in both directions.
72552: Remedy overzealous CHECK_REQUEST placement in jsapi.c, to produce a
minimal-but-complete set of engine entry points that require a Request
for safe execution.
r=brendan, sr=jband, assist=scc,pinkerton
where any occurrence of arguments.length or arguments[0], e.g., would be
"optimized" to use those bytecodes. This is just wrong if the occurrence
is an operand of delete, ++, --, or the left-hand-side of an assignment
operator!
- [jsfun.c, jsinterp.c] args_getProperty etc. must use JS_GetInstancePrivate,
not JS_GetPrivate, as the arguments object is exposed, and can be made a
prototype of other objects that do not have private data, or private data
that's a JSStackFrame*. Same goes for fun_getProperty, js_GetArgument, etc.
- [jsfun.c, jsobj.c, jsstr.c] No need to specialize fun_delProperty and
str_delProperty to help convince users and ECMA conformance tests that
fun.length and str.length are direct properties of instances, instead of
being delegated to Function.prototype.length and String.prototype.length.
This special case is done universally in js_DeleteProperty for all SHARED
and PERMANENT proto-properties.
- [jshash.c] Sneaking this followup-fix for bug 69271 in: use JS_HASH_BITS
rather than hardcoded 32.
- [jsobj.c, jsscope.[ch]] Fix misnamed js_HashValue (it takes a jsid, so it
is now js_HashId).
- [jsscript.c] script_compile needs to call JS_InstanceOf, to ensure that obj
is a Script object.
- Don't ape java.lang.String's bogo-sampling hash function for "long" (>=16
char) strings.
- Theory and practice comment in jsdhash.h helps analyze when to use double
hashing (most of the time) vs. when to use chaining.
- Subroutine ChangeTable from JS_DHashTableOperate so it can be called from
JS_DHashTableEnumerate, if the latter finds that enough entries have been
removed to be worth a shrink or compress cycle.
- teach nsGenericFactory about nsIClassInfo, and nsIClassInfo.idl to the
builds
- add a heaping serving of macro love for classes that want to support it
- convert many modules to use nsGenericModule the new way
- handful of warning and modeline fixes
- nsSample and some XPConnect test classes now have nsIClassInfo support for
testing
r=pchwartau, sr=brendan
Just add an _IS_LITTLE_ENDIAN for XP_OS2 for now. Eventually, we need to figure
out how to get jstypes.h included in here, since it already has a LITTLE_ENDIAN define.
r=pchwartau, sr=brendan
Rework makefile.win and js.mak for the eventual ability to include jstypes.h in fdlibm.h
Not turned on yet because I can't get it working right on Linux
- Fix bug where script jssrcnote vector terminator was not XDRed.
- Ensure that memory is cleared by serializing zero padding bytes as needed
under JS_XDRBytes and JS_XDRString.
- Fix JS_XDRValue to handle undefined and null JS types properly (bug 31003).
Also make it cast from jsint to uint32 and back carefully, so as to work
with negative numbers even on targets where jsval is a signed 64 bit type.
- Add JS_XDRScript public API.
- Optimize the per-JSXDRState class registry so it uses a JSDHashTable upon
searching for a class-id by name in an overpopulated (for linear search)
registry table.
- Clean up API nits such as JS_XDRNewBase => JS_XDRInitBase, with parameter
list rotation to put cx last (JS_XDRInitBase is an infallible init helper,
not an error-reporting, cx-comes-first, API entry point).
- Fix some XXX comments, unneeded masks, other nits.
- Make sure all JS XDR API functions start with JS_XDR.
- Fix scope chain for nested functions at top-level (JSOP_DEFFUN), in a part of another statement (JSOP_CLOSURE), and unnamed in an expression (JSOP_ANONFUNOBJ) to match ECMA-262 13.2. My bad: fp->varobj was used up till now, instead of fp->scopeChain; we still *bind* the name of a statement-level (top or not) nested function in fp->varobj. This fixes bug 69559. (r=rogerl, sr=jband)
- Add an Intern command to the shell, for GC vs. intern'ed atom testing.
until JS_DestroyRuntime is called (68450, r=rginda, sr=jband).
