summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorMark Benvenuto <mark.benvenuto@mongodb.com>2017-03-23 17:01:11 -0400
committerMark Benvenuto <mark.benvenuto@mongodb.com>2017-03-23 17:01:11 -0400
commitf27a5631a6cb48d3e4a2b2888ede44edf66960cd (patch)
treea7e0501982b15a1d71b2fa1a8d73ce13aba9274f /src
parentcb4b8b622f30e4ffdaec101c70b2ab4438d3567a (diff)
downloadmongo-f27a5631a6cb48d3e4a2b2888ede44edf66960cd.tar.gz
Revert "SERVER-28400 Firefox ESR 45.8.0"
This reverts commit 41d56f108e341c88fe26632084d6140ea75813c0.
Diffstat (limited to 'src')
-rw-r--r--src/third_party/mozjs-45/SConscript8
-rw-r--r--src/third_party/mozjs-45/extract/js/public/GCAPI.h2
-rw-r--r--src/third_party/mozjs-45/extract/js/src/NamespaceImports.h7
-rw-r--r--src/third_party/mozjs-45/extract/js/src/asmjs/AsmJSModule.cpp14
-rw-r--r--src/third_party/mozjs-45/extract/js/src/builtin/MapObject.cpp52
-rw-r--r--src/third_party/mozjs-45/extract/js/src/builtin/MapObject.h6
-rw-r--r--src/third_party/mozjs-45/extract/js/src/ds/OrderedHashTable.h28
-rw-r--r--src/third_party/mozjs-45/extract/js/src/gc/Allocator.cpp11
-rw-r--r--src/third_party/mozjs-45/extract/js/src/gc/GCRuntime.h2
-rw-r--r--src/third_party/mozjs-45/extract/js/src/gc/Heap.h4
-rw-r--r--src/third_party/mozjs-45/extract/js/src/gc/Marking.cpp88
-rw-r--r--src/third_party/mozjs-45/extract/js/src/gc/Marking.h14
-rw-r--r--src/third_party/mozjs-45/extract/js/src/gc/Zone.cpp1
-rw-r--r--src/third_party/mozjs-45/extract/js/src/irregexp/RegExpEngine.cpp7
-rw-r--r--src/third_party/mozjs-45/extract/js/src/jit/BaselineIC.cpp14
-rw-r--r--src/third_party/mozjs-45/extract/js/src/jit/BaselineJIT.cpp11
-rw-r--r--src/third_party/mozjs-45/extract/js/src/jit/ExecutableAllocator.cpp47
-rw-r--r--src/third_party/mozjs-45/extract/js/src/jit/ExecutableAllocator.h40
-rw-r--r--src/third_party/mozjs-45/extract/js/src/jit/ExecutableAllocatorPosix.cpp108
-rw-r--r--src/third_party/mozjs-45/extract/js/src/jit/ExecutableAllocatorWin.cpp289
-rw-r--r--src/third_party/mozjs-45/extract/js/src/jit/Ion.cpp12
-rw-r--r--src/third_party/mozjs-45/extract/js/src/jit/IonAnalysis.cpp6
-rw-r--r--src/third_party/mozjs-45/extract/js/src/jit/IonBuilder.cpp11
-rw-r--r--src/third_party/mozjs-45/extract/js/src/jit/IonCaches.cpp20
-rw-r--r--src/third_party/mozjs-45/extract/js/src/jit/IonCode.h2
-rw-r--r--src/third_party/mozjs-45/extract/js/src/jit/JitcodeMap.cpp37
-rw-r--r--src/third_party/mozjs-45/extract/js/src/jit/JitcodeMap.h12
-rw-r--r--src/third_party/mozjs-45/extract/js/src/jit/Lowering.cpp4
-rw-r--r--src/third_party/mozjs-45/extract/js/src/jit/ProcessExecutableMemory.cpp607
-rw-r--r--src/third_party/mozjs-45/extract/js/src/jit/ProcessExecutableMemory.h46
-rw-r--r--src/third_party/mozjs-45/extract/js/src/jit/SharedIC.cpp8
-rw-r--r--src/third_party/mozjs-45/extract/js/src/jit/VMFunctions.cpp14
-rw-r--r--src/third_party/mozjs-45/extract/js/src/jsarray.cpp10
-rw-r--r--src/third_party/mozjs-45/extract/js/src/jsatom.cpp3
-rw-r--r--src/third_party/mozjs-45/extract/js/src/jsatom.h19
-rw-r--r--src/third_party/mozjs-45/extract/js/src/jsatominlines.h7
-rw-r--r--src/third_party/mozjs-45/extract/js/src/jscntxt.h1
-rw-r--r--src/third_party/mozjs-45/extract/js/src/jscompartment.cpp22
-rw-r--r--src/third_party/mozjs-45/extract/js/src/jscompartment.h18
-rw-r--r--src/third_party/mozjs-45/extract/js/src/jsgc.cpp49
-rw-r--r--src/third_party/mozjs-45/extract/js/src/jsgc.h6
-rw-r--r--src/third_party/mozjs-45/extract/js/src/jsgcinlines.h36
-rw-r--r--src/third_party/mozjs-45/extract/js/src/jsiter.cpp12
-rw-r--r--src/third_party/mozjs-45/extract/js/src/jsmath.cpp10
-rw-r--r--src/third_party/mozjs-45/extract/js/src/jsmath.h3
-rw-r--r--src/third_party/mozjs-45/extract/js/src/jswatchpoint.cpp5
-rw-r--r--src/third_party/mozjs-45/extract/js/src/jsweakmap.cpp2
-rw-r--r--src/third_party/mozjs-45/extract/js/src/jsweakmap.h18
-rw-r--r--src/third_party/mozjs-45/extract/js/src/moz.build8
-rw-r--r--src/third_party/mozjs-45/extract/js/src/proxy/Wrapper.cpp5
-rw-r--r--src/third_party/mozjs-45/extract/js/src/vm/Debugger.cpp14
-rw-r--r--src/third_party/mozjs-45/extract/js/src/vm/Debugger.h2
-rw-r--r--src/third_party/mozjs-45/extract/js/src/vm/Initialization.cpp7
-rw-r--r--src/third_party/mozjs-45/extract/js/src/vm/ObjectGroup.cpp66
-rw-r--r--src/third_party/mozjs-45/extract/js/src/vm/RegExpObject.cpp2
-rw-r--r--src/third_party/mozjs-45/extract/js/src/vm/Runtime.cpp27
-rw-r--r--src/third_party/mozjs-45/extract/js/src/vm/Runtime.h9
-rw-r--r--src/third_party/mozjs-45/extract/js/src/vm/Shape.h28
-rw-r--r--src/third_party/mozjs-45/extract/js/src/vm/String-inl.h17
-rw-r--r--src/third_party/mozjs-45/extract/js/src/vm/String.cpp17
-rw-r--r--src/third_party/mozjs-45/extract/js/src/vm/String.h105
-rw-r--r--src/third_party/mozjs-45/extract/js/src/vm/Symbol.cpp8
-rw-r--r--src/third_party/mozjs-45/extract/js/src/vm/Symbol.h26
-rw-r--r--src/third_party/mozjs-45/extract/js/src/vm/TypeInference.cpp10
-rw-r--r--src/third_party/mozjs-45/extract/js/src/vm/TypeInference.h2
-rw-r--r--src/third_party/mozjs-45/extract/js/src/vm/TypedArrayObject.cpp43
-rw-r--r--src/third_party/mozjs-45/extract/js/src/vm/UnboxedObject.cpp4
-rw-r--r--src/third_party/mozjs-45/extract/mfbt/HashFunctions.h85
-rw-r--r--src/third_party/mozjs-45/get-sources.sh2
-rw-r--r--src/third_party/mozjs-45/include/js/GCAPI.h2
-rw-r--r--src/third_party/mozjs-45/include/mozilla/HashFunctions.h85
-rw-r--r--src/third_party/mozjs-45/platform/aarch64/linux/build/js-confdefs.h6
-rw-r--r--src/third_party/mozjs-45/platform/aarch64/linux/include/js-config.h2
-rw-r--r--src/third_party/mozjs-45/platform/ppc64le/linux/build/js-confdefs.h6
-rw-r--r--src/third_party/mozjs-45/platform/ppc64le/linux/include/js-config.h2
-rw-r--r--src/third_party/mozjs-45/platform/s390x/linux/build/js-confdefs.h6
-rw-r--r--src/third_party/mozjs-45/platform/s390x/linux/include/js-config.h2
-rw-r--r--src/third_party/mozjs-45/platform/x86_64/freebsd/build/js-confdefs.h6
-rw-r--r--src/third_party/mozjs-45/platform/x86_64/freebsd/include/js-config.h2
-rw-r--r--src/third_party/mozjs-45/platform/x86_64/linux/build/js-confdefs.h6
-rw-r--r--src/third_party/mozjs-45/platform/x86_64/linux/include/js-config.h2
-rw-r--r--src/third_party/mozjs-45/platform/x86_64/macOS/build/js-confdefs.h6
-rw-r--r--src/third_party/mozjs-45/platform/x86_64/macOS/include/js-config.h2
-rw-r--r--src/third_party/mozjs-45/platform/x86_64/openbsd/build/js-confdefs.h6
-rw-r--r--src/third_party/mozjs-45/platform/x86_64/openbsd/include/js-config.h2
-rw-r--r--src/third_party/mozjs-45/platform/x86_64/solaris/build/js-confdefs.h6
-rw-r--r--src/third_party/mozjs-45/platform/x86_64/solaris/include/js-config.h2
-rw-r--r--src/third_party/mozjs-45/platform/x86_64/windows/build/js-confdefs.h6
-rw-r--r--src/third_party/mozjs-45/platform/x86_64/windows/include/js-config.h2
89 files changed, 811 insertions, 1588 deletions
diff --git a/src/third_party/mozjs-45/SConscript b/src/third_party/mozjs-45/SConscript
index 4e9a8b07f9c..dae5ab61ccb 100644
--- a/src/third_party/mozjs-45/SConscript
+++ b/src/third_party/mozjs-45/SConscript
@@ -91,7 +91,6 @@ env.Prepend(CPPPATH=[
sources = [
"extract/js/src/builtin/RegExp.cpp",
"extract/js/src/frontend/Parser.cpp",
- "extract/js/src/jit/ProcessExecutableMemory.cpp",
"extract/js/src/jsarray.cpp",
"extract/js/src/jsatom.cpp",
"extract/js/src/jsmath.cpp",
@@ -113,6 +112,13 @@ if env.TargetOSIs('windows'):
env.Prepend(CPPDEFINES=[
("_CRT_RAND_S", "1")
])
+ sources.extend([
+ "extract/js/src/jit/ExecutableAllocatorWin.cpp",
+ ])
+else:
+ sources.extend([
+ "extract/js/src/jit/ExecutableAllocatorPosix.cpp",
+ ])
sources.extend(Glob('platform/' + env["TARGET_ARCH"] + "/" + env["TARGET_OS"] + "/build/*.cpp")),
diff --git a/src/third_party/mozjs-45/extract/js/public/GCAPI.h b/src/third_party/mozjs-45/extract/js/public/GCAPI.h
index 84b6150c36f..90f8e4eba3f 100644
--- a/src/third_party/mozjs-45/extract/js/public/GCAPI.h
+++ b/src/third_party/mozjs-45/extract/js/public/GCAPI.h
@@ -566,6 +566,8 @@ namespace gc {
static MOZ_ALWAYS_INLINE void
ExposeGCThingToActiveJS(JS::GCCellPtr thing)
{
+ MOZ_ASSERT(thing.kind() != JS::TraceKind::Shape);
+
/*
* GC things residing in the nursery cannot be gray: they have no mark bits.
* All live objects in the nursery are moved to tenured at the beginning of
diff --git a/src/third_party/mozjs-45/extract/js/src/NamespaceImports.h b/src/third_party/mozjs-45/extract/js/src/NamespaceImports.h
index 929263e69f4..05a0e5dcf51 100644
--- a/src/third_party/mozjs-45/extract/js/src/NamespaceImports.h
+++ b/src/third_party/mozjs-45/extract/js/src/NamespaceImports.h
@@ -49,10 +49,6 @@ class MOZ_STACK_CLASS SourceBufferHolder;
class HandleValueArray;
class ObjectOpResult;
-
-class Symbol;
-enum class SymbolCode: uint32_t;
-
} // namespace JS
// Do the importing.
@@ -152,9 +148,6 @@ using JS::ObjectOpResult;
using JS::Zone;
-using JS::Symbol;
-using JS::SymbolCode;
-
} /* namespace js */
#endif /* NamespaceImports_h */
diff --git a/src/third_party/mozjs-45/extract/js/src/asmjs/AsmJSModule.cpp b/src/third_party/mozjs-45/extract/js/src/asmjs/AsmJSModule.cpp
index 9e707d06d0e..350827042ee 100644
--- a/src/third_party/mozjs-45/extract/js/src/asmjs/AsmJSModule.cpp
+++ b/src/third_party/mozjs-45/extract/js/src/asmjs/AsmJSModule.cpp
@@ -64,11 +64,12 @@ using JS::GenericNaN;
static uint8_t*
AllocateExecutableMemory(ExclusiveContext* cx, size_t bytes)
{
- // bytes is a multiple of the system's page size, but not necessarily
- // a multiple of ExecutableCodePageSize.
- bytes = JS_ROUNDUP(bytes, ExecutableCodePageSize);
-
- void* p = AllocateExecutableMemory(bytes, ProtectionSetting::Writable);
+ // On most platforms, this will allocate RWX memory. On iOS, or when
+ // --non-writable-jitcode is used, this will allocate RW memory. In this
+ // case, DynamicallyLinkModule will reprotect the code as RX.
+ unsigned permissions =
+ ExecutableAllocator::initialProtectionFlags(ExecutableAllocator::Writable);
+ void* p = AllocateExecutableMemory(nullptr, bytes, permissions, "asm-js-code", AsmJSPageSize);
if (!p)
ReportOutOfMemory(cx);
return (uint8_t*)p;
@@ -121,8 +122,7 @@ AsmJSModule::~AsmJSModule()
exitDatum.baselineScript->removeDependentAsmJSModule(exit);
}
- uint32_t size = JS_ROUNDUP(pod.totalBytes_, ExecutableCodePageSize);
- DeallocateExecutableMemory(code_, size);
+ DeallocateExecutableMemory(code_, pod.totalBytes_, AsmJSPageSize);
}
if (prevLinked_)
diff --git a/src/third_party/mozjs-45/extract/js/src/builtin/MapObject.cpp b/src/third_party/mozjs-45/extract/js/src/builtin/MapObject.cpp
index 8d474aefb50..94b97f434a5 100644
--- a/src/third_party/mozjs-45/extract/js/src/builtin/MapObject.cpp
+++ b/src/third_party/mozjs-45/extract/js/src/builtin/MapObject.cpp
@@ -15,7 +15,6 @@
#include "js/Utility.h"
#include "vm/GlobalObject.h"
#include "vm/Interpreter.h"
-#include "vm/Symbol.h"
#include "jsobjinlines.h"
@@ -64,33 +63,13 @@ HashableValue::setValue(JSContext* cx, HandleValue v)
return true;
}
-static HashNumber
-HashValue(const Value& v, const mozilla::HashCodeScrambler& hcs)
+HashNumber
+HashableValue::hash() const
{
// HashableValue::setValue normalizes values so that the SameValue relation
// on HashableValues is the same as the == relationship on
- // value.asRawBits(). So why not just return that? Security.
- //
- // To avoid revealing GC of atoms, string-based hash codes are computed
- // from the string contents rather than any pointer; to avoid revealing
- // addresses, pointer-based hash codes are computed using the
- // HashCodeScrambler.
-
- if (v.isString())
- return v.toString()->asAtom().hash();
- if (v.isSymbol())
- return v.toSymbol()->hash();
- if (v.isObject())
- return hcs.scramble(v.asRawBits());
-
- MOZ_ASSERT(v.isNull() || !v.isGCThing(), "do not reveal pointers via hash codes");
- return v.asRawBits();
-}
-
-HashNumber
-HashableValue::hash(const mozilla::HashCodeScrambler& hcs) const
-{
- return HashValue(value, hcs);
+ // value.data.asBits.
+ return value.asRawBits();
}
bool
@@ -346,15 +325,13 @@ MapObject::mark(JSTracer* trc, JSObject* obj)
struct UnbarrieredHashPolicy {
typedef Value Lookup;
- static HashNumber hash(const Lookup& v, const mozilla::HashCodeScrambler& hcs) {
- return HashValue(v, hcs);
- }
+ static HashNumber hash(const Lookup& v) { return v.asRawBits(); }
static bool match(const Value& k, const Lookup& l) { return k == l; }
static bool isEmpty(const Value& v) { return v.isMagic(JS_HASH_KEY_EMPTY); }
static void makeEmpty(Value* vp) { vp->setMagic(JS_HASH_KEY_EMPTY); }
};
-template <typename RealTableType, typename TableType>
+template <typename TableType>
class OrderedHashTableRef : public gc::BufferableRef
{
TableType* table;
@@ -364,9 +341,8 @@ class OrderedHashTableRef : public gc::BufferableRef
explicit OrderedHashTableRef(TableType* t, const Value& k) : table(t), key(k) {}
void trace(JSTracer* trc) override {
- MOZ_ASSERT(reinterpret_cast<RealTableType*>(table)
- ->hash(*reinterpret_cast<HashableValue*>(&key)) ==
- table->hash(key));
+ MOZ_ASSERT(UnbarrieredHashPolicy::hash(key) ==
+ HashableValue::Hasher::hash(*reinterpret_cast<HashableValue*>(&key)));
Value prior = key;
TraceManuallyBarrieredEdge(trc, &key, "ordered hash table key");
table->rekeyOneEntry(prior, key);
@@ -378,7 +354,7 @@ WriteBarrierPost(JSRuntime* rt, ValueMap* map, const Value& key)
{
typedef OrderedHashMap<Value, Value, UnbarrieredHashPolicy, RuntimeAllocPolicy> UnbarrieredMap;
if (MOZ_UNLIKELY(key.isObject() && IsInsideNursery(&key.toObject()))) {
- rt->gc.storeBuffer.putGeneric(OrderedHashTableRef<ValueMap, UnbarrieredMap>(
+ rt->gc.storeBuffer.putGeneric(OrderedHashTableRef<UnbarrieredMap>(
reinterpret_cast<UnbarrieredMap*>(map), key));
}
}
@@ -388,7 +364,7 @@ WriteBarrierPost(JSRuntime* rt, ValueSet* set, const Value& key)
{
typedef OrderedHashSet<Value, UnbarrieredHashPolicy, RuntimeAllocPolicy> UnbarrieredSet;
if (MOZ_UNLIKELY(key.isObject() && IsInsideNursery(&key.toObject()))) {
- rt->gc.storeBuffer.putGeneric(OrderedHashTableRef<ValueSet, UnbarrieredSet>(
+ rt->gc.storeBuffer.putGeneric(OrderedHashTableRef<UnbarrieredSet>(
reinterpret_cast<UnbarrieredSet*>(set), key));
}
}
@@ -435,8 +411,7 @@ MapObject::set(JSContext* cx, HandleObject obj, HandleValue k, HandleValue v)
MapObject*
MapObject::create(JSContext* cx, HandleObject proto /* = nullptr */)
{
- auto map = cx->make_unique<ValueMap>(cx->runtime(),
- cx->compartment()->randomHashCodeScrambler());
+ auto map = cx->make_unique<ValueMap>(cx->runtime());
if (!map || !map->init()) {
ReportOutOfMemory(cx);
return nullptr;
@@ -560,7 +535,7 @@ MapObject::is(HandleObject o)
}
#define ARG0_KEY(cx, args, key) \
- Rooted<HashableValue> key(cx); \
+ Rooted<HashableValue> key(cx); \
if (args.length() > 0 && !key.setValue(cx, args[0])) \
return false
@@ -1089,8 +1064,7 @@ SetObject::add(JSContext* cx, HandleObject obj, HandleValue k)
SetObject*
SetObject::create(JSContext* cx, HandleObject proto /* = nullptr */)
{
- auto set = cx->make_unique<ValueSet>(cx->runtime(),
- cx->compartment()->randomHashCodeScrambler());
+ auto set = cx->make_unique<ValueSet>(cx->runtime());
if (!set || !set->init()) {
ReportOutOfMemory(cx);
return nullptr;
diff --git a/src/third_party/mozjs-45/extract/js/src/builtin/MapObject.h b/src/third_party/mozjs-45/extract/js/src/builtin/MapObject.h
index 9af58fc21cd..1118675f873 100644
--- a/src/third_party/mozjs-45/extract/js/src/builtin/MapObject.h
+++ b/src/third_party/mozjs-45/extract/js/src/builtin/MapObject.h
@@ -29,9 +29,7 @@ class HashableValue : public JS::Traceable
public:
struct Hasher {
typedef HashableValue Lookup;
- static HashNumber hash(const Lookup& v, const mozilla::HashCodeScrambler& hcs) {
- return v.hash(hcs);
- }
+ static HashNumber hash(const Lookup& v) { return v.hash(); }
static bool match(const HashableValue& k, const Lookup& l) { return k == l; }
static bool isEmpty(const HashableValue& v) { return v.value.isMagic(JS_HASH_KEY_EMPTY); }
static void makeEmpty(HashableValue* vp) { vp->value = MagicValue(JS_HASH_KEY_EMPTY); }
@@ -40,7 +38,7 @@ class HashableValue : public JS::Traceable
HashableValue() : value(UndefinedValue()) {}
bool setValue(JSContext* cx, HandleValue v);
- HashNumber hash(const mozilla::HashCodeScrambler& hcs) const;
+ HashNumber hash() const;
bool operator==(const HashableValue& other) const;
HashableValue mark(JSTracer* trc) const;
Value get() const { return value.get(); }
diff --git a/src/third_party/mozjs-45/extract/js/src/ds/OrderedHashTable.h b/src/third_party/mozjs-45/extract/js/src/ds/OrderedHashTable.h
index cb58ac2f735..c9927212976 100644
--- a/src/third_party/mozjs-45/extract/js/src/ds/OrderedHashTable.h
+++ b/src/third_party/mozjs-45/extract/js/src/ds/OrderedHashTable.h
@@ -29,15 +29,12 @@
*
* See the comment about "Hash policy" in HashTable.h for general features that
* hash policy classes must provide. Hash policies for OrderedHashMaps and Sets
- * differ in that the hash() method takes an extra argument:
- * static js::HashNumber hash(Lookup, const HashCodeScrambler&);
- * They must additionally provide a distinguished "empty" key value and the
+ * must additionally provide a distinguished "empty" key value and the
* following static member functions:
* bool isEmpty(const Key&);
* void makeEmpty(Key*);
*/
-#include "mozilla/HashFunctions.h"
#include "mozilla/Move.h"
using mozilla::Forward;
@@ -81,11 +78,10 @@ class OrderedHashTable
uint32_t hashShift; // multiplicative hash shift
Range* ranges; // list of all live Ranges on this table
AllocPolicy alloc;
- mozilla::HashCodeScrambler hcs; // don't reveal pointer hash codes
public:
- OrderedHashTable(AllocPolicy& ap, mozilla::HashCodeScrambler hcs)
- : hashTable(nullptr), data(nullptr), dataLength(0), ranges(nullptr), alloc(ap), hcs(hcs) {}
+ explicit OrderedHashTable(AllocPolicy& ap)
+ : hashTable(nullptr), data(nullptr), dataLength(0), ranges(nullptr), alloc(ap) {}
bool init() {
MOZ_ASSERT(!hashTable, "init must be called at most once");
@@ -434,8 +430,8 @@ class OrderedHashTable
void rekeyFront(const Key& k) {
MOZ_ASSERT(valid());
Data& entry = ht.data[i];
- HashNumber oldHash = ht.prepareHash(Ops::getKey(entry.element)) >> ht.hashShift;
- HashNumber newHash = ht.prepareHash(k) >> ht.hashShift;
+ HashNumber oldHash = prepareHash(Ops::getKey(entry.element)) >> ht.hashShift;
+ HashNumber newHash = prepareHash(k) >> ht.hashShift;
Ops::setKey(entry.element, k);
if (newHash != oldHash) {
// Remove this entry from its old hash chain. (If this crashes
@@ -531,12 +527,10 @@ class OrderedHashTable
*/
static double minDataFill() { return 0.25; }
- public:
- HashNumber prepareHash(const Lookup& l) const {
- return ScrambleHashCode(Ops::hash(l, hcs));
+ static HashNumber prepareHash(const Lookup& l) {
+ return ScrambleHashCode(Ops::hash(l));
}
- private:
/* The size of hashTable, in elements. Always a power of two. */
uint32_t hashBuckets() const {
return 1 << (HashNumberSizeBits - hashShift);
@@ -707,7 +701,7 @@ class OrderedHashMap
public:
typedef typename Impl::Range Range;
- OrderedHashMap(AllocPolicy ap, mozilla::HashCodeScrambler hcs) : impl(ap, hcs) {}
+ explicit OrderedHashMap(AllocPolicy ap = AllocPolicy()) : impl(ap) {}
bool init() { return impl.init(); }
uint32_t count() const { return impl.count(); }
bool has(const Key& key) const { return impl.has(key); }
@@ -719,8 +713,6 @@ class OrderedHashMap
bool remove(const Key& key, bool* foundp) { return impl.remove(key, foundp); }
bool clear() { return impl.clear(); }
- HashNumber hash(const Key& key) const { return impl.prepareHash(key); }
-
void rekeyOneEntry(const Key& current, const Key& newKey) {
const Entry* e = get(current);
if (!e)
@@ -746,7 +738,7 @@ class OrderedHashSet
public:
typedef typename Impl::Range Range;
- explicit OrderedHashSet(AllocPolicy ap, mozilla::HashCodeScrambler hcs) : impl(ap, hcs) {}
+ explicit OrderedHashSet(AllocPolicy ap = AllocPolicy()) : impl(ap) {}
bool init() { return impl.init(); }
uint32_t count() const { return impl.count(); }
bool has(const T& value) const { return impl.has(value); }
@@ -755,8 +747,6 @@ class OrderedHashSet
bool remove(const T& value, bool* foundp) { return impl.remove(value, foundp); }
bool clear() { return impl.clear(); }
- HashNumber hash(const T& value) const { return impl.prepareHash(value); }
-
void rekeyOneEntry(const T& current, const T& newKey) {
return impl.rekeyOneEntry(current, newKey, newKey);
}
diff --git a/src/third_party/mozjs-45/extract/js/src/gc/Allocator.cpp b/src/third_party/mozjs-45/extract/js/src/gc/Allocator.cpp
index bdc17bdc8db..b409dfa4a1f 100644
--- a/src/third_party/mozjs-45/extract/js/src/gc/Allocator.cpp
+++ b/src/third_party/mozjs-45/extract/js/src/gc/Allocator.cpp
@@ -57,14 +57,11 @@ GCRuntime::checkAllocatorState(JSContext* cx, AllocKind kind)
}
#if defined(JS_GC_ZEAL) || defined(DEBUG)
- MOZ_ASSERT_IF(cx->compartment()->isAtomsCompartment(),
- kind == AllocKind::ATOM ||
- kind == AllocKind::FAT_INLINE_ATOM ||
+ MOZ_ASSERT_IF(rt->isAtomsCompartment(cx->compartment()),
+ kind == AllocKind::STRING ||
+ kind == AllocKind::FAT_INLINE_STRING ||
kind == AllocKind::SYMBOL ||
kind == AllocKind::JITCODE);
- MOZ_ASSERT_IF(!cx->compartment()->isAtomsCompartment(),
- kind != AllocKind::ATOM &&
- kind != AllocKind::FAT_INLINE_ATOM);
MOZ_ASSERT(!rt->isHeapBusy());
MOZ_ASSERT(isAllocAllowed());
#endif
@@ -224,8 +221,6 @@ js::Allocate(ExclusiveContext* cx)
macro(JSFatInlineString) \
macro(JSScript) \
macro(JSString) \
- macro(js::NormalAtom) \
- macro(js::FatInlineAtom) \
macro(js::AccessorShape) \
macro(js::BaseShape) \
macro(js::LazyScript) \
diff --git a/src/third_party/mozjs-45/extract/js/src/gc/GCRuntime.h b/src/third_party/mozjs-45/extract/js/src/gc/GCRuntime.h
index e0ad996150d..d2b45473862 100644
--- a/src/third_party/mozjs-45/extract/js/src/gc/GCRuntime.h
+++ b/src/third_party/mozjs-45/extract/js/src/gc/GCRuntime.h
@@ -923,7 +923,7 @@ class GCRuntime
void purgeRuntime();
bool beginMarkPhase(JS::gcreason::Reason reason);
bool shouldPreserveJITCode(JSCompartment* comp, int64_t currentTime,
- JS::gcreason::Reason reason, bool canAllocateMoreCode);
+ JS::gcreason::Reason reason);
void bufferGrayRoots();
void markCompartments();
IncrementalProgress drainMarkStack(SliceBudget& sliceBudget, gcstats::Phase phase);
diff --git a/src/third_party/mozjs-45/extract/js/src/gc/Heap.h b/src/third_party/mozjs-45/extract/js/src/gc/Heap.h
index 783da19a388..1ff1d9fa498 100644
--- a/src/third_party/mozjs-45/extract/js/src/gc/Heap.h
+++ b/src/third_party/mozjs-45/extract/js/src/gc/Heap.h
@@ -106,8 +106,6 @@ enum class AllocKind {
FAT_INLINE_STRING,
STRING,
EXTERNAL_STRING,
- FAT_INLINE_ATOM,
- ATOM,
SYMBOL,
JITCODE,
LIMIT,
@@ -199,8 +197,6 @@ MapAllocToTraceKind(AllocKind kind)
JS::TraceKind::String, /* AllocKind::FAT_INLINE_STRING */
JS::TraceKind::String, /* AllocKind::STRING */
JS::TraceKind::String, /* AllocKind::EXTERNAL_STRING */
- JS::TraceKind::String, /* AllocKind::FAT_INLINE_ATOM */
- JS::TraceKind::String, /* AllocKind::ATOM */
JS::TraceKind::Symbol, /* AllocKind::SYMBOL */
JS::TraceKind::JitCode, /* AllocKind::JITCODE */
};
diff --git a/src/third_party/mozjs-45/extract/js/src/gc/Marking.cpp b/src/third_party/mozjs-45/extract/js/src/gc/Marking.cpp
index 4e10b20b36c..f52ab393f71 100644
--- a/src/third_party/mozjs-45/extract/js/src/gc/Marking.cpp
+++ b/src/third_party/mozjs-45/extract/js/src/gc/Marking.cpp
@@ -171,17 +171,6 @@ template <> bool ThingIsPermanentAtomOrWellKnownSymbol<JS::Symbol>(JS::Symbol* s
return sym->isWellKnownSymbol();
}
-template <typename T>
-static inline bool
-IsOwnedByOtherRuntime(JSRuntime* rt, T thing)
-{
- bool other = thing->runtimeFromAnyThread() != rt;
- MOZ_ASSERT_IF(other,
- ThingIsPermanentAtomOrWellKnownSymbol(thing) ||
- thing->zoneFromAnyThread()->isSelfHostingZone());
- return other;
-}
-
template<typename T>
void
js::CheckTracedThing(JSTracer* trc, T* thing)
@@ -199,10 +188,10 @@ js::CheckTracedThing(JSTracer* trc, T* thing)
MOZ_ASSERT_IF(!IsMovingTracer(trc) && !trc->isTenuringTracer(), !IsForwarded(thing));
/*
- * Permanent atoms and things in the self-hosting zone are not associated
- * with this runtime, but will be ignored during marking.
