This version of the blocklist should be functionally comparable to the mozglue
based blocklist, except:
* We hook NtMapViewOfSection instead of LdrLoadDll: The former allows us to
easily obtain the module file name being used for the load. The latter
requires us to essentially emulate the loader's path searching, which is
a perf hit, potentially a correctness issue, and more work to do given the
limited native NT API set.
* Since the paths in native NT land are all unicode, and since this code is
critical to startup performance, this version of the blocklist uses unicode
strings instead of ASCII strings. My thoughts here are that we don't want to
be wasting time on every DLL load doing ASCII-to-unicode conversion every
time we want to do a blocklist string comparison.
* I am completely aware that this leaves us in a bizarre situation where we have
two copies of the blocklist in our binaries: one unicode version in firefox.exe,
and one ASCII version in mozglue.dll. Once we (hopefully) move to using the
launcher process by default, the ASCII copy can go away. In the meantime, we
need to be able to use either one depending on how Firefox was started. I am
happy to make the Native NT blocklist Nightly-only to assuage these concerns.
--HG--
extra : rebase_source : ff3097518f9393eb0e38d7852bb8a268d3948b49
* This allows us to use a single blocklist definition in multiple places.
* This patch also adds support for a new initialization flag that, when enabled,
disables the DLL Blocking part of the mozglue blocklist but leaves the
profiling and stackwalking suppression bits intact.
--HG--
extra : rebase_source : ff4dad72f57c5662fc9e1bbd9e4efb3ff01470ef
Before this patch, nsNSSComponent initialization would call PK11_ConfigurePKCS11
with some localized strings, which contributed to startup time. Also,
PK11_UnconfigurePKCS11 was never called, so the memory allocated to these
strings would stick around forever. This patch addresses both of these problems
by not calling PK11_ConfigurePKCS11. This means that some properties of NSS'
internal "PKCS#11 slots/tokens" have to be localized when displaying them to the
user.
MozReview-Commit-ID: BbAgbgpFfFG
--HG--
extra : rebase_source : b633da8fea683675d0c0514a378954332afeb024
Currently, many tasks fetch content from the Internets. A problem with
that is fetching from the Internets is unreliable: servers may have
outages or be slow; content may disappear or change out from under us.
The unreliability of 3rd party services poses a risk to Firefox CI.
If services aren't available, we could potentially not run some CI tasks.
In the worst case, we might not be able to release Firefox. That would
be bad. In fact, as I write this, gmplib.org has been unavailable for
~24 hours and Firefox CI is unable to retrieve the GMP source code.
As a result, building GCC toolchains is failing.
A solution to this is to make tasks more hermetic by depending on
fewer network services (which by definition aren't reliable over time
and therefore introduce instability).
This commit attempts to mitigate some external service dependencies
by introducing the *fetch* task kind.
The primary goal of the *fetch* kind is to obtain remote content and
re-expose it as a task artifact. By making external content available
as a cached task artifact, we allow dependent tasks to consume this
content without touching the service originally providing that
content, thus eliminating a run-time dependency and making tasks more
hermetic and reproducible over time.
We introduce a single "fetch-url" "using" flavor to define tasks that
fetch single URLs and then re-expose that URL as an artifact. Powering
this is a new, minimal "fetch" Docker image that contains a
"fetch-content" Python script that does the work for us.
We have added tasks to fetch source archives used to build the GCC
toolchains.
Fetching remote content and re-exposing it as an artifact is not
very useful by itself: the value is in having tasks use those
artifacts.
We introduce a taskgraph transform that allows tasks to define an
array of "fetches." Each entry corresponds to the name of a "fetch"
task kind. When present, the corresponding "fetch" task is added as a
dependency. And the task ID and artifact path from that "fetch" task
is added to the MOZ_FETCHES environment variable of the task depending
on it. Our "fetch-content" script has a "task-artifacts"
sub-command that tasks can execute to perform retrieval of all
artifacts listed in MOZ_FETCHES.
To prove all of this works, the code for fetching dependencies when
building GCC toolchains has been updated to use `fetch-content`. The
now-unused legacy code has been deleted.