- NUL-terminate tagbuf in tagify, for the HTML helpers such as string.big()
(66648, r=timeless, sr=jband).
- Remove bogus JS_ASSERT(!outermost) from the code that deals with a "#n="
type string being returned from js_EnterSharpObject, where the hash entry
is not yet sharp (because we haven't seen the object twice during depth
first search). This case trivially arises for the outermost object in,
e.g., 'o={}; o.foo=o; uneval(o)'.
- Avoid parenthesizing #n={...} object initializers for uneval, as they are
not ambiguous (whereas {foo:1}, e.g., is ambiguous because it could be a
block statement containing a labeled expression statement, or it could be
an object initializer).
- Death to tabs!
- Optimize compile (parse+emit) operation to generate code for each top-level
statement or function in turn, recycling JSParseNodes as we go for greatly
reduced "long linear script" footprint.
- Fix O(n**2) growth problems in bytecode and srcnote generation.
- Add js_ParseTokenStream entry point to compiler, for tree-generation without
code-generation. Move JSOP_EVAL instruction selection from code-generator to
parser, to match other such specializations and enable js_ParseTokenStream.
- Fix js_CompileTokenStream (and get it right in new js_ParseTokenStream) to
respect JSOPTION_VAROBJFIX.
- Clean up bracing, multi-line conditions, and overlong lines.
Some other small fixes are included. Here is the list...
- Make nsIJSID::id [noscript] because xpconnect automatically builds a nsIJSID
wrapper around nsid values. However, xpconnect does not maintain a table of
those wrappers. So, given the same id twice it will make two nsIJSID wrappers.
This means that property walking could get foo.id.id.id... and not detect that
the different objects represent the same id. nsIJSID already exposes 'number'
so that JS can get the stringified value of the nsid. The nsid struct returned
by 'id' is useful for C++, but only causes problems for JS.
- Fix the nsIXPCScriptable 'IGNORE' handler for GetAttributes to not fail
silently.
- Add 'Components' to global objects as a non-enumerable property for backwards
compatibility and to avoid additional work in property enumeration (esp. in
win.toSource!)
- Expose toSource on wrapped native JSObjects. This just returns an empty object
string: '{}'. It can be overridden by an interface method if present.
- Expose toString on wrapped native JSObjects. It can be overridden by an
interface method if present. Previously we only did this as part of the
Convert op. Now someWrapper.toString will return a callable function.
- Extend the toString behaviour to also print the address of the wrapper in
DEBUG builds only: e.g. "xpconnect wrapped nsIFoo @ 0x12345678". mccabe
convinced me this would be useful. Release build behaviour is unchanged - we
worried that exposing addresses might contribute to possible security exploits.
- Have wrapped native JSObjects use Object.prototype as their proto rather than
have a null proto. Originally this was going to allow delegation to
Object.prototype.toSource, but even without that, this seems like a good thing.
This is implemented by getting Object.prototype from the global object each
time we create a wrapper to allow for spify JS dynamic craziness.
- Use 16bit values in wrappednative property descriptors to save space. It was
only possible to use 16 bits of the pointer-sized ints in the structs anyway.
- Do a security check at enumeration time and only expose those properties that
the caller can actually 'Get'. This fixes the toSource security exception
problem.
- Add a big comment about the problem of reporting uncaught exceptions.
- Fix crashing bug for case where object has no enumerable properties and
xpconnect failed to fill in the zero count.
- Fix NewInstanceJSObject to dig in and find the 'ultimate' parent when
parenting new wrapper JSObject. The old scheme was ending up with hugely
long parent chains in some cases.
r=jst, sr=brendan
- Optimize integer ++ and -- to avoid double-to-int, which is quite costly for
some compilers (ftol on Windows with MSVC).
- Optimized arguments[i] and arguments.length references to use bytecodes that
avoid creating an arguments object for the current frame. This entailed
simplifying the compiler to avoid flagging functions and scripts that set
arguments, since we have code in jsfun.c to catch such sets at runtime.
- The code generator now eliminates useless expression statements, giving a
strict warning about them.
