM Windows, rather than Documents, so
having the getter on the document is a bit odd to begin with. But it's also
considerably less convenient, since most of the times when we want a docShell
from JS, we're dealing most directly with a window, and have to detour through
the document to get it.
MozReview-Commit-ID: LUj1H9nG3QL
--HG--
extra : source : fcfb99baa0f0fb60a7c420a712c6ae7c72576871
extra : histedit_source : 5be9b7b29a52a4b8376ee0bdfc5c08b12e3c775a
DocShells are associated with outer DOM Windows, rather than Documents, so
having the getter on the document is a bit odd to begin with. But it's also
considerably less convenient, since most of the times when we want a docShell
from JS, we're dealing most directly with a window, and have to detour through
the document to get it.
MozReview-Commit-ID: LUj1H9nG3QL
--HG--
extra : rebase_source : a13c59d1a5ed000187c7fd8e7339408ad6e2dee6
The object could be a CCW here and we want to make it impossible to get a CCW's global. The first call here is equivalent to checking JS_IsGlobalObject and for the second one JS::CurrentGlobalOrNull(cx) preserves behavior because we wrapped the object into the current compartment.
Much like the component manager, many of the strings that we use for category
manager entries are statically allocated. There's no need to duplicate these
strings.
This patch changes the category manager APIs to take nsACStrings rather than
raw pointers, and to pass literal nsCStrings when we know we have a literal
string to begin with. When adding the category entry, it then skips making
copies of any strings with the LITERAL flag.
MozReview-Commit-ID: EJEcYSdNMWs
***
amend-catman
--HG--
extra : source : aa9a8f18e98f930a3d8359565eef02f3f6efc5f9
extra : absorb_source : 81a22ab26ee8017ac43321ff2c987d8096182d37
Much like the component manager, many of the strings that we use for category
manager entries are statically allocated. There's no need to duplicate these
strings.
This patch changes the category manager APIs to take nsACStrings rather than
raw pointers, and to pass literal nsCStrings when we know we have a literal
string to begin with. When adding the category entry, it then skips making
copies of any strings with the LITERAL flag.
MozReview-Commit-ID: EJEcYSdNMWs
***
amend-catman
--HG--
extra : rebase_source : 4f70e7b296ecf3b52a4892c92155c7c163d424d2
On 10.9 and 10.10, grant global read access to the Flash sandbox.
Change Flash sandbox levels by adding a new level 1 that includes
global read access which will be the default on 10.9/10.10.
Level 2 is the new default for 10.11 and above with file read
access enabled by file dialog activity.
MozReview-Commit-ID: LvXhd6Vf7mo
--HG--
extra : rebase_source : 946f89937e5bb4506fd6bc8b2c050c86a8b29cc8
I initially tried to avoid this, but decided it was necessary given the number
of times I had to repeat the same pattern of casting a variable to void*, and
then casting it back in a part of code far distant from the original type.
This changes our preference callback registration functions to match the type
of the callback's closure argument to the actual type of the closure pointer
passed, and then casting it to the type of our generic callback function. This
ensures that the callback function always gets an argument of the type it's
actually expecting without adding any additional runtime memory or
QueryInterface overhead for tracking it.
MozReview-Commit-ID: 9tLKBe10ddP
--HG--
extra : rebase_source : 7524fa8dcd5585f5a31fdeb37d95714f1bb94922
Sets the default plugin window type to windowed on Windows. Most of the time, plugins use async drawing so this will be overwritten but it should be properly initialized for cases where we do not switch to async.
This call gated by ifdef OS_WIN - so on Linux it would leak objects that were supposed to be ClearOnShutdown in the plugin process
--HG--
extra : rebase_source : 24c4233ec8735e0176d584b623ad626d0a9b5c3b
nsPluginInstanceOwner currently listens to keypress event only in the
default event group. However, in strict keypress event dispatching mode,
keypress events are not fired in the default event group if the key combination
is not printable. So, nsPluginInstanceOwner should listen to keypress event
also in the system event group and should handle each keypress event only once.
I.e., if printable keypress event is received in the system event group,
it should be ignored since it should've already been handled in the default
event group.
