Implement manifest v3 CSP that is compatible with the current chrome implementation.
Support for content_security_policy.isolated_world (a.k.a. content_security_policy.content_scripts)
has been removed for consistency with
345390adf6%5E%21/
Differential Revision: https://phabricator.services.mozilla.com/D100573
This is a mechanical change mostly, anything in wasm/simd/spec will
eventually disappear as we pull in the proper spec tests.
Depends on D102398
Differential Revision: https://phabricator.services.mozilla.com/D102399
Pull in a number of new SIMD opcodes, and a change from iNxM.any_true
to v128.any_true. Plus whatever else has landed in the mean time...
Differential Revision: https://phabricator.services.mozilla.com/D102398
This patch makes ChunkBitmap::getMarkWordAndMask into an instance method so that the uses in MarkingValidator access the correct bitmap.
Depends on D101778
Differential Revision: https://phabricator.services.mozilla.com/D102207
When using the `options.repeat`, we consume the `job_list` generator, which
causes it to be empty on the next iteration. This patch forces the content of
the generator to be stored in a list before iterating over it multiple times.
Differential Revision: https://phabricator.services.mozilla.com/D102410
Apple Silicon does not provide any way to figure out the JSCVT flag at runtime.
This patch hard code in the MOZ_AARCH64_JSCVT macro the expected value of the
JSCVT flag expected on Apple Silicon hardware.
Differential Revision: https://phabricator.services.mozilla.com/D101208
We can't assume the data is valid, it breaks fuzzing. Also add some checks and tests
to ensure huge 64-bit values are caught early and aren't truncated on 32-bit platforms.
Differential Revision: https://phabricator.services.mozilla.com/D102291
Changes `js::ObjectClassToString()` to return `nullptr` to mean that the object
has a `@@toStringTag` property or is a proxy.
`MObjectClassToString` had to be changed as follows:
- Needs to be marked as a "guard" instruction, so we don't incorrectly optimise
it away when we should instead bail out, e.g. when the object is a proxy.
- The alias-set has to record that `js::ObjectClassToString()` performs a lookup
for `@@toStringTag`.
- Additionally added an override for `possiblyCalls()` to notify LICM that this
instruction always performs a call.
Differential Revision: https://phabricator.services.mozilla.com/D102135
As a further simplification, `GetBuiltinTagSlow()` can additionally be changed
to return a `JSString*` instead of using an out-param.
And additionally only call `GetBuiltinTagFast()` when we actually need to use
the result. We can't defer calling `GetBuiltinTagSlow()`, because retrieving
`@@toStringTag` can revoke a scripted proxy and revoked proxies throw when
`IsArray` is called on them, which would lead to throwing an exception from
`GetBuiltinTagSlow()`.
Differential Revision: https://phabricator.services.mozilla.com/D102134
With the class-name fallback removed, we can also change `GetBuiltinTag{Fast,Slow}`
to directly return `"[object Object]"`.
Differential Revision: https://phabricator.services.mozilla.com/D102133
Bug 1277801 missed to remove the class-name fallback from `ObjectClassToString()`.
With the class-name fallback removed, `ObjectClassToString()` no longer allocates,
so we can also change it to an ABI call.
Differential Revision: https://phabricator.services.mozilla.com/D102132
This moves the chunk metadata to the start of the chunk and defines the data structures in the public header. This simplifies accessing this data and removes the need for hardcoded offsets.
Requesting review from jandem for JIT updates.
Differential Revision: https://phabricator.services.mozilla.com/D101778
All integral to NumberValue conversions are now handled by the setNumber template,
except for NumberValue(uint32_t) which has to stay constexpr to not add static
constructors to the DOM bindings when compiling with GCC.
This ensures setNumber(x) and NumberValue(x) behave consistently.
Remove unnecessary setMagic/setNumber implementations from HeapBase: the setMagic
implementation was wrong (would always assert) and they should just be inherited
from the base class.
Differential Revision: https://phabricator.services.mozilla.com/D102184
The `sourceEnd` doesn't help with uniqueness so don't include in the key in
order to save space. A function may start in beginning of script, so add 1 to
the sourceStart to generate the key.
Differential Revision: https://phabricator.services.mozilla.com/D102246
|useZeal| already depends on whether the original budget is unlimited so the checks for |isIncremental| are unnecessary. This also makes a couple of other simplifications.
Differential Revision: https://phabricator.services.mozilla.com/D101893
The `sourceEnd` doesn't help with uniqueness so don't include in the key in
order to save space. A function may start in beginning of script, so add 1 to
the sourceStart to generate the key.
Differential Revision: https://phabricator.services.mozilla.com/D102246
It turns out the old code used JSOp::Object not just for the "simple constant values"
case but also when some of the values weren't simple constants. In this case it used
JSOp::Object + JSOp::InitProp ops to initialize the slots.
It's not clear if the original behavior was intentional, because it doesn't match
the comments. We can easily bring this back to fix the youtube-loadtime regression
(related to GC timing) though. This also fixes the comments to mention this case.
Differential Revision: https://phabricator.services.mozilla.com/D102201
Instead of transcoding the ScriptSource immediately when the incremental
encoder is started, we should defer until the 'linearize' step (which still
has access to the ScriptSource). This moves work from page-load to idle.
This does not change the format of the XDR data. The source data ends up in
the same location as before, but has a better chance of using compressed
representation. We also move the VersionCheck encoding while we are at it.
Differential Revision: https://phabricator.services.mozilla.com/D102214
The == and != operators on float registers take into account the type
of the register, so when we compare registers we must coerce to
a common type for the comparison to be meaningful.
I considered moving the guard into moveFloat32 and moveDouble, but
this problem seems to be limited to SIMD code, so I judged that
a local fix was best.
Differential Revision: https://phabricator.services.mozilla.com/D101786
Mike Hommey
Shane Caraveo
Caroline Cullen
Lars T Hansen
Jon Coppeard
Nicolas B. Pierron
Yury Delendik
Tooru Fujisawa
Jan de Mooij
Butkovits Atila
Jonatan Klemets
André Bargull
Ted Campbell
Dorel Luca