- Rationalized jsemit.c's LookupArgOrVar to have well-defined results in *pn.
Eliminate bytecode specializations for argument and local variable gets and
sets from jsparse.c -- these precede jsemit.c's LookupArgOrVar and frustrate
it, by setting pn_slot non-negative too early.
- Code generation errors set report->filename and report->lineno, rather than
hacking "{0}, line {1}: " into the localized message.
- Bogus JSFRAME_VAROBJBUG removed, JSOPTION_VAROBJFIX is sufficient.
- Spruce up jsinterp.c macros to use JS_BEGIN/END_MACRO brackets if possible.
- Avoid calling JS_PropertyStub. The call is too costly compared to a branch
in the caller.
- Optimize integer ++ and -- to avoid double-to-int, which is quite costly for
some compilers (ftol on Windows with MSVC).
- Optimized arguments[i] and arguments.length references to use bytecodes that
avoid creating an arguments object for the current frame. This entailed
simplifying the compiler to avoid flagging functions and scripts that set
arguments, since we have code in jsfun.c to catch such sets at runtime.
- The code generator now eliminates useless expression statements, giving a
strict warning about them.
- Rationalized jsemit.c's LookupArgOrVar to have well-defined results in *pn.
- Code generation errors set report->filename and report->lineno, rather than
hacking "{0}, line {1}: " into the localized message.
- Bogus JSFRAME_VAROBJBUG removed, JSOPTION_VAROBJFIX is sufficient.
- Spruce up jsinterp.c macros to use JS_BEGIN/END_MACRO brackets if possible.
- Avoid calling JS_PropertyStub. The call is too costly compared to a branch
in the caller.
Backing out Brendan's previous checkin for bug #65553 (jsapi.c, jsdbgapi.c, jsemit.c, jsinterp.c, jsinterp.h, jsobj.c, and jsscript.c), so we can get smoke tests going.
r=attinasi@netscape.com (sheriff)
Along the way, Patrick also fixed a bug that's been with the JS engine on the mac for more than three years; used to be that Mac dates throughout the year were displayed according to the machine's *current* daylight savings time setting; now they display properly and all is well with the world.
Dependent on recent checkin fixing 61577, adding needed time library to the mac build.X
r=mccabe
especially to jband for his great stress-test setup and particularly helpful
(in terms of reproducing bugs in draft patches) MP and laptop machines.
- Radical(*) object (scope) locking optimization: don't lock if a scope is
accessed on the context that exclusively owns it (initially, the context
on which the scope was created). Once a scope becomes shared among more
than one owner-context, give it the usual thin or fat lock, per existing
jslock.c code.
I did this at the memory cost of another word per JSScope, ownercx, which
raised scope size from 12 to 13 words if !DEBUG. I also added a linked
list head pointer, rt->scopeSharingTodo, and a scopeSharingDone condition
variable to JSRuntime, and a scopeToShare pointer to JSContext that's
necessary for deadlock avoidance.
The rt->scopeSharingTodo list links JSScopes through the scope->u.link
union arm, which overlays the pre-existing scope->count (now u.count)
member. This list holds scopes still exclusively owned by a context, but
wanted by js_LockScope calls active on other threads. Those calls wait
on the rt->scopeSharingDone condition, which is notified every time an
owner-context ends the request running on it, in which code active on
that context may be using scope freely until end of request.
The code that waits on rt->scopeSharingDone must first suspend any and
all requests active on the calling context, and resume those contexts
after the wait is notified. This means a GC could happen while the
thread locking a scope owned by another thread's context blocks; all
calls to JS_LOCK_OBJ must therefore first home fp->sp above any live
operands, e.g. The interpreter takes care to do that already.
To avoid AB-BA deadlocks, if a js_LockScope attempt on one context finds
that the owner-context of the scope is already waiting on a scope owned
by the current context (or indirectly depending on such a scope lock),
the attempt converts the scope from lock-free exclusive ownership to
shared ownership (thin or fat lock).
- Fix js_SetupLocks and the js_LockGlobal/js_UnlockGlobal code to avoid
divmod instruction costs, strength-reducing to bit-mask instructions.