MozReview-Commit-ID: LWTPpz2W5mz
--HG--
extra : rebase_source : d7cd3d2b8312a1dd6e838c1b862eabe1e11e8a2f
Most preference callbacks use literal strings for their domain filters, which
means that there's no need to make copies of them at all. Currently, however,
every preference observer node makes a separate heap-allocated copy of its
domain string.
This patch switches the domain string storage to nsCString instances, which
dramatically reduces the amount of unnecessary copies, at the expense of
making the callback nodes slightly larger.
MozReview-Commit-ID: 8NA3t2JS2UI
--HG--
extra : rebase_source : 628ad9af65cec16fb8be0c8dddc608b5ee5602e2
Any content code except TextComposition shouldn't call nsIWidget::NotifyIM()
since IMEStateManager and TextComposition manage state of the composition.
Therefore, we need to make nsPluginInstanceOwner::RequestCommitOrCancel()
call IMEStateManager::NotifyIME() instead.
Additionally, this method should ignore the request if composition has
already been gone. This patch makes check whether there is a TextComposition
instance for the widget and the composition is handled in the plugin owner
element.
MozReview-Commit-ID: 5cx5X2hGfek
--HG--
extra : rebase_source : 3ff55f877a47ffa74b82af827f1500432b8c272b
This patch is an automatic replacement of s/NS_NOTREACHED/MOZ_ASSERT_UNREACHABLE/. Reindenting long lines and whitespace fixups follow in patch 6b.
MozReview-Commit-ID: 5UQVHElSpCr
--HG--
extra : rebase_source : 4c1b2fc32b269342f07639266b64941e2270e9c4
extra : source : 907543f6eae716f23a6de52b1ffb1c82908d158a
Fairly straightforward, just a blanket removal. Haven't heard
anything on dev-platform or fx-data-dev regarding this removal,
so I think it's likely safe to remove on Nightly, and we can
revert if anyone makes a fuss.
As part of removing the HangMonitor, I renamed a few things and
reorganized the namespaces to not depend on a HangMonitor
namespace. Hopefully this doesn't produce too much noise in the
diff, it just seemed appropriate to move everything around
rather than keep dangling vestiges of the old system.
MozReview-Commit-ID: 8C8NFnOP5GU
--HG--
extra : rebase_source : dd000a05bfc2da40c586644d33ca4508fa5330f6
Inheriting PerThreadAtomCache on CycleCollectedJSContext permits use of
static_cast, avoiding one level of indirection compared to adding a
CycleCollectedJSContext* to PerThreadAtomCache.
PerThreadAtomCache is over 18kB, and so WorkerJSContext and WorkletJSContext
are moved from the stack to the heap.
MozReview-Commit-ID: 6jdJeZcviK4
--HG--
extra : rebase_source : 3c2accb71faf3f017a44c405ae0484e57aaf039c
This was done automatically replacing:
s/mozilla::Move/std::move/
s/ Move(/ std::move(/
s/(Move(/(std::move(/
Removing the 'using mozilla::Move;' lines.
And then with a few manual fixups, see the bug for the split series..
MozReview-Commit-ID: Jxze3adipUh
This permits opening the DLL from the plugin sandbox under the USER_LIMITED sandbox setting (plugin sandbox level 3).
--HG--
extra : rebase_source : cf3719f7b418b3fcbb5244d06203836fd32e3900
extra : histedit_source : 9bacced088b9965cee10c871f3934980e0361dcc
After digging into this, I'm still not entirely sure why the timing
has changed such that the checks don't work immediately. I have a
strong suspicion though that it's simply because our tab switch is
now instant, resulting in the necessary messages just being a
little bit behind. Hopefully this is an acceptable bandaid.
MozReview-Commit-ID: H1wKW1UQBxp
--HG--
extra : rebase_source : 993c3e97852894ddd64561d039fbf0e71d607066
The camera is blocked by the sandbox hardening in part 1. This intercepts and remotes the call to CreateMutexW that causes the camera to fail.