+ * Permanent atoms are not associated with this runtime, but will be
+ * ignored during marking.
*/
- if (IsOwnedByOtherRuntime(trc->runtime(), thing))
+ if (ThingIsPermanentAtomOrWellKnownSymbol(thing))
return;
Zone* zone = thing->zoneFromAnyThread();
@@ -686,24 +675,16 @@ GCMarker::markImplicitEdges(T* thing)
template <typename T>
static inline bool
-MustSkipMarking(GCMarker* gcmarker, T thing)
+MustSkipMarking(T thing)
{
- // Don't trace things that are owned by another runtime.
- if (IsOwnedByOtherRuntime(gcmarker->runtime(), thing))
- return true;
-
// Don't mark things outside a zone if we are in a per-zone GC.
return !thing->zone()->isGCMarking();
}
template <>
bool
-MustSkipMarking<JSObject*>(GCMarker* gcmarker, JSObject* obj)
+MustSkipMarking<JSObject*>(JSObject* obj)
{
- // Don't trace things that are owned by another runtime.
- if (IsOwnedByOtherRuntime(gcmarker->runtime(), obj))
- return true;
-
// We may mark a Nursery thing outside the context of the
// MinorCollectionTracer because of a pre-barrier. The pre-barrier is not
// needed in this case because we perform a minor collection before each
@@ -717,12 +698,34 @@ MustSkipMarking<JSObject*>(GCMarker* gcmarker, JSObject* obj)
return !TenuredCell::fromPointer(obj)->zone()->isGCMarking();
}
+template <>
+bool
+MustSkipMarking<JSString*>(JSString* str)
+{
+ // Don't mark permanent atoms, as they may be associated with another
+ // runtime. Note that traverse() also checks this, but we need to not
+ // run the isGCMarking test from off-main-thread, so have to check it here
+ // too.
+ return str->isPermanentAtom() ||
+ !str->zone()->isGCMarking();
+}
+
+template <>
+bool
+MustSkipMarking<JS::Symbol*>(JS::Symbol* sym)
+{
+ // As for JSString, don't touch a globally owned well-known symbol from
+ // off-main-thread.
+ return sym->isWellKnownSymbol() ||
+ !sym->zone()->isGCMarking();
+}
+
template <typename T>
void
DoMarking(GCMarker* gcmarker, T* thing)
{
// Do per-type marking precondition checks.
- if (MustSkipMarking(gcmarker, thing))
+ if (MustSkipMarking(thing))
return;
CheckTracedThing(gcmarker, thing);
@@ -749,13 +752,13 @@ void
NoteWeakEdge(GCMarker* gcmarker, T** thingp)
{
// Do per-type marking precondition checks.
- if (MustSkipMarking(gcmarker, *thingp))
+ if (MustSkipMarking(*thingp))
return;
CheckTracedThing(gcmarker, *thingp);
// If the target is already marked, there's no need to store the edge.
- if (IsMarkedUnbarriered(gcmarker->runtime(), thingp))
+ if (IsMarkedUnbarriered(thingp))
return;
gcmarker->noteWeakEdge(thingp);
@@ -2326,22 +2329,17 @@ IsMarkedInternalCommon(T* thingp)
template <typename T>
static bool
-IsMarkedInternal(JSRuntime* rt, T** thingp)
+IsMarkedInternal(T** thingp)
{
- if (IsOwnedByOtherRuntime(rt, *thingp))
- return true;
-
return IsMarkedInternalCommon(thingp);
}
template <>
/* static */ bool
-IsMarkedInternal(JSRuntime* rt, JSObject** thingp)
+IsMarkedInternal(JSObject** thingp)
{
- if (IsOwnedByOtherRuntime(rt, *thingp))
- return true;
-
if (IsInsideNursery(*thingp)) {
+ JSRuntime* rt = (*thingp)->runtimeFromAnyThread();
MOZ_ASSERT(CurrentThreadCanAccessRuntime(rt));
return rt->gc.nursery.getForwardedPointer(thingp);
}
@@ -2350,18 +2348,18 @@ IsMarkedInternal(JSRuntime* rt, JSObject** thingp)
template <typename S>
struct IsMarkedFunctor : public IdentityDefaultAdaptor<S> {
- template <typename T> S operator()(T* t, JSRuntime* rt, bool* rv) {
- *rv = IsMarkedInternal(rt, &t);
+ template <typename T> S operator()(T* t, bool* rv) {
+ *rv = IsMarkedInternal(&t);
return js::gc::RewrapTaggedPointer<S, T*>::wrap(t);
}
};
template <typename T>
static bool
-IsMarkedInternal(JSRuntime* rt, T* thingp)
+IsMarkedInternal(T* thingp)
{
bool rv = true;
- *thingp = DispatchTyped(IsMarkedFunctor<T>(), *thingp, rt, &rv);
+ *thingp = DispatchTyped(IsMarkedFunctor<T>(), *thingp, &rv);
return rv;
}
@@ -2429,16 +2427,16 @@ namespace gc {
template <typename T>
bool
-IsMarkedUnbarriered(JSRuntime* rt, T* thingp)
+IsMarkedUnbarriered(T* thingp)
{
- return IsMarkedInternal(rt, ConvertToBase(thingp));
+ return IsMarkedInternal(ConvertToBase(thingp));
}
template <typename T>
bool
-IsMarked(JSRuntime* rt, WriteBarrieredBase<T>* thingp)
+IsMarked(WriteBarrieredBase<T>* thingp)
{
- return IsMarkedInternal(rt, ConvertToBase(thingp->unsafeUnbarrieredForTracing()));
+ return IsMarkedInternal(ConvertToBase(thingp->unsafeUnbarrieredForTracing()));
}
template <typename T>
@@ -2471,8 +2469,8 @@ EdgeNeedsSweep(JS::Heap<T>* thingp)
// Instantiate a copy of the Tracing templates for each derived type.
#define INSTANTIATE_ALL_VALID_TRACE_FUNCTIONS(type) \
- template bool IsMarkedUnbarriered<type>(JSRuntime*, type*); \
- template bool IsMarked<type>(JSRuntime*, WriteBarrieredBase<type>*); \
+ template bool IsMarkedUnbarriered<type>(type*); \
+ template bool IsMarked<type>(WriteBarrieredBase<type>*); \
template bool IsAboutToBeFinalizedUnbarriered<type>(type*); \
template bool IsAboutToBeFinalized<type>(WriteBarrieredBase<type>*); \
template bool IsAboutToBeFinalized<type>(ReadBarrieredBase<type>*); \
diff --git a/src/third_party/mozjs-45/extract/js/src/gc/Marking.h b/src/third_party/mozjs-45/extract/js/src/gc/Marking.h
index 5e237c2154b..5c69cd1fdb6 100644
--- a/src/third_party/mozjs-45/extract/js/src/gc/Marking.h
+++ b/src/third_party/mozjs-45/extract/js/src/gc/Marking.h
@@ -142,9 +142,7 @@ namespace gc {
struct WeakKeyTableHashPolicy {
typedef JS::GCCellPtr Lookup;
- static HashNumber hash(const Lookup& v, const mozilla::HashCodeScrambler&) {
- return mozilla::HashGeneric(v.asCell());
- }
+ static HashNumber hash(const Lookup& v) { return mozilla::HashGeneric(v.asCell()); }
static bool match(const JS::GCCellPtr& k, const Lookup& l) { return k == l; }
static bool isEmpty(const JS::GCCellPtr& v) { return !v; }
static void makeEmpty(JS::GCCellPtr* vp) { *vp = nullptr; }
@@ -370,19 +368,13 @@ PushArena(GCMarker* gcmarker, ArenaHeader* aheader);
/*** Liveness ***/
-// Report whether a thing has been marked. Things which are in zones that are
-// not currently being collected or are owned by another runtime are always
-// reported as being marked.
template <typename T>
bool
-IsMarkedUnbarriered(JSRuntime* rt, T* thingp);
+IsMarkedUnbarriered(T* thingp);
-// Report whether a thing has been marked. Things which are in zones that are
-// not currently being collected or are owned by another runtime are always
-// reported as being marked.
template <typename T>
bool
-IsMarked(JSRuntime* rt, WriteBarrieredBase<T>* thingp);
+IsMarked(WriteBarrieredBase<T>* thingp);
template <typename T>
bool
diff --git a/src/third_party/mozjs-45/extract/js/src/gc/Zone.cpp b/src/third_party/mozjs-45/extract/js/src/gc/Zone.cpp
index b001ecff9e6..260f06dbe47 100644
--- a/src/third_party/mozjs-45/extract/js/src/gc/Zone.cpp
+++ b/src/third_party/mozjs-45/extract/js/src/gc/Zone.cpp
@@ -29,7 +29,6 @@ JS::Zone::Zone(JSRuntime* rt)
types(this),
compartments(),
gcGrayRoots(),
- gcWeakKeys(SystemAllocPolicy(), rt->randomHashCodeScrambler()),
gcMallocBytes(0),
gcMallocGCTriggered(false),
usage(&rt->gc.usage),
diff --git a/src/third_party/mozjs-45/extract/js/src/irregexp/RegExpEngine.cpp b/src/third_party/mozjs-45/extract/js/src/irregexp/RegExpEngine.cpp
index 84dab0c8adf..ba30fc7a72d 100644
--- a/src/third_party/mozjs-45/extract/js/src/irregexp/RegExpEngine.cpp
+++ b/src/third_party/mozjs-45/extract/js/src/irregexp/RegExpEngine.cpp
@@ -32,7 +32,6 @@
#include "irregexp/NativeRegExpMacroAssembler.h"
#include "irregexp/RegExpMacroAssembler.h"
-#include "jit/ExecutableAllocator.h"
#include "jit/JitCommon.h"
using namespace js;
@@ -1731,11 +1730,7 @@ irregexp::CompilePattern(JSContext* cx, RegExpShared* shared, RegExpCompileData*
Maybe<InterpretedRegExpMacroAssembler> interpreted_assembler;
RegExpMacroAssembler* assembler;
- if (IsNativeRegExpEnabled(cx) &&
- !force_bytecode &&
- jit::CanLikelyAllocateMoreExecutableMemory() &&
- shared->getSource()->length() < 32 * 1024)
- {
+ if (IsNativeRegExpEnabled(cx) && !force_bytecode) {
NativeRegExpMacroAssembler::Mode mode =
is_ascii ? NativeRegExpMacroAssembler::ASCII
: NativeRegExpMacroAssembler::CHAR16;
diff --git a/src/third_party/mozjs-45/extract/js/src/jit/BaselineIC.cpp b/src/third_party/mozjs-45/extract/js/src/jit/BaselineIC.cpp
index 69c402bc1a9..03236cff6cc 100644
--- a/src/third_party/mozjs-45/extract/js/src/jit/BaselineIC.cpp
+++ b/src/third_party/mozjs-45/extract/js/src/jit/BaselineIC.cpp
@@ -1061,14 +1061,6 @@ IsCacheableSetPropCall(JSContext* cx, JSObject* obj, JSObject* holder, Shape* sh
JSFunction* func = &shape->setterObject()->as<JSFunction>();
- if (IsWindow(obj)) {
- if (!func->isNative())
- return false;
-
- if (!func->jitInfo() || func->jitInfo()->needsOuterizedThisObject())
- return false;
- }
-
if (func->isNative()) {
*isScripted = false;
return true;
@@ -6406,12 +6398,6 @@ ICCallStubCompiler::guardFunApply(MacroAssembler& masm, AllocatableGeneralRegist
Address(BaselineFrameReg, BaselineFrame::reverseOffsetOfFlags()),
Imm32(BaselineFrame::HAS_ARGS_OBJ),
failure);
-
- // Limit the length to something reasonable.
- masm.branch32(Assembler::Above,
- Address(BaselineFrameReg, BaselineFrame::offsetOfNumActualArgs()),
- Imm32(ICCall_ScriptedApplyArray::MAX_ARGS_ARRAY_LENGTH),
- failure);
} else {
MOZ_ASSERT(applyThing == FunApply_Array);
diff --git a/src/third_party/mozjs-45/extract/js/src/jit/BaselineJIT.cpp b/src/third_party/mozjs-45/extract/js/src/jit/BaselineJIT.cpp
index 293868a741f..f0dc2655e83 100644
--- a/src/third_party/mozjs-45/extract/js/src/jit/BaselineJIT.cpp
+++ b/src/third_party/mozjs-45/extract/js/src/jit/BaselineJIT.cpp
@@ -314,17 +314,12 @@ CanEnterBaselineJIT(JSContext* cx, HandleScript script, InterpreterFrame* osrFra
if (script->nslots() > BaselineScript::MAX_JSSCRIPT_SLOTS)
return Method_CantCompile;
- if (script->hasBaselineScript())
- return Method_Compiled;
-
- // Check this before calling ensureJitCompartmentExists, so we're less
- // likely to report OOM in JSRuntime::createJitRuntime.
- if (!CanLikelyAllocateMoreExecutableMemory())
- return Method_Skipped;
-
if (!cx->compartment()->ensureJitCompartmentExists(cx))
return Method_Error;
+ if (script->hasBaselineScript())
+ return Method_Compiled;
+
// Check script warm-up counter.
if (script->incWarmUpCounter() <= JitOptions.baselineWarmUpThreshold)
return Method_Skipped;
diff --git a/src/third_party/mozjs-45/extract/js/src/jit/ExecutableAllocator.cpp b/src/third_party/mozjs-45/extract/js/src/jit/ExecutableAllocator.cpp
index aa24216c3a5..55ad6b6d69c 100644
--- a/src/third_party/mozjs-45/extract/js/src/jit/ExecutableAllocator.cpp
+++ b/src/third_party/mozjs-45/extract/js/src/jit/ExecutableAllocator.cpp
@@ -29,8 +29,15 @@
#include "js/MemoryMetrics.h"
+#ifdef __APPLE__
+#include <TargetConditionals.h>
+#endif
+
using namespace js::jit;
+size_t ExecutableAllocator::pageSize = 0;
+size_t ExecutableAllocator::largeAllocSize = 0;
+
ExecutablePool::~ExecutablePool()
{
MOZ_ASSERT(m_ionCodeBytes == 0);
@@ -41,6 +48,28 @@ ExecutablePool::~ExecutablePool()
m_allocator->releasePoolPages(this);
}
+/* static */ void
+ExecutableAllocator::initStatic()
+{
+ if (!pageSize) {
+ pageSize = determinePageSize();
+ // On Windows, VirtualAlloc effectively allocates in 64K chunks.
+ // (Technically, it allocates in page chunks, but the starting
+ // address is always a multiple of 64K, so each allocation uses up
+ // 64K of address space.) So a size less than that would be
+ // pointless. But it turns out that 64KB is a reasonable size for
+ // all platforms. (This assumes 4KB pages.) On 64-bit windows,
+ // AllocateExecutableMemory prepends an extra page for structured
+ // exception handling data (see comments in function) onto whatever
+ // is passed in, so subtract one page here.
+#if defined(JS_CPU_X64) && defined(XP_WIN)
+ largeAllocSize = pageSize * 15;
+#else
+ largeAllocSize = pageSize * 16;
+#endif
+ }
+}
+
void
ExecutableAllocator::addSizeOfCode(JS::CodeSizes* sizes) const
{
@@ -59,16 +88,8 @@ ExecutableAllocator::addSizeOfCode(JS::CodeSizes* sizes) const
}
}
-ExecutablePool::Allocation
-ExecutableAllocator::systemAlloc(size_t n)
-{
- void* allocation = AllocateExecutableMemory(n, ProtectionSetting::Executable);
- ExecutablePool::Allocation alloc = { reinterpret_cast<char*>(allocation), n };
- return alloc;
-}
-
-void
-ExecutableAllocator::systemRelease(const ExecutablePool::Allocation& alloc)
-{
- DeallocateExecutableMemory(alloc.pages, alloc.size);
-}
+#if TARGET_OS_IPHONE
+bool ExecutableAllocator::nonWritableJitCode = true;
+#else
+bool ExecutableAllocator::nonWritableJitCode = false;
+#endif
diff --git a/src/third_party/mozjs-45/extract/js/src/jit/ExecutableAllocator.h b/src/third_party/mozjs-45/extract/js/src/jit/ExecutableAllocator.h
index cc0ad2b66ea..874f6b7314f 100644
--- a/src/third_party/mozjs-45/extract/js/src/jit/ExecutableAllocator.h
+++ b/src/third_party/mozjs-45/extract/js/src/jit/ExecutableAllocator.h
@@ -39,7 +39,6 @@
#include "jit/arm/Simulator-arm.h"
#include "jit/mips32/Simulator-mips32.h"
#include "jit/mips64/Simulator-mips64.h"
-#include "jit/ProcessExecutableMemory.h"
#include "js/GCAPI.h"
#include "js/HashTable.h"
#include "js/Vector.h"
@@ -187,7 +186,13 @@ class ExecutableAllocator
typedef void (*DestroyCallback)(void* addr, size_t size);
DestroyCallback destroyCallback;
+#ifdef XP_WIN
+ mozilla::Maybe<mozilla::non_crypto::XorShift128PlusRNG> randomNumberGenerator;
+#endif
+
public:
+ enum ProtectionSetting { Writable, Executable };
+
ExecutableAllocator()
: destroyCallback(nullptr)
{
@@ -258,7 +263,14 @@ class ExecutableAllocator
this->destroyCallback = destroyCallback;
}
+ static void initStatic();
+
+ static bool nonWritableJitCode;
+
private:
+ static size_t pageSize;
+ static size_t largeAllocSize;
+
static const size_t OVERSIZE_ALLOCATION = size_t(-1);
static size_t roundUpAllocationSize(size_t request, size_t granularity)
@@ -282,10 +294,11 @@ class ExecutableAllocator
// On OOM, this will return an Allocation where pages is nullptr.
ExecutablePool::Allocation systemAlloc(size_t n);
static void systemRelease(const ExecutablePool::Allocation& alloc);
+ void* computeRandomAllocationAddress();
ExecutablePool* createPool(size_t n)
{
- size_t allocSize = roundUpAllocationSize(n, ExecutableCodePageSize);
+ size_t allocSize = roundUpAllocationSize(n, pageSize);
if (allocSize == OVERSIZE_ALLOCATION)
return nullptr;
@@ -303,8 +316,8 @@ class ExecutableAllocator
}
if (!m_pools.put(pool)) {
- // Note: this will call |systemRelease(a)|.
js_delete(pool);
+ systemRelease(a);
return nullptr;
}
@@ -331,11 +344,11 @@ class ExecutableAllocator
}
// If the request is large, we just provide a unshared allocator
- if (n > ExecutableCodePageSize)
+ if (n > largeAllocSize)
return createPool(n);
// Create a new allocator
- ExecutablePool* pool = createPool(ExecutableCodePageSize);
+ ExecutablePool* pool = createPool(largeAllocSize);
if (!pool)
return nullptr;
// At this point, local |pool| is the owner.
@@ -372,12 +385,18 @@ class ExecutableAllocator
static void makeWritable(void* start, size_t size)
{
+ if (nonWritableJitCode)
+ reprotectRegion(start, size, Writable);
}
static void makeExecutable(void* start, size_t size)
{
+ if (nonWritableJitCode)
+ reprotectRegion(start, size, Executable);
}
+ static unsigned initialProtectionFlags(ProtectionSetting protection);
+
#if defined(JS_CODEGEN_X86) || defined(JS_CODEGEN_X64)
static void cacheFlush(void*, size_t)
{
@@ -450,6 +469,8 @@ class ExecutableAllocator
ExecutableAllocator(const ExecutableAllocator&) = delete;
void operator=(const ExecutableAllocator&) = delete;
+ static void reprotectRegion(void*, size_t, ProtectionSetting);
+
// These are strong references; they keep pools alive.
static const size_t maxSmallPools = 4;
typedef js::Vector<ExecutablePool*, maxSmallPools, js::SystemAllocPolicy> SmallExecPoolVector;
@@ -461,8 +482,17 @@ class ExecutableAllocator
typedef js::HashSet<ExecutablePool*, js::DefaultHasher<ExecutablePool*>, js::SystemAllocPolicy>
ExecPoolHashSet;
ExecPoolHashSet m_pools; // All pools, just for stats purposes.