- The radical lock-free scope change required care in handling the 0=>1
and 1=>0 transitions of cx->requestDepth, which was till now thread-local
because part of the JSContext not manipulated by other threads. It's
still updated only by cx's thread, but it is read by other threads in
the course of attempting to claim exclusive ownership of a scope for more
lock-free JS object operations.
- The JS_SuspendRequest and JS_ResumeRequest APIs have changed incompatibly
to require their caller to save and restore the requestCount found when
JS_SuspendRequest is called. This is necessary to avoid deadlock; sorry
for the incompatible change.
- Fixed various nits in jslock.[ch], including using Init/Finish rather
than New/Destroy for the methods that take a JSThinLock and initialize
and finish/free its members. Another example: JS_ATOMIC_ADDREF is now
JS_ATOMIC_INCREMENT and JS_ATOMIC_DECREMENT, so the two cases can be
mapped to PR_AtomicIncrement and PR_AtomicDecrement. This entailed
changing jsrefcount from jsword to int32 (PRInt32).
- No need to use JS_ATOMIC_INCREMENT on JSScopeProperty.nrefs, as it is
always and everywhere protected by the property's JSScope.lock.
- Cleaned up gratuitous casts in jscntxt.c by using &cx->links, etc.
- The lock used for mutual exclusion around both request begin and end vs.
GC synchronization is rt->gcLock, and this lock now also protects all
scope->ownercx pointer changes from non-null (exclusive) to null (shared),
the rt->scopeSharingTodo/scope->u.link list operations, and of course the
rt->scopeSharingDone condition.
But this means that js_GC cannot hold rt->gcLock across the bulk of its
body, in particular the mark phase, during which JS_GetPrivate calls,
e.g., may need to "promote" scope locks from lock-free to thin or fat,
because doing so would double-trip. There never was any good reason to
hold rt->gcLock so long, of course -- locks are for mutual exclusion, not
for waiting or notifying a thread -- those operations require a condition,
rt->gcDone, which we already use along with rt->gcLevel to keep racing GC
attempts at bay.
So now that rt->gcLock does not protect the mark phase, the enumeration
of rt->gcRootsHash can race badly with JS_RemoveRootRT, an API that may
legitimately be called outside of a request, without even a context. It
turns out that people may be cheating on the request model even with
JS_AddRoot, JS_AddNamedRoot, and JS_RemoveRoot calls, so we must make
all of those interlock with the GC using gcLevel and gcDone, unless they
are called on the gcThread.
Also, since bug 49816 was fixed, there has been no need for a separate
finalize phase, or for rt->gcFinalVec. Finalizers can no longer allocate
newborn GC-things that might be swept (because unmarked), or double-trip
on rt->gcLock (which is no longer held). So js_GC finalizes as it sweeps,
just as it did in days of old.
- I added comments to jslock.h making it plain that callers of JS_LOCK_OBJ
and JS_UNLOCK_OBJ must either be implementations of js_ObjectOps hooks,
or code reachable only from those hooks; or else must be predicated on
OBJ_IS_NATIVE tests. It turns out jsinterp.c's CACHED_GET and CACHED_SET
macros neglected to do such tests, limiting the ability of JS embeddings
to implement JSObjectOps with their own non-JSScope JSObjectMap subclass.
Fixed, small performance hit that the lock-free optimization should more
than make up for.
- jslock.c now gives a #error if you try to compile it on a platform that
lacks a compare-and-swap instruction. The #error says to use NSPR locks.
Before this change, some platforms would emulate compare-and-swap using
a global PRLock, which is always worse in runtime than using per-scope
PRLocks.
Make try { ... } catch(exn) { return exn } work by ensuring that the return value (exn) is maintained on the stack as we pop off scopes to return from the try/catch/finally. The newly added JSOP_SWAP opcode helps us bubble.
This fixes a regression uncovered by the fix to 56716.
(I've noticed that this causes *depend* builds of the standalone JS shell to crash on this construct, but I've tested in the Mozilla build, and the dependencies seem to solve the problem there.)
r=brendan.mozilla.org
sr=jband@netscape.com
Fixes for OSF; they they assume the existence of /share/builds/components/[jdk|nspr]/SOME_VERSION/etc/etc. Sorry, external folks!