--HG--
extra : rebase_source : 9b1be5c95fda29ce7fe70287b7bb3e66d9562ebe
extra : histedit_source : 5b4d3c17eebb905c1f694489acb7b564ee98c875
Previously, all FunctionBrokers used the same global set of type marshalers to handle IPC. The marshaling behavior is endpoint-dependent so it is done with the EndpointHandler. This patch makes the EndpointHandler used by a specific RPC function into a template parameter to the function's FunctionBroker. It also divides up the current special type handling into two cases -- FileDlgEndpointHandler for plugin file dialog brokering, and SslEndpointHandler for SSL communication brokering.
--HG--
extra : rebase_source : 37e34564bd9dbb0ad8594d4803e7478ca0824b72
extra : histedit_source : 0b54e7b297495a93564090f2671ce76b5e926085
Level 3 changes the plugin process access token from USER_INTERACTIVE to USER_LIMITED.
--HG--
extra : rebase_source : 0a19d18fe903c16979cdc88ad73ed878e2c2d570
extra : histedit_source : 9e4ee6dd168de801e4cba90a32141e1a154c81f1
After digging into this, I'm still not entirely sure why the timing
has changed such that the checks don't work immediately. I have a
strong suspicion though that it's simply because our tab switch is
now instant, resulting in the necessary messages just being a
little bit behind. Hopefully this is an acceptable bandaid.
MozReview-Commit-ID: H1wKW1UQBxp
--HG--
extra : rebase_source : 8ec2277d63add09576518076734ab1f81df3ede3
After digging into this, I'm still not entirely sure why the timing
has changed such that the checks don't work immediately. I have a
strong suspicion though that it's simply because our tab switch is
now instant, resulting in the necessary messages just being a
little bit behind. Hopefully this is an acceptable bandaid.
MozReview-Commit-ID: H1wKW1UQBxp
--HG--
extra : rebase_source : 28ca0c294b08c78174985e493039396edd20d16b
NPAPI may handle a 307 redirect across different origins, while they
should only happen on same origin requests. Have the browser check
this before forwarding to NPAPI.
MozReview-Commit-ID: 5vxMooygI4g
--HG--
extra : rebase_source : 36ab35b389c1746bbfd3482ff68b81bac34e4de1
Aside from making things easier for JS callers, this also makes it harder to
accidentally trigger an early load of the service, which can be expensive
during startup.
This also makes a slight change to nsPluginHost to initially preserve the
previous blocklist state when a plugin is updated, to avoid the risk of the
possible additioanl asynchrony unblocking a plugin that should stay blocked.
MozReview-Commit-ID: 4EvIGJ1Ke0Z
--HG--
rename : toolkit/mozapps/extensions/nsBlocklistService.js => toolkit/mozapps/extensions/Blocklist.jsm
extra : rebase_source : e7047615ea3a728478695c76a0c521b0281f363b
extra : amend_source : b74115abacacd17ae3e8433a534a5bbb541905b0
This will allow us to make nsIPluginTag a builtin class.
This patch also factors out some common logic from AOM plugin tests.
MozReview-Commit-ID: FbXlSE8sjyK
--HG--
extra : rebase_source : 6403a62bcd6d5a1481c0b4d74c41339f659280ca
Ehsan Akhgari
Brian Hackett
Nicholas Nethercote
Henri Sivonen
Ting-Yu Lin
Margareta Eliza Balazs
L. David Baron
Mike Hommey
Gabriele Svelto
Masatoshi Kimura
Jan de Mooij
Noemi Erli
Coroiu Cristina
Cosmin Sabou
Kris Maglione
Narcis Beleuzu
Boris Zbarsky
Brindusan Cristian
Haik Aftandilian
Andrea Marchesini
David Parks
Valentin Gosu
Masayuki Nakano
Aaron Klotz
shindli
Olli Pettay
Jeff Gilbert
Emilio Cobos Álvarez
Chris Peterson
Doug Thayer
Andi-Bogdan Postelnicu
Joel Maher
Karl Tomlinson
Makoto Kato
Jim Mathies
Nika Layzell
Bogdan Tara
Dorel Luca
Kyle Machulis
David Major
Eugen Sawin