+
+ static size_t determinePageSize();
};
+extern void*
+AllocateExecutableMemory(void* addr, size_t bytes, unsigned permissions, const char* tag,
+ size_t pageSize);
+
+extern void
+DeallocateExecutableMemory(void* addr, size_t bytes, size_t pageSize);
+
} // namespace jit
} // namespace js
diff --git a/src/third_party/mozjs-45/extract/js/src/jit/ExecutableAllocatorPosix.cpp b/src/third_party/mozjs-45/extract/js/src/jit/ExecutableAllocatorPosix.cpp
new file mode 100644
index 00000000000..d6d791174d6
--- /dev/null
+++ b/src/third_party/mozjs-45/extract/js/src/jit/ExecutableAllocatorPosix.cpp
@@ -0,0 +1,108 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ * vim: set ts=8 sts=4 et sw=4 tw=99:
+ *
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "mozilla/DebugOnly.h"
+#include "mozilla/TaggedAnonymousMemory.h"
+
+#include <errno.h>
+#include <sys/mman.h>
+#include <unistd.h>
+
+#include "jit/ExecutableAllocator.h"
+#include "js/Utility.h"
+
+using namespace js::jit;
+
+size_t
+ExecutableAllocator::determinePageSize()
+{
+ return getpagesize();
+}
+
+void*
+js::jit::AllocateExecutableMemory(void* addr, size_t bytes, unsigned permissions, const char* tag,
+ size_t pageSize)
+{
+ MOZ_ASSERT(bytes % pageSize == 0);
+ void* p = MozTaggedAnonymousMmap(addr, bytes, permissions, MAP_PRIVATE | MAP_ANON, -1, 0, tag);
+ return p == MAP_FAILED ? nullptr : p;
+}
+
+void
+js::jit::DeallocateExecutableMemory(void* addr, size_t bytes, size_t pageSize)
+{
+ MOZ_ASSERT(bytes % pageSize == 0);
+ mozilla::DebugOnly<int> result = munmap(addr, bytes);
+ MOZ_ASSERT(!result || errno == ENOMEM);
+}
+
+ExecutablePool::Allocation
+ExecutableAllocator::systemAlloc(size_t n)
+{
+ void* allocation = AllocateExecutableMemory(nullptr, n, initialProtectionFlags(Executable),
+ "js-jit-code", pageSize);
+ ExecutablePool::Allocation alloc = { reinterpret_cast<char*>(allocation), n };
+ return alloc;
+}
+
+void
+ExecutableAllocator::systemRelease(const ExecutablePool::Allocation& alloc)
+{
+ DeallocateExecutableMemory(alloc.pages, alloc.size, pageSize);
+}
+
+static const unsigned FLAGS_RW = PROT_READ | PROT_WRITE;
+static const unsigned FLAGS_RX = PROT_READ | PROT_EXEC;
+
+void
+ExecutableAllocator::reprotectRegion(void* start, size_t size, ProtectionSetting setting)
+{
+ MOZ_ASSERT(nonWritableJitCode);
+ MOZ_ASSERT(pageSize);
+
+ // Calculate the start of the page containing this region,
+ // and account for this extra memory within size.
+ intptr_t startPtr = reinterpret_cast<intptr_t>(start);
+ intptr_t pageStartPtr = startPtr & ~(pageSize - 1);
+ void* pageStart = reinterpret_cast<void*>(pageStartPtr);
+ size += (startPtr - pageStartPtr);
+
+ // Round size up
+ size += (pageSize - 1);
+ size &= ~(pageSize - 1);
+
+ mprotect(pageStart, size, (setting == Writable) ? FLAGS_RW : FLAGS_RX);
+}
+
+/* static */ unsigned
+ExecutableAllocator::initialProtectionFlags(ProtectionSetting protection)
+{
+ if (!nonWritableJitCode)
+ return FLAGS_RW | FLAGS_RX;
+
+ return (protection == Writable) ? FLAGS_RW : FLAGS_RX;
+}
diff --git a/src/third_party/mozjs-45/extract/js/src/jit/ExecutableAllocatorWin.cpp b/src/third_party/mozjs-45/extract/js/src/jit/ExecutableAllocatorWin.cpp
new file mode 100644
index 00000000000..fe068b90814
--- /dev/null
+++ b/src/third_party/mozjs-45/extract/js/src/jit/ExecutableAllocatorWin.cpp
@@ -0,0 +1,289 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ * vim: set ts=8 sts=4 et sw=4 tw=99:
+ *
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "mozilla/WindowsVersion.h"
+
+#include "jsfriendapi.h"
+#include "jsmath.h"
+#include "jswin.h"
+
+#include "jit/ExecutableAllocator.h"
+
+using namespace js::jit;
+
+size_t
+ExecutableAllocator::determinePageSize()
+{
+ SYSTEM_INFO system_info;
+ GetSystemInfo(&system_info);
+ return system_info.dwPageSize;
+}
+
+void*
+ExecutableAllocator::computeRandomAllocationAddress()
+{
+ /*
+ * Inspiration is V8's OS::Allocate in platform-win32.cc.
+ *
+ * VirtualAlloc takes 64K chunks out of the virtual address space, so we
+ * keep 16b alignment.
+ *
+ * x86: V8 comments say that keeping addresses in the [64MiB, 1GiB) range
+ * tries to avoid system default DLL mapping space. In the end, we get 13
+ * bits of randomness in our selection.
+ * x64: [2GiB, 4TiB), with 25 bits of randomness.
+ */
+#ifdef JS_CPU_X64
+ static const uintptr_t base = 0x0000000080000000;
+ static const uintptr_t mask = 0x000003ffffff0000;
+#elif defined(JS_CPU_X86)
+ static const uintptr_t base = 0x04000000;
+ static const uintptr_t mask = 0x3fff0000;
+#else
+# error "Unsupported architecture"
+#endif
+
+ if (randomNumberGenerator.isNothing()) {
+ mozilla::Array<uint64_t, 2> seed;
+ js::GenerateXorShift128PlusSeed(seed);
+ randomNumberGenerator.emplace(seed[0], seed[1]);
+ }
+
+ uint64_t rand = randomNumberGenerator.ref().next();
+ return (void*) (base | (rand & mask));
+}
+
+static bool
+RandomizeIsBrokenImpl()
+{
+ // We disable everything before Vista, for now.
+ return !mozilla::IsVistaOrLater();
+}
+
+static bool
+RandomizeIsBroken()
+{
+ // Use the compiler's intrinsic guards for |static type value = expr| to avoid some potential
+ // races if runtimes are created from multiple threads.
+ static int result = RandomizeIsBrokenImpl();
+ return !!result;
+}
+
+#ifdef JS_CPU_X64
+static js::JitExceptionHandler sJitExceptionHandler;
+
+JS_FRIEND_API(void)
+js::SetJitExceptionHandler(JitExceptionHandler handler)
+{
+ MOZ_ASSERT(!sJitExceptionHandler);
+ sJitExceptionHandler = handler;
+}
+
+// From documentation for UNWIND_INFO on
+// http://msdn.microsoft.com/en-us/library/ddssxxy8.aspx
+struct UnwindInfo
+{
+ uint8_t version : 3;
+ uint8_t flags : 5;
+ uint8_t sizeOfPrologue;
+ uint8_t countOfUnwindCodes;
+ uint8_t frameRegister : 4;
+ uint8_t frameOffset : 4;
+ ULONG exceptionHandler;
+};
+
+static const unsigned ThunkLength = 12;
+
+struct ExceptionHandlerRecord
+{
+ RUNTIME_FUNCTION runtimeFunction;
+ UnwindInfo unwindInfo;
+ uint8_t thunk[ThunkLength];
+};
+
+// This function must match the function pointer type PEXCEPTION_HANDLER
+// mentioned in:
+// http://msdn.microsoft.com/en-us/library/ssa62fwe.aspx.
+// This type is rather elusive in documentation; Wine is the best I've found:
+// http://source.winehq.org/source/include/winnt.h
+static DWORD
+ExceptionHandler(PEXCEPTION_RECORD exceptionRecord, _EXCEPTION_REGISTRATION_RECORD*,
+ PCONTEXT context, _EXCEPTION_REGISTRATION_RECORD**)
+{
+ return sJitExceptionHandler(exceptionRecord, context);
+}
+
+// For an explanation of the problem being solved here, see
+// SetJitExceptionFilter in jsfriendapi.h.
+static bool
+RegisterExecutableMemory(void* p, size_t bytes, size_t pageSize)
+{
+ ExceptionHandlerRecord* r = reinterpret_cast<ExceptionHandlerRecord*>(p);
+
+ // All these fields are specified to be offsets from the base of the
+ // executable code (which is 'p'), even if they have 'Address' in their
+ // names. In particular, exceptionHandler is a ULONG offset which is a
+ // 32-bit integer. Since 'p' can be farther than INT32_MAX away from
+ // sJitExceptionHandler, we must generate a little thunk inside the
+ // record. The record is put on its own page so that we can take away write
+ // access to protect against accidental clobbering.
+
+ r->runtimeFunction.BeginAddress = pageSize;
+ r->runtimeFunction.EndAddress = (DWORD)bytes;
+ r->runtimeFunction.UnwindData = offsetof(ExceptionHandlerRecord, unwindInfo);
+
+ r->unwindInfo.version = 1;
+ r->unwindInfo.flags = UNW_FLAG_EHANDLER;
+ r->unwindInfo.sizeOfPrologue = 0;
+ r->unwindInfo.countOfUnwindCodes = 0;
+ r->unwindInfo.frameRegister = 0;
+ r->unwindInfo.frameOffset = 0;
+ r->unwindInfo.exceptionHandler = offsetof(ExceptionHandlerRecord, thunk);
+
+ // mov imm64, rax
+ r->thunk[0] = 0x48;
+ r->thunk[1] = 0xb8;
+ void* handler = JS_FUNC_TO_DATA_PTR(void*, ExceptionHandler);
+ memcpy(&r->thunk[2], &handler, 8);
+
+ // jmp rax
+ r->thunk[10] = 0xff;
+ r->thunk[11] = 0xe0;
+
+ DWORD oldProtect;
+ if (!VirtualProtect(p, pageSize, PAGE_EXECUTE_READ, &oldProtect))
+ return false;
+
+ return RtlAddFunctionTable(&r->runtimeFunction, 1, reinterpret_cast<DWORD64>(p));
+}
+
+static void
+UnregisterExecutableMemory(void* p, size_t bytes, size_t pageSize)
+{
+ ExceptionHandlerRecord* r = reinterpret_cast<ExceptionHandlerRecord*>(p);
+ RtlDeleteFunctionTable(&r->runtimeFunction);
+}
+#endif
+
+void*
+js::jit::AllocateExecutableMemory(void* addr, size_t bytes, unsigned permissions, const char* tag,
+ size_t pageSize)
+{
+ MOZ_ASSERT(bytes % pageSize == 0);
+
+#ifdef JS_CPU_X64
+ if (sJitExceptionHandler)
+ bytes += pageSize;
+#endif
+
+ void* p = VirtualAlloc(addr, bytes, MEM_COMMIT | MEM_RESERVE, permissions);
+ if (!p)
+ return nullptr;
+
+#ifdef JS_CPU_X64
+ if (sJitExceptionHandler) {
+ if (!RegisterExecutableMemory(p, bytes, pageSize)) {
+ VirtualFree(p, 0, MEM_RELEASE);
+ return nullptr;
+ }
+
+ p = (uint8_t*)p + pageSize;
+ }
+#endif
+
+ return p;
+}
+
+void
+js::jit::DeallocateExecutableMemory(void* addr, size_t bytes, size_t pageSize)
+{
+ MOZ_ASSERT(bytes % pageSize == 0);
+
+#ifdef JS_CPU_X64
+ if (sJitExceptionHandler) {
+ addr = (uint8_t*)addr - pageSize;
+ UnregisterExecutableMemory(addr, bytes, pageSize);
+ }
+#endif
+
+ VirtualFree(addr, 0, MEM_RELEASE);
+}
+
+ExecutablePool::Allocation
+ExecutableAllocator::systemAlloc(size_t n)
+{
+ void* allocation = nullptr;
+ if (!RandomizeIsBroken()) {
+ void* randomAddress = computeRandomAllocationAddress();
+ allocation = AllocateExecutableMemory(randomAddress, n, initialProtectionFlags(Executable),
+ "js-jit-code", pageSize);
+ }
+ if (!allocation) {
+ allocation = AllocateExecutableMemory(nullptr, n, initialProtectionFlags(Executable),
+ "js-jit-code", pageSize);
+ }
+ ExecutablePool::Allocation alloc = { reinterpret_cast<char*>(allocation), n };
+ return alloc;
+}
+
+void
+ExecutableAllocator::systemRelease(const ExecutablePool::Allocation& alloc)
+{
+ DeallocateExecutableMemory(alloc.pages, alloc.size, pageSize);
+}
+
+void
+ExecutableAllocator::reprotectRegion(void* start, size_t size, ProtectionSetting setting)
+{
+ MOZ_ASSERT(nonWritableJitCode);
+ MOZ_ASSERT(pageSize);
+
+ // Calculate the start of the page containing this region,
+ // and account for this extra memory within size.
+ intptr_t startPtr = reinterpret_cast<intptr_t>(start);
+ intptr_t pageStartPtr = startPtr & ~(pageSize - 1);
+ void* pageStart = reinterpret_cast<void*>(pageStartPtr);
+ size += (startPtr - pageStartPtr);
+
+ // Round size up
+ size += (pageSize - 1);
+ size &= ~(pageSize - 1);
+
+ DWORD oldProtect;
+ int flags = (setting == Writable) ? PAGE_READWRITE : PAGE_EXECUTE_READ;
+ if (!VirtualProtect(pageStart, size, flags, &oldProtect))
+ MOZ_CRASH();
+}
+
+/* static */ unsigned
+ExecutableAllocator::initialProtectionFlags(ProtectionSetting protection)
+{
+ if (!nonWritableJitCode)
+ return PAGE_EXECUTE_READWRITE;
+
+ return (protection == Writable) ? PAGE_READWRITE : PAGE_EXECUTE_READ;
+}
diff --git a/src/third_party/mozjs-45/extract/js/src/jit/Ion.cpp b/src/third_party/mozjs-45/extract/js/src/jit/Ion.cpp
index f47a413fc68..93d96c257c0 100644
--- a/src/third_party/mozjs-45/extract/js/src/jit/Ion.cpp
+++ b/src/third_party/mozjs-45/extract/js/src/jit/Ion.cpp
@@ -722,14 +722,13 @@ JitCompartment::sweep(FreeOp* fop, JSCompartment* compartment)
if (!stubCodes_->lookup(ICSetProp_Fallback::Compiler::BASELINE_KEY))
baselineSetPropReturnAddr_ = nullptr;
- JSRuntime* rt = fop->runtime();
- if (stringConcatStub_ && !IsMarkedUnbarriered(rt, &stringConcatStub_))
+ if (stringConcatStub_ && !IsMarkedUnbarriered(&stringConcatStub_))
stringConcatStub_ = nullptr;
- if (regExpExecStub_ && !IsMarkedUnbarriered(rt, &regExpExecStub_))
+ if (regExpExecStub_ && !IsMarkedUnbarriered(&regExpExecStub_))
regExpExecStub_ = nullptr;
- if (regExpTestStub_ && !IsMarkedUnbarriered(rt, &regExpTestStub_))
+ if (regExpTestStub_ && !IsMarkedUnbarriered(&regExpTestStub_))
regExpTestStub_ = nullptr;
for (size_t i = 0; i <= SimdTypeDescr::LAST_TYPE; i++) {
@@ -2414,11 +2413,6 @@ Compile(JSContext* cx, HandleScript script, BaselineFrame* osrFrame, jsbytecode*
if (optimizationLevel == Optimization_DontCompile)
return Method_Skipped;
- if (!CanLikelyAllocateMoreExecutableMemory()) {
- script->resetWarmUpCounter();
- return Method_Skipped;
- }
-
if (script->hasIonScript()) {
IonScript* scriptIon = script->ionScript();
if (!scriptIon->method())
diff --git a/src/third_party/mozjs-45/extract/js/src/jit/IonAnalysis.cpp b/src/third_party/mozjs-45/extract/js/src/jit/IonAnalysis.cpp
index 8a41afc51eb..0dd337c2ecb 100644
--- a/src/third_party/mozjs-45/extract/js/src/jit/IonAnalysis.cpp
+++ b/src/third_party/mozjs-45/extract/js/src/jit/IonAnalysis.cpp
@@ -3673,9 +3673,6 @@ jit::AnalyzeNewScriptDefiniteProperties(JSContext* cx, JSFunction* fun,
TempAllocator temp(&alloc);
JitContext jctx(cx, &temp);
- if (!jit::CanLikelyAllocateMoreExecutableMemory())
- return true;
-
if (!cx->compartment()->ensureJitCompartmentExists(cx))
return false;
@@ -3905,9 +3902,6 @@ jit::AnalyzeArgumentsUsage(JSContext* cx, JSScript* scriptArg)
TempAllocator temp(&alloc);
JitContext jctx(cx, &temp);
- if (!jit::CanLikelyAllocateMoreExecutableMemory())
- return true;
-
if (!cx->compartment()->ensureJitCompartmentExists(cx))
return false;
diff --git a/src/third_party/mozjs-45/extract/js/src/jit/IonBuilder.cpp b/src/third_party/mozjs-45/extract/js/src/jit/IonBuilder.cpp
index 9e70e244889..3efc6bb0c11 100644
--- a/src/third_party/mozjs-45/extract/js/src/jit/IonBuilder.cpp
+++ b/src/third_party/mozjs-45/extract/js/src/jit/IonBuilder.cpp
@@ -1235,11 +1235,9 @@ IonBuilder::initScopeChain(MDefinition* callee)
current->add(scope);
// This reproduce what is done in CallObject::createForFunction. Skip
- // this for the arguments analysis, as the script might not have a
- // baseline script with template objects yet.
- if (fun->needsCallObject() &&
- info().analysisMode() != Analysis_ArgumentsUsage)
- {
+ // this for analyses, as the script might not have a baseline script
+ // with template objects yet.
+ if (fun->needsCallObject() && !info().isAnalysis()) {
if (fun->isNamedLambda()) {
scope = createDeclEnvObject(callee, scope);
if (!scope)
@@ -6137,9 +6135,6 @@ IonBuilder::getSingletonPrototype(JSFunction* target)
MDefinition*
IonBuilder::createThisScriptedSingleton(JSFunction* target, MDefinition* callee)
{
- if (!target->hasScript())
- return nullptr;
-
// Get the singleton prototype (if exists)
JSObject* proto = getSingletonPrototype(target);
if (!proto)
diff --git a/src/third_party/mozjs-45/extract/js/src/jit/IonCaches.cpp b/src/third_party/mozjs-45/extract/js/src/jit/IonCaches.cpp
index 56437abf613..b5fe6dec072 100644
--- a/src/third_party/mozjs-45/extract/js/src/jit/IonCaches.cpp
+++ b/src/third_party/mozjs-45/extract/js/src/jit/IonCaches.cpp
@@ -2418,20 +2418,9 @@ IsCacheableSetPropCallNative(HandleObject obj, HandleObject holder, HandleShape
if (!shape || !IsCacheableProtoChainForIon(obj, holder))
return false;
- if (!shape->hasSetterValue())
- return false;
-
- if (!shape->setterObject() || !shape->setterObject()->is<JSFunction>())
- return false;
-
- JSFunction& setter = shape->setterObject()->as<JSFunction>();
- if (!setter.isNative())
- return false;
-
- if (setter.jitInfo() && !setter.jitInfo()->needsOuterizedThisObject())
- return true;
-
- return !IsWindow(obj);
+ return shape->hasSetterValue() && shape->setterObject() &&
+ shape->setterObject()->is<JSFunction>() &&
+ shape->setterObject()->as<JSFunction>().isNative();
}
static bool
@@ -2440,9 +2429,6 @@ IsCacheableSetPropCallScripted(HandleObject obj, HandleObject holder, HandleShap
if (!shape || !IsCacheableProtoChainForIon(obj, holder))
return false;
- if (IsWindow(obj))
- return false;
-
return shape->hasSetterValue() && shape->setterObject() &&
shape->setterObject()->is<JSFunction>() &&
shape->setterObject()->as<JSFunction>().hasJITCode();
diff --git a/src/third_party/mozjs-45/extract/js/src/jit/IonCode.h b/src/third_party/mozjs-45/extract/js/src/jit/IonCode.h
index 8156b9cb8f6..085a9076c33 100644
--- a/src/third_party/mozjs-45/extract/js/src/jit/IonCode.h
+++ b/src/third_party/mozjs-45/extract/js/src/jit/IonCode.h
@@ -767,7 +767,7 @@ struct AutoFlushICache
namespace gc {
inline bool
-IsMarked(JSRuntime* rt, const jit::VMFunction*)
+IsMarked(const jit::VMFunction*)
{
// VMFunction are only static objects which are used by WeakMaps as keys.
// It is considered as a root object which is always marked.
diff --git a/src/third_party/mozjs-45/extract/js/src/jit/JitcodeMap.cpp b/src/third_party/mozjs-45/extract/js/src/jit/JitcodeMap.cpp
index e8cba8e63a4..7f6a06120d2 100644
--- a/src/third_party/mozjs-45/extract/js/src/jit/JitcodeMap.cpp
+++ b/src/third_party/mozjs-45/extract/js/src/jit/JitcodeMap.cpp
@@ -756,7 +756,7 @@ JitcodeGlobalTable::setAllEntriesAsExpired(JSRuntime* rt)
struct Unconditionally
{
template <typename T>
- static bool ShouldMark(JSRuntime* rt, T* thingp) { return true; }
+ static bool ShouldMark(T* thingp) { return true; }
};
void
@@ -775,13 +775,13 @@ JitcodeGlobalTable::markUnconditionally(JSTracer* trc)
struct IfUnmarked
{
template <typename T>
- static bool ShouldMark(JSRuntime* rt, T* thingp) { return !IsMarkedUnbarriered(rt, thingp); }
+ static bool ShouldMark(T* thingp) { return !IsMarkedUnbarriered(thingp); }
};
template <>
-bool IfUnmarked::ShouldMark<TypeSet::Type>(JSRuntime* rt, TypeSet::Type* type)
+bool IfUnmarked::ShouldMark<TypeSet::Type>(TypeSet::Type* type)
{
- return !TypeSet::IsTypeMarked(rt, type);
+ return !TypeSet::IsTypeMarked(type);
}
bool
@@ -832,7 +832,7 @@ JitcodeGlobalTable::markIteratively(JSTracer* trc)
// mapping, alive as well.