Not part of the Mozilla build.
Fixes for Linux and SunOS; they assume the existence of /share/builds/components/[jdk|nspr]/SOME_VERSION/etc/etc. Sorry, external folks!
Not part of the Mozilla build.
ECMA-262 octal literals. Old code would split 08 into 0 and 8 if JS1.2 or
other non-ECMA version, and always split 078 into 07 and 8, resulting in
missing ; syntax errors.
- Fix CheckFinalReturn to be aware of JS_HAS_EXCEPTIONS, finally (sic). Lots
of help from jag (Peter Annema, disttsc@bart.nl), thank him.
Both changes got lumped under bug 49233, and are r=jband, sr=shaver.
- Fix bug 54264 from Jon Smirl <jonsmirl@mediaone.net>
Do cleanup of thread local storage on main thread.
- Fix bug 54275 from Jon Smirl <jonsmirl@mediaone.net>
Release components in shell before shutting down xpcom
- Fix bug 54310 from Jon Smirl <jonsmirl@mediaone.net>
Call JS_DestroyScript in xpcshell and js.c
- Fix bug 54352 from Jon Smirl <jonsmirl@mediaone.net>
Cleanup what static data we can in xpclog.
- Initial fix of bug 54473
Don't report warnings as errors in wrapped JS calls.
- Fix bug 54462 from Mark Hammond <MarkH@ActiveState.com>
Fix jband's stupid use of uint8 for method indexes.
- Use environment rather than prefs for #ifdef'd debug options
- Don't report NS_ERROR_FACTORY_REGISTER_AGAIN as an error.
r=mccabe@netscape.coma=jband@netscape.com
us less unthreadsafe. Use THREADSAFE nsISupports impl macro. bug 52936
- Add JS_{Begin,End}Request. bug 39373
- Call xpc->InitClass on each global - not just the superglobal. bug 52591
- Remove some gotos using auto classes for cleanup.
- Converted WITH_SERVICE calls to do_GetService.
- Consistent placement of contractID strings.
a=shaver@mozilla.org
by char, by using a larger chunk size (64 chars) for linear growth. Also got
rid of ASCII-oriented add_bytes subroutine and related sprintf usage.
- Avoid reloading loop invariant str->chars all the time in encode and decode.
- Avoid creating garbage strings for unescaped and reserved character sets, by
using statically initialized jschar array constants.
- Expand tabs, clean up 80th column violations, use prevailing style, etc.
in part (the entire patch made JSContexts ref-counted, but that is not an API
compatible change, and it doesn't help clean up at JS_Finish time if the API
user leaks JSContext refs anyway). 52835, r=jband.
- First part of 64-bit portability fix for 52792, r=jnance. More work needed.
- Fix bogus assert and minimization in js_AllocStack, too.
- All jsvals for which JSVAL_IS_GCTHING evaluates to true must contain tagged
pointers into the GC heap -- therefore jsapi.c's JS_DefineConstDoubles cannot
"cheat" by tagging addresses of static jsdoubles to avoid js_NewNumberValue.
- Finalization is now interleaved with the Sweep phase, to avoid allocating
memory for finalization records while sweeping. Instead, the JSRuntime holds a
preallocated JSGCThing vector (gcFinalVec) that the Sweep phase fills and
flushes via gc_finalize_phase, repeatedly.
This means that finalizers cannot allocate a new GC thing, an incompatible but
plausible change. js_AllocGCThing asserts and then checks whether it is called
while rt->gcLevel is non-zero, and fails the allocation attempt if so. But this
fixes bug 38942, where the old sweep-then-finalize with a sweep => malloc
dependency could lead to memory exhaustion.
- Instead of scanning whole stackPool arenas, which led to UMRs (bug 27924) and
sometimes to gross over-scanning that depended on the GC bounds-checking all
thing pointers against its heap, we scan exactly those stack slots in use:
- arguments reachable from fp->argv;
- variables reachable from fp->vars;
- operands now reachable from fp->spbase, bounded above by the lesser of
fp->sp or fp->spbase + fp->script->depth for an interpreted frame; if the
latter, fp->sp has advanced logically above the operand budget, in order to
call a native method, and all unused slots from fp->sp up to depth slots
above fp->spbase must be set to JSVAL_VOID;
- stack segments pushed when calling native methods, prefixed by JSStackHeader
structs and linked from cx->stackSegments through each header.