This commit improves the reliability and efficiency of GCC toolchain
tasks. Dependencies now all come from task artifacts and should always
be available in the common case. In addition, `fetch-content` downloads
and extracts files concurrently. This makes it faster than the serial
application which we were previously using.
There are some things I don't like about this commit.
First, a new Docker image and Python script for downloading URLs feels
a bit heavyweight. The Docker image is definitely overkill as things
stand. I can eventually justify it because I want to implement support
for fetching and repackaging VCS repositories and for caching Debian
packages. These will require more packages than what I'm comfortable
installing on the base Debian image, therefore justifying a dedicated
image.
The `fetch-content static-url` sub-command could definitely be
implemented as a shell script. But Python is readily available and
is more pleasant to maintain than shell, so I wrote it in Python.
`fetch-content task-artifacts` is more advanced and writing it in
Python is more justified, IMO. FWIW, the script is Python 3 only,
which conveniently gives us access to `concurrent.futures`, which
facilitates concurrent download.
`fetch-content` also duplicates functionality found elsewhere.
generic-worker's task payload supports a "mounts" feature which
facilitates downloading remote content, including from a task
artifact. However, this feature doesn't exist on docker-worker.
So we have to implement downloading inside the task rather than
at the worker level. I concede that if all workers had generic-worker's
"mounts" feature and supported concurrent download, `fetch-content`
wouldn't need to exist.
`fetch-content` also duplicates functionality of
`mach artifact toolchain`. I probably could have used
`mach artifact toolchain` instead of writing
`fetch-content task-artifacts`. However, I didn't want to introduce
the requirement of a VCS checkout. `mach artifact toolchain` has its
origins in providing a feature to the build system. And "fetching
artifacts from tasks" is a more generic feature than that. I think
it should be implemented as a generic feature and not something that is
"toolchain" specific.
I think the best place for a generic "fetch content" feature is in
the worker, where content can be defined in the task payload. But as
explained above, that feature isn't universally available. The next
best place is probably run-task. run-task already performs generic,
very-early task preparation steps, such as performing a VCS checkout.
I would like to fold `fetch-content` into run-task and make it all
driven by environment variables. But run-task is currently Python 2
and achieving concurrency would involve a bit of programming (or
adding package dependencies). I may very well port run-task to Python
3 and then fold fetch-content into it. Or maybe we leave
`fetch-content` as a standalone script.
MozReview-Commit-ID: AGuTcwNcNJR
--HG--
extra : rebase_source : 4918b8c3bac53d63665006802054038bfbca0314
* Add option for second focus point in PinchWithTouchInput
* Integrate content controller in PinchWithTouchInput
* Move PinchWithTouchInput implementation to APZCTesterBase
* Move CreateSingleTouchData to APZTestCommon.h
* Add optional PinchOptions parameter to PinchWithTouchInput
PinchOptions dictates which fingers should be lifted at
the end of the simulated pinch gesture. The default is to
lift BOTH fingers.
--HG--
extra : rebase_source : 9a2c5d1a6a8a6ed97869d3e9d643e2a805f5dfd0
extra : amend_source : b5d2976cc3c5203069a532d228e006365e4da320
Previously, the new wasm sign extension ops were part of the threads
proposal and so our test cases would guard on those ops using
wasmThreadsSupported().
But now that the extension ops have landed independently of the
threads proposal that guard is incorrect. So just remove the guard;
we don't need it.
--HG--
extra : rebase_source : de854748195f40978837217acbb1ed62fd977ed4
extra : histedit_source : 136233feee89f79ec514701a22fba85ac03d1a5f
Emilio Cobos Álvarez
Cosmin Sabou
Jan de Mooij
Tooru Fujisawa
Mike Hommey
Aaron Klotz
Ryan VanderMeulen
Bogdan Tara
Ted Campbell
David Keeler
Zibi Braniecki
Brian Stack
Gurzau Raul
Narcis Beleuzu
Gregory Szorc
Andreea Pavel
jlogandavison
Christoph Kerschbaumer
Lars T Hansen
Francois Marier
Csoregi Natalia
Joel Maher
Jared Wein
Dave Hunt
Sylvestre Ledru