if (!entry->isSampled(gen, lapCount)) {
entry->setAsExpired();
- if (!entry->baseEntry().isJitcodeMarkedFromAnyThread(trc->runtime()))
+ if (!entry->baseEntry().isJitcodeMarkedFromAnyThread())
continue;
}
@@ -868,7 +868,7 @@ template <class ShouldMarkProvider>
bool
JitcodeGlobalEntry::BaseEntry::markJitcode(JSTracer* trc)
{
- if (ShouldMarkProvider::ShouldMark(trc->runtime(), &jitcode_)) {
+ if (ShouldMarkProvider::ShouldMark(&jitcode_)) {
TraceManuallyBarrieredEdge(trc, &jitcode_, "jitcodglobaltable-baseentry-jitcode");
return true;
}
@@ -876,9 +876,9 @@ JitcodeGlobalEntry::BaseEntry::markJitcode(JSTracer* trc)
}
bool
-JitcodeGlobalEntry::BaseEntry::isJitcodeMarkedFromAnyThread(JSRuntime* rt)
+JitcodeGlobalEntry::BaseEntry::isJitcodeMarkedFromAnyThread()
{
- return IsMarkedUnbarriered(rt, &jitcode_) ||
+ return IsMarkedUnbarriered(&jitcode_) ||
jitcode_->arenaHeader()->allocatedDuringIncremental;
}
@@ -892,7 +892,7 @@ template <class ShouldMarkProvider>
bool
JitcodeGlobalEntry::BaselineEntry::mark(JSTracer* trc)
{
- if (ShouldMarkProvider::ShouldMark(trc->runtime(), &script_)) {
+ if (ShouldMarkProvider::ShouldMark(&script_)) {
TraceManuallyBarrieredEdge(trc, &script_, "jitcodeglobaltable-baselineentry-script");
return true;
}
@@ -906,9 +906,9 @@ JitcodeGlobalEntry::BaselineEntry::sweepChildren()
}
bool
-JitcodeGlobalEntry::BaselineEntry::isMarkedFromAnyThread(JSRuntime* rt)
+JitcodeGlobalEntry::BaselineEntry::isMarkedFromAnyThread()
{
- return IsMarkedUnbarriered(rt, &script_) ||
+ return IsMarkedUnbarriered(&script_) ||
script_->arenaHeader()->allocatedDuringIncremental;
}
@@ -918,9 +918,8 @@ JitcodeGlobalEntry::IonEntry::mark(JSTracer* trc)
{
bool markedAny = false;
- JSRuntime* rt = trc->runtime();
for (unsigned i = 0; i < numScripts(); i++) {
- if (ShouldMarkProvider::ShouldMark(rt, &sizedScriptList()->pairs[i].script)) {
+ if (ShouldMarkProvider::ShouldMark(&sizedScriptList()->pairs[i].script)) {
TraceManuallyBarrieredEdge(trc, &sizedScriptList()->pairs[i].script,
"jitcodeglobaltable-ionentry-script");
markedAny = true;
@@ -933,15 +932,15 @@ JitcodeGlobalEntry::IonEntry::mark(JSTracer* trc)
for (IonTrackedTypeWithAddendum* iter = optsAllTypes_->begin();
iter != optsAllTypes_->end(); iter++)
{
- if (ShouldMarkProvider::ShouldMark(rt, &iter->type)) {
+ if (ShouldMarkProvider::ShouldMark(&iter->type)) {
TypeSet::MarkTypeUnbarriered(trc, &iter->type, "jitcodeglobaltable-ionentry-type");
markedAny = true;
}
- if (iter->hasAllocationSite() && ShouldMarkProvider::ShouldMark(rt, &iter->script)) {
+ if (iter->hasAllocationSite() && ShouldMarkProvider::ShouldMark(&iter->script)) {
TraceManuallyBarrieredEdge(trc, &iter->script,
"jitcodeglobaltable-ionentry-type-addendum-script");
markedAny = true;
- } else if (iter->hasConstructor() && ShouldMarkProvider::ShouldMark(rt, &iter->constructor)) {
+ } else if (iter->hasConstructor() && ShouldMarkProvider::ShouldMark(&iter->constructor)) {
TraceManuallyBarrieredEdge(trc, &iter->constructor,
"jitcodeglobaltable-ionentry-type-addendum-constructor");
markedAny = true;
@@ -974,10 +973,10 @@ JitcodeGlobalEntry::IonEntry::sweepChildren()
}
bool
-JitcodeGlobalEntry::IonEntry::isMarkedFromAnyThread(JSRuntime* rt)
+JitcodeGlobalEntry::IonEntry::isMarkedFromAnyThread()
{
for (unsigned i = 0; i < numScripts(); i++) {
- if (!IsMarkedUnbarriered(rt, &sizedScriptList()->pairs[i].script) &&
+ if (!IsMarkedUnbarriered(&sizedScriptList()->pairs[i].script) &&
!sizedScriptList()->pairs[i].script->arenaHeader()->allocatedDuringIncremental)
{
return false;
@@ -990,7 +989,7 @@ JitcodeGlobalEntry::IonEntry::isMarkedFromAnyThread(JSRuntime* rt)
for (IonTrackedTypeWithAddendum* iter = optsAllTypes_->begin();
iter != optsAllTypes_->end(); iter++)
{
- if (!TypeSet::IsTypeMarked(rt, &iter->type) &&
+ if (!TypeSet::IsTypeMarked(&iter->type) &&
!TypeSet::IsTypeAllocatedDuringIncremental(iter->type))
{
return false;
diff --git a/src/third_party/mozjs-45/extract/js/src/jit/JitcodeMap.h b/src/third_party/mozjs-45/extract/js/src/jit/JitcodeMap.h
index e11126321d3..01c475adecb 100644
--- a/src/third_party/mozjs-45/extract/js/src/jit/JitcodeMap.h
+++ b/src/third_party/mozjs-45/extract/js/src/jit/JitcodeMap.h
@@ -208,7 +208,7 @@ class JitcodeGlobalEntry
}
template <class ShouldMarkProvider> bool markJitcode(JSTracer* trc);
- bool isJitcodeMarkedFromAnyThread(JSRuntime* rt);
+ bool isJitcodeMarkedFromAnyThread();
bool isJitcodeAboutToBeFinalized();
};
@@ -370,7 +370,7 @@ class JitcodeGlobalEntry
template <class ShouldMarkProvider> bool mark(JSTracer* trc);
void sweepChildren();
- bool isMarkedFromAnyThread(JSRuntime* rt);
+ bool isMarkedFromAnyThread();
};
struct BaselineEntry : public BaseEntry
@@ -428,7 +428,7 @@ class JitcodeGlobalEntry
template <class ShouldMarkProvider> bool mark(JSTracer* trc);
void sweepChildren();
- bool isMarkedFromAnyThread(JSRuntime* rt);
+ bool isMarkedFromAnyThread();
};
struct IonCacheEntry : public BaseEntry
@@ -949,13 +949,13 @@ class JitcodeGlobalEntry
}
bool isMarkedFromAnyThread(JSRuntime* rt) {
- if (!baseEntry().isJitcodeMarkedFromAnyThread(rt))
+ if (!baseEntry().isJitcodeMarkedFromAnyThread())
return false;
switch (kind()) {
case Ion:
- return ionEntry().isMarkedFromAnyThread(rt);
+ return ionEntry().isMarkedFromAnyThread();
case Baseline:
- return baselineEntry().isMarkedFromAnyThread(rt);
+ return baselineEntry().isMarkedFromAnyThread();
case IonCache:
return ionCacheEntry().isMarkedFromAnyThread(rt);
case Dummy:
diff --git a/src/third_party/mozjs-45/extract/js/src/jit/Lowering.cpp b/src/third_party/mozjs-45/extract/js/src/jit/Lowering.cpp
index f1fc578f207..64f86f38f22 100644
--- a/src/third_party/mozjs-45/extract/js/src/jit/Lowering.cpp
+++ b/src/third_party/mozjs-45/extract/js/src/jit/Lowering.cpp
@@ -2310,7 +2310,9 @@ LIRGenerator::visitInterruptCheck(MInterruptCheck* ins)
// is complicated because there could be another AutoWritableJitCode on the
// stack.
LInstructionHelper<0, 0, 0>* lir;
- if (GetJitContext()->runtime->canUseSignalHandlers()) {
+ if (GetJitContext()->runtime->canUseSignalHandlers() &&
+ !ExecutableAllocator::nonWritableJitCode)
+ {
lir = new(alloc()) LInterruptCheckImplicit();
} else {
lir = new(alloc()) LInterruptCheck();
diff --git a/src/third_party/mozjs-45/extract/js/src/jit/ProcessExecutableMemory.cpp b/src/third_party/mozjs-45/extract/js/src/jit/ProcessExecutableMemory.cpp
deleted file mode 100644
index f34cd458ee5..00000000000
--- a/src/third_party/mozjs-45/extract/js/src/jit/ProcessExecutableMemory.cpp
+++ /dev/null
@@ -1,607 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
- * vim: set ts=8 sts=4 et sw=4 tw=99:
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "jit/ProcessExecutableMemory.h"
-
-#include "mozilla/Array.h"
-#include "mozilla/Atomics.h"
-#include "mozilla/DebugOnly.h"
-#include "mozilla/Maybe.h"
-#include "mozilla/TaggedAnonymousMemory.h"
-#include "mozilla/XorShift128PlusRNG.h"
-
-#include "jsfriendapi.h"
-#include "jslock.h"
-#include "jsmath.h"
-#include "jsutil.h"
-#include "jswin.h"
-
-#include <errno.h>
-
-#include "gc/Memory.h"
-
-#ifdef XP_WIN
-# include "mozilla/WindowsVersion.h"
-#else
-# include <sys/mman.h>
-# include <unistd.h>
-#endif
-
-using namespace js;
-using namespace js::jit;
-
-#ifdef XP_WIN
-static void*
-ComputeRandomAllocationAddress()
-{
- /*
- * Inspiration is V8's OS::Allocate in platform-win32.cc.
- *
- * VirtualAlloc takes 64K chunks out of the virtual address space, so we
- * keep 16b alignment.
- *
- * x86: V8 comments say that keeping addresses in the [64MiB, 1GiB) range
- * tries to avoid system default DLL mapping space. In the end, we get 13
- * bits of randomness in our selection.
- * x64: [2GiB, 4TiB), with 25 bits of randomness.
- */
-# ifdef HAVE_64BIT_BUILD
- static const uintptr_t base = 0x0000000080000000;
- static const uintptr_t mask = 0x000003ffffff0000;
-# elif defined(_M_IX86) || defined(__i386__)
- static const uintptr_t base = 0x04000000;
- static const uintptr_t mask = 0x3fff0000;
-# else
-# error "Unsupported architecture"
-# endif
-
- uint64_t rand = js::GenerateRandomSeed();
- return (void*) (base | (rand & mask));
-}
-
-# ifdef HAVE_64BIT_BUILD
-static js::JitExceptionHandler sJitExceptionHandler;
-
-JS_FRIEND_API(void)
-js::SetJitExceptionHandler(JitExceptionHandler handler)
-{
- MOZ_ASSERT(!sJitExceptionHandler);
- sJitExceptionHandler = handler;
-}
-
-// From documentation for UNWIND_INFO on
-// http://msdn.microsoft.com/en-us/library/ddssxxy8.aspx
-struct UnwindInfo
-{
- uint8_t version : 3;
- uint8_t flags : 5;
- uint8_t sizeOfPrologue;
- uint8_t countOfUnwindCodes;
- uint8_t frameRegister : 4;
- uint8_t frameOffset : 4;
- ULONG exceptionHandler;
-};
-
-static const unsigned ThunkLength = 12;
-
-struct ExceptionHandlerRecord
-{
- RUNTIME_FUNCTION runtimeFunction;
- UnwindInfo unwindInfo;
- uint8_t thunk[ThunkLength];
-};
-
-// This function must match the function pointer type PEXCEPTION_HANDLER
-// mentioned in:
-// http://msdn.microsoft.com/en-us/library/ssa62fwe.aspx.
-// This type is rather elusive in documentation; Wine is the best I've found:
-// http://source.winehq.org/source/include/winnt.h
-static DWORD
-ExceptionHandler(PEXCEPTION_RECORD exceptionRecord, _EXCEPTION_REGISTRATION_RECORD*,
- PCONTEXT context, _EXCEPTION_REGISTRATION_RECORD**)
-{
- return sJitExceptionHandler(exceptionRecord, context);
-}
-
-// For an explanation of the problem being solved here, see
-// SetJitExceptionFilter in jsfriendapi.h.
-static bool
-RegisterExecutableMemory(void* p, size_t bytes, size_t pageSize)
-{
- if (!VirtualAlloc(p, pageSize, MEM_COMMIT, PAGE_READWRITE))
- MOZ_CRASH();
-
- ExceptionHandlerRecord* r = reinterpret_cast<ExceptionHandlerRecord*>(p);
-
- // All these fields are specified to be offsets from the base of the
- // executable code (which is 'p'), even if they have 'Address' in their
- // names. In particular, exceptionHandler is a ULONG offset which is a
- // 32-bit integer. Since 'p' can be farther than INT32_MAX away from
- // sJitExceptionHandler, we must generate a little thunk inside the
- // record. The record is put on its own page so that we can take away write
- // access to protect against accidental clobbering.
-
- r->runtimeFunction.BeginAddress = pageSize;
- r->runtimeFunction.EndAddress = (DWORD)bytes;
- r->runtimeFunction.UnwindData = offsetof(ExceptionHandlerRecord, unwindInfo);
-
- r->unwindInfo.version = 1;
- r->unwindInfo.flags = UNW_FLAG_EHANDLER;
- r->unwindInfo.sizeOfPrologue = 0;
- r->unwindInfo.countOfUnwindCodes = 0;
- r->unwindInfo.frameRegister = 0;
- r->unwindInfo.frameOffset = 0;
- r->unwindInfo.exceptionHandler = offsetof(ExceptionHandlerRecord, thunk);
-
- // mov imm64, rax
- r->thunk[0] = 0x48;
- r->thunk[1] = 0xb8;
- void* handler = JS_FUNC_TO_DATA_PTR(void*, ExceptionHandler);
- memcpy(&r->thunk[2], &handler, 8);
-
- // jmp rax
- r->thunk[10] = 0xff;
- r->thunk[11] = 0xe0;
-
- DWORD oldProtect;
- if (!VirtualProtect(p, pageSize, PAGE_EXECUTE_READ, &oldProtect))
- MOZ_CRASH();
-
- bool success = RtlAddFunctionTable(&r->runtimeFunction, 1, reinterpret_cast<DWORD64>(p));
-
- return success;
-}
-
-static void
-UnregisterExecutableMemory(void* p, size_t bytes, size_t pageSize)
-{
- ExceptionHandlerRecord* r = reinterpret_cast<ExceptionHandlerRecord*>(p);
-
- RtlDeleteFunctionTable(&r->runtimeFunction);
-}
-# endif
-
-static void*
-ReserveProcessExecutableMemory(size_t bytes)
-{
-# ifdef HAVE_64BIT_BUILD
- size_t pageSize = gc::SystemPageSize();
- if (sJitExceptionHandler)
- bytes += pageSize;
-# endif
-
- void* p = nullptr;
- for (size_t i = 0; i < 10; i++) {
- void* randomAddr = ComputeRandomAllocationAddress();
- p = VirtualAlloc(randomAddr, bytes, MEM_RESERVE, PAGE_NOACCESS);
- if (p)
- break;
- }
-
- if (!p) {
- // Try again without randomization.
- p = VirtualAlloc(nullptr, bytes, MEM_RESERVE, PAGE_NOACCESS);
- if (!p)
- return nullptr;
- }
-
-# ifdef HAVE_64BIT_BUILD
- if (sJitExceptionHandler) {
- if (!RegisterExecutableMemory(p, bytes, pageSize)) {
- VirtualFree(p, 0, MEM_RELEASE);
- return nullptr;
- }
-
- p = (uint8_t*)p + pageSize;
- }
-# endif
-
- return p;
-}
-
-static void
-DeallocateProcessExecutableMemory(void* addr, size_t bytes)
-{
-# ifdef HAVE_64BIT_BUILD
- if (sJitExceptionHandler) {
- size_t pageSize = gc::SystemPageSize();
- addr = (uint8_t*)addr - pageSize;
- UnregisterExecutableMemory(addr, bytes, pageSize);
- }
-# endif
-
- VirtualFree(addr, 0, MEM_RELEASE);
-}
-
-static DWORD
-ProtectionSettingToFlags(ProtectionSetting protection)
-{
- return PAGE_EXECUTE_READWRITE;
-}
-
-static void
-CommitPages(void* addr, size_t bytes, ProtectionSetting protection)
-{
- if (!VirtualAlloc(addr, bytes, MEM_COMMIT, ProtectionSettingToFlags(protection)))
- MOZ_CRASH("CommitPages failed");
-}
-
-static void
-DecommitPages(void* addr, size_t bytes)
-{
- if (!VirtualFree(addr, bytes, MEM_DECOMMIT))
- MOZ_CRASH("DecommitPages failed");
-}
-#else // !XP_WIN
-static void*
-ComputeRandomAllocationAddress()
-{
- uint64_t rand = js::GenerateRandomSeed();
-
-# ifdef HAVE_64BIT_BUILD
- // x64 CPUs have a 48-bit address space and on some platforms the OS will
- // give us access to 47 bits, so to be safe we right shift by 18 to leave
- // 46 bits.
- rand >>= 18;
-# else
- // On 32-bit, right shift by 34 to leave 30 bits, range [0, 1GiB). Then add
- // 512MiB to get range [512MiB, 1.5GiB), or [0x20000000, 0x60000000). This
- // is based on V8 comments in platform-posix.cc saying this range is
- // relatively unpopulated across a variety of kernels.
- rand >>= 34;
- rand += 512 * 1024 * 1024;
-# endif
-
- // Ensure page alignment.
- uintptr_t mask = ~uintptr_t(gc::SystemPageSize() - 1);
- return (void*) uintptr_t(rand & mask);
-}
-
-static void*
-ReserveProcessExecutableMemory(size_t bytes)
-{
- // Note that randomAddr is just a hint: if the address is not available
- // mmap will pick a different address.
- void* randomAddr = ComputeRandomAllocationAddress();
- void* p = MozTaggedAnonymousMmap(randomAddr, bytes, PROT_NONE, MAP_PRIVATE | MAP_ANON,
- -1, 0, "js-executable-memory");
- if (p == MAP_FAILED)
- return nullptr;
- return p;
-}
-
-static void
-DeallocateProcessExecutableMemory(void* addr, size_t bytes)
-{
- mozilla::DebugOnly<int> result = munmap(addr, bytes);
- MOZ_ASSERT(!result || errno == ENOMEM);
-}
-
-static unsigned
-ProtectionSettingToFlags(ProtectionSetting protection)
-{
- return PROT_READ | PROT_WRITE | PROT_EXEC;
-}
-
-static void
-CommitPages(void* addr, size_t bytes, ProtectionSetting protection)
-{
- void* p = MozTaggedAnonymousMmap(addr, bytes, ProtectionSettingToFlags(protection),
- MAP_FIXED | MAP_PRIVATE | MAP_ANON,
- -1, 0, "js-executable-memory");
- MOZ_RELEASE_ASSERT(addr == p);
-}
-
-static void
-DecommitPages(void* addr, size_t bytes)
-{
- // Use mmap with MAP_FIXED and PROT_NONE. Inspired by jemalloc's
- // pages_decommit.
- void* p = MozTaggedAnonymousMmap(addr, bytes, PROT_NONE,
- MAP_FIXED | MAP_PRIVATE | MAP_ANON,
- -1, 0, "js-executable-memory");
- MOZ_RELEASE_ASSERT(addr == p);
-}
-#endif
-
-template <size_t NumBits>
-class PageBitSet
-{
- using WordType = uint32_t;
- static const size_t BitsPerWord = sizeof(WordType) * 8;
-
- static_assert((NumBits % BitsPerWord) == 0,
- "NumBits must be a multiple of BitsPerWord");
- static const size_t NumWords = NumBits / BitsPerWord;
-
- mozilla::Array<WordType, NumWords> words_;
-
- uint32_t indexToWord(uint32_t index) const {
- MOZ_ASSERT(index < NumBits);
- return index / BitsPerWord;
- }
- WordType indexToBit(uint32_t index) const {
- MOZ_ASSERT(index < NumBits);
- return WordType(1) << (index % BitsPerWord);
- }
-
- public:
- void init() {
- mozilla::PodArrayZero(words_);
- }
- bool contains(size_t index) const {
- uint32_t word = indexToWord(index);
- return words_[word] & indexToBit(index);
- }
- void insert(size_t index) {
- MOZ_ASSERT(!contains(index));
- uint32_t word = indexToWord(index);
- words_[word] |= indexToBit(index);
- }
- void remove(size_t index) {
- MOZ_ASSERT(contains(index));
- uint32_t word = indexToWord(index);
- words_[word] &= ~indexToBit(index);
- }
-
-#ifdef DEBUG
- bool empty() const {
- for (size_t i = 0; i < NumWords; i++) {
- if (words_[i] != 0)
- return false;
- }
- return true;
- }
-#endif
-};
-
-// Limit on the number of bytes of executable memory to prevent JIT spraying
-// attacks.
-#if JS_BITS_PER_WORD == 32
-static const size_t MaxCodeBytesPerProcess = 128 * 1024 * 1024;
-#else
-static const size_t MaxCodeBytesPerProcess = 640 * 1024 * 1024;
-#endif
-
-// Per-process executable memory allocator. It reserves a block of memory of
-// MaxCodeBytesPerProcess bytes, then allocates/deallocates pages from that.
-//
-// This has a number of benefits compared to raw mmap/VirtualAlloc:
-//
-// * More resillient against certain attacks.
-//
-// * Behaves more consistently across platforms: it avoids the 64K granularity
-// issues on Windows, for instance.
-//
-// * On x64, near jumps can be used for jumps to other JIT pages.
-//
-// * On Win64, we have to register the exception handler only once (at process
-// startup). This saves some memory and avoids RtlAddFunctionTable profiler
-// deadlocks.
-class ProcessExecutableMemory
-{
- static_assert((MaxCodeBytesPerProcess % ExecutableCodePageSize) == 0,
- "MaxCodeBytesPerProcess must be a multiple of ExecutableCodePageSize");
- static const size_t MaxCodePages = MaxCodeBytesPerProcess / ExecutableCodePageSize;
-
- // Start of the MaxCodeBytesPerProcess memory block or nullptr if
- // uninitialized. Note that this is NOT guaranteed to be aligned to
- // ExecutableCodePageSize.
- uint8_t* base_;
-
- // The fields below should only be accessed while we hold the lock.
- PRLock* lock_;
-
- // pagesAllocated_ is an Atomic so that bytesAllocated does not have to
- // take the lock.
- mozilla::Atomic<size_t, mozilla::ReleaseAcquire> pagesAllocated_;
-
- // Page where we should try to allocate next.
- size_t cursor_;
-
- mozilla::Maybe<mozilla::non_crypto::XorShift128PlusRNG> rng_;
- PageBitSet<MaxCodePages> pages_;
-
- public:
- ProcessExecutableMemory()
- : base_(nullptr),
- lock_(nullptr),
- pagesAllocated_(0),
- cursor_(0),
- rng_(),
- pages_()
- {}
-
- MOZ_MUST_USE bool init() {
- pages_.init();
-
- MOZ_RELEASE_ASSERT(!initialized());
- MOZ_RELEASE_ASSERT(gc::SystemPageSize() <= ExecutableCodePageSize);
-
- lock_ = PR_NewLock();
- if (!lock_)
- return false;
-
- void* p = ReserveProcessExecutableMemory(MaxCodeBytesPerProcess);
- if (!p)
- return false;
-
- base_ = static_cast<uint8_t*>(p);
-
- mozilla::Array<uint64_t, 2> seed;
- GenerateXorShift128PlusSeed(seed);
- rng_.emplace(seed[0], seed[1]);
- return true;
- }
-
- bool initialized() const {
- return base_ != nullptr;
- }
-
- size_t bytesAllocated() const {
- MOZ_ASSERT(pagesAllocated_ <= MaxCodePages);
- return pagesAllocated_ * ExecutableCodePageSize;
- }
-
- void release() {
- MOZ_ASSERT(initialized());
- MOZ_ASSERT(pages_.empty());
- MOZ_ASSERT(pagesAllocated_ == 0);
- DeallocateProcessExecutableMemory(base_, MaxCodeBytesPerProcess);
- base_ = nullptr;
- rng_.reset();
- MOZ_ASSERT(lock_);
- PR_DestroyLock(lock_);
- lock_ = nullptr;
- MOZ_ASSERT(!initialized());
- }
-
- void assertValidAddress(void* p, size_t bytes) const {
- MOZ_RELEASE_ASSERT(p >= base_ &&
- uintptr_t(p) + bytes <= uintptr_t(base_) + MaxCodeBytesPerProcess);
- }
-
- void* allocate(size_t bytes, ProtectionSetting protection);
- void deallocate(void* addr, size_t bytes);
-};
-
-void*
-ProcessExecutableMemory::allocate(size_t bytes, ProtectionSetting protection)
-{
- MOZ_ASSERT(initialized());
- MOZ_ASSERT(bytes > 0);
- MOZ_ASSERT((bytes % ExecutableCodePageSize) == 0);
-
- size_t numPages = bytes / ExecutableCodePageSize;
-
- // Take the lock and try to allocate.
- void* p = nullptr;
- {
- PR_Lock(lock_);
- MOZ_ASSERT(pagesAllocated_ <= MaxCodePages);
-
- // Check if we have enough pages available.
- if (pagesAllocated_ + numPages >= MaxCodePages) {
- PR_Unlock(lock_);
- return nullptr;
- }
-
- MOZ_ASSERT(bytes <= MaxCodeBytesPerProcess);
-
- // Maybe skip a page to make allocations less predictable.
- size_t page = cursor_ + (rng_.ref().next() % 2);
-
- for (size_t i = 0; i < MaxCodePages; i++) {
- // Make sure page + numPages - 1 is a valid index.
- if (page + numPages > MaxCodePages)
- page = 0;
-
- bool available = true;
- for (size_t j = 0; j < numPages; j++) {
- if (pages_.contains(page + j)) {
- available = false;
- break;
- }
- }
- if (!available) {
- page++;
- continue;
- }
-
- // Mark the pages as unavailable.
- for (size_t j = 0; j < numPages; j++)
- pages_.insert(page + j);
-
- pagesAllocated_ += numPages;
- MOZ_ASSERT(pagesAllocated_ <= MaxCodePages);
-
- // If we allocated a small number of pages, move cursor_ to the
- // next page. We don't do this for larger allocations to avoid
- // skipping a large number of small holes.
- if (numPages <= 2)
- cursor_ = page + numPages;
-
- p = base_ + page * ExecutableCodePageSize;
- break;
- }
- PR_Unlock(lock_);
- if (!p)
- return nullptr;
- }
-
- // Commit the pages after releasing the lock.
- CommitPages(p, bytes, protection);
- return p;
-}
-
-void
-ProcessExecutableMemory::deallocate(void* addr, size_t bytes)
-{
- MOZ_ASSERT(initialized());
- MOZ_ASSERT(addr);
- MOZ_ASSERT((uintptr_t(addr) % gc::SystemPageSize()) == 0);
- MOZ_ASSERT(bytes > 0);
- MOZ_ASSERT((bytes % ExecutableCodePageSize) == 0);
-
- assertValidAddress(addr, bytes);
-
- size_t firstPage = (static_cast<uint8_t*>(addr) - base_) / ExecutableCodePageSize;
- size_t numPages = bytes / ExecutableCodePageSize;
-
- // Decommit before taking the lock.
- DecommitPages(addr, bytes);
-
- PR_Lock(lock_);
- MOZ_ASSERT(numPages <= pagesAllocated_);
- pagesAllocated_ -= numPages;
-
- for (size_t i = 0; i < numPages; i++)
- pages_.remove(firstPage + i);
-
- // Move the cursor back so we can reuse pages instead of fragmenting the
- // whole region.
- if (firstPage < cursor_)
- cursor_ = firstPage;
-
- PR_Unlock(lock_);
-}
-
-static ProcessExecutableMemory execMemory;
-
-void*
-js::jit::AllocateExecutableMemory(size_t bytes, ProtectionSetting protection)
-{
- return execMemory.allocate(bytes, protection);
-}
-
-void
-js::jit::DeallocateExecutableMemory(void* addr, size_t bytes)
-{
- execMemory.deallocate(addr, bytes);
-}
-
-bool
-js::jit::InitProcessExecutableMemory()
-{
- return execMemory.init();
-}
-
-void
-js::jit::ReleaseProcessExecutableMemory()
-{
- execMemory.release();
-}
-
-bool
-js::jit::CanLikelyAllocateMoreExecutableMemory()
-{
- // Use a 16 MB buffer.
- static const size_t BufferSize = 16 * 1024 * 1024;
-
- MOZ_ASSERT(execMemory.bytesAllocated() <= MaxCodeBytesPerProcess);
-
- return execMemory.bytesAllocated() + BufferSize <= MaxCodeBytesPerProcess;
-}
diff --git a/src/third_party/mozjs-45/extract/js/src/jit/ProcessExecutableMemory.h b/src/third_party/mozjs-45/extract/js/src/jit/ProcessExecutableMemory.h
deleted file mode 100644
index 7884706e3bd..00000000000
--- a/src/third_party/mozjs-45/extract/js/src/jit/ProcessExecutableMemory.h
+++ /dev/null
@@ -1,46 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=8 sts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef jit_ProcessExecutableMemory_h
-#define jit_ProcessExecutableMemory_h
-
-#include "mozilla/Attributes.h"
-
-namespace js {
-namespace jit {
-
-// Executable code is allocated in 64K chunks. ExecutableAllocator uses pools
-// that are at least this big. Code we allocate does not necessarily have 64K
-// alignment though.