The stack segment headers help the GC avoid scanning unused portions of the
stack: the generating pc slots running depth slots below fp->spbase, and slots
at the end of an arena that aren't sufficient to satisfy a contiguous allocation
for more args, vars, or operands.
- Exact GC means the stack pointer must remain above live operands until the
interpreter is done with them, so jsinterp.c got heavily whacked. Instead of
POPs of various kinds followed by a PUSH for binary operators (e.g.), we use
FETCH and STORE macros that index by -1 and -2 from sp, and minimize adjustments
to sp. When sp is homed to fp->sp, this allows js_DecompileValueGenerator to
find the value reliably, and if possible its generating pc.
- Finally, the O(n**2) growth rate of gc_find_flags has been fixed, using the
scheme sketched in bug 49816 and documented in a new major comment in jsgc.c.
Briefly, by allocating flags and things from one arena, we can align things on
1024-byte "thing page" boundaries, and use JSGCPageInfo headers in each page to
find a given thing's flags in O(1) time.
/be
- #if JS_HAS_LVALUE_RETURN around cx->rval2/rval2set defs and uses.
- Instrument different kinds of invocations, #ifdef DEBUG only.
- Clean up basis case of empty switch statement to use high = -1, low = 0,
requiring care when optimizing in-range tests using unsigned casts, but
freeing the interpreter and decompiler from having to do an extra test
before looping from low to high.
- Clean up all codegen to use JUMP_OFFSET_LEN, ATOM_INDEX_LEN, etc. instead of
magic 2 or 4.
- Add JSOP_TRY and JSOP_FINALLY no-ops to save a srcnote per JSOP_NOP, and to
make decompilation and jit'ing easier.
- Minimize number of source notes to maximize SRC_XDELTA span.
- Use JSSCRIPT_FIND_CATCH_START in throw code.
- Indentation and bracing nits picked.
Check for empty element case in array literals ( first element in [,'foo'] ) now uses the next token instead of the previous one when constructing the node, so the first element gets TOK_COMMA instead of TOK_LB.
This fixes a crash from previously accepted JS.
r=rogerl
JS Components, and teaching the ScriptSecurityManager to check for
XPC-wrapped native objects in the scope chain when looking for an
object's principal. r=jband/a=brendan
Always copy the current line string out of the token buffer when generating an error report, rather than just passing the token buffer itself. The token buffer wasn't necessarily a well-terminated string, so displaying the contents of the string in the error report produced unexpected results.
The unicode string in the error report is owned by a JSString; this string is rooted for the (stack-based) lifetime of the error report.
Fix courtesy jband.
r=mccabe
a=beard
Always create an error report, even when there is no current stack frame and it might be empty. This fixes an API regression; we used to allow JS_ReportError to be called from the API when no JavaScript was running.
r=rogerl
a=beard
cls%seawood.org
beard%netscape.com
brendan%mozilla.org
shaver%mozilla.org
rickg%netscape.com
scc%mozilla.org
pinkerton%netscape.com
mkaply%us.ibm.com
waterson%netscape.com
disttsc%bart.nl
dmose%netscape.com
rginda%netscape.com
dprice%netscape.com
pschwartau%netscape.com
rogerl%netscape.com
jband%netscape.com
sspitzer%netscape.com
dveditz%netscape.com
dbaron%fas.harvard.edu
kin%netscape.com
mccabe%netscape.com
mstoltz%netscape.com
pavel%gingerall.cz
danm%netscape.com
jeff.dyer%compilercompany.com
rayw%netscape.com
alla%lysator.liu.se
waldemar%netscape.com
conrad%ingress.com
putterman%netscape.com
morse%netscape.com
dougt%netscape.com
mcafee%netscape.com
syd%netscape.com
jdunn%netscape.com