-static const size_t ExecutableCodePageSize = 64 * 1024;
-
-enum class ProtectionSetting {
- Protected, // Not readable, writable, or executable.
- Writable,
- Executable,
-};
-
-// Functions called at process start-up/shutdown to initialize/release the
-// executable memory region.
-extern MOZ_MUST_USE bool InitProcessExecutableMemory();
-extern void ReleaseProcessExecutableMemory();
-
-// Allocate/deallocate executable pages.
-extern void* AllocateExecutableMemory(size_t bytes, ProtectionSetting protection);
-extern void DeallocateExecutableMemory(void* addr, size_t bytes);
-
-// Returns true if we can allocate a few more MB of executable code without
-// hitting our code limit. This function can be used to stop compiling things
-// that are optional (like Baseline and Ion code) when we're about to reach the
-// limit, so we are less likely to OOM or crash. Note that the limit is
-// per-process, so other threads can also allocate code after we call this
-// function.
-extern bool CanLikelyAllocateMoreExecutableMemory();
-
-} // namespace jit
-} // namespace js
-
-#endif // jit_ProcessExecutableMemory_h
diff --git a/src/third_party/mozjs-45/extract/js/src/jit/SharedIC.cpp b/src/third_party/mozjs-45/extract/js/src/jit/SharedIC.cpp
index 3d3a30f4813..2867776f0af 100644
--- a/src/third_party/mozjs-45/extract/js/src/jit/SharedIC.cpp
+++ b/src/third_party/mozjs-45/extract/js/src/jit/SharedIC.cpp
@@ -2448,14 +2448,6 @@ IsCacheableGetPropCall(JSContext* cx, JSObject* obj, JSObject* holder, Shape* sh
return false;
JSFunction* func = &shape->getterObject()->as<JSFunction>();
- if (IsWindow(obj)) {
- if (!func->isNative())
- return false;
-
- if (!func->jitInfo() || func->jitInfo()->needsOuterizedThisObject())
- return false;
- }
-
if (func->isNative()) {
*isScripted = false;
return true;
diff --git a/src/third_party/mozjs-45/extract/js/src/jit/VMFunctions.cpp b/src/third_party/mozjs-45/extract/js/src/jit/VMFunctions.cpp
index 1296b52fec5..6eda48e0a5f 100644
--- a/src/third_party/mozjs-45/extract/js/src/jit/VMFunctions.cpp
+++ b/src/third_party/mozjs-45/extract/js/src/jit/VMFunctions.cpp
@@ -1208,18 +1208,14 @@ AssertValidStringPtr(JSContext* cx, JSString* str)
MOZ_ASSERT(str->length() <= JSString::MAX_LENGTH);
gc::AllocKind kind = str->getAllocKind();
- if (str->isFatInline()) {
- MOZ_ASSERT(kind == gc::AllocKind::FAT_INLINE_STRING ||
- kind == gc::AllocKind::FAT_INLINE_ATOM);
- } else if (str->isExternal()) {
+ if (str->isFatInline())
+ MOZ_ASSERT(kind == gc::AllocKind::FAT_INLINE_STRING);
+ else if (str->isExternal())
MOZ_ASSERT(kind == gc::AllocKind::EXTERNAL_STRING);
- } else if (str->isAtom()) {
- MOZ_ASSERT(kind == gc::AllocKind::ATOM);
- } else if (str->isFlat()) {
+ else if (str->isAtom() || str->isFlat())
MOZ_ASSERT(kind == gc::AllocKind::STRING || kind == gc::AllocKind::FAT_INLINE_STRING);
- } else {
+ else
MOZ_ASSERT(kind == gc::AllocKind::STRING);
- }
#endif
}
diff --git a/src/third_party/mozjs-45/extract/js/src/jsarray.cpp b/src/third_party/mozjs-45/extract/js/src/jsarray.cpp
index 1131720cb72..59384b3fd4b 100644
--- a/src/third_party/mozjs-45/extract/js/src/jsarray.cpp
+++ b/src/third_party/mozjs-45/extract/js/src/jsarray.cpp
@@ -1882,7 +1882,6 @@ js::array_sort(JSContext* cx, unsigned argc, Value* vp)
undefs = 0;
bool allStrings = true;
bool allInts = true;
- bool extraIndexed = ObjectMayHaveExtraIndexedProperties(obj);
RootedValue v(cx);
for (uint32_t i = 0; i < len; i++) {
if (!CheckForInterrupt(cx))
@@ -1915,10 +1914,7 @@ js::array_sort(JSContext* cx, unsigned argc, Value* vp)
}
/* Here len == n + undefs + number_of_holes. */
- bool defaultOrMatch;
if (fval.isNull()) {
- defaultOrMatch = true;
-
/*
* Sort using the default comparator converting all elements to
* strings.
@@ -1942,7 +1938,6 @@ js::array_sort(JSContext* cx, unsigned argc, Value* vp)
if (comp == Match_Failure)
return false;
- defaultOrMatch = comp != Match_None;
if (comp != Match_None) {
if (allInts) {
JS_ALWAYS_TRUE(vec.resize(n * 2));
@@ -1963,10 +1958,7 @@ js::array_sort(JSContext* cx, unsigned argc, Value* vp)
}
}
- ShouldUpdateTypes updateTypes = !extraIndexed && (allStrings || allInts) && defaultOrMatch
- ? ShouldUpdateTypes::DontUpdate
- : ShouldUpdateTypes::Update;
- if (!InitArrayElements(cx, obj, 0, uint32_t(n), vec.begin(), updateTypes))
+ if (!InitArrayElements(cx, obj, 0, uint32_t(n), vec.begin(), ShouldUpdateTypes::DontUpdate))
return false;
}
diff --git a/src/third_party/mozjs-45/extract/js/src/jsatom.cpp b/src/third_party/mozjs-45/extract/js/src/jsatom.cpp
index 65f1deffbf9..3d3c0e4d821 100644
--- a/src/third_party/mozjs-45/extract/js/src/jsatom.cpp
+++ b/src/third_party/mozjs-45/extract/js/src/jsatom.cpp
@@ -340,8 +340,7 @@ AtomizeAndCopyChars(ExclusiveContext* cx, const CharT* tbchars, size_t length, P
return nullptr;
}
- JSAtom* atom = flat->morphAtomizedStringIntoAtom(lookup.hash);
- MOZ_ASSERT(atom->hash() == lookup.hash);
+ JSAtom* atom = flat->morphAtomizedStringIntoAtom();
// We have held the lock since looking up p, and the operations we've done
// since then can't GC; therefore the atoms table has not been modified and
diff --git a/src/third_party/mozjs-45/extract/js/src/jsatom.h b/src/third_party/mozjs-45/extract/js/src/jsatom.h
index 48d3c0ef9cf..ed1a6c9adf8 100644
--- a/src/third_party/mozjs-45/extract/js/src/jsatom.h
+++ b/src/third_party/mozjs-45/extract/js/src/jsatom.h
@@ -23,6 +23,25 @@ class JSAutoByteString;
namespace js {
+JS_STATIC_ASSERT(sizeof(HashNumber) == 4);
+
+static MOZ_ALWAYS_INLINE js::HashNumber
+HashId(jsid id)
+{
+ return mozilla::HashGeneric(JSID_BITS(id));
+}
+
+struct JsidHasher
+{
+ typedef jsid Lookup;
+ static HashNumber hash(const Lookup& l) {
+ return HashNumber(JSID_BITS(l));
+ }
+ static bool match(const jsid& id, const Lookup& l) {
+ return id == l;
+ }
+};
+
/*
* Return a printable, lossless char[] representation of a string-type atom.
* The lifetime of the result matches the lifetime of bytes.
diff --git a/src/third_party/mozjs-45/extract/js/src/jsatominlines.h b/src/third_party/mozjs-45/extract/js/src/jsatominlines.h
index 216a91071e2..2fb7d35aa0a 100644
--- a/src/third_party/mozjs-45/extract/js/src/jsatominlines.h
+++ b/src/third_party/mozjs-45/extract/js/src/jsatominlines.h
@@ -156,13 +156,12 @@ inline
AtomHasher::Lookup::Lookup(const JSAtom* atom)
: isLatin1(atom->hasLatin1Chars()), length(atom->length()), atom(atom)
{
- hash = atom->hash();
if (isLatin1) {
latin1Chars = atom->latin1Chars(nogc);
- MOZ_ASSERT(mozilla::HashString(latin1Chars, length) == hash);
+ hash = mozilla::HashString(latin1Chars, length);
} else {
twoByteChars = atom->twoByteChars(nogc);
- MOZ_ASSERT(mozilla::HashString(twoByteChars, length) == hash);
+ hash = mozilla::HashString(twoByteChars, length);
}
}
@@ -172,7 +171,7 @@ AtomHasher::match(const AtomStateEntry& entry, const Lookup& lookup)
JSAtom* key = entry.asPtr();
if (lookup.atom)
return lookup.atom == key;
- if (key->length() != lookup.length || key->hash() != lookup.hash)
+ if (key->length() != lookup.length)
return false;
if (key->hasLatin1Chars()) {
diff --git a/src/third_party/mozjs-45/extract/js/src/jscntxt.h b/src/third_party/mozjs-45/extract/js/src/jscntxt.h
index 89bf2863503..0f70509d67f 100644
--- a/src/third_party/mozjs-45/extract/js/src/jscntxt.h
+++ b/src/third_party/mozjs-45/extract/js/src/jscntxt.h
@@ -12,7 +12,6 @@
#include "mozilla/MemoryReporting.h"
#include "js/TraceableVector.h"
-#include "js/Utility.h"
#include "js/Vector.h"
#include "vm/Runtime.h"
diff --git a/src/third_party/mozjs-45/extract/js/src/jscompartment.cpp b/src/third_party/mozjs-45/extract/js/src/jscompartment.cpp
index 0d72551ef4b..c0d41ce8037 100644
--- a/src/third_party/mozjs-45/extract/js/src/jscompartment.cpp
+++ b/src/third_party/mozjs-45/extract/js/src/jscompartment.cpp
@@ -46,7 +46,6 @@ JSCompartment::JSCompartment(Zone* zone, const JS::CompartmentOptions& options =
runtime_(zone->runtimeFromMainThread()),
principals_(nullptr),
isSystem_(false),
- isAtomsCompartment_(false),
isSelfHosting(false),
marked(true),
warnedAboutFlagsArgument(false),
@@ -73,7 +72,6 @@ JSCompartment::JSCompartment(Zone* zone, const JS::CompartmentOptions& options =
gcIncomingGrayPointers(nullptr),
gcPreserveJitCode(options.preserveJitCode()),
debugModeBits(0),
- randomKeyGenerator_(runtime_->forkRandomKeyGenerator()),
watchpointMap(nullptr),
scriptCountsMap(nullptr),
debugScriptMap(nullptr),
@@ -159,12 +157,6 @@ JSRuntime::createJitRuntime(JSContext* cx)
MOZ_ASSERT(!jitRuntime_);
- if (!CanLikelyAllocateMoreExecutableMemory()) {
- // Report OOM instead of potentially hitting the MOZ_CRASH below.
- ReportOutOfMemory(cx);
- return nullptr;
- }
-
jit::JitRuntime* jrt = cx->new_<jit::JitRuntime>();
if (!jrt)
return nullptr;
@@ -1176,20 +1168,6 @@ JSCompartment::addTelemetry(const char* filename, DeprecatedLanguageExtension e)
sawDeprecatedLanguageExtension[e] = true;
}
-HashNumber
-JSCompartment::randomHashCode()
-{
- ensureRandomNumberGenerator();
- return HashNumber(randomNumberGenerator.ref().next());
-}
-
-mozilla::HashCodeScrambler
-JSCompartment::randomHashCodeScrambler()
-{
- return mozilla::HashCodeScrambler(randomKeyGenerator_.next(),
- randomKeyGenerator_.next());
-}
-
AutoSetNewObjectMetadata::AutoSetNewObjectMetadata(ExclusiveContext* ecx
MOZ_GUARD_OBJECT_NOTIFIER_PARAM_IN_IMPL)
: CustomAutoRooter(ecx)
diff --git a/src/third_party/mozjs-45/extract/js/src/jscompartment.h b/src/third_party/mozjs-45/extract/js/src/jscompartment.h
index de5592fd65a..96938211507 100644
--- a/src/third_party/mozjs-45/extract/js/src/jscompartment.h
+++ b/src/third_party/mozjs-45/extract/js/src/jscompartment.h
@@ -270,19 +270,9 @@ struct JSCompartment
performanceMonitoring.unlink();
isSystem_ = isSystem;
}
-
- bool isAtomsCompartment() const {
- return isAtomsCompartment_;
- }
- void setIsAtomsCompartment() {
- isAtomsCompartment_ = true;
- }
-
private:
JSPrincipals* principals_;
bool isSystem_;
- bool isAtomsCompartment_;
-
public:
bool isSelfHosting;
bool marked;
@@ -611,14 +601,6 @@ struct JSCompartment
void ensureRandomNumberGenerator();
private:
- mozilla::non_crypto::XorShift128PlusRNG randomKeyGenerator_;
-
- public:
- js::HashNumber randomHashCode();
-
- mozilla::HashCodeScrambler randomHashCodeScrambler();
-
- private:
JSCompartment* thisForCtor() { return this; }
public:
diff --git a/src/third_party/mozjs-45/extract/js/src/jsgc.cpp b/src/third_party/mozjs-45/extract/js/src/jsgc.cpp
index 776ebef6563..610fd78b0b6 100644
--- a/src/third_party/mozjs-45/extract/js/src/jsgc.cpp
+++ b/src/third_party/mozjs-45/extract/js/src/jsgc.cpp
@@ -238,7 +238,6 @@ using namespace js;
using namespace js::gc;
using mozilla::ArrayLength;
-using mozilla::HashCodeScrambler;
using mozilla::Maybe;
using mozilla::Swap;
@@ -292,8 +291,6 @@ const uint32_t Arena::ThingSizes[] = CHECK_MIN_THING_SIZE(
sizeof(JSFatInlineString), /* AllocKind::FAT_INLINE_STRING */
sizeof(JSString), /* AllocKind::STRING */
sizeof(JSExternalString), /* AllocKind::EXTERNAL_STRING */
- sizeof(js::FatInlineAtom), /* AllocKind::FAT_INLINE_ATOM */
- sizeof(js::NormalAtom), /* AllocKind::ATOM */
sizeof(JS::Symbol), /* AllocKind::SYMBOL */
sizeof(jit::JitCode), /* AllocKind::JITCODE */
);
@@ -327,8 +324,6 @@ const uint32_t Arena::FirstThingOffsets[] = {
OFFSET(JSFatInlineString), /* AllocKind::FAT_INLINE_STRING */
OFFSET(JSString), /* AllocKind::STRING */
OFFSET(JSExternalString), /* AllocKind::EXTERNAL_STRING */
- OFFSET(js::FatInlineAtom), /* AllocKind::FAT_INLINE_ATOM */
- OFFSET(js::NormalAtom), /* AllocKind::ATOM */
OFFSET(JS::Symbol), /* AllocKind::SYMBOL */
OFFSET(jit::JitCode), /* AllocKind::JITCODE */
};
@@ -385,8 +380,6 @@ static const AllocKind BackgroundPhaseObjects[] = {
static const AllocKind BackgroundPhaseStringsAndSymbols[] = {
AllocKind::FAT_INLINE_STRING,
AllocKind::STRING,
- AllocKind::FAT_INLINE_ATOM,
- AllocKind::ATOM,
AllocKind::SYMBOL
};
@@ -640,10 +633,6 @@ FinalizeArenas(FreeOp* fop,
return FinalizeTypedArenas<JSFatInlineString>(fop, src, dest, thingKind, budget, keepArenas);
case AllocKind::EXTERNAL_STRING:
return FinalizeTypedArenas<JSExternalString>(fop, src, dest, thingKind, budget, keepArenas);
- case AllocKind::FAT_INLINE_ATOM:
- return FinalizeTypedArenas<js::FatInlineAtom>(fop, src, dest, thingKind, budget, keepArenas);
- case AllocKind::ATOM:
- return FinalizeTypedArenas<js::NormalAtom>(fop, src, dest, thingKind, budget, keepArenas);
case AllocKind::SYMBOL:
return FinalizeTypedArenas<JS::Symbol>(fop, src, dest, thingKind, budget, keepArenas);
case AllocKind::JITCODE:
@@ -2334,9 +2323,8 @@ GCRuntime::relocateArenas(Zone* zone, JS::gcreason::Reason reason, ArenaHeader*&
void
MovingTracer::onObjectEdge(JSObject** objp)
{
- JSObject* obj = *objp;
- if (obj->runtimeFromAnyThread() == runtime() && IsForwarded(obj))
- *objp = Forwarded(obj);
+ if (IsForwarded(*objp))
+ *objp = Forwarded(*objp);
}
void
@@ -2489,8 +2477,6 @@ bool ArenasToUpdate::shouldProcessKind(AllocKind kind)
if (kind == AllocKind::FAT_INLINE_STRING ||
kind == AllocKind::STRING ||
kind == AllocKind::EXTERNAL_STRING ||
- kind == AllocKind::FAT_INLINE_ATOM ||
- kind == AllocKind::ATOM ||
kind == AllocKind::SYMBOL)
{
return false;
@@ -3796,12 +3782,10 @@ GCRuntime::purgeRuntime()
bool
GCRuntime::shouldPreserveJITCode(JSCompartment* comp, int64_t currentTime,
- JS::gcreason::Reason reason, bool canAllocateMoreCode)
+ JS::gcreason::Reason reason)
{
if (cleanUpEverything)
return false;
- if (!canAllocateMoreCode)
- return false;
if (alwaysPreserveCode)
return true;
@@ -3948,19 +3932,15 @@ GCRuntime::beginMarkPhase(JS::gcreason::Reason reason)
zone->setPreservingCode(false);
}
- // Discard JIT code more aggressively if the process is approaching its
- // executable code limit.
- bool canAllocateMoreCode = jit::CanLikelyAllocateMoreExecutableMemory();
-
for (CompartmentsIter c(rt, WithAtoms); !c.done(); c.next()) {
c->marked = false;
c->scheduledForDestruction = false;
c->maybeAlive = false;
- if (shouldPreserveJITCode(c, currentTime, reason, canAllocateMoreCode))
+ if (shouldPreserveJITCode(c, currentTime, reason))
c->zone()->setPreservingCode(true);
}
- if (!rt->gc.cleanUpEverything && canAllocateMoreCode) {
+ if (!rt->gc.cleanUpEverything) {
if (JSCompartment* comp = jit::TopmostIonActivationCompartment(rt))
comp->zone()->setPreservingCode(true);
}
@@ -4318,7 +4298,7 @@ js::gc::MarkingValidator::nonIncrementalMark()
* For saving, smush all of the keys into one big table and split them back
* up into per-zone tables when restoring.
*/
- gc::WeakKeyTable savedWeakKeys(SystemAllocPolicy(), runtime->randomHashCodeScrambler());
+ gc::WeakKeyTable savedWeakKeys;
if (!savedWeakKeys.init())
return;
@@ -4591,6 +4571,7 @@ Zone::findOutgoingEdges(ComponentFinder<JS::Zone>& finder)
if (r.front()->isGCMarking())
finder.addEdgeTo(r.front());
}
+ gcZoneGroupEdges.clear();
Debugger::findZoneEdges(this, finder);
}
@@ -4619,11 +4600,6 @@ GCRuntime::findZoneEdgesForWeakMaps()
void
GCRuntime::findZoneGroups()
{
-#ifdef DEBUG
- for (ZonesIter zone(rt, WithAtoms); !zone.done(); zone.next())
- MOZ_ASSERT(zone->gcZoneGroupEdges.empty());
-#endif
-
ComponentFinder<Zone> finder(rt->mainThread.nativeStackLimit[StackForSystemCode]);
if (!isIncremental || !findZoneEdgesForWeakMaps())
finder.useOneComponent();
@@ -4636,19 +4612,12 @@ GCRuntime::findZoneGroups()
currentZoneGroup = zoneGroups;
zoneGroupIndex = 0;
- for (GCZonesIter zone(rt); !zone.done(); zone.next())
- zone->gcZoneGroupEdges.clear();
-
-#ifdef DEBUG
for (Zone* head = currentZoneGroup; head; head = head->nextGroup()) {
for (Zone* zone = head; zone; zone = zone->nextNodeInGroup())
MOZ_ASSERT(zone->isGCMarking());
}
MOZ_ASSERT_IF(!isIncremental, !currentZoneGroup->nextGroup());
- for (ZonesIter zone(rt, WithAtoms); !zone.done(); zone.next())
- MOZ_ASSERT(zone->gcZoneGroupEdges.empty());
-#endif
}
static void
@@ -4818,11 +4787,11 @@ MarkIncomingCrossCompartmentPointers(JSRuntime* rt, const uint32_t color)
MOZ_ASSERT(dst->compartment() == c);
if (color == GRAY) {
- if (IsMarkedUnbarriered(rt, &src) && src->asTenured().isMarked(GRAY))
+ if (IsMarkedUnbarriered(&src) && src->asTenured().isMarked(GRAY))
TraceManuallyBarrieredEdge(&rt->gc.marker, &dst,
"cross-compartment gray pointer");
} else {
- if (IsMarkedUnbarriered(rt, &src) && !src->asTenured().isMarked(GRAY))
+ if (IsMarkedUnbarriered(&src) && !src->asTenured().isMarked(GRAY))
TraceManuallyBarrieredEdge(&rt->gc.marker, &dst,
"cross-compartment black pointer");
}
diff --git a/src/third_party/mozjs-45/extract/js/src/jsgc.h b/src/third_party/mozjs-45/extract/js/src/jsgc.h
index d4cfc9960b8..a254a0b3ae9 100644
--- a/src/third_party/mozjs-45/extract/js/src/jsgc.h
+++ b/src/third_party/mozjs-45/extract/js/src/jsgc.h
@@ -103,8 +103,6 @@ template <> struct MapTypeToFinalizeKind<ObjectGroup> { static const Alloc
template <> struct MapTypeToFinalizeKind<JSFatInlineString> { static const AllocKind kind = AllocKind::FAT_INLINE_STRING; };
template <> struct MapTypeToFinalizeKind<JSString> { static const AllocKind kind = AllocKind::STRING; };
template <> struct MapTypeToFinalizeKind<JSExternalString> { static const AllocKind kind = AllocKind::EXTERNAL_STRING; };
-template <> struct MapTypeToFinalizeKind<js::FatInlineAtom> { static const AllocKind kind = AllocKind::FAT_INLINE_ATOM; };
-template <> struct MapTypeToFinalizeKind<js::NormalAtom> { static const AllocKind kind = AllocKind::ATOM; };
template <> struct MapTypeToFinalizeKind<JS::Symbol> { static const AllocKind kind = AllocKind::SYMBOL; };
template <> struct MapTypeToFinalizeKind<jit::JitCode> { static const AllocKind kind = AllocKind::JITCODE; };
@@ -142,8 +140,6 @@ IsNurseryAllocable(AllocKind kind)
false, /* AllocKind::FAT_INLINE_STRING */
false, /* AllocKind::STRING */
false, /* AllocKind::EXTERNAL_STRING */
- false, /* AllocKind::FAT_INLINE_ATOM */
- false, /* AllocKind::ATOM */
false, /* AllocKind::SYMBOL */
false, /* AllocKind::JITCODE */
};
@@ -179,8 +175,6 @@ IsBackgroundFinalized(AllocKind kind)
true, /* AllocKind::FAT_INLINE_STRING */
true, /* AllocKind::STRING */
false, /* AllocKind::EXTERNAL_STRING */
- true, /* AllocKind::FAT_INLINE_ATOM */
- true, /* AllocKind::ATOM */
true, /* AllocKind::SYMBOL */
false, /* AllocKind::JITCODE */
};
diff --git a/src/third_party/mozjs-45/extract/js/src/jsgcinlines.h b/src/third_party/mozjs-45/extract/js/src/jsgcinlines.h
index 0cc2b051cb4..6ca8804cd8f 100644
--- a/src/third_party/mozjs-45/extract/js/src/jsgcinlines.h
+++ b/src/third_party/mozjs-45/extract/js/src/jsgcinlines.h
@@ -89,19 +89,11 @@ class ArenaIter
}
};
-enum CellIterNeedsBarrier : uint8_t
-{
- CellIterDoesntNeedBarrier = 0,
- CellIterMayNeedBarrier = 1
-};
-
class ArenaCellIterImpl
{
- // These are set in initUnsynchronized().
+ // These three are set in initUnsynchronized().
size_t firstThingOffset;
size_t thingSize;
- JS::TraceKind traceKind;
- bool needsBarrier;
#ifdef DEBUG
bool isInited;
#endif
@@ -130,30 +122,26 @@ class ArenaCellIterImpl
ArenaCellIterImpl()
: firstThingOffset(0) // Squelch
, thingSize(0) // warnings
- , traceKind(JS::TraceKind::Null)
- , needsBarrier(false)
, limit(0)
{
}
- void initUnsynchronized(ArenaHeader* aheader, CellIterNeedsBarrier mayNeedBarrier) {
+ void initUnsynchronized(ArenaHeader* aheader) {
AllocKind kind = aheader->getAllocKind();
#ifdef DEBUG
isInited = true;
#endif
firstThingOffset = Arena::firstThingOffset(kind);
thingSize = Arena::thingSize(kind);
- traceKind = MapAllocToTraceKind(kind);
- needsBarrier = mayNeedBarrier && !aheader->zone->runtimeFromMainThread()->isHeapCollecting();
reset(aheader);
}
- void init(ArenaHeader* aheader, CellIterNeedsBarrier mayNeedBarrier) {
+ void init(ArenaHeader* aheader) {
#ifdef DEBUG
AllocKind kind = aheader->getAllocKind();
MOZ_ASSERT(aheader->zone->arenas.isSynchronizedFreeList(kind));
#endif
- initUnsynchronized(aheader, mayNeedBarrier);
+ initUnsynchronized(aheader);
}
// Use this to move from an Arena of a particular kind to another Arena of
@@ -173,15 +161,7 @@ class ArenaCellIterImpl
TenuredCell* getCell() const {
MOZ_ASSERT(!done());
- TenuredCell* cell = reinterpret_cast<TenuredCell*>(thing);
-
- // This can result in a a new reference being created to an object that
- // an ongoing incremental GC may find to be unreachable, so we may need
- // a barrier here.
- if (needsBarrier)
- ExposeGCThingToActiveJS(JS::GCCellPtr(cell, traceKind));
-
- return cell;
+ return reinterpret_cast<TenuredCell*>(thing);
}
template<typename T> T* get() const {
@@ -206,7 +186,7 @@ class ArenaCellIterUnderGC : public ArenaCellIterImpl
public:
explicit ArenaCellIterUnderGC(ArenaHeader* aheader) {
MOZ_ASSERT(aheader->zone->runtimeFromAnyThread()->isHeapBusy());
- init(aheader, CellIterDoesntNeedBarrier);
+ init(aheader);
}
};
@@ -214,7 +194,7 @@ class ArenaCellIterUnderFinalize : public ArenaCellIterImpl
{
public:
explicit ArenaCellIterUnderFinalize(ArenaHeader* aheader) {
- initUnsynchronized(aheader, CellIterDoesntNeedBarrier);
+ initUnsynchronized(aheader);
}
};
@@ -230,7 +210,7 @@ class ZoneCellIterImpl
MOZ_ASSERT(zone->arenas.isSynchronizedFreeList(kind));
arenaIter.init(zone, kind);
if (!arenaIter.done())
- cellIter.init(arenaIter.get(), CellIterMayNeedBarrier);
+ cellIter.init(arenaIter.get());
}
public:
diff --git a/src/third_party/mozjs-45/extract/js/src/jsiter.cpp b/src/third_party/mozjs-45/extract/js/src/jsiter.cpp
index 9cbff88bfb1..9b27317683b 100644
--- a/src/third_party/mozjs-45/extract/js/src/jsiter.cpp
+++ b/src/third_party/mozjs-45/extract/js/src/jsiter.cpp
@@ -69,7 +69,17 @@ NativeIterator::mark(JSTracer* trc)
TraceManuallyBarrieredEdge(trc, &iterObj_, "iterObj");
}
-typedef HashSet<jsid, JsidHasher> IdSet;
+struct IdHashPolicy {
+ typedef jsid Lookup;
+ static HashNumber hash(jsid id) {
+ return JSID_BITS(id);
+ }
+ static bool match(jsid id1, jsid id2) {
+ return id1 == id2;
+ }
+};
+
+typedef HashSet<jsid, IdHashPolicy> IdSet;
static inline bool
NewKeyValuePair(JSContext* cx, jsid id, const Value& val, MutableHandleValue rval)
diff --git a/src/third_party/mozjs-45/extract/js/src/jsmath.cpp b/src/third_party/mozjs-45/extract/js/src/jsmath.cpp
index e381b42a846..040269f63d9 100644
--- a/src/third_party/mozjs-45/extract/js/src/jsmath.cpp
+++ b/src/third_party/mozjs-45/extract/js/src/jsmath.cpp
@@ -747,8 +747,8 @@ js::math_pow(JSContext* cx, unsigned argc, Value* vp)
return math_pow_handle(cx, args.get(0), args.get(1), args.rval());
}
-uint64_t
-js::GenerateRandomSeed()
+static uint64_t
+GenerateSeed()
{
uint64_t seed = 0;
@@ -763,7 +763,7 @@ js::GenerateRandomSeed()
close(fd);
}
#else
-# error "Platform needs to implement GenerateRandomSeed()"
+# error "Platform needs to implement GenerateSeed()"
#endif
// Also mix in PRMJ_Now() in case we couldn't read random bits from the OS.
@@ -775,8 +775,8 @@ js::GenerateXorShift128PlusSeed(mozilla::Array<uint64_t, 2>& seed)
{
// XorShift128PlusRNG must be initialized with a non-zero seed.
do {
- seed[0] = GenerateRandomSeed();
- seed[1] = GenerateRandomSeed();
+ seed[0] = GenerateSeed();
+ seed[1] = GenerateSeed();
} while (seed[0] == 0 && seed[1] == 0);
}
diff --git a/src/third_party/mozjs-45/extract/js/src/jsmath.h b/src/third_party/mozjs-45/extract/js/src/jsmath.h
index a1d1aaedfb3..e703c703c62 100644
--- a/src/third_party/mozjs-45/extract/js/src/jsmath.h
+++ b/src/third_party/mozjs-45/extract/js/src/jsmath.h
@@ -86,9 +86,6 @@ class MathCache
extern JSObject*
InitMathClass(JSContext* cx, HandleObject obj);
-extern uint64_t
-GenerateRandomSeed();
-
// Fill |seed[0]| and |seed[1]| with random bits, suitable for
// seeding a XorShift128+ random number generator.
extern void
diff --git a/src/third_party/mozjs-45/extract/js/src/jswatchpoint.cpp b/src/third_party/mozjs-45/extract/js/src/jswatchpoint.cpp
index 53418e36fc4..9713ebe5990 100644
--- a/src/third_party/mozjs-45/extract/js/src/jswatchpoint.cpp
+++ b/src/third_party/mozjs-45/extract/js/src/jswatchpoint.cpp
@@ -11,7 +11,6 @@
#include "jsfriendapi.h"
#include "gc/Marking.h"
-#include "vm/Shape.h"
#include "jsgcinlines.h"
@@ -154,7 +153,7 @@ WatchpointMap::markIteratively(JSTracer* trc)
JSObject* priorKeyObj = entry.key().object;
jsid priorKeyId(entry.key().id.get());
bool objectIsLive =
- IsMarked(trc->runtime(), const_cast<PreBarrieredObject*>(&entry.key().object));
+ IsMarked(const_cast<PreBarrieredObject*>(&entry.key().object));
if (objectIsLive || entry.value().held) {
if (!objectIsLive) {
TraceEdge(trc, const_cast<PreBarrieredObject*>(&entry.key().object),
@@ -167,7 +166,7 @@ WatchpointMap::markIteratively(JSTracer* trc)
JSID_IS_SYMBOL(priorKeyId));
TraceEdge(trc, const_cast<PreBarrieredId*>(&entry.key().id), "WatchKey::id");
- if (entry.value().closure && !IsMarked(trc->runtime(), &entry.value().closure)) {
+ if (entry.value().closure && !IsMarked(&entry.value().closure)) {
TraceEdge(trc, &entry.value().closure, "Watchpoint::closure");
marked = true;
}
diff --git a/src/third_party/mozjs-45/extract/js/src/jsweakmap.cpp b/src/third_party/mozjs-45/extract/js/src/jsweakmap.cpp
index 70a119601c7..2249f46f71c 100644
--- a/src/third_party/mozjs-45/extract/js/src/jsweakmap.cpp
+++ b/src/third_party/mozjs-45/extract/js/src/jsweakmap.cpp
@@ -150,7 +150,7 @@ ObjectValueMap::findZoneEdges()
if (!delegate)
continue;
Zone* delegateZone = delegate->zone();
- if (delegateZone == zone || !delegateZone->isGCMarking())
+ if (delegateZone == zone)
continue;
if (!delegateZone->gcZoneGroupEdges.put(key->zone()))
return false;
diff --git a/src/third_party/mozjs-45/extract/js/src/jsweakmap.h b/src/third_party/mozjs-45/extract/js/src/jsweakmap.h
index 020f51e9733..3c17c78d415 100644
--- a/src/third_party/mozjs-45/extract/js/src/jsweakmap.h
+++ b/src/third_party/mozjs-45/extract/js/src/jsweakmap.h
@@ -184,7 +184,7 @@ class WeakMap : public HashMap<Key, Value, HashPolicy, RuntimeAllocPolicy>,
Key key(p->key());
MOZ_ASSERT((markedCell == extractUnbarriered(key)) || (markedCell == getDelegate(key)));
- if (gc::IsMarked(trc->runtime(), &key)) {
+ if (gc::IsMarked(&key)) {
TraceEdge(trc, &p->value(), "ephemeron value");
} else if (keyNeedsMark(key)) {
TraceEdge(trc, &p->value(), "WeakMap ephemeron value");
@@ -249,7 +249,7 @@ class WeakMap : public HashMap<Key, Value, HashPolicy, RuntimeAllocPolicy>,
for (Enum e(*this); !e.empty(); e.popFront()) {
// If the entry is live, ensure its key and value are marked.
- bool keyIsMarked = gc::IsMarked(trc->runtime(), &e.front().mutableKey());
+ bool keyIsMarked = gc::IsMarked(&e.front().mutableKey());
if (!keyIsMarked && keyNeedsMark(e.front().key())) {
TraceEdge(trc, &e.front().mutableKey(), "proxy-preserved WeakMap entry key");
keyIsMarked = true;
@@ -257,7 +257,7 @@ class WeakMap : public HashMap<Key, Value, HashPolicy, RuntimeAllocPolicy>,
}
if (keyIsMarked) {
- if (!gc::IsMarked(trc->runtime(), &e.front().value())) {
+ if (!gc::IsMarked(&e.front().value())) {
TraceEdge(trc, &e.front().value(), "WeakMap entry value");
markedAny = true;
}
@@ -283,15 +283,7 @@ class WeakMap : public HashMap<Key, Value, HashPolicy, RuntimeAllocPolicy>,
JSObject* getDelegate(JSObject* key) const {
JSWeakmapKeyDelegateOp op = key->getClass()->ext.weakmapKeyDelegateOp;
- if (!op)
- return nullptr;
-
- JSObject* obj = op(key);
- if (!obj)
- return nullptr;
-
- MOZ_ASSERT(obj->runtimeFromMainThread() == zone->runtimeFromMainThread());
- return obj;
+ return op ? op(key) : nullptr;
}
JSObject* getDelegate(gc::Cell* cell) const {
@@ -304,7 +296,7 @@ class WeakMap : public HashMap<Key, Value, HashPolicy, RuntimeAllocPolicy>,
* Check if the delegate is marked with any color to properly handle
* gray marking when the key's delegate is black and the map is gray.
*/
- return delegate && gc::IsMarkedUnbarriered(zone->runtimeFromMainThread(), &delegate);
+ return delegate && gc::IsMarkedUnbarriered(&delegate);
}
bool keyNeedsMark(gc::Cell* cell) const {
diff --git a/src/third_party/mozjs-45/extract/js/src/moz.build b/src/third_party/mozjs-45/extract/js/src/moz.build
index 123c9f3bcb5..591d7a6a3ee 100644
--- a/src/third_party/mozjs-45/extract/js/src/moz.build
+++ b/src/third_party/mozjs-45/extract/js/src/moz.build
@@ -236,7 +236,6 @@ UNIFIED_SOURCES += [
'jit/MoveResolver.cpp',
'jit/OptimizationTracking.cpp',
'jit/PerfSpewer.cpp',
- 'jit/ProcessExecutableMemory.cpp',
'jit/RangeAnalysis.cpp',
'jit/Recover.cpp',
'jit/RegisterAllocator.cpp',
@@ -531,8 +530,15 @@ elif CONFIG['JS_CODEGEN_MIPS32'] or CONFIG['JS_CODEGEN_MIPS64']:
]
if CONFIG['OS_ARCH'] == 'WINNT':
+ SOURCES += [
+ 'jit/ExecutableAllocatorWin.cpp',
+ ]
# _CRT_RAND_S must be #defined before #including stdlib.h to get rand_s()
DEFINES['_CRT_RAND_S'] = True
+else:
+ SOURCES += [
+ 'jit/ExecutableAllocatorPosix.cpp',
+ ]
if CONFIG['JS_HAS_CTYPES']:
SOURCES += [
diff --git a/src/third_party/mozjs-45/extract/js/src/proxy/Wrapper.cpp b/src/third_party/mozjs-45/extract/js/src/proxy/Wrapper.cpp
index 6a60746904d..e80113ce362 100644
--- a/src/third_party/mozjs-45/extract/js/src/proxy/Wrapper.cpp
+++ b/src/third_party/mozjs-45/extract/js/src/proxy/Wrapper.cpp
@@ -42,10 +42,7 @@ JSObject*
Wrapper::wrappedObject(JSObject* wrapper)
{
MOZ_ASSERT(wrapper->is<WrapperObject>());
- JSObject* target = wrapper->as<ProxyObject>().target();
- if (target)
- JS::ExposeObjectToActiveJS(target);
- return target;
+ return wrapper->as<ProxyObject>().target();
}
bool
diff --git a/src/third_party/mozjs-45/extract/js/src/vm/Debugger.cpp b/src/third_party/mozjs-45/extract/js/src/vm/Debugger.cpp
index d583c9c52e9..12de1145276 100644
--- a/src/third_party/mozjs-45/extract/js/src/vm/Debugger.cpp
+++ b/src/third_party/mozjs-45/extract/js/src/vm/Debugger.cpp
@@ -517,7 +517,7 @@ Debugger::getHook(Hook hook) const
}
bool
-Debugger::hasAnyLiveHooks(JSRuntime* rt) const
+Debugger::hasAnyLiveHooks() const
{
if (!enabled)
return false;
@@ -532,7 +532,7 @@ Debugger::hasAnyLiveHooks(JSRuntime* rt) const
/* If any breakpoints are in live scripts, return true. */
for (Breakpoint* bp = firstBreakpoint(); bp; bp = bp->nextInDebugger()) {
- if (IsMarkedUnbarriered(rt, &bp->site->script))
+ if (IsMarkedUnbarriered(&bp->site->script))
return true;
}
@@ -2520,7 +2520,7 @@ Debugger::markAllIteratively(GCMarker* trc)
for (CompartmentsIter c(rt, SkipAtoms); !c.done(); c.next()) {
if (c->isDebuggee()) {
GlobalObject* global = c->unsafeUnbarrieredMaybeGlobal();
- if (!IsMarkedUnbarriered(rt, &global))
+ if (!IsMarkedUnbarriered(&global))
continue;
/*
@@ -2542,8 +2542,8 @@ Debugger::markAllIteratively(GCMarker* trc)
if (!dbgobj->zone()->isGCMarking())
continue;
- bool dbgMarked = IsMarked(rt, &dbgobj);
- if (!dbgMarked && dbg->hasAnyLiveHooks(rt)) {
+ bool dbgMarked = IsMarked(&dbgobj);
+ if (!dbgMarked && dbg->hasAnyLiveHooks()) {
/*
* obj could be reachable only via its live, enabled
* debugger hooks, which may yet be called.
@@ -2556,12 +2556,12 @@ Debugger::markAllIteratively(GCMarker* trc)
if (dbgMarked) {
/* Search for breakpoints to mark. */
for (Breakpoint* bp = dbg->firstBreakpoint(); bp; bp = bp->nextInDebugger()) {
- if (IsMarkedUnbarriered(rt, &bp->site->script)) {
+ if (IsMarkedUnbarriered(&bp->site->script)) {
/*
* The debugger and the script are both live.
* Therefore the breakpoint handler is live.
*/
- if (!IsMarked(rt, &bp->getHandlerRef())) {
+ if (!IsMarked(&bp->getHandlerRef())) {
TraceEdge(trc, &bp->getHandlerRef(), "breakpoint handler");
markedAny = true;
}
diff --git a/src/third_party/mozjs-45/extract/js/src/vm/Debugger.h b/src/third_party/mozjs-45/extract/js/src/vm/Debugger.h
index 49744a7d00d..ef7b94bc24f 100644
--- a/src/third_party/mozjs-45/extract/js/src/vm/Debugger.h
+++ b/src/third_party/mozjs-45/extract/js/src/vm/Debugger.h
@@ -607,7 +607,7 @@ class Debugger : private mozilla::LinkedListElement<Debugger>
void updateObservesAsmJSOnDebuggees(IsObserving observing);
JSObject* getHook(Hook hook) const;
- bool hasAnyLiveHooks(JSRuntime* rt) const;
+ bool hasAnyLiveHooks() const;
static JSTrapStatus slowPathOnEnterFrame(JSContext* cx, AbstractFramePtr frame);
static bool slowPathOnLeaveFrame(JSContext* cx, AbstractFramePtr frame, bool ok);
diff --git a/src/third_party/mozjs-45/extract/js/src/vm/Initialization.cpp b/src/third_party/mozjs-45/extract/js/src/vm/Initialization.cpp
index fcef4b22b44..cf5d21aa230 100644
--- a/src/third_party/mozjs-45/extract/js/src/vm/Initialization.cpp
+++ b/src/third_party/mozjs-45/extract/js/src/vm/Initialization.cpp
@@ -83,9 +83,7 @@ JS_Init(void)
js::oom::SetThreadType(js::oom::THREAD_TYPE_MAIN);
#endif
- js::gc::InitMemorySubsystem(); // Ensure gc::SystemPageSize() works.
- if (!js::jit::InitProcessExecutableMemory())
- return false;
+ js::jit::ExecutableAllocator::initStatic();
if (!js::jit::InitializeIon())
return false;
@@ -148,9 +146,6 @@ JS_ShutDown(void)
u_cleanup();
#endif // EXPOSE_INTL_API
- if (!JSRuntime::hasLiveRuntimes())
- js::jit::ReleaseProcessExecutableMemory();
-
libraryInitState = InitState::ShutDown;
}
diff --git a/src/third_party/mozjs-45/extract/js/src/vm/ObjectGroup.cpp b/src/third_party/mozjs-45/extract/js/src/vm/ObjectGroup.cpp
index ad002b4a05e..6ef50de88c3 100644
--- a/src/third_party/mozjs-45/extract/js/src/vm/ObjectGroup.cpp
+++ b/src/third_party/mozjs-45/extract/js/src/vm/ObjectGroup.cpp
@@ -12,7 +12,6 @@
#include "gc/StoreBuffer.h"
#include "gc/Zone.h"
#include "vm/ArrayObject.h"
-#include "vm/Shape.h"
#include "vm/UnboxedObject.h"
#include "jsobjinlines.h"
@@ -555,38 +554,45 @@ ObjectGroup::defaultNewGroup(ExclusiveContext* cx, const Class* clasp,
ObjectGroupCompartment::newTablePostBarrier(cx, table, clasp, proto, associated);
- if (associated) {
- if (associated->is<JSFunction>()) {
- if (!TypeNewScript::make(cx->asJSContext(), group, &associated->as<JSFunction>()))
- return nullptr;
- } else {
- group->setTypeDescr(&associated->as<TypeDescr>());
+ if (proto.isObject()) {
+ RootedObject obj(cx, proto.toObject());
+
+ if (associated) {
+ if (associated->is<JSFunction>()) {
+ if (!TypeNewScript::make(cx->asJSContext(), group, &associated->as<JSFunction>()))
+ return nullptr;
+ } else {
+ group->setTypeDescr(&associated->as<TypeDescr>());
+ }
}
- }
- /*
- * Some builtin objects have slotful native properties baked in at
- * creation via the Shape::{insert,get}initialShape mechanism. Since
- * these properties are never explicitly defined on new objects, update
- * the type information for them here.
- */
+ /*
+ * Some builtin objects have slotful native properties baked in at
+ * creation via the Shape::{insert,get}initialShape mechanism. Since
+ * these properties are never explicitly defined on new objects, update
+ * the type information for them here.
+ */
- const JSAtomState& names = cx->names();
+ const JSAtomState& names = cx->names();
- if (clasp == &RegExpObject::class_) {
- AddTypePropertyId(cx, group, nullptr, NameToId(names.source), TypeSet::StringType());
- AddTypePropertyId(cx, group, nullptr, NameToId(names.global), TypeSet::BooleanType());
- AddTypePropertyId(cx, group, nullptr, NameToId(names.ignoreCase), TypeSet::BooleanType());
- AddTypePropertyId(cx, group, nullptr, NameToId(names.multiline), TypeSet::BooleanType());
- AddTypePropertyId(cx, group, nullptr, NameToId(names.sticky), TypeSet::BooleanType());
- AddTypePropertyId(cx, group, nullptr, NameToId(names.lastIndex), TypeSet::Int32Type());
- } else if (clasp == &StringObject::class_) {
- AddTypePropertyId(cx, group, nullptr, NameToId(names.length), TypeSet::Int32Type());
- } else if (ErrorObject::isErrorClass(clasp)) {
- AddTypePropertyId(cx, group, nullptr, NameToId(names.fileName), TypeSet::StringType());
- AddTypePropertyId(cx, group, nullptr, NameToId(names.lineNumber), TypeSet::Int32Type());
- AddTypePropertyId(cx, group, nullptr, NameToId(names.columnNumber), TypeSet::Int32Type());
- AddTypePropertyId(cx, group, nullptr, NameToId(names.stack), TypeSet::StringType());
+ if (obj->is<RegExpObject>()) {
+ AddTypePropertyId(cx, group, nullptr, NameToId(names.source), TypeSet::StringType());
+ AddTypePropertyId(cx, group, nullptr, NameToId(names.global), TypeSet::BooleanType());
+ AddTypePropertyId(cx, group, nullptr, NameToId(names.ignoreCase), TypeSet::BooleanType());
+ AddTypePropertyId(cx, group, nullptr, NameToId(names.multiline), TypeSet::BooleanType());
+ AddTypePropertyId(cx, group, nullptr, NameToId(names.sticky), TypeSet::BooleanType());
+ AddTypePropertyId(cx, group, nullptr, NameToId(names.lastIndex), TypeSet::Int32Type());
+ }
+
+ if (obj->is<StringObject>())
+ AddTypePropertyId(cx, group, nullptr, NameToId(names.length), TypeSet::Int32Type());
+
+ if (obj->is<ErrorObject>()) {
+ AddTypePropertyId(cx, group, nullptr, NameToId(names.fileName), TypeSet::StringType());
+ AddTypePropertyId(cx, group, nullptr, NameToId(names.lineNumber), TypeSet::Int32Type());
+ AddTypePropertyId(cx, group, nullptr, NameToId(names.columnNumber), TypeSet::Int32Type());
+ AddTypePropertyId(cx, group, nullptr, NameToId(names.stack), TypeSet::StringType());
+ }
}
return group;
@@ -1110,7 +1116,7 @@ struct ObjectGroupCompartment::PlainObjectKey
};
static inline HashNumber hash(const Lookup& lookup) {
- return (HashNumber) (HashId(lookup.properties[lookup.nproperties - 1].id) ^
+ return (HashNumber) (JSID_BITS(lookup.properties[lookup.nproperties - 1].id) ^
lookup.nproperties);
}
diff --git a/src/third_party/mozjs-45/extract/js/src/vm/RegExpObject.cpp b/src/third_party/mozjs-45/extract/js/src/vm/RegExpObject.cpp
index 9d0dd97d037..fec090d3f19 100644
--- a/src/third_party/mozjs-45/extract/js/src/vm/RegExpObject.cpp
+++ b/src/third_party/mozjs-45/extract/js/src/vm/RegExpObject.cpp
@@ -793,7 +793,7 @@ RegExpCompartment::sweep(JSRuntime* rt)
// the RegExpShared if it was accidentally marked earlier but wasn't
// marked by the current trace.
bool keep = shared->marked() &&
- IsMarked(rt, &shared->source);
+ IsMarked(&shared->source);
for (size_t i = 0; i < ArrayLength(shared->compilationArray); i++) {
RegExpShared::RegExpCompilation& compilation = shared->compilationArray[i];
if (compilation.jitCode &&
diff --git a/src/third_party/mozjs-45/extract/js/src/vm/Runtime.cpp b/src/third_party/mozjs-45/extract/js/src/vm/Runtime.cpp
index a3a3fda4158..94909a2ed47 100644
--- a/src/third_party/mozjs-45/extract/js/src/vm/Runtime.cpp
+++ b/src/third_party/mozjs-45/extract/js/src/vm/Runtime.cpp
@@ -311,7 +311,6 @@ JSRuntime::init(uint32_t maxbytes, uint32_t maxNurseryBytes)
return false;
atomsCompartment->setIsSystem(true);
- atomsCompartment->setIsAtomsCompartment();
atomsZone.forget();
this->atomsCompartment_ = atomsCompartment.forget();
@@ -746,32 +745,6 @@ JSRuntime::triggerActivityCallback(bool active)
activityCallback(activityCallbackArg, active);
}
-mozilla::non_crypto::XorShift128PlusRNG&
-JSRuntime::randomKeyGenerator()
-{
- MOZ_ASSERT(CurrentThreadCanAccessRuntime(this));
- if (randomKeyGenerator_.isNothing()) {
- mozilla::Array<uint64_t, 2> seed;
- GenerateXorShift128PlusSeed(seed);
- randomKeyGenerator_.emplace(seed[0], seed[1]);
- }
- return randomKeyGenerator_.ref();
-}
-
-mozilla::HashCodeScrambler
-JSRuntime::randomHashCodeScrambler()
-{
- auto& rng = randomKeyGenerator();
- return mozilla::HashCodeScrambler(rng.next(), rng.next());
-}
-
-mozilla::non_crypto::XorShift128PlusRNG
-JSRuntime::forkRandomKeyGenerator()
-{
- auto& rng = randomKeyGenerator();
- return mozilla::non_crypto::XorShift128PlusRNG(rng.next(), rng.next());
-}
-
void
JSRuntime::updateMallocCounter(size_t nbytes)
{
diff --git a/src/third_party/mozjs-45/extract/js/src/vm/Runtime.h b/src/third_party/mozjs-45/extract/js/src/vm/Runtime.h
index 9df53087c03..51734df147a 100644
--- a/src/third_party/mozjs-45/extract/js/src/vm/Runtime.h
+++ b/src/third_party/mozjs-45/extract/js/src/vm/Runtime.h
@@ -949,15 +949,6 @@ struct JSRuntime : public JS::shadow::Runtime,
return interpreterStack_;
}
- private:
- // Used to generate random keys for hash tables.
- mozilla::Maybe<mozilla::non_crypto::XorShift128PlusRNG> randomKeyGenerator_;
- mozilla::non_crypto::XorShift128PlusRNG& randomKeyGenerator();
-
- public:
- mozilla::HashCodeScrambler randomHashCodeScrambler();
- mozilla::non_crypto::XorShift128PlusRNG forkRandomKeyGenerator();
-
//-------------------------------------------------------------------------
// Self-hosting support
//-------------------------------------------------------------------------
diff --git a/src/third_party/mozjs-45/extract/js/src/vm/Shape.h b/src/third_party/mozjs-45/extract/js/src/vm/Shape.h
index 1c2c99a1feb..51185898d80 100644
--- a/src/third_party/mozjs-45/extract/js/src/vm/Shape.h
+++ b/src/third_party/mozjs-45/extract/js/src/vm/Shape.h
@@ -29,8 +29,6 @@
#include "js/RootingAPI.h"
#include "js/UbiNode.h"
#include "vm/ObjectGroup.h"
-#include "vm/String.h"
-#include "vm/Symbol.h"
#ifdef _MSC_VER
#pragma warning(push)
@@ -518,33 +516,11 @@ struct StackBaseShape : public DefaultHasher<ReadBarriered<UnownedBaseShape*>>
static inline bool match(ReadBarriered<UnownedBaseShape*> key, const Lookup& lookup);
};
-static MOZ_ALWAYS_INLINE js::HashNumber
-HashId(jsid id)
-{
- // HashGeneric alone would work, but bits of atom and symbol addresses
- // could then be recovered from the hash code. See bug 1330769.
- if (MOZ_LIKELY(JSID_IS_ATOM(id)))
- return JSID_TO_ATOM(id)->hash();
- if (JSID_IS_SYMBOL(id))
- return JSID_TO_SYMBOL(id)->hash();
- return mozilla::HashGeneric(JSID_BITS(id));
-}
-
-struct JsidHasher
-{
- typedef jsid Lookup;
- static HashNumber hash(jsid id) {
- return HashId(id);
- }
- static bool match(jsid id1, jsid id2) {
- return id1 == id2;
- }
-};
-
typedef HashSet<ReadBarriered<UnownedBaseShape*>,
StackBaseShape,
SystemAllocPolicy> BaseShapeSet;
+
class Shape : public gc::TenuredCell
{
friend class ::JSObject;
@@ -1196,7 +1172,7 @@ struct StackShape : public JS::Traceable
/* Accumulate from least to most random so the low bits are most random. */
hash = mozilla::RotateLeft(hash, 4) ^ attrs;
hash = mozilla::RotateLeft(hash, 4) ^ slot_;
- hash = mozilla::RotateLeft(hash, 4) ^ HashId(propid);
+ hash = mozilla::RotateLeft(hash, 4) ^ JSID_BITS(propid);
hash = mozilla::RotateLeft(hash, 4) ^ uintptr_t(rawGetter);
hash = mozilla::RotateLeft(hash, 4) ^ uintptr_t(rawSetter);
return hash;
diff --git a/src/third_party/mozjs-45/extract/js/src/vm/String-inl.h b/src/third_party/mozjs-45/extract/js/src/vm/String-inl.h
index 0e95063f21a..b4676d344d0 100644
--- a/src/third_party/mozjs-45/extract/js/src/vm/String-inl.h
+++ b/src/third_party/mozjs-45/extract/js/src/vm/String-inl.h
@@ -13,7 +13,6 @@
#include "mozilla/Range.h"
#include "jscntxt.h"
-#include "jscompartment.h"
#include "gc/Allocator.h"
#include "gc/Marking.h"
@@ -221,11 +220,7 @@ JSFlatString::new_(js::ExclusiveContext* cx, const CharT* chars, size_t length)
if (!validateLength(cx, length))
return nullptr;
- JSFlatString* str;
- if (cx->compartment()->isAtomsCompartment())
- str = js::Allocate<js::NormalAtom, allowGC>(cx);
- else
- str = static_cast<JSFlatString*>(js::Allocate<JSString, allowGC>(cx));
+ JSFlatString* str = static_cast<JSFlatString*>(js::Allocate<JSString, allowGC>(cx));
if (!str)
return nullptr;
@@ -252,9 +247,6 @@ template <js::AllowGC allowGC>
MOZ_ALWAYS_INLINE JSThinInlineString*
JSThinInlineString::new_(js::ExclusiveContext* cx)
{
- if (cx->compartment()->isAtomsCompartment())
- return (JSThinInlineString*)(js::Allocate<js::NormalAtom, allowGC>(cx));
-
return static_cast<JSThinInlineString*>(js::Allocate<JSString, allowGC>(cx));
}
@@ -262,9 +254,6 @@ template <js::AllowGC allowGC>
MOZ_ALWAYS_INLINE JSFatInlineString*
JSFatInlineString::new_(js::ExclusiveContext* cx)
{
- if (cx->compartment()->isAtomsCompartment())
- return (JSFatInlineString*)(js::Allocate<js::FatInlineAtom, allowGC>(cx));
-
return js::Allocate<JSFatInlineString, allowGC>(cx);
}
@@ -362,7 +351,6 @@ JSString::finalize(js::FreeOp* fop)
{
/* FatInline strings are in a different arena. */
MOZ_ASSERT(getAllocKind() != js::gc::AllocKind::FAT_INLINE_STRING);
- MOZ_ASSERT(getAllocKind() != js::gc::AllocKind::FAT_INLINE_ATOM);
if (isFlat())
asFlat().finalize(fop);
@@ -374,7 +362,6 @@ inline void
JSFlatString::finalize(js::FreeOp* fop)
{
MOZ_ASSERT(getAllocKind() != js::gc::AllocKind::FAT_INLINE_STRING);
- MOZ_ASSERT(getAllocKind() != js::gc::AllocKind::FAT_INLINE_ATOM);
if (!isInline())
fop->free_(nonInlineCharsRaw());
@@ -394,8 +381,6 @@ JSAtom::finalize(js::FreeOp* fop)
{
MOZ_ASSERT(JSString::isAtom());
MOZ_ASSERT(JSString::isFlat());
- MOZ_ASSERT(getAllocKind() == js::gc::AllocKind::ATOM ||
- getAllocKind() == js::gc::AllocKind::FAT_INLINE_ATOM);
if (!isInline())
fop->free_(nonInlineCharsRaw());
diff --git a/src/third_party/mozjs-45/extract/js/src/vm/String.cpp b/src/third_party/mozjs-45/extract/js/src/vm/String.cpp
index 1bbe151c015..e5a315fbfc3 100644
--- a/src/third_party/mozjs-45/extract/js/src/vm/String.cpp
+++ b/src/third_party/mozjs-45/extract/js/src/vm/String.cpp
@@ -71,12 +71,8 @@ JSString::sizeOfExcludingThis(mozilla::MallocSizeOf mallocSizeOf)
JS::ubi::Node::Size
JS::ubi::Concrete<JSString>::size(mozilla::MallocSizeOf mallocSizeOf) const
{
- JSString& str = get();
- size_t size;
- if (str.isAtom())
- size = str.isFatInline() ? sizeof(js::FatInlineAtom) : sizeof(js::NormalAtom);
- else
- size = str.isFatInline() ? sizeof(JSFatInlineString) : sizeof(JSString);
+ JSString &str = get();
+ size_t size = str.isFatInline() ? sizeof(JSFatInlineString) : sizeof(JSString);
// We can't use mallocSizeof on things in the nursery. At the moment,
// strings are never in the nursery, but that may change.
@@ -793,8 +789,7 @@ StaticStrings::init(JSContext* cx)
JSFlatString* s = NewStringCopyN<NoGC>(cx, buffer, 1);
if (!s)
return false;
- HashNumber hash = mozilla::HashString(buffer, 1);
- unitStaticTable[i] = s->morphAtomizedStringIntoPermanentAtom(hash);
+ unitStaticTable[i] = s->morphAtomizedStringIntoPermanentAtom();
}
for (uint32_t i = 0; i < NUM_SMALL_CHARS * NUM_SMALL_CHARS; i++) {
@@ -802,8 +797,7 @@ StaticStrings::init(JSContext* cx)
JSFlatString* s = NewStringCopyN<NoGC>(cx, buffer, 2);
if (!s)
return false;
- HashNumber hash = mozilla::HashString(buffer, 2);
- length2StaticTable[i] = s->morphAtomizedStringIntoPermanentAtom(hash);
+ length2StaticTable[i] = s->morphAtomizedStringIntoPermanentAtom();
}
for (uint32_t i = 0; i < INT_STATIC_LIMIT; i++) {
@@ -821,8 +815,7 @@ StaticStrings::init(JSContext* cx)
JSFlatString* s = NewStringCopyN<NoGC>(cx, buffer, 3);
if (!s)
return false;
- HashNumber hash = mozilla::HashString(buffer, 3);
- intStaticTable[i] = s->morphAtomizedStringIntoPermanentAtom(hash);
+ intStaticTable[i] = s->morphAtomizedStringIntoPermanentAtom();
}
}
diff --git a/src/third_party/mozjs-45/extract/js/src/vm/String.h b/src/third_party/mozjs-45/extract/js/src/vm/String.h
index 80466681507..e788aadbe14 100644
--- a/src/third_party/mozjs-45/extract/js/src/vm/String.h
+++ b/src/third_party/mozjs-45/extract/js/src/vm/String.h
@@ -123,11 +123,7 @@ static const size_t UINT32_CHAR_BUFFER_LENGTH = sizeof("4294967295") - 1;
* | |
* | +-- JSFatInlineString - / header is fat
* |
- * JSAtom (abstract) - / string equality === pointer equality
- * | |
- * | +-- js::NormalAtom - JSFlatString + atom hash code
- * | |
- * | +-- js::FatInlineAtom - JSFatInlineString + atom hash code
+ * JSAtom - / string equality === pointer equality
* |
* js::PropertyName - / chars don't contain an index (uint32_t)
*
@@ -139,9 +135,10 @@ static const size_t UINT32_CHAR_BUFFER_LENGTH = sizeof("4294967295") - 1;
* Atoms can additionally be permanent, i.e. unable to be collected, and can
* be combined with other string types to create additional most-derived types
* that satisfy the invariants of more than one of the abovementioned
- * most-derived types. Furthermore, each atom stores a hash number (based on its
- * chars). This hash number is used as key in the atoms table and when the atom
- * is used as key in a JS Map/Set.
+ * most-derived types:
+ * - InlineAtom = JSInlineString + JSAtom (atom with inline chars, abstract)
+ * - ThinInlineAtom = JSThinInlineString + JSAtom (atom with inline chars)
+ * - FatInlineAtom = JSFatInlineString + JSAtom (atom with (more) inline chars)
*
* Derived string types can be queried from ancestor types via isX() and
* retrieved with asX() debug-only-checked casts.
@@ -768,8 +765,14 @@ class JSFlatString : public JSLinearString
* Once a JSFlatString sub-class has been added to the atom state, this
* operation changes the string to the JSAtom type, in place.
*/
- MOZ_ALWAYS_INLINE JSAtom* morphAtomizedStringIntoAtom(js::HashNumber hash);
- MOZ_ALWAYS_INLINE JSAtom* morphAtomizedStringIntoPermanentAtom(js::HashNumber hash);
+ MOZ_ALWAYS_INLINE JSAtom* morphAtomizedStringIntoAtom() {
+ d.u1.flags |= ATOM_BIT;
+ return &asAtom();
+ }
+ MOZ_ALWAYS_INLINE JSAtom* morphAtomizedStringIntoPermanentAtom() {
+ d.u1.flags |= PERMANENT_ATOM_MASK;
+ return &asAtom();
+ }
inline void finalize(js::FreeOp* fop);
@@ -981,9 +984,6 @@ class JSAtom : public JSFlatString
d.u1.flags |= PERMANENT_ATOM_MASK;
}
- inline js::HashNumber hash() const;
- inline void initHash(js::HashNumber hash);
-
#ifdef DEBUG
void dump();
#endif
@@ -994,83 +994,6 @@ static_assert(sizeof(JSAtom) == sizeof(JSString),
namespace js {
-class NormalAtom : public JSAtom
-{
- protected: // Silence Clang unused-field warning.
- HashNumber hash_;
- uint32_t padding_; // Ensure the size is a multiple of gc::CellSize.
-
- public:
- HashNumber hash() const {
- return hash_;
- }
- void initHash(HashNumber hash) {
- hash_ = hash;
- }
-};
-
-static_assert(sizeof(NormalAtom) == sizeof(JSString) + sizeof(uint64_t),
- "NormalAtom must have size of a string + HashNumber, "
- "aligned to gc::CellSize");
-
-class FatInlineAtom : public JSAtom
-{
- protected: // Silence Clang unused-field warning.
- char inlineStorage_[sizeof(JSFatInlineString) - sizeof(JSString)];
- HashNumber hash_;
- uint32_t padding_; // Ensure the size is a multiple of gc::CellSize.
-
- public:
- HashNumber hash() const {
- return hash_;
- }
- void initHash(HashNumber hash) {
- hash_ = hash;
- }
-};
-
-static_assert(sizeof(FatInlineAtom) == sizeof(JSFatInlineString) + sizeof(uint64_t),
- "FatInlineAtom must have size of a fat inline string + HashNumber, "
- "aligned to gc::CellSize");
-
-} // namespace js
-
-inline js::HashNumber
-JSAtom::hash() const
-{
- if (isFatInline())
- return static_cast<const js::FatInlineAtom*>(this)->hash();
- return static_cast<const js::NormalAtom*>(this)->hash();
-}
-
-inline void
-JSAtom::initHash(js::HashNumber hash)
-{
- if (isFatInline())
- return static_cast<js::FatInlineAtom*>(this)->initHash(hash);
- return static_cast<js::NormalAtom*>(this)->initHash(hash);
-}
-
-MOZ_ALWAYS_INLINE JSAtom*
-JSFlatString::morphAtomizedStringIntoAtom(js::HashNumber hash)
-{
- d.u1.flags |= ATOM_BIT;
- JSAtom* atom = &asAtom();
- atom->initHash(hash);
- return atom;
-}
-
-MOZ_ALWAYS_INLINE JSAtom*
-JSFlatString::morphAtomizedStringIntoPermanentAtom(js::HashNumber hash)
-{
- d.u1.flags |= PERMANENT_ATOM_MASK;
- JSAtom* atom = &asAtom();
- atom->initHash(hash);
- return atom;
-}
-
-namespace js {
-
class StaticStrings
{
private:
@@ -1264,8 +1187,6 @@ NewStringCopyZ(js::ExclusiveContext* cx, const char* s)
return NewStringCopyN<allowGC>(cx, s, strlen(s));
}
-JS_STATIC_ASSERT(sizeof(HashNumber) == 4);
-
} /* namespace js */
// Addon IDs are interned atoms which are never destroyed. This detail is
diff --git a/src/third_party/mozjs-45/extract/js/src/vm/Symbol.cpp b/src/third_party/mozjs-45/extract/js/src/vm/Symbol.cpp
index c1ec8892bf0..dfe6278d140 100644
--- a/src/third_party/mozjs-45/extract/js/src/vm/Symbol.cpp
+++ b/src/third_party/mozjs-45/extract/js/src/vm/Symbol.cpp
@@ -20,7 +20,7 @@ using JS::Symbol;
using namespace js;
Symbol*
-Symbol::newInternal(ExclusiveContext* cx, JS::SymbolCode code, uint32_t hash, JSAtom* description)
+Symbol::newInternal(ExclusiveContext* cx, JS::SymbolCode code, JSAtom* description)
{
MOZ_ASSERT(cx->compartment() == cx->atomsCompartment());
MOZ_ASSERT(cx->atomsCompartment()->runtimeFromAnyThread()->currentThreadHasExclusiveAccess());
@@ -31,7 +31,7 @@ Symbol::newInternal(ExclusiveContext* cx, JS::SymbolCode code, uint32_t hash, JS
ReportOutOfMemory(cx);
return nullptr;
}
- return new (p) Symbol(code, hash, description);
+ return new (p) Symbol(code, description);
}
Symbol*
@@ -48,7 +48,7 @@ Symbol::new_(ExclusiveContext* cx, JS::SymbolCode code, JSString* description)
// probably be replaced with an assertion that we're on the main thread.
AutoLockForExclusiveAccess lock(cx);
AutoCompartment ac(cx, cx->atomsCompartment());
- return newInternal(cx, code, cx->compartment()->randomHashCode(), atom);
+ return newInternal(cx, code, atom);
}
Symbol*
@@ -66,7 +66,7 @@ Symbol::for_(js::ExclusiveContext* cx, HandleString description)
return *p;
AutoCompartment ac(cx, cx->atomsCompartment());
- Symbol* sym = newInternal(cx, SymbolCode::InSymbolRegistry, atom->hash(), atom);
+ Symbol* sym = newInternal(cx, SymbolCode::InSymbolRegistry, atom);
if (!sym)
return nullptr;
diff --git a/src/third_party/mozjs-45/extract/js/src/vm/Symbol.h b/src/third_party/mozjs-45/extract/js/src/vm/Symbol.h
index e39a490662f..c201ed127c5 100644
--- a/src/third_party/mozjs-45/extract/js/src/vm/Symbol.h
+++ b/src/third_party/mozjs-45/extract/js/src/vm/Symbol.h
@@ -16,11 +16,10 @@
#include "gc/Barrier.h"
#include "gc/Marking.h"
+
#include "js/GCHashTable.h"
#include "js/RootingAPI.h"
#include "js/TypeDecls.h"
-#include "js/Utility.h"
-#include "vm/String.h"
namespace JS {
@@ -28,31 +27,25 @@ class Symbol : public js::gc::TenuredCell
{
private:
SymbolCode code_;
-
- // Each Symbol gets its own hash code so that we don't have to use
- // addresses as hash codes (a security hazard).
- js::HashNumber hash_;
-
JSAtom* description_;
// The minimum allocation size is sizeof(JSString): 16 bytes on 32-bit
- // architectures and 24 bytes on 64-bit. A size_t of padding makes Symbol
+ // architectures and 24 bytes on 64-bit. 8 bytes of padding makes Symbol
// the minimum size on both.
- size_t unused_;
+ uint64_t unused2_;
- Symbol(SymbolCode code, js::HashNumber hash, JSAtom* desc)
- : code_(code), hash_(hash), description_(desc)
+ Symbol(SymbolCode code, JSAtom* desc)
+ : code_(code), description_(desc)
{
- // Silence warnings about unused_ being... unused.
- (void)unused_;
+ // Silence warnings about unused2 being... unused.
+ (void)unused2_;
}
Symbol(const Symbol&) = delete;
void operator=(const Symbol&) = delete;
static Symbol*
- newInternal(js::ExclusiveContext* cx, SymbolCode code, js::HashNumber hash,
- JSAtom* description);
+ newInternal(js::ExclusiveContext* cx, SymbolCode code, JSAtom* description);
public:
static Symbol* new_(js::ExclusiveContext* cx, SymbolCode code, JSString* description);
@@ -60,7 +53,6 @@ class Symbol : public js::gc::TenuredCell
JSAtom* description() const { return description_; }
SymbolCode code() const { return code_; }
- js::HashNumber hash() const { return hash_; }
bool isWellKnownSymbol() const { return uint32_t(code_) < WellKnownSymbolLimit; }
@@ -96,7 +88,7 @@ struct HashSymbolsByDescription
typedef JSAtom* Lookup;
static HashNumber hash(Lookup l) {
- return HashNumber(l->hash());
+ return HashNumber(reinterpret_cast<uintptr_t>(l));
}
static bool match(Key sym, Lookup l) {
return sym->description() == l;
diff --git a/src/third_party/mozjs-45/extract/js/src/vm/TypeInference.cpp b/src/third_party/mozjs-45/extract/js/src/vm/TypeInference.cpp
index 2738145960c..b289cfd62a7 100644
--- a/src/third_party/mozjs-45/extract/js/src/vm/TypeInference.cpp
+++ b/src/third_party/mozjs-45/extract/js/src/vm/TypeInference.cpp
@@ -749,16 +749,16 @@ TypeSet::readBarrier(const TypeSet* types)
}
/* static */ bool
-TypeSet::IsTypeMarked(JSRuntime* rt, TypeSet::Type* v)
+TypeSet::IsTypeMarked(TypeSet::Type* v)
{
bool rv;
if (v->isSingletonUnchecked()) {
JSObject* obj = v->singletonNoBarrier();
- rv = IsMarkedUnbarriered(rt, &obj);
+ rv = IsMarkedUnbarriered(&obj);
*v = TypeSet::ObjectType(obj);
} else if (v->isGroupUnchecked()) {
ObjectGroup* group = v->groupNoBarrier();
- rv = IsMarkedUnbarriered(rt, &group);
+ rv = IsMarkedUnbarriered(&group);
*v = TypeSet::ObjectType(group);
} else {
rv = true;
@@ -4192,10 +4192,6 @@ ObjectGroup::sweep(AutoClearTypeInferenceStateOnOOM* oom)
if (unboxedLayout().newScript())
unboxedLayout().newScript()->sweep();
-
- // Discard constructor code to avoid holding onto ExecutablePools.
- if (zone()->isGCCompacting())
- unboxedLayout().setConstructorCode(nullptr);
}
if (maybePreliminaryObjects())
diff --git a/src/third_party/mozjs-45/extract/js/src/vm/TypeInference.h b/src/third_party/mozjs-45/extract/js/src/vm/TypeInference.h
index 2f85f8620a7..7e647c0fe25 100644
--- a/src/third_party/mozjs-45/extract/js/src/vm/TypeInference.h
+++ b/src/third_party/mozjs-45/extract/js/src/vm/TypeInference.h
@@ -532,7 +532,7 @@ class TypeSet
static void MarkTypeRoot(JSTracer* trc, Type* v, const char* name);
static void MarkTypeUnbarriered(JSTracer* trc, Type* v, const char* name);
- static bool IsTypeMarked(JSRuntime* rt, Type* v);
+ static bool IsTypeMarked(Type* v);
static bool IsTypeAllocatedDuringIncremental(Type v);
static bool IsTypeAboutToBeFinalized(Type* v);
};
diff --git a/src/third_party/mozjs-45/extract/js/src/vm/TypedArrayObject.cpp b/src/third_party/mozjs-45/extract/js/src/vm/TypedArrayObject.cpp
index 7f92aab6da9..a3c8a902581 100644
--- a/src/third_party/mozjs-45/extract/js/src/vm/TypedArrayObject.cpp
+++ b/src/third_party/mozjs-45/extract/js/src/vm/TypedArrayObject.cpp
@@ -1032,11 +1032,6 @@ DataViewObject*
DataViewObject::create(JSContext* cx, uint32_t byteOffset, uint32_t byteLength,
Handle<ArrayBufferObject*> arrayBuffer, JSObject* protoArg)
{
- if (arrayBuffer->isNeutered()) {
- JS_ReportErrorNumber(cx, GetErrorMessage, nullptr, JSMSG_TYPED_ARRAY_DETACHED);
- return nullptr;
- }
-
MOZ_ASSERT(byteOffset <= INT32_MAX);
MOZ_ASSERT(byteLength <= INT32_MAX);
MOZ_ASSERT(byteOffset + byteLength < UINT32_MAX);
@@ -2269,50 +2264,36 @@ js::DefineTypedArrayElement(JSContext* cx, HandleObject obj, uint64_t index,
{
MOZ_ASSERT(IsAnyTypedArray(obj));
- // These are all substeps of 3.b.
-
- // Steps i-iii are handled by the caller.
-
- // Steps iv-v.
+ // These are all substeps of 3.c.
+ // Steps i-vi.
// We (wrongly) ignore out of range defines with a value.
- uint32_t length = AnyTypedArrayLength(obj);
- if (index >= length)
+ if (index >= AnyTypedArrayLength(obj))
return result.succeed();
- // Step vi.
+ // Step vii.
if (desc.isAccessorDescriptor())
return result.fail(JSMSG_CANT_REDEFINE_PROP);
- // Step vii.
+ // Step viii.
if (desc.hasConfigurable() && desc.configurable())
return result.fail(JSMSG_CANT_REDEFINE_PROP);
- // Step viii.
+ // Step ix.
if (desc.hasEnumerable() && !desc.enumerable())
return result.fail(JSMSG_CANT_REDEFINE_PROP);
- // Step ix.
+ // Step x.
if (desc.hasWritable() && !desc.writable())
return result.fail(JSMSG_CANT_REDEFINE_PROP);
- // Step x.
+ // Step xi.
if (desc.hasValue()) {
- // The following step numbers refer to 9.4.5.9
- // IntegerIndexedElementSet.
-
- // Steps 1-2 are enforced by the caller.
-
- // Step 3.
- double numValue;
- if (!ToNumber(cx, desc.value(), &numValue))
+ double d;
+ if (!ToNumber(cx, desc.value(), &d))
return false;
- // Steps 4-5, 8-9.
- if (AnyTypedArrayIsDetached(obj))
- return result.fail(JSMSG_TYPED_ARRAY_DETACHED);
-
- // Steps 10-16.
- TypedArrayObject::setElement(obj->as<TypedArrayObject>(), index, numValue);
+ if (obj->is<TypedArrayObject>())
+ TypedArrayObject::setElement(obj->as<TypedArrayObject>(), index, d);
}
// Step xii.
diff --git a/src/third_party/mozjs-45/extract/js/src/vm/UnboxedObject.cpp b/src/third_party/mozjs-45/extract/js/src/vm/UnboxedObject.cpp
index f1b377d57b4..504a5c418c4 100644
--- a/src/third_party/mozjs-45/extract/js/src/vm/UnboxedObject.cpp
+++ b/src/third_party/mozjs-45/extract/js/src/vm/UnboxedObject.cpp
@@ -7,7 +7,6 @@
#include "vm/UnboxedObject-inl.h"
#include "jit/BaselineIC.h"
-#include "jit/ExecutableAllocator.h"
#include "jit/JitCommon.h"
#include "jit/Linker.h"
@@ -699,8 +698,7 @@ UnboxedPlainObject::createWithProperties(ExclusiveContext* cx, HandleObjectGroup
#ifndef JS_CODEGEN_NONE
if (cx->isJSContext() &&
!layout.constructorCode() &&
- cx->asJSContext()->runtime()->jitSupportsFloatingPoint &&
- jit::CanLikelyAllocateMoreExecutableMemory())
+ cx->asJSContext()->runtime()->jitSupportsFloatingPoint)
{
if (!UnboxedLayout::makeConstructorCode(cx->asJSContext(), group))
return nullptr;
diff --git a/src/third_party/mozjs-45/extract/mfbt/HashFunctions.h b/src/third_party/mozjs-45/extract/mfbt/HashFunctions.h
index 8eb83a3737c..f490a28fee4 100644
--- a/src/third_party/mozjs-45/extract/mfbt/HashFunctions.h
+++ b/src/third_party/mozjs-45/extract/mfbt/HashFunctions.h
@@ -50,7 +50,6 @@
#include "mozilla/Assertions.h"
#include "mozilla/Attributes.h"
#include "mozilla/Char16.h"
-#include "mozilla/MathAlgorithms.h"
#include "mozilla/Types.h"
#include <stdint.h>
@@ -313,90 +312,6 @@ HashString(const wchar_t* aStr, size_t aLength)
MOZ_WARN_UNUSED_RESULT extern MFBT_API uint32_t
HashBytes(const void* bytes, size_t aLength);
-/**
- * A pseudorandom function mapping 32-bit integers to 32-bit integers.
- *
- * This is for when you're feeding private data (like pointer values or credit
- * card numbers) to a non-crypto hash function (like HashBytes) and then using
- * the hash code for something that untrusted parties could observe (like a JS
- * Map). Plug in a HashCodeScrambler before that last step to avoid leaking the
- * private data.
- *
- * By itself, this does not prevent hash-flooding DoS attacks, because an
- * attacker can still generate many values with exactly equal hash codes by
- * attacking the non-crypto hash function alone. Equal hash codes will, of
- * course, still be equal however much you scramble them.
- *
- * The algorithm is SipHash-1-3. See <https://131002.net/siphash/>.
- */
-class HashCodeScrambler
-{
- struct SipHasher;
-
- uint64_t mK0, mK1;
-
-public:
- /** Creates a new scrambler with the given 128-bit key. */
- HashCodeScrambler(uint64_t aK0, uint64_t aK1) : mK0(aK0), mK1(aK1) {}
-
- /**
- * Scramble a hash code. Always produces the same result for the same
- * combination of key and hash code.
- */
- uint32_t scramble(uint32_t aHashCode) const
- {
- SipHasher hasher(mK0, mK1);
- return uint32_t(hasher.sipHash(aHashCode));
- }
-
-private:
- struct SipHasher
- {
- SipHasher(uint64_t aK0, uint64_t aK1)
- {
- // 1. Initialization.
- mV0 = aK0 ^ UINT64_C(0x736f6d6570736575);
- mV1 = aK1 ^ UINT64_C(0x646f72616e646f6d);
- mV2 = aK0 ^ UINT64_C(0x6c7967656e657261);
- mV3 = aK1 ^ UINT64_C(0x7465646279746573);
- }
-
- uint64_t sipHash(uint64_t aM)
- {
- // 2. Compression.
- mV3 ^= aM;
- sipRound();
- mV0 ^= aM;
-
- // 3. Finalization.
- mV2 ^= 0xff;
- for (int i = 0; i < 3; i++)
- sipRound();
- return mV0 ^ mV1 ^ mV2 ^ mV3;
- }
-
- void sipRound()
- {
- mV0 += mV1;
- mV1 = RotateLeft(mV1, 13);
- mV1 ^= mV0;
- mV0 = RotateLeft(mV0, 32);
- mV2 += mV3;
- mV3 = RotateLeft(mV3, 16);
- mV3 ^= mV2;
- mV0 += mV3;
- mV3 = RotateLeft(mV3, 21);
- mV3 ^= mV0;
- mV2 += mV1;
- mV1 = RotateLeft(mV1, 17);
- mV1 ^= mV2;
- mV2 = RotateLeft(mV2, 32);
- }
-
- uint64_t mV0, mV1, mV2, mV3;
- };
-};
-
} /* namespace mozilla */
#endif /* __cplusplus */
diff --git a/src/third_party/mozjs-45/get-sources.sh b/src/third_party/mozjs-45/get-sources.sh
index 089a52d2793..39acace54e5 100644
--- a/src/third_party/mozjs-45/get-sources.sh
+++ b/src/third_party/mozjs-45/get-sources.sh
@@ -2,7 +2,7 @@
# how we got the last firefox sources
-VERSION=45.8.0esr
+VERSION=45.5.0esr
TARBALL=firefox-$VERSION.source.tar.xz
if [ ! -f $TARBALL ]; then
wget "https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/$VERSION/source/$TARBALL"
diff --git a/src/third_party/mozjs-45/include/js/GCAPI.h b/src/third_party/mozjs-45/include/js/GCAPI.h
index 84b6150c36f..90f8e4eba3f 100644
--- a/src/third_party/mozjs-45/include/js/GCAPI.h
+++ b/src/third_party/mozjs-45/include/js/GCAPI.h
@@ -566,6 +566,8 @@ namespace gc {
static MOZ_ALWAYS_INLINE void
ExposeGCThingToActiveJS(JS::GCCellPtr thing)
{
+ MOZ_ASSERT(thing.kind() != JS::TraceKind::Shape);
+
/*
* GC things residing in the nursery cannot be gray: they have no mark bits.
* All live objects in the nursery are moved to tenured at the beginning of
diff --git a/src/third_party/mozjs-45/include/mozilla/HashFunctions.h b/src/third_party/mozjs-45/include/mozilla/HashFunctions.h
index 8eb83a3737c..f490a28fee4 100644
--- a/src/third_party/mozjs-45/include/mozilla/HashFunctions.h
+++ b/src/third_party/mozjs-45/include/mozilla/HashFunctions.h
@@ -50,7 +50,6 @@
#include "mozilla/Assertions.h"
#include "mozilla/Attributes.h"
#include "mozilla/Char16.h"
-#include "mozilla/MathAlgorithms.h"
#include "mozilla/Types.h"
#include <stdint.h>
@@ -313,90 +312,6 @@ HashString(const wchar_t* aStr, size_t aLength)
MOZ_WARN_UNUSED_RESULT extern MFBT_API uint32_t
HashBytes(const void* bytes, size_t aLength);
-/**
- * A pseudorandom function mapping 32-bit integers to 32-bit integers.
- *
- * This is for when you're feeding private data (like pointer values or credit
- * card numbers) to a non-crypto hash function (like HashBytes) and then using
- * the hash code for something that untrusted parties could observe (like a JS
- * Map). Plug in a HashCodeScrambler before that last step to avoid leaking the
- * private data.
- *
- * By itself, this does not prevent hash-flooding DoS attacks, because an
- * attacker can still generate many values with exactly equal hash codes by
- * attacking the non-crypto hash function alone. Equal hash codes will, of
- * course, still be equal however much you scramble them.
- *
- * The algorithm is SipHash-1-3. See <https://131002.net/siphash/>.
- */
-class HashCodeScrambler
-{
- struct SipHasher;
-
- uint64_t mK0, mK1;
-
-public:
- /** Creates a new scrambler with the given 128-bit key. */
- HashCodeScrambler(uint64_t aK0, uint64_t aK1) : mK0(aK0), mK1(aK1) {}
-
- /**
- * Scramble a hash code. Always produces the same result for the same
- * combination of key and hash code.
- */
- uint32_t scramble(uint32_t aHashCode) const
- {
- SipHasher hasher(mK0, mK1);
- return uint32_t(hasher.sipHash(aHashCode));
- }
-
-private:
- struct SipHasher
- {
- SipHasher(uint64_t aK0, uint64_t aK1)
- {
- // 1. Initialization.
- mV0 = aK0 ^ UINT64_C(0x736f6d6570736575);
- mV1 = aK1 ^ UINT64_C(0x646f72616e646f6d);
- mV2 = aK0 ^ UINT64_C(0x6c7967656e657261);
- mV3 = aK1 ^ UINT64_C(0x7465646279746573);
- }
-
- uint64_t sipHash(uint64_t aM)
- {
- // 2. Compression.
- mV3 ^= aM;
- sipRound();
- mV0 ^= aM;
-
- // 3. Finalization.
- mV2 ^= 0xff;
- for (int i = 0; i < 3; i++)
- sipRound();
- return mV0 ^ mV1 ^ mV2 ^ mV3;
- }
-
- void sipRound()
- {
- mV0 += mV1;
- mV1 = RotateLeft(mV1, 13);
- mV1 ^= mV0;
- mV0 = RotateLeft(mV0, 32);
- mV2 += mV3;
- mV3 = RotateLeft(mV3, 16);
- mV3 ^= mV2;
- mV0 += mV3;
- mV3 = RotateLeft(mV3, 21);
- mV3 ^= mV0;
- mV2 += mV1;
- mV1 = RotateLeft(mV1, 17);
- mV1 ^= mV2;
- mV2 = RotateLeft(mV2, 32);
- }
-
- uint64_t mV0, mV1, mV2, mV3;
- };
-};
-
} /* namespace mozilla */
#endif /* __cplusplus */
diff --git a/src/third_party/mozjs-45/platform/aarch64/linux/build/js-confdefs.h b/src/third_party/mozjs-45/platform/aarch64/linux/build/js-confdefs.h
index 2b1a51d09f7..debbcfb5052 100644
--- a/src/third_party/mozjs-45/platform/aarch64/linux/build/js-confdefs.h
+++ b/src/third_party/mozjs-45/platform/aarch64/linux/build/js-confdefs.h
@@ -74,10 +74,10 @@
#define MALLOC_H <malloc.h>
#define MALLOC_USABLE_SIZE_CONST_PTR
#define MOZILLA_UAVERSION "45.0"
-#define MOZILLA_VERSION "45.8.0"
-#define MOZILLA_VERSION_U 45.8.0
+#define MOZILLA_VERSION "45.5.0"
+#define MOZILLA_VERSION_U 45.5.0
#define MOZJS_MAJOR_VERSION 45
-#define MOZJS_MINOR_VERSION 8
+#define MOZJS_MINOR_VERSION 5
#define MOZ_DEBUG_SYMBOLS 1
#define MOZ_DLL_SUFFIX ".so"
#define MOZ_GLUE_IN_PROGRAM 1
diff --git a/src/third_party/mozjs-45/platform/aarch64/linux/include/js-config.h b/src/third_party/mozjs-45/platform/aarch64/linux/include/js-config.h
index e4dcddbe680..49bb6d59d70 100644
--- a/src/third_party/mozjs-45/platform/aarch64/linux/include/js-config.h
+++ b/src/third_party/mozjs-45/platform/aarch64/linux/include/js-config.h
@@ -54,6 +54,6 @@
/* MOZILLA JSAPI version number components */
#define MOZJS_MAJOR_VERSION 45
-#define MOZJS_MINOR_VERSION 8
+#define MOZJS_MINOR_VERSION 5
#endif /* js_config_h */
diff --git a/src/third_party/mozjs-45/platform/ppc64le/linux/build/js-confdefs.h b/src/third_party/mozjs-45/platform/ppc64le/linux/build/js-confdefs.h
index 2b1a51d09f7..debbcfb5052 100644
--- a/src/third_party/mozjs-45/platform/ppc64le/linux/build/js-confdefs.h
+++ b/src/third_party/mozjs-45/platform/ppc64le/linux/build/js-confdefs.h
@@ -74,10 +74,10 @@
#define MALLOC_H <malloc.h>
#define MALLOC_USABLE_SIZE_CONST_PTR
#define MOZILLA_UAVERSION "45.0"
-#define MOZILLA_VERSION "45.8.0"
-#define MOZILLA_VERSION_U 45.8.0
+#define MOZILLA_VERSION "45.5.0"
+#define MOZILLA_VERSION_U 45.5.0
#define MOZJS_MAJOR_VERSION 45
-#define MOZJS_MINOR_VERSION 8
+#define MOZJS_MINOR_VERSION 5
#define MOZ_DEBUG_SYMBOLS 1
#define MOZ_DLL_SUFFIX ".so"
#define MOZ_GLUE_IN_PROGRAM 1
diff --git a/src/third_party/mozjs-45/platform/ppc64le/linux/include/js-config.h b/src/third_party/mozjs-45/platform/ppc64le/linux/include/js-config.h
index e4dcddbe680..49bb6d59d70 100644
--- a/src/third_party/mozjs-45/platform/ppc64le/linux/include/js-config.h
+++ b/src/third_party/mozjs-45/platform/ppc64le/linux/include/js-config.h
@@ -54,6 +54,6 @@
/* MOZILLA JSAPI version number components */
#define MOZJS_MAJOR_VERSION 45
-#define MOZJS_MINOR_VERSION 8
+#define MOZJS_MINOR_VERSION 5
#endif /* js_config_h */
diff --git a/src/third_party/mozjs-45/platform/s390x/linux/build/js-confdefs.h b/src/third_party/mozjs-45/platform/s390x/linux/build/js-confdefs.h
index c94367cff3f..b4a6a864fc0 100644
--- a/src/third_party/mozjs-45/platform/s390x/linux/build/js-confdefs.h
+++ b/src/third_party/mozjs-45/platform/s390x/linux/build/js-confdefs.h
@@ -75,10 +75,10 @@
#define MALLOC_H <malloc.h>
#define MALLOC_USABLE_SIZE_CONST_PTR
#define MOZILLA_UAVERSION "45.0"
-#define MOZILLA_VERSION "45.8.0"
-#define MOZILLA_VERSION_U 45.8.0
+#define MOZILLA_VERSION "45.5.0"
+#define MOZILLA_VERSION_U 45.5.0
#define MOZJS_MAJOR_VERSION 45
-#define MOZJS_MINOR_VERSION 8
+#define MOZJS_MINOR_VERSION 5
#define MOZ_DEBUG_SYMBOLS 1
#define MOZ_DLL_SUFFIX ".so"
#define MOZ_GLUE_IN_PROGRAM 1
diff --git a/src/third_party/mozjs-45/platform/s390x/linux/include/js-config.h b/src/third_party/mozjs-45/platform/s390x/linux/include/js-config.h
index e4dcddbe680..49bb6d59d70 100644
--- a/src/third_party/mozjs-45/platform/s390x/linux/include/js-config.h
+++ b/src/third_party/mozjs-45/platform/s390x/linux/include/js-config.h
@@ -54,6 +54,6 @@
/* MOZILLA JSAPI version number components */
#define MOZJS_MAJOR_VERSION 45
-#define MOZJS_MINOR_VERSION 8
+#define MOZJS_MINOR_VERSION 5
#endif /* js_config_h */
diff --git a/src/third_party/mozjs-45/platform/x86_64/freebsd/build/js-confdefs.h b/src/third_party/mozjs-45/platform/x86_64/freebsd/build/js-confdefs.h
index c36f3704f05..c99865cff0d 100644
--- a/src/third_party/mozjs-45/platform/x86_64/freebsd/build/js-confdefs.h
+++ b/src/third_party/mozjs-45/platform/x86_64/freebsd/build/js-confdefs.h
@@ -69,10 +69,10 @@
#define MALLOC_H <malloc_np.h>
#define MALLOC_USABLE_SIZE_CONST_PTR const
#define MOZILLA_UAVERSION "45.0"
-#define MOZILLA_VERSION "45.8.0"
-#define MOZILLA_VERSION_U 45.8.0
+#define MOZILLA_VERSION "45.5.0"
+#define MOZILLA_VERSION_U 45.5.0
#define MOZJS_MAJOR_VERSION 45
-#define MOZJS_MINOR_VERSION 8
+#define MOZJS_MINOR_VERSION 5
#define MOZ_DEBUG_SYMBOLS 1
#define MOZ_DLL_SUFFIX ".so"
#define MOZ_GLUE_IN_PROGRAM 1
diff --git a/src/third_party/mozjs-45/platform/x86_64/freebsd/include/js-config.h b/src/third_party/mozjs-45/platform/x86_64/freebsd/include/js-config.h
index dcc2617a294..e4175f7d74d 100644
--- a/src/third_party/mozjs-45/platform/x86_64/freebsd/include/js-config.h
+++ b/src/third_party/mozjs-45/platform/x86_64/freebsd/include/js-config.h
@@ -54,6 +54,6 @@
/* MOZILLA JSAPI version number components */
#define MOZJS_MAJOR_VERSION 45
-#define MOZJS_MINOR_VERSION 8
+#define MOZJS_MINOR_VERSION 5
#endif /* js_config_h */
diff --git a/src/third_party/mozjs-45/platform/x86_64/linux/build/js-confdefs.h b/src/third_party/mozjs-45/platform/x86_64/linux/build/js-confdefs.h
index 9b3d5f6ca7b..d3a0aac8ae9 100644
--- a/src/third_party/mozjs-45/platform/x86_64/linux/build/js-confdefs.h
+++ b/src/third_party/mozjs-45/platform/x86_64/linux/build/js-confdefs.h
@@ -79,10 +79,10 @@
#define MALLOC_H <malloc.h>
#define MALLOC_USABLE_SIZE_CONST_PTR
#define MOZILLA_UAVERSION "45.0"
-#define MOZILLA_VERSION "45.8.0"
-#define MOZILLA_VERSION_U 45.8.0
+#define MOZILLA_VERSION "45.5.0"
+#define MOZILLA_VERSION_U 45.5.0
#define MOZJS_MAJOR_VERSION 45
-#define MOZJS_MINOR_VERSION 8
+#define MOZJS_MINOR_VERSION 5
#define MOZ_DEBUG_SYMBOLS 1
#define MOZ_DLL_SUFFIX ".so"
#define MOZ_GLUE_IN_PROGRAM 1
diff --git a/src/third_party/mozjs-45/platform/x86_64/linux/include/js-config.h b/src/third_party/mozjs-45/platform/x86_64/linux/include/js-config.h
index e4dcddbe680..49bb6d59d70 100644
--- a/src/third_party/mozjs-45/platform/x86_64/linux/include/js-config.h
+++ b/src/third_party/mozjs-45/platform/x86_64/linux/include/js-config.h
@@ -54,6 +54,6 @@
/* MOZILLA JSAPI version number components */
#define MOZJS_MAJOR_VERSION 45
-#define MOZJS_MINOR_VERSION 8
+#define MOZJS_MINOR_VERSION 5
#endif /* js_config_h */
diff --git a/src/third_party/mozjs-45/platform/x86_64/macOS/build/js-confdefs.h b/src/third_party/mozjs-45/platform/x86_64/macOS/build/js-confdefs.h
index 48623cf2b8b..c4ff9c6d80b 100644
--- a/src/third_party/mozjs-45/platform/x86_64/macOS/build/js-confdefs.h
+++ b/src/third_party/mozjs-45/platform/x86_64/macOS/build/js-confdefs.h
@@ -62,10 +62,10 @@
#define MALLOC_H <malloc/malloc.h>
#define MALLOC_USABLE_SIZE_CONST_PTR const
#define MOZILLA_UAVERSION "45.0"
-#define MOZILLA_VERSION "45.8.0"
-#define MOZILLA_VERSION_U 45.8.0
+#define MOZILLA_VERSION "45.5.0"
+#define MOZILLA_VERSION_U 45.5.0
#define MOZJS_MAJOR_VERSION 45
-#define MOZJS_MINOR_VERSION 8
+#define MOZJS_MINOR_VERSION 5
#define MOZ_DEBUG_SYMBOLS 1
#define MOZ_DLL_SUFFIX ".dylib"
#define MOZ_MEMORY 1
diff --git a/src/third_party/mozjs-45/platform/x86_64/macOS/include/js-config.h b/src/third_party/mozjs-45/platform/x86_64/macOS/include/js-config.h
index dcc2617a294..e4175f7d74d 100644
--- a/src/third_party/mozjs-45/platform/x86_64/macOS/include/js-config.h
+++ b/src/third_party/mozjs-45/platform/x86_64/macOS/include/js-config.h
@@ -54,6 +54,6 @@
/* MOZILLA JSAPI version number components */
#define MOZJS_MAJOR_VERSION 45
-#define MOZJS_MINOR_VERSION 8
+#define MOZJS_MINOR_VERSION 5
#endif /* js_config_h */
diff --git a/src/third_party/mozjs-45/platform/x86_64/openbsd/build/js-confdefs.h b/src/third_party/mozjs-45/platform/x86_64/openbsd/build/js-confdefs.h
index d4ccca388b9..8b25ee0b17b 100644
--- a/src/third_party/mozjs-45/platform/x86_64/openbsd/build/js-confdefs.h
+++ b/src/third_party/mozjs-45/platform/x86_64/openbsd/build/js-confdefs.h
@@ -67,10 +67,10 @@
#define MALLOC_H <malloc.h>
#define MALLOC_USABLE_SIZE_CONST_PTR const
#define MOZILLA_UAVERSION "45.0"
-#define MOZILLA_VERSION "45.8.0"
-#define MOZILLA_VERSION_U 45.8.0
+#define MOZILLA_VERSION "45.5.0"
+#define MOZILLA_VERSION_U 45.5.0
#define MOZJS_MAJOR_VERSION 45
-#define MOZJS_MINOR_VERSION 8
+#define MOZJS_MINOR_VERSION 5
#define MOZ_DEBUG_SYMBOLS 1
#define MOZ_DLL_SUFFIX ".so.1.0"
#define MOZ_GLUE_IN_PROGRAM 1
diff --git a/src/third_party/mozjs-45/platform/x86_64/openbsd/include/js-config.h b/src/third_party/mozjs-45/platform/x86_64/openbsd/include/js-config.h
index 071a002314c..ac52cef4d93 100644
--- a/src/third_party/mozjs-45/platform/x86_64/openbsd/include/js-config.h
+++ b/src/third_party/mozjs-45/platform/x86_64/openbsd/include/js-config.h
@@ -54,6 +54,6 @@
/* MOZILLA JSAPI version number components */
#define MOZJS_MAJOR_VERSION 45
-#define MOZJS_MINOR_VERSION 8
+#define MOZJS_MINOR_VERSION 5
#endif /* js_config_h */
diff --git a/src/third_party/mozjs-45/platform/x86_64/solaris/build/js-confdefs.h b/src/third_party/mozjs-45/platform/x86_64/solaris/build/js-confdefs.h
index 24af9ec84b2..bd7f2dc1cba 100644
--- a/src/third_party/mozjs-45/platform/x86_64/solaris/build/js-confdefs.h
+++ b/src/third_party/mozjs-45/platform/x86_64/solaris/build/js-confdefs.h
@@ -69,10 +69,10 @@
#define MALLOC_H <malloc.h>
#define MALLOC_USABLE_SIZE_CONST_PTR const
#define MOZILLA_UAVERSION "45.0"
-#define MOZILLA_VERSION "45.8.0"
-#define MOZILLA_VERSION_U 45.8.0
+#define MOZILLA_VERSION "45.5.0"
+#define MOZILLA_VERSION_U 45.5.0
#define MOZJS_MAJOR_VERSION 45
-#define MOZJS_MINOR_VERSION 8
+#define MOZJS_MINOR_VERSION 5
#define MOZ_DEBUG_SYMBOLS 1
#define MOZ_DLL_SUFFIX ".so"
#define MOZ_GLUE_IN_PROGRAM 1
diff --git a/src/third_party/mozjs-45/platform/x86_64/solaris/include/js-config.h b/src/third_party/mozjs-45/platform/x86_64/solaris/include/js-config.h
index 8dd55eebb3f..d916ed709c4 100644
--- a/src/third_party/mozjs-45/platform/x86_64/solaris/include/js-config.h
+++ b/src/third_party/mozjs-45/platform/x86_64/solaris/include/js-config.h
@@ -54,6 +54,6 @@
/* MOZILLA JSAPI version number components */
#define MOZJS_MAJOR_VERSION 45
-#define MOZJS_MINOR_VERSION 8
+#define MOZJS_MINOR_VERSION 5
#endif /* js_config_h */
diff --git a/src/third_party/mozjs-45/platform/x86_64/windows/build/js-confdefs.h b/src/third_party/mozjs-45/platform/x86_64/windows/build/js-confdefs.h
index 2be82e81ea4..4bcf6372758 100644
--- a/src/third_party/mozjs-45/platform/x86_64/windows/build/js-confdefs.h
+++ b/src/third_party/mozjs-45/platform/x86_64/windows/build/js-confdefs.h
@@ -30,10 +30,10 @@
#define MALLOC_H <malloc.h>
#define MALLOC_USABLE_SIZE_CONST_PTR const
#define MOZILLA_UAVERSION "45.0"
-#define MOZILLA_VERSION "45.8.0"
-#define MOZILLA_VERSION_U 45.8.0
+#define MOZILLA_VERSION "45.5.0"
+#define MOZILLA_VERSION_U 45.5.0
#define MOZJS_MAJOR_VERSION 45
-#define MOZJS_MINOR_VERSION 8
+#define MOZJS_MINOR_VERSION 5
#define MOZ_DEBUG_SYMBOLS 1
#define MOZ_DLL_SUFFIX ".dll"
#define MOZ_MEMORY 1
diff --git a/src/third_party/mozjs-45/platform/x86_64/windows/include/js-config.h b/src/third_party/mozjs-45/platform/x86_64/windows/include/js-config.h
index 1ea25b51001..01fcaf17001 100644
--- a/src/third_party/mozjs-45/platform/x86_64/windows/include/js-config.h
+++ b/src/third_party/mozjs-45/platform/x86_64/windows/include/js-config.h
@@ -54,6 +54,6 @@
/* MOZILLA JSAPI version number components */
#define MOZJS_MAJOR_VERSION 45
-#define MOZJS_MINOR_VERSION 8
+#define MOZJS_MINOR_VERSION 5
#endif /* js_config_h */